This post summarizes some certifications and certificates for IT security professionals.
IT security certificates and certifications are grouped on this post following these categories:
- General
- Pentesting
- Audit
- Cloud
- Framework Implementer
- Architecture
- Privacy
- Compliance
- Forensics
- Company-oriented
General IT Security
General IT Security certifications and certificates:
- SSCP
- CISSP
- CISM
- CSX-P
- CSX-F
- Security+
- GICSP
- Google Cybersecurity Professional Certificate
- ISMS Spain’s CCSP
Probably the most valued of this list are CISSP and CISM.
SSCP
Level: entry.
Issuer: (ISC)2.
In the PECB ISO/IEC 27001 Lead Implementer course notes, it describes “SSCP” as “for new graduates”.
CISSP
Certified Information Systems Security Professional
Issued by (ISC)²
Requires 5 years of experience.
Official link
In the PECB ISO/IEC 27001 Lead Implementer course notes, it describes “CISSP” as “for experienced professionals in information security”.
You can find more information about CISSP certification on this post.
CISM
Certification in Information Security Manager
Issued by ISACA
Candidate needs both to pass an exam and prove previous experience on the topic to get the certificate.
Official link
In the PECB ISO/IEC 27001 Lead Implementer course notes, it describes “CISSP” as “for experienced professionals in information security”.
You can find more information about CISM certification on this post.
CSX-P
Cybersecurity Nexus Practitioner Certification
Issued by ISACA
Candidate needs both to pass an exam and prove previous experience on the topic to get the certificate.
Official link
CSX-F
Cybersecurity Nexus Fundamentals Certificate (CSX-F)
Issued by ISACA
Entry-level.
It is just an exam, candidate does not need to prove previous experience to get the certificate.
For new graduates.
Security+
Issued by CompTIA
Official link
In the PECB ISO/IEC 27001 Lead Implementer course notes, it describes “Security+” as “for new graduates”.
GICSP
Global Industrial Cyber Security Professional
Issued by GIAC.
Google Cybersecurity Professional Certificate
Name: Google Cybersecurity Professional Certificate
Acronym: GCPC
Issuer: Google
Level: Entry level
Type: certificate
The course is offered by the learning platform Coursera.
This certificate is part of the Google Career Certificates program, in the Google Grow platform
ISMS Forum Spain’s CCSP
Name: Certified Cyber Security Professional
Acronym: Certification
Type: Certification
Issuer: ISMS Forum
Language: Spanish
It requires 10 years of professional experience in cybersecurity.
Do not confuse it with ISC2’s CCSP. Probably when you hear about CCSP, it is about ISC2’s, that is far more popular.
IT Security Pentesting
IT Security Pentesting:
- OSCP / PEN-200
- CEH
- GPEN
- PenTest+
OSCP / PEN-200
Offensive Security Certified Professional (OSCP), also call PEN-200 (from Penetration)
Issued by Offensive Security.
PWK (Penetration with Kali Linux) is the Offensive Security’s flagship Ethical Hacking course. It would be similar to CEH, but harder.
CEH
Certified Ethical Hacker
Issued by EC-Council.
https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/
GPEN
GIAC Penetration Tester Certification
PenTest+
PenTest+
It is issued by CompTIA.
IT Cloud Security
IT Cloud Security certificates:
- CCSK
- ISC2’s CCSP
CCSK
Certificate in Cloud Security Knowledge (CCSK) is a certificate, not a certification.
Issuer: Cloud Security Alliance (CSA)
The test asks participants to demonstrate knowledge of three key documents: the CSA Guidance, the CSA Cloud Control Matrix and the ENISA report.
CCSK is considered a good start towards CCSP.
You can read more about how to get the CCSK certificate.
ISC2’s CCSP
Certified Cyber Security Professional (CCSP).
Issuer: (ISC)2
https://www.isc2.org/Certifications/CCSP
Do not confuse it with CCSP issued by ISMS Forum Spain.
CCSP is more extended than CCSK. CCSK can be substituted for the one year of cloud security experience in CCSP.
IT Audit
IT Audit certifications and certificates:
- CISA
- CIA
- Cybersecurity Audit
CISA
Certified Information System Auditor
Issued by ISACA
Candidate needs both to pass an exam and prove previous experience on the topic to get the certificate.
In the PECB ISO/IEC 27001 Lead Implementer course notes, it describes “CISSP” as “for experienced professionals in information security”.
CIA
Certified Internal Auditor (CIA) is issued by the Institute of Internal Auditors (IIA).
GSNA
GIAC System and Network Auditor (GSNA) is issued by GIAC.
Cybersecurity Audit
Cybersecurity Audit is Issued by ISACA.
IT Security Framework Implementer
IT Security Framework implementer certifications and certificates:
- ISO 27001 Lead Implementer
- Certified NIST Cybersecurity Framework Lead Implementer
You can read more about IT security frameworks on the post “IT Security Frameworks“.
ISO 27001 Lead Implementer
Read internal post “ISO/IEC 27001 Lead Implementer Certifications“.
Certified NIST Cybersecurity Framework Lead Implementer
Enterprise Information Security Architecture
Enterprise Information Security Architecture:
- Zachman Certified
- CISSP-ISSAP
- GDSA
Zachman Certified
Zachman framework course.
CISSP-ISSAP
Name: Certifiied Information Systems Security Professional – Information Systems Security Architecture Professional
Level: Expert
CISSP-ISSAP (Information Systems Security Architecture Professional) is a specialization of CISSP. It is issued by (ISC)2.
Specific to security.
Read more on this post.
GDSA
GDSA (GIAC Defensible Security Architecture) is issued by GIAC.
Microsoft Cybersecurity Architect
Microsoft Cybersecurity Architect is obtained after passing exam SC-100.
IT Risk Management
IT Risk Management certifications and certificates:
- CRISC
- RMP
- CRMA
- ISO/IEC 27005 Certified Risk Manager
You can find more information about them on this post.
IT Privacy
IT Privacy certifications and certificates:
- IAPP
- CIPP
- CIPM
- CIPT
- AIGP
- ISMS Forum
- CDPP
- CDPD
It seems that the ones issued by IAPP are the ones expected.
CIPP
Certified Information Privacy Professional (CIPP) is issued by the International Association of Privacy Practitioners (IAPP).
It is aimed for compliance, legal and HR.
There are four concentration depending on regional complicance specialization:
- CIPP/A (Asia)
- CIPP/C (Canada)
- CIPP/E (Europe)
- CIPP/US (USA private sector)
CIPP Certification official website
CIPM
Certified Information Privacy Manager
Aimed for risk management, auditors or accounting.
CIPT
Certified Information Privacy Technologist
Aimed for IT and IT security professionals.
AIGP
Artificial Intelligence Governance Professional
Focused on AI compliance and privacy.
CDPP
Name: Certified Data Privacy Professional
Acronym: CDPP
Issuer: ISMS Forum Spain
Language: Spanish
It requires 10 years of professional experience in privacy.
CDPD
Name: Certification in Data Protection Delegate (in Spanish, Certificación en Delegado de Protección de Datos)
Acronym: CDPD
Issuer: Spanish Agency for Data Protection (AEPD, from the Spanish Agencia Española de Protección de Datos)
Type: Certification
Certification body: ENAC
Language: Spanish
ISMS Forum Spain issue this certification, among other institutions.
It requires 10 years of experience in data privacy.
IT Compliance
CPCC
Name: Certified Professional Cyber Compliance
Acronym: CPCC
Issuer: ISMS Forum Spain
Type: Certification
Language: Spanish
A CPCC holder has a good knowledge of IT compliance of laws and regulations in Spain.
IT Security Forensics
IT Security Forensics Certifications and Certificates:
- CHFI
CHFI
Name: Computer Hacking Forensic Investigator
Issuer: EC-Council
IT Incident Handling
IT Incident Handling:
- GCIH
- CySA+
CySA+
CySA+
Cybersecurity Analyst
GCIH
GIAC Certified Incident Handler
It is issued by GIAC.
Testing Certifications
ISTQB
Microsoft Technology Security Certifications
Microsoft exams related to Technology Security:
- Microsoft Certified: Security, Compliance, and Identity Fundamentals
- SC-900. Microsoft Security, Compliance, and Identity Fundamentals
- Microsoft Certified: Azure Security Engineer Associate
- AZ-500. Microsoft Azure Security Technologies
- Microsoft Certified: Identity and Access Administrator Associate
- SC-300. Microsoft Identity and Access Administrator
- Microsoft Certified: Security Operations
- SC-200. Microsoft Security Operations Analyst
- Microsoft Certified: Cybersecurity Architect Expert
- AZ-500. Microsoft Azure Security Technologies
- SC-200. Microsoft Security Operations Analyst
- SC-300. Microsoft Identity and Access Administrator
- SC-100. Microsoft Cybersecurity Architect
- 20744C. Securing Windows Server 2016
Microsoft exams containing one or many modules about security:
- MD-100. Modern Desktop
- Microsoft 365 Security Administration
SC-900. Security, Compliance and Identity Fundamentals
It is the fundamental or entry-level certification for SC (Security) area of knowledge.
To get more information about how to check this certification, please check this post.
AWS IT Security Certifications
AWS is Amazon’s cloud service.
Among the AWS Certifications, there is one dedicated to cybersecurity:
- AWS Certified Security Specialty
AWS Certified Security Specialty
Oracle IT Security Certifications
You can find a list of certifications from Oracle related to security on this link:
IT Security Profile Frameworks
This sections features IT security professional profile frameworks:
- European Cybersecurity Skills Framework (ECSF)
European Cybersecurity Skills Framework (ECSF)
The European Cybersecurity Skills Framework (ECSF) is published by EU’s organization European Union Agency for Cybersecurity. It was released in 2022.
It identifies 12 profiles:
- Chief Information Security Officer (CISO)
- Cyber Incident Responder
- Cyber Legal, Policy & Compliance Officer
- Cyber Threat Intelligence Specialist
- Cybersecurity Architect
- Cybersecurity Auditor
- Cybersecurity Educator
- Cybersecurity Implementer
- Cybersecurity Researcher
- Cybersecurity Risk Manager
- Digital Forensics Investigator
- Penetration Tester