What is the future of cybersecurity? Remote work cybersecurity challenges and how to address them
Tip

10 cybersecurity certifications to boost your career in 2022

A consensus of industry professionals rank these 10 security certifications as the most coveted by employers and security pros.

Cybersecurity remains one of the enterprise's highest priorities in 2022, as companies continue to balance in-office and remote work. And with cyber attacks continuing at a breakneck pace, the demand for cybersecurity experts shows no signs of slowing. The latest numbers from Cyberseek indicate nearly 600,000 cybersecurity job openings exist in the U.S., and CISOs complain they can’t find enough good people to fill the available jobs.

For those looking to advance their cybersecurity careers or break into the field, cybersecurity certifications can help land jobs, boost careers or ensure against a job loss -- provided you choose wisely. Our guide provides insight into the following 10 cybersecurity certifications deemed most valuable for aspiring and seasoned cybersecurity professionals:

  1. CompTIA Security+;
  2. (ISC)2 Certified Information Systems Security Professional (CISSP);
  3. (ISC)2 Certified Cloud Security Professional (CCSP);
  4. ISACA Certified Information Security Manager (CISM);
  5. EC-Council Certified Ethical Hacker (CEH);
  6. EC-Council CEH (Practical);
  7. CompTIA PenTest+;
  8. Offensive Security Certified Professional (OSCP);
  9. Cloud Security Alliance (CSA) Certificate of Cloud Security Knowledge (CCSK); and
  10. Vendor-specific security certifications.

In building this list of top 10 cybersecurity certifications, we talked to a broad range of people in the security industry. We heard from course providers and consultants, such as Cybrary and CyberVista; talked to a professor from University of Maryland Global Campus; sought advice from security providers, such as Cisco and Fortinet; and contacted leading trade groups and certification providers, such as CSA, CompTIA, EC-Council, ISACA, (ISC)2, ISSA International, Global Knowledge and Offensive Security.

Our list starts off with basic, entry-level and management track certifications, then moves on to the offensive security certifications for hands-on penetration testers and certified ethical hackers. It concludes with a list of 10 top vendor-specific certifications. Security professionals typically need a mix of all three types of certifications: management training, hands-on and vendor/product-specific knowledge.

CompTIA Security+

Most security pros say IT support technicians and admins -- or people looking to get into the security field -- should start with the CompTIA Security+ certification.

Upon completing the Security+ certification, students will have the skills and knowledge required to install and configure systems used to secure networks, applications and mobile devices. They will also be prepared to take part in risk mitigation activities, perform and respond to threat analysis, and work with knowledge of all applicable laws, policies and regulations. The exam consists of 90 multiple-choice and performance-based questions. Students have 90 minutes to complete the exam, which focuses heavily on performance-based questions. The performance-based emphasis ensures trainees can troubleshoot quickly and accurately. Passing the exam requires a score of at least 750 out of 900.

Prices

  • Exam voucher: $381
  • Basic Bundle: $549 (includes exam voucher, one test retake and The Official CompTIA Security+ Study Guide e-book)
  • Exam Prep Bundle: $699 (includes exam voucher, one test retake, The Official CompTIA Security+ Study Guide e-book and a 12-month individual license for CertMaster Practice for Security+, a knowledge assessment and certification training companion tool)
  • eLearning Bundle: $949 (includes exam voucher, one test retake, a 12-month individual license for CertMaster Learn for Security+, which is a collection of interactive and self-paced instructional lessons with assessments, and a 12-month individual license for CertMaster Labs for Security+)

Jobs held by CompTIA Security+ holders

  • security administrator
  • systems administrator
  • help desk manager/analyst
  • network/cloud engineer
  • security engineer/analyst
  • DevOps/software developer
  • IT auditor
  • IT project manager

(ISC)2 Certified Information Systems Security Professional (CISSP)

The Certified Information Systems Security Professional (CISSP) certificate is aimed at people with some hands-on experience in the field and is considered mandatory for career advancement. Few CISOs or upper-level security executives haven't completed it. First offered in 1994, CISSP is administered by (ISC)². To qualify for the CISSP, candidates must pass the exam and have at least five years of cumulative, paid work experience in two or more of the eight domains of the (ISC)² CISSP Common Body of Knowledge (CBK).

The eight domains in the CBK are security and risk management; asset security; security architecture and engineering; communication and network security; identity and access management; security assessment and testing; security operations; and software development security. The exam evaluates expertise across these eight security domains. Passing the exam proves the student has the advanced knowledge and technical skills to effectively design, implement and manage a best-in-class cybersecurity program. The English CISSP Computerized Adaptive Testing exam runs three hours long and consists of 150 questions. Students need a score of 700 out of 1,000 to pass. The certification remains valid for three years. The average salary for CISSPs is $92,639 globally, $120,552 in North America.

Prices

  • Exam: $699
  • Online, instructor-led course: $2,495

Jobs held by CISSPs

  • CIO
  • CISO
  • director of security
  •  IT director/manager
  •  network architect
  •  security analyst
  •  security architect
  •  security auditor
  •  security consultant
  •  security manager
  •  security systems engineer

(ISC)2 Certified Cloud Security Professional (CCSP)

The Certified Cloud Security Professional (CCSP) has become one of the leading cloud security certifications in the industry and is one of the hottest certifications on the market today. The CCSP recognizes IT and information security leaders who have the knowledge and competency to apply best practices to cloud security architecture, design, operations and service orchestration.

To qualify for the CCSP, candidates must pass the exam and have at least five years of cumulative paid work experience in information technology, of which three years must be in information security and one year in one or more of the six domains of the (ISC)² CCSP CBK. Students can substitute the (ISC)² CISSP credential for the entire CCSP experience requirement.

The eight domains in the CCSP CBK are cloud concepts; architecture and design; cloud data security; cloud platform and infrastructure security; cloud application security; cloud security operations; and legal, risk and compliance. The English and Japanese CCSP Computerized Adaptive Testing exam runs three hours and consists of 125 questions. Candidates need a score of 700 out of 1,000 to pass the exam. The certification remains valid for three years. The average salary for CCSP is $80,717 globally, $114,172 in North America.

Prices

Exam: $599

CCSP Online Instructor-Led Training, $2,409.75

CCSP Self-Paced Training, $836.45

Jobs held by CCSPs

  • cloud architect
  • cloud engineer
  • cloud consultant
  • cloud administrator
  • cloud security analyst
  • cloud specialist
  • auditor of cloud computing services
  • professional cloud developer
Most valuable cybersecurity certifications

ISACA Certified Information Security Manager (CISM)

Launched in 2002 by ISACA, CISM attracts professionals with technical expertise and experience in infosec/IT security and control who want to make the move from team member to management. CISM promises to add credibility and confidence to the candidate's interactions with internal and external stakeholders, peers and regulators by dramatically improving security knowledge and skills.

The CISM exam tests IT professionals and validates their expertise and experience in the following domains: information security governance; information risk management; information security program development and management; and information security incident management.

CISM focuses on people already working in IT or infosec in some capacity who want to gain more knowledge to advance their careers. Eligibility for the test requires five or more years of experience in infosec management; experience waivers are available for a maximum of two years only. The exam consists of 150 multiple-choice questions that cover the exam content outline created from the most recent content analysis. Students have up to four hours to complete the exam. CISM certification holders can earn an estimated salary in the U.S. of $137,000 to $148,622. The CISM exam content outline will be updated effective June 1, 2022. Updated preparation material will be available in March 2022.

Prices

  • Exam
  • ISACA member price: $575
  • Nonmember price: $760
  • CISM Review Questions, Answers & Explanations Database (12-month online subscription)
  • Member: $299
  • Nonmember: $399
  • CISM Online Review Course (self-paced)
  • Member: $795
  • Nonmember: $895
  • CISM Review Questions, Answers & Explanations Manual, 9th Edition (Print)-- available in multiple languages
  • Member: $120
  • Nonmember: $156
  • CISM Review Manual, 15th Edition (Print)-- available in print and e-book
  • Member: $105
  • Nonmember: $135

 Jobs held by CISMs

  • CISO
  • CTO
  • head of information security
  • vice president, information security and compliance
  • director of security and compliance
  • senior manager, information security

Demand for cybersecurity pros still outstrips supply

While some news from the (ISC)2 2021 Cybersecurity Workforce study is positive, the industry has a long way to go when it comes to closing the workforce gap.

On the good news front, the study estimated there are 4.19 million cybersecurity professionals worldwide, an increase of more than 700,000 compared to the year before. Despite the growth, however, the study showed global demand for cybersecurity pros continues to outpace supply -- resulting in a cybersecurity workforce gap of 2.72 million. (ISC)2 estimated the global cybersecurity workforce needs to grow 65% to effectively defend the critical assets of existing organizations.

Those looking to advance their security careers or break into the field should be encouraged. The industry continues to need millions of good people who are not afraid of hard work, enjoy problem-solving and can handle the day-to-day pressures of working in a cyber situation.

EC-Council Certified Ethical Hacker (CEH)

A Certified Ethical Hacker (CEH) understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker but in a lawful and legitimate manner to assess a target's security posture. The CEH credential, offered by EC-Council, certifies people in the specific network security discipline of ethical hacking from a vendor-neutral perspective.

The CEH credential was developed to establish and govern minimum credentials standards for professional information security specialists in ethical hacking; to inform the public that these credentialed individuals meet or exceed minimum standards; and to reinforce ethical hacking as a unique and self-regulating profession. Applicants must have two years of provable work experience in the security field to qualify. The exam runs four hours and consists of 125 multiple-choice questions.

Prices

  • Option 1
    • Courseware: $850
  • Option 2
    • Application fee $100
    • Pearson VUE voucher: $1,199
    • ECC exam voucher: $950

Jobs held by CEHs

  • security officer
  • auditor
  • security professional
  • site administrator
  • network infrastructure manager

EC-Council CEH (Practical)

CEH (Practical) consists of a six-hour exam that requires students to demonstrate the application of ethical hacking techniques to solve a security audit challenge. Skills tested include threat vector identification, network scanning, OS detection, vulnerability analysis, system hacking and web app hacking. Students typically take this exam after they have attained the CEH certificate.

Students are given limited time, just like in the real world. The exam was developed by a panel of experienced subject matter experts and includes 20 real-life scenarios with questions designed to validate essential skills required in the ethical hacking domains as outlined in the CEH program. It's not a simulated exam; rather it mimics a real corporate network through the use of live VMs, networks and applications designed to test skills. Students are presented with scenarios and asked to demonstrate the application of the knowledge acquired in the CEH course to find solutions to real-life challenges. Student pass with a score of 70% and above.

CEH (Practical) certificate holders have mastered the following skills:

  • understand attack vectors;
  • perform network scanning to identify live and vulnerable machines in a network;
  • perform OS banner-grabbing, service and user enumeration;
  • perform system hacking, steganography and steganalysis attacks, as well as cover tracks;
  • identify and use viruses, computer worms and malware to exploit systems;
  • perform packet sniffing;
  • conduct a variety of web server and web application attacks, including directory traversal, parameter tampering and cross-site scripting attacks;
  • perform SQL injection attacks;
  • perform different types of cryptography attacks; and
  • perform vulnerability analysis to identify security loopholes in the target organization's network, communication infrastructure, end systems, etc.

Price

  • Exam: $550
  • Fee includes a single CEH (Practical) Aspen Dashboard code. Upon activation, the Aspen Dashboard access lasts for 365 days, which means students can schedule an exam anytime within this time. The dashboard code is valid for one year from date of receipt, which means students have to activate the code within one year or it expires. The fee also includes accommodation of remote proctoring services (booking a slot needs to be completed three days prior the exam date) and the CEH cyber range challenge exam.

Jobs held by CEH (Practical) holders

  • security officer
  • auditor
  • security professional
  • site administrator
  • network infrastructure manager
Cybersecurity workforce

CompTIA PenTest+

Students who have completed CompTIA Security+ and have three to four years of practical experience are good candidates for CompTIA PenTest+. This test assesses the most up-to-date pen testing and vulnerability assessment and management skills required to determine the resiliency of the network against attacks. The test verifies students can plan and scope an assessment; understand legal and compliance requirements; perform vulnerability scanning and pen testing; analyze data; and effectively report and communicate results. The test has a maximum of 85 questions and takes 165 minutes. The passing score is 750 on a scale of 100-900.

Prices

  • Exam voucher: $381
  • Basic Bundle: $549 (includes exam voucher, one test retake and The Official CompTIA PenTest+ Study Guide e-book)
  • Exam Prep Bundle: $699 (includes exam voucher, one test retake, The Official CompTIA PenTest+ Study Guide e-book and a 12-month individual license for CertMaster Practice for PenTest+, a knowledge assessment and certification training companion tool)
  • eLearning Bundle: $949 (includes exam voucher, one test retake and a 12-month individual license for CertMaster Learn for PenTest+)

Jobs held by CompTIA PenTest+ holders

  • penetration tester
  • vulnerability tester
  • security analyst level 2
  • vulnerability assessment analyst
  • network security operations
  • application security vulnerability

Offensive Security Certified Professional (OSCP)

The OSCP certification has become one of the more coveted certificates for hands-on, offensive-minded security professionals. Students must prepare by going through the prep courses and practicing skills in the labs. The OSCP exam has a 23-hour and 45-minute time limit and consists of a hands-on pen test in Offensive Security's isolated VPN network. Candidates receive the exam and connectivity instructions for an isolated network for which they have no prior knowledge or exposure. Points are awarded for each compromised host, based on its difficulty and level of access obtained.

Certified OSCPs can identify existing vulnerabilities and execute organized attacks in a controlled and focused manner. They can use or modify existing exploit code to their advantage, perform network pivoting and data exfiltration, and compromise systems that are poorly configured. Completing the exam demonstrates persistence and determination. OSCPs have also shown they can think outside the box while managing both time and resources.

Prices

Penetration Testing with Kali Linux (PWK)

  • PWK course + 90 days lab access + OSCP exam certification fee: $1,499
  • Learn One Subscription: PWK course + 365 days lab access + 2 OSCP exam attempts fee: $2,499
  • OSCP certification exam retake fee: $249

Jobs held by OSCPs

  • penetration tester
  • security professional
  • network administrator

CSA Certificate of Cloud Security Knowledge (CCSK)

Released in 2011 by CSA, the CCSK course is roughly a 70-30 split between tactical (technical) and strategic (business-driven) subject matter around cloud security. Students must complete the open-book, online exam in 90 minutes. The test consists of 60 multiple-choice questions selected randomly from the CCSK question pool, and students must score at least an 80% to pass. The subject matter covers the 14 domains of the CSA Security Guidance, the Cloud Control Matrix (CCM), and the ENISA Risk Assessment paper.

 In completing the CCSK, students will gain the following benefits:

  • Proven competency in key cloud security issues from an organization that specializes in cloud research;
  • Increased employment opportunities by filling the skills gap for cloud-certified professionals;
  • Demonstrated technical knowledge, skills and abilities to effectively use controls tailored to the cloud; and
  • Ability to establish a baseline of security best practices when dealing with a broad array of responsibilities, from cloud governance to configuring technical security controls.

The CCSK exam body of knowledge includes the CSA Security Guidance v4.0, CSA Cloud Controls Matrix and EU Agency for Cybersecurity Cloud Computing Risk Assessment reports.

Prices

Jobs held by CCSKs

  • cloud administrator
  • cloud, security and enterprise architect
  • cloud and system engineer
  • security administrator
  • cybersecurity analyst
  • compliance manager
  • security consultant
  • CISO

Vendor-specific security certifications

While many security vendors have training programs to comb through, it boils down to the products used by the organization, staff expertise and whether it makes sense to spend the time and money on the training.

Here's a list of some of the leading vendor security certifications with links to course details, pricing and information on the broad range of certifications many of these vendors offer:

Next Steps

Top 10 cybersecurity interview questions -- with answers

Top cybersecurity online courses for 2022

5 essential programming languages for cybersecurity pros

What are common types of cyber attacks and how can enterprises prevent them?

The biggest cybersecurity challenges and how to address them

This was last published in February 2022

Dig Deeper on Careers and certifications

SearchNetworking
SearchCIO
SearchEnterpriseDesktop
SearchCloudComputing
ComputerWeekly.com
Close