Cyber security is no more a buzzword. Now it is being seriously discussed in the boardrooms. Data from various reports state increase in the cost and number of cyber incidents. According to US Bureau of labour statistics, number of jobs for Information security architect in 2016 was 100,000. Average growth rate for cyber security jobs is 28%, whereas for other occupation is 7%. Median pay for information security architect was $92,600 per year in 2016. The demand for positions like cyber security professionals is expected to grow. Growth rate is expected to be 53 percent through 2018. Similarly, India is also experiencing a shortage of good cyber security professionals. India framed a national cyber security policy in 2013. Goal of the policy is to create a workforce of 500,000 professionals skilled in cyber security in the next 5 years. This is to be done through capacity building, skill development, training and certification.
Cyber security is a multidisciplinary field. Typical entry level education required is a bachelor’s degree. Yet many of the practitioners in this field have evolved over a period of time. They grew from network or system admin to their current role of cyber security specialist. They come from various backgrounds.
Many IT security certifications are now available in the market. Certified professional is preferred choice for hiring manager. A person with a degree and a certification will win over a person with only degree. Certification serves as one of the indications of knowledge and skills. Security certifications available in the market cater to various jobs. Some IT security certifications like CEH are very technical in nature. It is very difficult to decide which certification is best. Each security certification has a large cost associated with it. Majority of the cyber security certifications have a continuing learning need. It helps to keep certification active. Which should be the first certification? It is one of the most difficult questions to answer.
Good starting point for certification research is US department of Defence document 8140.01 (DoDD 8140.01). Document provides guidance and list of approved certification for various roles. It also provides levels of Information assurance (IA). Here we list seven popular security certifications.
GIAC Security Essential (GSEC)
Above list is not ordered. Each certification has different objectives. Each is better suited for specific cyber security role. You need to select security certification based on your current skill and knowledge level and the role you aspire for.
It is a cyber-defence category certification from Global Information Assurance Certification (GIAC). It is an entry level certification. It is for professionals who want to show their security skills beyond simple concepts and terminology. This certification covers security fundamentals, cryptography, risk management, Windows & Linux security.
Prerequisites: Basic knowledge and understanding of networking & security concepts.
Exam: GIAC Security Essentials (GSEC) Exam is a five-hour proctored exam. It has 180 questions. Least score to pass is 73%.
Cost for exam: $1,699 USD, administered by Pearson VUE. (Affiliate pricing for GIAC certification in conjunction with SANS training is $689 USD).
Learning material : SANS SEC 401 course covers all areas of this certification. It is available in various learning modes. More information of SANS SEC 401 can be found here.
Salary information and reasons for GIAC certification are available on GIAC website.
This certification is a vendor-neutral entry level certification. CompTIA Security+ meets the ISO 17024 standard. This certification helps candidates to develop sound understanding of information security. Certification focuses on the knowledge and skills required to install and configure systems. It also helps to understand applicable policies, laws and regulations.
Prerequisites: A CompTIA Network+ certification. Two years of systems administration experience with a security focus is preferred.
Exam: CompTIA Security+ SY0-401 is a one and half hour exam. It has 90 questions. Passing score is 75 on a scale of 100-900. Test includes traditional multiple choice questions and performance-based questions (PBQs). These PBQs test your ability to solve problems in a simulated environment. Exam is available in multiple languages.
Cost for Exam: Cost varies depending on location of test centre. Details available here.
Learning material: CompTIA study materials and training information can be found here.
More information about certification and salary are available on comptia website
This certification is intended to provide fundamental security knowledge and skills. This helps network professionals interested in safeguarding network. CCNA Security courses meet the CNSS 4011 training standard. CCNA Security certification is designed to develop necessary skills. These skills help to test, deploy, configure, maintain, and troubleshoot Cisco network security appliances.
Prerequisites: A valid CCENT or a valid CCNA Routing and Switching or any CCIE certification.
Exam: CCNA Security is a one and half hour exam. It has 60-70 questions. This exam is available in English and Japanese language. It can be scheduled at any Pearson Vue centre. Test includes multiple choice questions and simulation based questions.
Cost for Exam: $300
Learning material: information about Cyber security training from cisco is available here. Study material is available from Cisco Press.
This certification is offered by EC-Council. It is one of the leading certification bodies. This certification validates individual’s knowledge about network security. This security certification is most suited for penetration tester role. His job responsibility is to find vulnerabilities in the target system. Certification covers more than 270 attacks technologies. It is a vendor neutral certification. It is one of the first courses offered by EC-Council. It is a good starting point before venturing into the EC-Council Certified Security Analyst (ESCA) exam and Licensed Penetration Tester (LPT) exam
Prerequisites: Candidates must attend official training offered by EC-Council or its affiliates. Candidates having at least two years of information security-related experience are eligible. They can apply via eligibility application process.
Exam: The CEH exam contains 125 multiple choice questions. Exam duration is four hours. Candidates need 70% to pass the exam.
Cost for exam: Code for current exam is 312-50. This exam is administered by ECC Exam or Pearson Vue. Current version (Version 9) costs $850 USD for U.S. residents. It costs $885 USD for international candidates. More information is available here.
Learning Material: EC-Council study materials can be found here. Apart from official study material, many study guides are available in the market.
It is offered by ISACA. Goal of the exam is to certify knowledge and skills of a security professional. He has to audit, control and check information technology and business systems. This certification is approved by RBI for Systems audit. There are five domains specified for this exam.
Prerequisites: Candidates must have 5 years of professional work experience. It must be in area related to information systems auditing, control, assurance or security. Substitution and waiver are available for the candidate who doesn’t meet work experience criteria. More information is available here.
Exam: The CISA exam consists of 150 questions. These need to be completed within four hours. Candidates must score 450 or more to successfully clear the exam. The score ranges from 200 to 800 for the exam. Exam is available in many languages.
Cost for Exam: Exam fee is $575 USD for ISACA members and $760 USD for non-ISACA members. More information can be found here.
Learning Material: ISACA study materials can be found here. Training is available in many modes.
It is another certification offered by ISACA. The certification is focussed for management roles. This certification is designed for information security managers. Security managers with responsibilities like information security, assurance and risk management get benefited. CISM certification demonstrates candidate’s ability to develop and manage information security program. This is in tune with business objectives. It has four domains.
Prerequisites: Candidates must have 5 years of information security management experience. Waivers are available for a maximum of two (2) years.
Exam: The CISM exam consists of 150 questions. These need to be completed within four hours. Candidates must score 450 or more to successfully clear the exam. The score ranges from 200 to 800 for the exam. Exam is available in many languages.
Cost for Exam: Early registration is $575 USD for ISACA members and $760 USD for non-ISACA members. More information can be found here.
Learning Material: ISACA study materials can be found here. Training is available in many modes.
It is one of the most respected certification by industry in information security domain. Certification is a balanced mix of technical and management skills. Candidate will learn about design and implementation of information system security. It has total of eight domains of the Common Body of Knowledge (CBK).
Table below gives the summary of certification
For salary information related to above certifications, readers can visit www.payscale.com.
In conclusion, certification is one of the ways to prove a required skill and knowledge. It is required that you dedicate your time, efforts and money. Almost all security certification are valid for a limited period of time.