From 2018 to 2019, the amount of reported cyber security breaches increased by a staggering 54%. This evolving threat has meant a vastly increased need for businesses and governments to understand, create and maintain cutting edge cyber security capabilities to protect vital data/operations.
In line with this need, the demand for highly skilled cyber security professionals and cyber security aware business leaders has never been greater. So, the question becomes how do you gain the skills and knowledge you’ll need to work and excel in the world of cyber security?
Aside from experience, the answer is accreditation. Whether you’re an IT professional embarking on a career in information security, or whether you’re a seasoned pro, adding a cyber security credential to your repertoire has a multitude of benefits. Not only will you be up to date with the latest industry developments, but you’ll have access to more senior roles and management positions, bringing with them a significant pay rise.
It’s not just IT professionals that need security awareness. All business staff, particularly those in managerial roles, should have an understanding of common cyber threats and understand cyber security practises. Certification can open doors to all sorts of management positions and promotion possibilities. Without out further ado let’s take a look at the most sought-after, respected and widely regarded as valuable cyber security certifications in 2020. This list is divided into two sections, specifically:
- Cyber security certificates for business professionals
- Advanced & intermediate certifications for cyber security/IT professionals
Disclaimer: This list is purely for informational purposes. The details below were accurate at the time of publishing, we will endeavour to keep this list up to date but as certifications/courses are provided by third parties details may change at anytime, thus we are not able to guarantee the accuracy of details/pricing for certifications/courses. You should also always carry out your own further research and seek professional advice before deciding on which certification/course is right for you.
Cyber security certificates for business professionals
Cyber security certifications are generally technical for those with previous IT experience, however there are a number of cyber security certificates designed for business leaders seeking professional development with minimal background in cyber security/information technology.
1. Cyber Security Beginner Certificate
This course offered by the UK PD Academy provides participants with the latest knowledge to identify, prevent and evaluate cybercriminal activities. While this course assumes no prior expertise in cyber security, its target audience is managers in IT business firms, suggesting that some industry experience would be beneficial. The course comprises ten modules, covering:
- cyber security fundamentals
- malware and security breaches
- types of cyber-attack
- Tips for prevention and defence against hackers.
Learners have access to the online Learning Platform for up to 12 months. To pass the course, students must take the Final Test and achieve 75%.
This course corresponds to 30 CPD units/points which professionals can use towards maintaining existing certifications. In terms of professional development, this course offers significant benefits, providing a complete, well-rounded education, turning beginners into skilled cyber security professionals.
2. The Cyber Threat to UK Businesses
This comprehensive training provided by Lockcode offers business owners and information security professionals with an understanding of what cyber threats mean to UK businesses and how proper information security governance and risk management is essential to good business practice. The course covers information security management, including governance, awareness and the legal background, as well as information risk management. The course structure is as follows:
- What is the threat?
- The cyber threat to UK business
- The threat landscape, Botnets (Activity 1)
- The cyber threat to the UK legal sector, Data breaches (Activity 2)
- Crime as a service, Caas
- What’s on offer?
- Cybercrime as a service (Activity 3)
- Intellectual property crime on the Darknet.
The course concludes with a quiz and a survey, after which participants will receive a Certificate of Completion.
The course includes nine activities and four downloadable resources, available online. Students will continue to have access to the resources for six months. While there’s no exam, participants can take a quiz at the end of the course to assess their understanding and have confidence in their newfound skills.
This GCHQ-approved, NCSC certified, and IISP certified course verifies that professionals have the skills and knowledge that meet the demands of the industry. Any IT or cyber security professionals looking for promotion, or for anybody looking to access Information Security governance or managerial roles, this certification can provide a significant career boost.
3. Introduction to Cyber Security
This course offered by OpenLearn is suitable for individuals looking to get a basic grounding in cyber security. Participants will learn how to protect themselves online by learning how to recognise cyber threats, understanding the concepts of viruses, trojans and malware as well as how to mitigate the risks, considering cryptography and network security. It is an introductory level course, requiring no previous knowledge of computer security.
A comprehensive range of skills are covered, split into eight weeks dedicated to the following topics:
- Threat landscape
- Networking and communications
- Network security
- When your defences fail
- Managing security risks.
There is a summary quiz at the end of each week so that participants can assess their progress and understanding.
All material is available online as a downloadable file in either Word, Kindle, PDF or Epub 2 format. Due to the informal nature of this course, it doesn’t offer any specific career outcomes. There’s no official assessment for this course. It’s an informal training aimed at individuals wanting an introduction into cyber security. The course awards a free statement of participation, and it is also possible to earn a free Open University digital badge which learners can show employers. To achieve the badge, participants must complete all weeks of the course and meet a minimum of 50% in the two badge quizzes, in weeks 4 and 8.
However, it is NCSC certified, which adds credibility to the skills acquired, which many employers view favourably.
Advanced & intermediate certifications for cyber security/IT professionals
For those with a background in IT or cyber security, there are a range of industry respected certifications ranging from intermediate to advanced level.
4. CompTIA Security+
The CompTIA Security+ certification is globally recognised, signifying competence in comprehensive cyber security skills, essential for core professions in the IT sector. For specifically cyber security roles, earning this certification is usually a prerequisite. It is held in particularly high esteem in the US: the US Department of Defence compels all employees to be certified, whether or not they work in the IT department.
The certification examines hands-on practical skills, including performance-based questions, therefore validating the examinee’s abilities in real-life scenarios. It is designed for any IT professionals in the early stages of their career, looking to gain access to intermediate-level cyber security positions.
The exam tests your practical skills, requiring you to not only identify security issues but to tackle and troubleshoot them. It lasts 90 minutes and consists of a variety of multiple-choice and performance-based questions. The accrediting body recommends that entrants have two years of experience in IT administration, with a focus on security.
Credential holders have validated skills in:
- threat management
- identity management
- security risk identification and mitigation
- implementing security infrastructure.
CompTIA Security+ provides a comprehensive groundwork to anybody looking to pursue a career in cyber security. It is, therefore often considered an essential certification for IT professionals to obtain. It’s one of the cheaper certifications, costing around £280 ($349) and can be taken online or at one of the Pearson Vue testing centres around the world. Candidates have 90 minutes to complete 90 questions and can take the exam in English, Japanese, Portuguese or Simplified Chinese.
Holders must renew their certification every three years by taking 50 CEUs within this period unless they received certification before 2011, in which case they are certified for life.
5. Certified Information Security Manager (CISM)
One of the most coveted credentials in cyber security is the CISM, awarded by the ISACA, a global association offering a range of qualifications to security professionals. The CISM provides a globally accepted standard of information security across IT governance, information systems audit and information security roles.
It’s not only globally accepted but also world-renowned, serving as a benchmark in the industry. The exam is notoriously difficult, requiring extensive knowledge and preparation, which is why it is open only to professionals with five years’ experience in the field. However, the monetary benefit is significant: certification holders earn on average around £128,000 a year.
The certification signifies competency in the following four domains:
- Information and security governance
- Information risk management
- Information security program development and management
- Information security incident management.
Certification holders will possess sufficient knowledge to handle enterprise-level security management responsibilities. The CISM can open doors to senior management positions, giving access to some of the top paid roles in the industry.
Recently, ISACA has advised that exams can be taken online, as well as at one of their designated testing centres. The exam costs around £460 ($575 USD) for members, or around £610 ($760 USD) for non-members. You will be required to pay on registration, from which you have 12 months to book a date and time allocation in one of their 1,300 testing centres worldwide. The exam lasts four hours, comprises 150 questions and is offered in four languages: English, Chinese Simplified, Japanese, and Spanish.
The CISM qualification is valid for three years. Certification holders must pay an annual maintenance fee of around £36 ($45 USD) for members and £68 ($85 USD) and obtain 120 CPE credits over each three-year cycle to keep hold of their credential.
6. Cyber Essentials
The National Cyber Security Centre (NCSC) offers several UK government-backed programmes under their cyber security scheme. The first, Cyber Essentials, is a certification awarded to organisations and businesses rather than individuals, to help protect them against common cyber threats and win the confidence of their clients.
It’s a self-assessment certification, meaning IT professionals in the company will have to teach themselves the contents of the exam. By the end, you will know how to identify, prevent and protect against a wide range of frequent cyber attacks by implementing a variety of controls.
Before undertaking the assessment, you must be familiar with the following:
- using a Firewall to secure your internet connection
- choosing the most secure settings and options for your software and devices
- controlling access to your data
- keeping your devices and software up to date
- protecting against Malware and Viruses.
Once you’ve acquired the necessary skills to fulfil these requirements, you must then complete a Self-Assessment Questionnaire and submit it to Pentest People who accredit the certification. You can submit your assessment through SecurePortal. Pentest People then carry out an external vulnerability scan of your externally facing infrastructure. If your organisation’s online presence doesn’t show any High or Critical vulnerabilities, the scheme will award your certification.
As it’s a UK government-backed scheme, the credential offers significant credibility, particularly in the UK. The IASME, one of the government-approved awarding bodies, lists all Cyber Essentials accredited organisations in a directory, which can be reassuring to clients. The assessment costs £300 + VAT.
7. Certified in Risk and Information Systems Control (CRISC)
This esteemed certification can provide a substantial career boost for cyber security professionals looking to access higher positions. The CRISC is another ISACA certified qualification which proves an individual’s expertise in the following areas:
- risk identification
- risk assessment
- risk response and mitigation
- risk and control monitoring and reporting.
The ISACA recommends the CRISC for mid-career professionals looking to further their professional development. The qualification is relevant for anyone occupying a position involved in enterprise risk management and control, and for anybody looking to transition into a more strategy-focused role.
Certification requires candidates to successfully pass the rigorous written exam. Candidates must have a minimum of three years’ relevant work experience to sit the exam. As with other ISACA qualifications, the price for members is around £440, and £610 for non-members. The annual maintenance fee is around £35 ($45 USD) for members and £70 ($85 USD) for non-members, and holders must report a minimum of 20 CPEs per year, and 120 over a three-year cycle, to maintain their certification. The exam is available in three languages: Chinese Simplified, English and Spanish.
8. CompTIA Cybersecurity Analyst (CySA+)
Launched in 2011, the CompTIA CySA+ is an intermediate level certification, validating that professionals have the skills and competencies to manage high-stakes cyber security. The qualification is relevant for anyone looking to progress into intermediate security roles, including positions as a threat intelligence analyst, compliance analyst, application security analyst and incident responder.
The certification validates the following skills:
- Threat and vulnerability management
- Software and systems security
- Compliance and assessment
- Security operations and monitoring
- Incident response.
The exam consists of a mixture of multiple-choice and performance-based questions, testing not only the knowledge of the candidates but also their ability to apply practical skills to resolve security threats and implement appropriate protection. As it’s an intermediary qualification, CompTIA recommends that candidates have a minimum of three to four years’ relevant experience. While not a mandatory prerequisite, the CompTIA Security+ is intended as a precursor to the more advanced CySA+.
Candidates have 165 minutes to complete the test, which will consist of no more than 85 questions. Examinations are available in English, Japanese and Simplified Chinese, and cost £213 in the UK and $359 in the US. You can take the test online or at one of the Pearson Vue testing centres around the world.
9. Certified Information System Security Professional (CISSP)
One of the most highly regarded cyber security certifications in the world is the CISSP certification. As such, the CISSP is a prerequisite for most senior positions in IT companies or cyber security departments. It’s an independent certification awarded by the International Information System Security Certification Consortium, or (ISC)², an organisation at the forefront of global information security.
The CISSP acts as a worldwide standard of excellence in the industry. There’s no specific course or specified education that candidates must complete, although for those who don’t want to self-study, (ISC)² offer a Training Finder tool to help you find suitable courses to learn the content. To sit the qualification, candidates must have five years’ experience in a minimum of two areas, out of the eight domains listed in the CISSP Common Body of Knowledge:
- Security and risk management
- Security architecture and engineering
- Asset security
- Communication and network security
- Identity and access management
- Security assessment and testing
- Security operations
- Software development security.
A CBK is a compilation of skills and competencies required by professionals in a given field. It’s peer-developed, therefore reflecting the knowledge that professionals in the sector must have to carry out their role.
According to a number of security certification surveys, CISSP is one of the most sought-after and highly regarded certifications to employers. It’s well-known and respected around the world and is worth serious consideration from any IT practitioners wanting to accelerate their career in digital security. For senior IT professionals looking to excel in a particular area, (ISC)² offer three CISSP concentration credentials:
- CISSP Architecture (CISSP-ISSAP)
- CISSP Engineering (CISSP-ISSEP)
- CISSP Management (CISSP-ISSMP).
The CISSP certification costs £560 in the UK and $699 in the US. The CISSP concentration exam is slightly cheaper, costing £479 in the UK and $599 in the US. However, to be eligible for the concentration exams, candidates must hold a valid CISSP. They are available in English, French, German, Brazilian Portuguese, Spanish, Korean, Simplified Chinese and Japanese. To maintain the credential, CISSP holders must earn 40 CPE credits per year, or 120 CPEs per three-year period, and pay an annual upkeep fee of around £70 ($85 USD).
Certified Information System Security Professionals accredited by (ISC)² will receive a six-digit CISSP certificate number. Employers and clients alike can use this number to verify the certified status of a security professional, which allows professionals to boost their credibility and build trust with their clients.
10. Cyber Essentials Plus
Cyber Essentials Plus follows on from the Cyber Essentials accreditation. It’s a more advanced level of certification, requiring hands-on verification of all your systems. This means that the assessment must take place on your premises via a technical audit. Accreditors will manually test your antivirus and anti-malware protections by sending emails from your servers, downloading different types of files and determining employee access to various forms of URL and suspicious files.
If your organisation passes the test without flagging any High or Critical vulnerabilities, and if your antivirus protection successfully blocks the test files and emails, you will receive the Cyber Essentials Plus certification. The IASME awarding body will provide a quote for the Cyber Essentials Plus on application.
Some government contracts require at least the minimum level of Cyber Essentials certification, which is the case for almost any central government contract, which involves the handling of sensitive data. Externally, having some level of accreditation reassures customers that you have credible security in place to protect against cyber-attack.
11. Certified Professional scheme
The Certified Professional scheme, or CCP scheme, is a government-backed scheme which aims to formally recognise the competences of individuals in the cyber security sector. Delivered by the NCSC, the CCP was built in consultation with government and industry needs, as such setting a standard for UK cyber security professionals. For said professionals, this certification enables you to bid for UK government contracts as well as projects which require security clearances, such as Critical National Infrastructure (CNI).
Its government affiliation also makes it a popular choice for employers looking to further their employees’ training in-house. The CCP is also becoming a prerequisite for many employers looking for new cyber security professionals, providing assurance that individuals have passed an independent assessment.
The scheme covers a variety of certifications which apply to professionals from differing expert backgrounds. There are six areas of expertise you can choose from:
- IA Accreditor
- Security and Information Risk Advisor (SIRA)
- IA Auditor
- IA Architect
- IT Security Officer
- Communications Security Officer.
Within each of these areas of expertise, you can achieve accreditation at three competency levels: practitioner, senior practitioner and lead practitioner. Once you’ve chosen the appropriate level and field, you can select your certification body. The NCSC approves three certification associations which all adhere to their Certified Professional standard. The authorised bodies are the APM Group, BCS, and the CIISec, CREST and RHUL consortium. Each certification body uses a slightly different assessment process but covers the same competences.
The exam price depends on the competency level for which you apply. Through the BCS, a practitioner level exam costs only £145 but increases to £585 for senior practitioners and £895 for lead practitioners.
12. Certified Ethical Hacker (CEH)
Hackers are continually coming up with innovative ways to get into highly-secured computer systems: they’re always aiming to get one step ahead of the latest security software. Therefore, the best way to prevent a hacker is to think like one. White hat hackers are IT professionals who learn to scrutinise computer networks from a hacker’s perspective, to beat them at their own game – enabling them to spot system vulnerabilities and reinforce them against malicious intruders.
The CEH credential validates skills in doing just this. It’s a globally recognised certification offered by the EC-Council, a world-leader in Cyber Security certification. The CEH credential certifies competence in the following five phases of white hat hacking:
- gaining access
- maintaining access
- covering tracks.
There are many CEH programmes and courses available which prepare candidates for the exam. The normally recommended course is a five-day CEH training programme covering all the topics that may appear in the exam. It is possible, however, to take the exam without completing a designated certified ethical hacking course.
The programme teaches candidates the hacking techniques deployed by malicious hackers. By understanding the mindset of a hacker and using the same tools, you will learn how to defend systems against all kinds of cyber threats, from Viruses to ransomware attacks. Certification holders use these learned methods of hackers to ruthlessly test an organisation’s security systems and, crucially, to implement more effective defence strategies to reinforce any weak points.
At the end of the course, candidates must sit the exam, in which they have four hours to answer 125 multiple-choice questions. The exam costs a minimum of £763 ($950), but with a training course included, it’ll set you back by more like £2,250. As the technologies used by hackers are ever-changing, CEH credential holders must obtain 120 continuing education credits every three years to hold onto their qualification.
13. EC-Council Certified Security Analyst (ESCA)
The ESCA aims to pick up where the CEH left off, representing the logical next step in an ethical hacking career.
The ESCA focuses on penetration testing. While most pen-testing training programmes use kill chain methodology, ESCA provides multiple methods, equipping certification holders with unrivalled pen-testing skills. ESCA candidates will draw on the skills learnt in the CEH and build on them to achieve full exploitation. White hat hackers must know how to fully exploit a company’s systems, with their consent, as far as is possible, to ensure they can withstand the most advanced techniques practised by malicious hackers.
The EC-Council offers an official training course for the ESCA exam. Candidates who complete the course at an EC-Council accredited training centre, an approved academic institution or online via the iClass platform are automatically eligible for the exam.
It is possible to take the exam without taking the official training. However, the EC-Council will have to approve your eligibility application first. Two years’ security experience is mandatory, and applicants must pay a non-refundable fee of around £80 ($100 USD) to apply for eligibility. The exam itself costs around £800.
The exam is a four-hour session made up of a series of multiple-choice questions. You can either take the exam in person at an EC-Council test centre or remotely.
14. Systems Security Certified Practitioner (SSCP)
For less experienced IT professionals, (ISC)² offer the SSCP, another globally-recognised certification in the sector. It’s an entry-level qualification, providing a solid foundation for those looking to achieve the CISSP later. Individuals who pass this exam are certified to have the practical abilities to implement and monitor IT infrastructure and ensure the confidentiality and integrity of data.
This certification validates a professional’s foundation skills in systems security, making them more credible in their field. It’s suitable for practitioners in operational IT positions or other information security roles. Candidates must only have one year’s experience and in only one of the seven domains of the SSCP Common Body of Knowledge (CBK). For candidates with a degree in cybersecurity, the one-year experience can be waivered.
Candidates have three hours to complete 125 questions. It’s one of the cheaper certifications available, costing £129 for registration in the UK and $249 for registration in the US. You can sit the exam in three languages – English, Japanese and Portuguese – at any of the 882 exam locations found in 114 countries worldwide.
15. Certified Information Systems Auditor (CISA)
The ISACA also awards the CISA, another global standard for professionals in the IT sector, this time with a focus on information audit. It is a rigorous exam, requiring extensive audit experience of at least five years. However, it is possible to waiver up to three years of experience with specific qualifications, such as a degree from one of the ISACA’s sponsor universities.
Similarly, to the CISM, CISA holders possess elite-level skills in identifying, assessing and mitigating cyber threats and vulnerabilities as well as assessing compliance and providing enterprise-level governance and management. On top of this, CISA holders can demonstrate top skills in audit and asset protection, giving them access to some of the highest-paid positions in the industry.
The exam lasts four hours, in which time candidates must answer 150 multiple-choice questions. The qualification covers knowledge of five practice domains:
- the process of auditing information systems
- government and management of IT
- information systems acquisition, development and implementation
- information systems operations, maintenance and service management
- protection of information assets.
The exam is available worldwide, in multiple languages: Chinese Simplified, Chinese Traditional, Spanish, Japanese, French, Korean, Italian, Turkish, German and English. Just like the CISM, external candidates must pay around £610, while ISACA members pay a reduced fee of £460. Again, ISACA has 1,300 worldwide locations, and you have 12 months to book an online or in-person examination slot from your registration day.
To maintain industry standards and ensure that certification holders are up to date with the latest security threats, Certified Information Systems Auditors are required to complete 20 hours of training per year to retain their certification. This costs around £35 ($45 USD) for members and £70 ($85 USD for non-members). Because of this, having the CISA assures clients and employers that professionals are up to date with current developments in the field.
16. Certified Information Privacy Professional (CIPP)
The first-ever certification to be developed by the International Association of Privacy Professionals (IAPP) is the CIPP. This credential focuses on privacy laws and regulations in one of four different areas of the globe, but holders will achieve international recognition. It’s accredited by the American National Standards Institute (ANSI) under the International Organization for Standardization (ISO), which gives it particular prestige in the US.
This certification focuses on data privacy laws and regulations, covering jurisdictional laws and enforcement models. Certification holders will be familiar with the relevant legal requirements for handling and transferring data, ensuring company compliance and mitigating risk. Certification holders have higher earning potential and increased opportunities for promotion. This qualification is particularly helpful for privacy professionals looking to transition into a more leadership-based role.
The CIPP offers four concentrations; each focused on a specific region. The CIPP/US holds the highest esteem in its area of focus, but other geographical focus points include Asia, Canada and Europe. Each exam centres on the specific privacy laws, regulations and compliance procedures relevant to that region.
The duration of the exam is two and a half hours and comprises 90 questions. You can sit the exam in any of the 6,000 testing centres around the world. At around £440, it’s one of the cheaper options available.
17. Certified Cloud Security Professional (CCSP)
Another certification offered by (ISC)² is the Certified Cloud Security Professional certification, a credential developed in collaboration with the CSA (Cloud Security Alliance). With more and more reliance on cloud technology, this certification holds increasing value.
The CCSP certification indicates that leaders in the IT field have the relevant knowledge and competency in the areas of cloud security architecture, design and operations to comply with industry regulations. It’s suitable for experienced, high-achieving information security professionals who work with cloud platforms. A minimum of five years’ relevant experience is required to sit the exam unless candidates also hold the CISSP, in which case this experience may be waivered.
The CCSP Common Body of Knowledge constitutes the following six domains:
- Cloud concepts, architecture and design
- Cloud platform and infrastructure security
- Cloud data security
- Cloud application security
- Cloud security operations
- Legal, risk and compliance.
This CBK is a globally-recognised framework, peer-developed by key players in the field. CCSP holders are therefore recognised worldwide as the world’s elite in cloud security.
The CCSP doesn’t only build trust and credibility among clients and employers, but the programme also enables professionals to stay ahead of industry developments. The CCSP can also help IT professionals access more specialised strategy-based roles.
The exam lasts three hours and consists of 125 multiple-choice questions. Out of 1000 available points, candidates must achieve a score of 700 to pass. It costs around £441, but unlike some of the other qualifications offered, the CCSP exam is only available in English. To retain the certification, holders must pay an annual maintenance fee of £80.34 ($100 USD) per year and earn a minimum of 30 CPEs per year.
18. Computer Hacking Forensic Investigator (CHFI)
Earning this certification indicates that individuals possess the necessary skills to identify a criminal intruder’s activity in computer systems. Computer forensic investigators detect hacking attacks and apply computer investigation and analysis techniques to extract evidence to report illegal activity. Post-investigation, the investigator will also be responsible for conducting audits to prevent future attacks.
Many police, government and other corporate bodies across the world request the CHFI certification issued by EC-Council for their investigators. Computer crime is continuously developing, meaning that investigators need to be able to use the most current digital forensics technologies to identify, prove and prevent digital crime. Offences include the theft or destruction of intellectual property, fraud and IT usage violations. CHFI investigators will know how to recover deleted, encrypted or damaged file information that may serve as criminal evidence.
Competencies in data extraction and recovery are intrusive. Activities of this nature require the trust of the client or employer, which is why a qualification such as the CHFI certification is almost always a prerequisite for roles in computer forensics and computer crime investigation. It validates a professional’s ability to not only gather essential evidence but to prosecute offenders in court.
CHFI candidates have four hours to answer 150 multiple-choice questions. The exam is available at any ECC exam centre, or candidates may choose to have their exam proctored online.
19. Cisco Certified Network Associate (CCNA) Security
Introduced as early as 1998, the CCNA validates a network professional’s ability to secure any Cisco network. It is an associate-level certification that can advance any career in Cisco security. Organisations using Cisco technology commonly list this certification as one of the essential job requirements for any IT related positions in their business.
CCNA holders can demonstrate the ability to:
- recognise threats and expose vulnerabilities in a Cisco network
- mitigate threats to security
- develop watertight security infrastructure in Cisco networks.
Having the CCNA provides a solid foundation for job roles such as network support engineers, security specialists or security administrators. Candidates can sit the exam at any Pearson VUE test centre around the world. Only some of the Cisco exams are available in alternative languages, so you will need to contact your local test centre to find out the language availability. The CCNA costs £246 in the UK and $300 in the US.
20. Certificate of Cloud Security Knowledge (CCSK)
The CCSK is widely acknowledged to be the most important cloud security credential available. It differs to the CCSP owing to its knowledge-based focus, where the CCSP delves into practical application. Keith Prabhu, a developer for both security certifications, maintains that the two qualifications complement each other, but if anything, the CCSK lays the foundation for the more challenging and stringent CCSP exam.
The body of knowledge for the CCSK is more limited than the CCSP, focusing solely on:
- CSA guidance
- CSA cloud control matrix
- ENISA document.
There is no previous experience required to sit the CCSK exam. Although named a ‘certificate’, this credential falls into the certification category, as certification is awarded based on exam performance, rather than completion of a particular training course.
The CCSK exam can be taken online, and is cheaper than many of its counterparts, costing only £277. Not only is it more affordable, but candidates get two attempts to pass the test with this price. The CCSK also has no maintenance requirements or costs, meaning you have certification for life.
21. Certified in the Governance of Enterprise IT (CGEIT)
Offered by ISACA, the CGEIT is a credential which recognises a professional’s knowledge and application of enterprise IT governance principles and practices. It’s an advanced exam, open only to professionals with five or more years of experience in an advisory role, overseeing the governance of IT-related activities in an enterprise.
It’s the perfect certification for advanced professionals in the cyber security domain, aspiring for executive positions. The governance focus means that CGEIT holders are typically afforded a high level of responsibility and managerial status, which comes with an impressive salary. The average CGEIT holder earns around £114K ($141K USD) per year. Certification indicates knowledge and practical skills across the following five domains:
- Framework for the governance of enterprise IT
- Strategic management
- Benefits realisation
- Risk optimisation
- Resource optimisation.
The CGEIT exam is only available in Chinese Simplified and English but can be taken online or in one of many testing centres around the world. It costs about £460 for members and £610 for non-members. The CGEIT is another certification requiring an annual maintenance fee of roughly £35 ($45 USD) for members and £70 ($85 USD) for non-members, and an accumulation of 120 CPE hours per three years reporting cycle.
22. Cisco Certified Network Professional Security (CCNP)
If you’re looking to develop your career within an organisation that uses Cisco, then the CCNP is for you. This credential demonstrates that security engineers have advanced knowledge of Cisco Networks as well as the necessary skills to implement and maintain security solutions within these systems.
It’s the logical next step to anyone who has successfully obtained the CCNA. The CCNA is an obligatory prerequisite for CCNP entrants, as the CCNP deepens candidates’ understanding of principles and concepts covered in the CCNA.
Certification requires candidates to successfully pass two exams, a core exam covering security technologies and a second exam which concentrates on an area of your choice, allowing you to tailor the certification to your job role. The exam covers a range of content from six areas:
- Security concepts
- Network security
- Securing the cloud
- Content security
- Secure network access, visibility and enforcement
- Endpoint protection and detection.
The exams last 120 minutes are available in English and Japanese. Each CCNP exam costs £246 to enter.
23. GIAC Security Essentials (GSEC)
Founded in 1999, the Global Information Assurance Certification is an information security certification body that exists to validate the skills of IT security professionals in real-world situations. Their Security Essentials certification, known as the GSEC, is perfect for IT professionals who are starting out. It’s an entry-level qualification which can provide a significant boost towards a hands-on role in cyber security. It covers a broad range of foundation skills in digital security, from cryptography application to endpoint security, Linux security and wireless network security.
The exam adopts a practical focus, proving that practitioners are competent in implementing active defence strategies to protect network architecture, web communications and cloud networks. Certification holders will also have validated penetration testing skills, enabling them to pre-empt and prepare for cyber-attack, equipping them with the skills to respond to any breaches.
Candidates must sit a five-hour exam and achieve a minimum of 73% on the 180 questions. The GSEC is one of the more expensive qualifications in this list, costing around £1,600. The price includes two practise tests.
Final thoughts & FAQ
These 20 qualifications represent some of the most prestigious certifications on the market. For newcomers to the field or for entry-level candidates, the CompTIA Security+ is one of the most comprehensive certifications available, providing a solid foundation for many IT-related roles, from junior positions to Security Administrator and managerial roles. For pros looking to reach the top spots and highest pay-checks, the CISSP, CISA or CISM may just be the leg-up you need.
Hopefully this list will get you off to a good start in finding the right accreditation for you. However, the best cyber security certification for you will of course always depend on your career goals and level of experience.
Aside from research it’s well worth consulting with professionals in positions similar to the one your seeking to further explore which are the right accreditations to support your career progression.
If you still have questions, the section below will take you through the most commonly asked queries in relation to cyber security accreditations, including:
- Are there any cyber security certifications for beginners?
- Do you need a cybersecurity degree?
- Should I get a cyber security certificate, certification or degree?
- How much can I earn with a cyber security certification?
- Are cyber security certifications worth it?
- What cyber security certifications should a manager have?
- What are the best cyber security certifications?
- Which cyber security certifications are in the highest demand?
- Which cyber security certification should I get first?
- What is the best path for cyber security certification?
- Is coding required for jobs in cyber security?
- What are the highest paying cyber security certifications?
- Can I get a cyber security certification without industry experience?
- What’s the difference between cybersecurity certifications and qualifications?
Are there any cyber security certifications for beginners?
IT professionals with experience in IT, but who are new to information security, can take one of the entry-level certifications listed above, such as the CompTIA Security+, the SSCP or the GSEC. If you are hoping to pursue a cyber security career straight off the bat, it will be difficult. Even these entry-level certifications require foundation knowledge in IT. The CompTIA Security+ recommends having two years’ experience in IT before attempting the exam, for example. It’s therefore advisable to get some IT experience before you specialise in security.
Do you need a cybersecurity degree?
It’s also possible to get a degree in cybersecurity, either as an entire course in itself or as a subsidiary in a computer science degree. A lot of cybersecurity jobs require a degree, IT companies generally consider candidates more valuable if they have a degree in a related field, such as computer science or engineering, before later specialising in cyber security or taking a certification. While 82% of cyber security job listings specified the need for a bachelor’s degree in 2017, only 2% specified a cybersecurity degree.
Should I get a cyber security certificate, certification or degree?
Which sort of qualification you opt for should depend on the experience you have, the time you have available and the job requirements of the posts for which you are interested in applying. For experienced IT professionals short on time, the certification is the quickest way to go. However, if your cyber security experience is thin on the ground, it might take you months, or even years, to prepare for the exam. Cyber security novices might, therefore, benefit from the structure of an education programme, making the certificate a more viable route.
Most certifications don’t last for life. The cyber security scene is continuously evolving and changing, and security professionals need to keep up with hackers and technology developments. Most issuing bodies require credential holders to carry out a certain amount of Continuing Professional Education (CPE) hours or units per year, sometimes known as Continuing Education Units (CEUs) to maintain their certification. This continuous education ensures that all certification-holders maintain an adequate level of current knowledge and up to date practises in the field of information systems control, audit and security.
Since cyber security certification holders must regularly top-up and renew their qualification, certifications tend to have more value to employers than a certificate. It’s also the cheapest option, with many certifications having a self-study option, meaning there’s only the exam to fund.
How much can I earn with a cyber security certification?
One of the most significant benefits of achieving a cyber security certification is the salary boost that comes with it. IT security professionals can propel their careers by attaining validation for their skills with one of the certifications listed here. Whether you’re looking to advance in-house or are looking to apply for more senior roles elsewhere, becoming qualified is a fantastic way to do it.
On average, IT professionals with cyber security certifications earn about 15% more than their non-accredited counterparts. Starting salaries for these professionals typically begin at around £30K a year. The average salary range for top roles in this industry, such as Information Security Manager or Cybersecurity Engineer roles, sits at £100K – £160K per year.
Are cyber security certifications worth it?
On top of the potential 15% boost to what is already an impressive salary, cyber security certifications can play a significant role in professional development. Many of the certifications listed here require extensive knowledge and practical application to pass a rigorous exam, testing how well you can deal with the most current cyber security issues. Preparing for any of these exams means you will have the most up-to-date industry knowledge, forcing you to be au fait with the latest industry developments. Having your skills proved and validated by a reputable certification body makes you more marketable to employers.
What cyber security certifications should a manager have?
In today’s society, we’re all utterly reliant on technology, whether that’s at home or in business. Professionals seeking managerial roles should have at least a core understanding of cyber security and protection. For general management roles, consider the CompTIA Security+ certification for a solid foundation in computer security.
For management positions specifically related to information security, such as a role in Information Security Management, professionals should consider the more advanced certifications, such as the CISM, CGEIT, as well as the CISSP.
What are the best cyber security certifications?
It is difficult to discern which certifications are best. It depends primarily on the job role you’re applying for, the hiring company and the country in which the position is based. That said, most key players in the industry agree that the CISSP certification has one of the best reputations, demonstrating a comprehensive skillset. It’s well-revered by employers, too, with figures suggesting that the CISSP certification alone can lead to a 10% boost in salary.
Otherwise, it depends on your personal career goals. For young professionals looking to break into the industry, one of the most respected qualifications you can achieve is the CompTIA Security+, which can be an effective springboard into well-paid entry-level positions. For professionals in the middle of their careers, the CISM is one of the best-regarded certifications that can open up managerial and strategy-based roles.
Which cyber security certifications are in the highest demand?
Different regions have different favourites. In the US, the CISSP seems to be the certification in the highest demand. Elsewhere, ISACA’s CISA dominates the top spot.
ISACA appears to have the most global recognition, and typically, professionals with some kind of accreditation from this association occupy the highest-paid positions in the IT sector. However, security professionals are most likely to see a salary boost when they combine certifications from multiple awarding bodies: for example, an award from the ISACA as well as accreditation from AWS. The more credentials you can list, the stronger your application will be for top IT positions.
Which cyber security certification should I get first?
Employers and practitioners in the sector widely consider the most fundamental and essential foundation certification to be the CompTIA Security+. If you’re looking to obtain multiple certifications, this one provides the most rounded basis on which to build more specialised skills. It is globally renowned, making it a fantastic choice for IT professionals all over the world.
If you have a solid grounding in cyber security already and are looking to attain more challenging certifications such as the CISSP, consider achieving the SSCP first. Similarly, if you are pursuing a career in ethical hacking, start with the lowest accreditation, the CEH, on which you can build more specialised knowledge.
What is the best path for cyber security certification?
As we know, not all organisations or job roles require the same accreditation. However, as discussed, the CISSP is widely considered to be one of the top, most advanced and most comprehensive certifications available, opening professionals up to the best-paid jobs and top spots in the industry. So, if you set the CISSP as your end goal, how do you get there?
An accessible path to reaching the CISSP is the following:
- CompTIA Network+
- CompTIA Security+
- (ISC)² SSCP.
The CompTIA Security+ is arguably the best foundation certification for any budding computer security professional. The CompTIA Network+ is recommended as a prerequisite to the CompTIA Security+ credential. The former sews up any holes in your networking knowledge, making sure you have a sound basis on which to build essential security skills. The Network+ certification usually only requires about 1-2 months of preparation, which is more than worth the sacrifice to lay a rock-solid foundation to your information security career.
After this, many professionals choose to obtain the SSCP, also offered by (ISC)². This entry-level credential paves the way for the more advanced CISSP, and is suitable for professionals with limited prior industry experience. Once you’ve achieved the SSCP, you will be eligible for more intermediate positions, to gain the mandatory five years’ experience needed to take the CISSP exam.
Is coding required for jobs in cyber security?
Many IT-savvy professionals consider a career in cyber security. The first question is often, do I need to know how to code? Most entry-level computer security roles do not require existing knowledge of coding. The CompTIA Security+ certification, and even the significantly more advanced CISSP, does not have any coding in the exam. Further down the line, however, proficiency in programming and knowing how to code can be necessary for intermediate and advanced computer security positions.
C and C++ are primary programming languages with which most information security professionals ought to be familiar. Knowledge of these coding languages gives you access to simple IT infrastructure such as RAM and system processes, commonly exploited by hackers. Knowledge of C sets a good foundation for its more complex sibling, C++.
That said, perhaps the most popular coding language among cyber security experts is Python. You can use Python to create intrusion detection systems, perform malware analysis and carry out penetration testing tasks. It’s relatively easy to pick up, making it an ideal programming language for those new to code. If you’re looking to further your cyber security career, Python should be your go-to.
What are the highest paying cyber security certifications?
Generally speaking, players in the top roles in the industry boast a host of certifications. However, the CISSP is widely considered to be one of the most sought-after certifications in the industry. Not only is it challenging, but the five-year experience prerequisite means these professionals know the industry well. Achieving a CISSP alone can add 10% to your salary, so seems to be the clear choice for security professionals looking to boost their pay.
Can I get a cyber security certification without industry experience?
As we’ve seen, the most renowned certifications, and those with the biggest salary-increase potential, require extensive experience. Even the CompTIA Security+, considered an entry-level exam, recommends two years of experience in IT. If you think you’ve got the knowledge for intermediate cyber security positions but are lacking in experience, (ISC)² offer an alternative pathway, or a fast track, into a computer security career.
Instead of going through the traditional certification process of gathering experience, sitting an exam and achieving accreditation, you can become an Associate of (ISC)². This fast-track allows you to take the exam first, after which you’ll be titled an Associate of (ISC)², before working in the industry to gather the relevant experience afterwards. It’s a good option for highly intelligent, computer-savvy individuals who find themselves typically excluded from higher qualifications such as the CISSP.
What’s the difference between cybersecurity certification, qualification and certificate??
Different corporations and countries use different terminology when it comes to cyber security credentials. Generally, the terms certification and qualification are used interchangeably.
Cybersecurity certifications general involve an exam. As such, there’s typically no specified type or duration of education required – you don’t have to attend a specific course or complete a certain number of hours. You can teach yourself what you need to know and take the exam when you’re ready.
Usually, cyber security certifications require a participant to take one or two exams. Beyond this, successful examinees must sometimes complete further annual training or requirements to maintain the certification. Cyber security is continually evolving, meaning skilled cyber security professionals need to be up to date in the field, so an active cyber security certification holds a lot of value, showing that you have the skills and knowledge necessary to handle the current climate.
Professionals with a cybersecurity certification are in high demand. The majority of cyber security positions stipulate IT certifications, many including one in cybersecurity.
Cyber security certificate
A cyber security certificate indicates that you have completed an education programme. These sorts of programmes vary hugely, both in what they cover and what they require from their participants to achieve the final certificate. Some require a minimum grade to pass, and for other certificates, you may need to complete coursework. Some take a mere few weeks, others a few years, though undergraduate courses, in particular, are usually on the shorter side, covering only the basics. Graduate-level courses might explore more specialised topics such as cybersecurity law or engineering.
Employers don’t typically ask for a cyber security certificate for specific jobs, but it can sometimes work in your favour when applying. Many people choose to go through the programme to propel them towards promotion.