What are the most important cyber security and information assurance certifications?

in #cyberthreats8 years ago (edited)

Depending on your professional or academic background, below is a list of highly ranked InfoSec certifications. That being said, completion time varies widely and the most difficult to attain (in relation to time commitment as well as scholastic material to cover) is the CISSP; if you don’t have the required number of years of experience to be eligible for the full CISSP, you can always become an ISC² associate; the exam is not easy by any means, but definitely passable with diligent preparation.

I would suggest pursuing either or both a Master of Science (MS or MSc or the equivalent) in Information Security/Risk Management/Information Assurance/Cybersecurity and Digital Threat Management/Business Continuity and Disaster Recover Planning (BCP/DRP) OR any of the below certifications; the main governing bodies that have an established brand reputation are ISC²,Cisco, GIAC, EC-Council, IAPP and OSCP.

  • Certified Information Systems Security Professional (CISSP): this is an independent certification governed by the International Information System Security Certification Consortium, also known as (ISC)².
  • Information Systems Security Architecture Professional (CISSP-ISSAP)
  • Information Systems Security Engineering Professional (CISSP-ISSEP), an advanced information security certification that is also issued by (ISC)2 that focuses on the engineering aspects of information security.
  • Information Systems Security Management Professional (CISSP-ISSMP), an advanced information security certification that is also issued by (ISC)2 that focuses on the management aspects of information security.
  • Cisco’s famous: Cisco Cybersecurity Specialist
  • HCISPP - HealthCare Information Security and Privacy Practitioner
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • Certified in the Governance of Enterprise IT (CGEIT)
  • Certified in Risk and Information Systems Control (CRISC)
  • Cybersecurity Nexus – (CSX) Certificate and CSX-P Certification
  • Global Information Assurance Certification (GIAC)
  • EC-Council has dozens of certifications that may be interesting to you:
    • IT Security Professional Certifications
    • Certified EC-Council Instructor (CEI)
    • Certified Ethical Hacker (CEH)
    • Certified Network Defense Architect (CNDA)
    • Certified Secure Computer User (CSCU)
    • Computer Hacking Forensic Investigator (CHFI)
    • EC-Council Certified Chief Information Security Officer (CCISO)
    • EC-Council Certified Computer Investigator (ECCI)
    • EC-Council Certified Encryption Specialist (ECES)
    • EC-Council Certified Incident Handler (ECIH)
    • EC-Council Certified Secure Programmer-Java (ECSP)
    • EC-Council Certified Security Analyst (ECSA)
    • EC-Council Certified VOIP Professional (ECVP)
    • EC-Council Network Security Administrator (ENSA)
    • Licensed Penetration Tester (LPT)
    • Disaster Recovery and Business Continuity
    • EC-Council Disaster Recovery Professional (EDRP)
    • Programming Certifications
    • Certified Secure Application Developer (CSAD)
    • EC-Council Certified Secure Programmer (ECSP)
    • Entry Level Security Certifications
    • Security 5 (Security|5)
    • Network 5 (Network|5)
    • Wireless 5 (Wireless|5)
    • Graduate Level Certifications
    • Fundamentals in Computer Forensics
    • Fundamentals in Information Security
    • Fundamentals in Network Security
    • EC-Council Certified Security Specialist (ECSS)
  • Mile5 has multiple offerings, including: fundamental, foundational, specialized, and advanced.
  • EITCA/IS Information Security Academy certificate
  • International Association of Privacy Professionals (IAPP) offers Certified Information Privacy Professional (CIPP), with four concentrations by region:
    • Canada (CIPP/C)
    • Europe (CIPP/E)
    • U.S. Government (CIPP/G)
    • U.S. private-sector (CIPP/US)
  • eLearnSecurity offers multiple specializations:
    • eLearnSecurity Certified Professional Penetration Tester.
    • eLearnSecurity Certified Reverse Engineer
    • eLearnSecurity Junior Penetration Tester
    • eLearnSecurity Mobile Application Penetration Tester
    • eLearnSecurity Network Defense Professional
    • eLearnSecurity Web Defense Professional
    • eLearnSecurity Web application Penetration Tester
    • eLearnSecurity Web application Penetration Tester eXtreme
  • Offensive Security Certified Professional (OSCP)
  • Certified HIPAA Security Expert (CHPE or CHPSE)
  • CompTIA Security+

Typically during the application process, the admissions team from competitive educational institutions (and the requirements will vary of course depending on the focus of the program) will want to make sure that you can survive the academic rigor of the program. For example, they might look for past course work or application oriented experience in advanced computing principles (computer science), cryptography, quantitative finance, or any related information systems or computing field as well as an above average GRE score (some programs will be willing to waive this requirement if you have completed another related graduate or terminal degree and earned a high GPA).

Additionally, as you become more experienced and move up the hierarchical ladder, C-Suite are less interested in your formal education/certifications, and are much more interested in your ability to execute and understand people, process, technology, and how to mitigate/manage risk. If you can combine formal InfoSec educational training with a willingness to learn, you will certainly be sought after.

Finally, there are many parallels between cyber security and the cryptographic science being used in Blockchain applications (foundational technology for Bitcoin and Ethereum); if you are interested in learning more, I blog occasionally on Blockgram.com