IT Security Certifications for Professionals

This post summarizes some certifications and certificates for IT security professionals.

IT security certificates and certifications are grouped on this post following these categories:

  • General
  • Pentesting
  • Audit
  • Cloud
  • Framework Implementer
  • Architecture
  • Privacy
  • Compliance
  • Forensics
  • Company-oriented

General IT Security

General IT Security certifications and certificates:

  • SSCP
  • CISSP
  • CISM
  • CSX-P
  • CSX-F
  • Security+
  • GICSP
  • Google Cybersecurity Professional Certificate
  • ISMS Spain’s CCSP

Probably the most valued of this list are CISSP and CISM.

SSCP

Level: entry.

Issuer: (ISC)2.

In the PECB ISO/IEC 27001 Lead Implementer course notes, it describes “SSCP” as “for new graduates”.

CISSP

Certified Information Systems Security Professional

Issued by (ISC)²

Requires 5 years of experience.
Official link

In the PECB ISO/IEC 27001 Lead Implementer course notes, it describes “CISSP” as “for experienced professionals in information security”.

You can find more information about CISSP certification on this post.

CISM

Certification in Information Security Manager
Issued by ISACA
Candidate needs both to pass an exam and prove previous experience on the topic to get the certificate.
Official link

In the PECB ISO/IEC 27001 Lead Implementer course notes, it describes “CISSP” as “for experienced professionals in information security”.

You can find more information about CISM certification on this post.

CSX-P

Cybersecurity Nexus Practitioner Certification
Issued by ISACA
Candidate needs both to pass an exam and prove previous experience on the topic to get the certificate.
Official link

CSX-F

Cybersecurity Nexus Fundamentals Certificate (CSX-F)

Issued by ISACA

Entry-level.

It is just an exam, candidate does not need to prove previous experience to get the certificate.

Official link

For new graduates.

Security+

Issued by CompTIA
Official link

In the PECB ISO/IEC 27001 Lead Implementer course notes, it describes “Security+” as “for new graduates”.

GICSP

Global Industrial Cyber Security Professional

Issued by GIAC.

Official link

Google Cybersecurity Professional Certificate

Name: Google Cybersecurity Professional Certificate

Acronym: GCPC

Issuer: Google

Level: Entry level

Type: certificate

Official link

The course is offered by the learning platform Coursera.

This certificate is part of the Google Career Certificates program, in the Google Grow platform

ISMS Forum Spain’s CCSP

Name: Certified Cyber Security Professional

Acronym: Certification

Type: Certification

Issuer: ISMS Forum

Language: Spanish

Official link

It requires 10 years of professional experience in cybersecurity.

Do not confuse it with ISC2’s CCSP. Probably when you hear about CCSP, it is about ISC2’s, that is far more popular.

IT Security Pentesting

IT Security Pentesting:

  • OSCP / PEN-200
  • CEH
  • GPEN
  • PenTest+

OSCP / PEN-200

Offensive Security Certified Professional (OSCP), also call PEN-200 (from Penetration)

Issued by Offensive Security.

PWK (Penetration with Kali Linux) is the Offensive Security’s flagship Ethical Hacking course. It would be similar to CEH, but harder.

Official link

CEH

Certified Ethical Hacker

Issued by EC-Council.
https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/

GPEN

GIAC Penetration Tester Certification

GPEN official website

PenTest+

PenTest+

It is issued by CompTIA.

IT Cloud Security

IT Cloud Security certificates:

  • CCSK
  • ISC2’s CCSP

Comparing the CCSP and CCSK

CCSK

Certificate in Cloud Security Knowledge (CCSK) is a certificate, not a certification.

Issuer: Cloud Security Alliance (CSA)

The test asks participants to demonstrate knowledge of three key documents: the CSA Guidance, the CSA Cloud Control Matrix and the ENISA report.

CCSK is considered a good start towards CCSP.

Official CCSK website

You can read more about how to get the CCSK certificate.

ISC2’s CCSP

Certified Cyber Security Professional (CCSP).

Issuer: (ISC)2

https://www.isc2.org/Certifications/CCSP

Do not confuse it with CCSP issued by ISMS Forum Spain.

CCSP is more extended than CCSK. CCSK can be substituted for the one year of cloud security experience in CCSP.

IT Audit

IT Audit certifications and certificates:

  • CISA
  • CIA
  • Cybersecurity Audit

CISA

Certified Information System Auditor

Issued by ISACA

Candidate needs both to pass an exam and prove previous experience on the topic to get the certificate.

Official link

In the PECB ISO/IEC 27001 Lead Implementer course notes, it describes “CISSP” as “for experienced professionals in information security”.

CIA

Certified Internal Auditor (CIA) is issued by the Institute of Internal Auditors (IIA).

Official link

GSNA

GIAC System and Network Auditor (GSNA) is issued by GIAC.

Cybersecurity Audit

Cybersecurity Audit is Issued by ISACA.

Official link

IT Security Framework Implementer

IT Security Framework implementer certifications and certificates:

  • ISO 27001 Lead Implementer
  • Certified NIST Cybersecurity Framework Lead Implementer

You can read more about IT security frameworks on the post “IT Security Frameworks“.

ISO 27001 Lead Implementer

Read internal post “ISO/IEC 27001 Lead Implementer Certifications“.

Certified NIST Cybersecurity Framework Lead Implementer

https://niccs.cisa.gov/training/search/certified-information-security/certified-nist-cybersecurity-framework-lead

Enterprise Information Security Architecture

Enterprise Information Security Architecture:

  • Zachman Certified
  • CISSP-ISSAP
  • GDSA

Zachman Certified

https://www.zachman.com/courses

Zachman framework course.

CISSP-ISSAP

Name: Certifiied Information Systems Security Professional – Information Systems Security Architecture Professional

Level: Expert

Official link

CISSP-ISSAP (Information Systems Security Architecture Professional) is a specialization of CISSP. It is issued by (ISC)2.

Specific to security.

Read more on this post.

GDSA

GDSA (GIAC Defensible Security Architecture) is issued by GIAC.

https://www.giac.org/certifications/defensible-security-architecture-gdsa

Microsoft Cybersecurity Architect

Microsoft Cybersecurity Architect is obtained after passing exam SC-100.

IT Risk Management

IT Risk Management certifications and certificates:

  • CRISC
  • RMP
  • CRMA
  • ISO/IEC 27005 Certified Risk Manager

You can find more information about them on this post.

IT Privacy

IT Privacy certifications and certificates:

  • IAPP
    • CIPP
    • CIPM
    • CIPT
    • AIGP
  • ISMS Forum
    • CDPP
    • CDPD

It seems that the ones issued by IAPP are the ones expected.

CIPP

Certified Information Privacy Professional (CIPP) is issued by the International Association of Privacy Practitioners (IAPP).

It is aimed for compliance, legal and HR.

There are four concentration depending on regional complicance specialization:

  • CIPP/A (Asia)
  • CIPP/C (Canada)
  • CIPP/E (Europe)
  • CIPP/US (USA private sector)

CIPP Certification official website

CIPM

Certified Information Privacy Manager

Aimed for risk management, auditors or accounting.

Official link

CIPT

Certified Information Privacy Technologist

Aimed for IT and IT security professionals.

Official link

AIGP

Artificial Intelligence Governance Professional

Focused on AI compliance and privacy.

Official link

CDPP

Name: Certified Data Privacy Professional

Acronym: CDPP

Issuer: ISMS Forum Spain

Language: Spanish

Official link

It requires 10 years of professional experience in privacy.

CDPD

Name: Certification in Data Protection Delegate (in Spanish, Certificación en Delegado de Protección de Datos)

Acronym: CDPD

Issuer: Spanish Agency for Data Protection (AEPD, from the Spanish Agencia Española de Protección de Datos)

Type: Certification

Certification body: ENAC

Language: Spanish

Official link

ISMS Forum Spain issue this certification, among other institutions.

It requires 10 years of experience in data privacy.

IT Compliance

CPCC

Name: Certified Professional Cyber Compliance

Acronym: CPCC

Issuer: ISMS Forum Spain

Type: Certification

Language: Spanish

Official link

A CPCC holder has a good knowledge of IT compliance of laws and regulations in Spain.

IT Security Forensics

IT Security Forensics Certifications and Certificates:

  • CHFI

CHFI

Name: Computer Hacking Forensic Investigator

Issuer: EC-Council

IT Incident Handling

IT Incident Handling:

  • GCIH
  • CySA+

CySA+

CySA+

Cybersecurity Analyst

CySA+ official website

GCIH

GIAC Certified Incident Handler

It is issued by GIAC.

GCIH official website

Testing Certifications

ISTQB

ISTQB website

Microsoft Technology Security Certifications

Microsoft exams related to Technology Security:

  • Microsoft Certified: Security, Compliance, and Identity Fundamentals
    • SC-900. Microsoft Security, Compliance, and Identity Fundamentals
  • Microsoft Certified: Azure Security Engineer Associate
    • AZ-500. Microsoft Azure Security Technologies
  • Microsoft Certified: Identity and Access Administrator Associate
    • SC-300. Microsoft Identity and Access Administrator
  • Microsoft Certified: Security Operations
    • SC-200. Microsoft Security Operations Analyst
  • Microsoft Certified: Cybersecurity Architect Expert
    • AZ-500. Microsoft Azure Security Technologies
    • SC-200. Microsoft Security Operations Analyst
    • SC-300. Microsoft Identity and Access Administrator
    • SC-100. Microsoft Cybersecurity Architect
  • 20744C. Securing Windows Server 2016

Microsoft exams containing one or many modules about security:

  • MD-100. Modern Desktop
  • Microsoft 365 Security Administration

SC-900. Security, Compliance and Identity Fundamentals

It is the fundamental or entry-level certification for SC (Security) area of knowledge.

To get more information about how to check this certification, please check this post.

AWS IT Security Certifications

AWS is Amazon’s cloud service.

Among the AWS Certifications, there is one dedicated to cybersecurity:

  • AWS Certified Security Specialty

AWS Certified Security Specialty

https://aws.amazon.com/en/certification/certified-security-specialty

Oracle IT Security Certifications

You can find a list of certifications from Oracle related to security on this link:

https://education.oracle.com/paas/security/pfamily_654

IT Security Profile Frameworks

This sections features IT security professional profile frameworks:

  • European Cybersecurity Skills Framework (ECSF)

European Cybersecurity Skills Framework (ECSF)

The European Cybersecurity Skills Framework (ECSF) is published by EU’s organization European Union Agency for Cybersecurity. It was released in 2022.

It identifies 12 profiles:

  1. Chief Information Security Officer (CISO)
  2. Cyber Incident Responder
  3. Cyber Legal, Policy & Compliance Officer
  4. Cyber Threat Intelligence Specialist
  5. Cybersecurity Architect
  6. Cybersecurity Auditor
  7. Cybersecurity Educator
  8. Cybersecurity Implementer
  9. Cybersecurity Researcher
  10. Cybersecurity Risk Manager
  11. Digital Forensics Investigator
  12. Penetration Tester

Official link

You might be also interested in…

Leave a Reply

Your email address will not be published. Required fields are marked *