IT and Cybersecurity Certifications: What is Right for Me?
For Crest Security Assurance, identifying and hiring potential candidates with the correct level of education and experience is crucial to our success. Crest works with many large government agencies and is tasked with hiring personnel adequate for agency specific positions quite often, so we’ve compiled some of the most frequently asked for certification ranging from entry to advanced level, to give cybersecurity professionals a look into what employers are looking for when considering certifications and candidates.
Entry Level Certifications:
Certified Ethical Hacker (CEH)
The Certified Ethical Hacker (CEH) certification is designed for those who want to become familiar with hacker practices and tools but are morally unable to participate in malicious hacking, requiring a strong ethical will. It is a certification that tells employers you are familiar with the ins and outs of potential malicious hackers and how they act when breaching secure systems. This teaches you to search and identify vulnerabilities and exploit those vulnerabilities with the same tools a hacker would be familiar with and considered a must have for anyone looking to get into preventive cybersecurity measures. This is an entry-level certification. It is a 125 question multiple choice test with the allotted exam time of 4 hours. You must get 70% of the given content correct in order to pass this exam. This is not a test you can simply walk into without knowing your stuff, so prior knowledge/employment in the cybersecurity field or an intensive course relating to the exam is recommended.
Requirements:
Must be over 18
Cost:
The CEH can range in price depending on how much experience/training you have had previously. If you are looking to simply take the exam you have to pay a nonrefundable $100 application fee and after you have been approved and provided the proper paperwork you will have to purchase the actual exam voucher which on average costs about $1,200.
Now if you are looking to take a training course along with this certification test, It's going to be slightly more expensive with a price tag of about $1,900. This includes the skills you must know in order to pass the exam (offensive and defensive hacker practices) and a voucher for the exam. They also have live courses available (as opposed to the online training) which costs quite a bit more, ranging upwards of $2,900.
There also is an annual membership fee of $85
Upkeep:
In order to maintain the CEH you will have to complete a total of 120 ECE (EC-Council Continuation Education) credits within a three year period (this means if you were to divide the credits by year you would be doing about 40 credits a year). You can earn these credits by attending conferences, writing research papers, teaching training classes (in cybersecurity of course!), reading materials of related subject matter, and attending webinars
The tasks range in credit but you can always just retake the CEH exam every 3 years as you will receive 120 credits automatically. Many of the higher credit tasks can cost a substantial amount so just retaking the cert could be in your financial interest.
Lower credits:
taking education course (1)
Attending conference or event (1)
Completing EC-Council writing item (3)
Reading an information security related book/article/case study (5)
Midrange credits:
Identifying a new vulnerability (10)
Receiving higher education (15 credits per semester)
Authoring article/book chapter/case study(20)
EC-Council Exam Survey (20)
Higher credits:
EC-Council Job Task Analysis Survey (40)
Authoring course/module (40)
Alternate certification in cybersecurity (40)
EC-Council Standard Setting - 60 credits
EC-Council Beta Exam Testing - 80 credits
EC-Council Review Board - 80 credits
Authoring Book - 100 credits
CompTIA Security+
The CompTIA security+ certification is much like the CEH in that it is an entry-level certification that proves to employers that you have the baseline knowledge and skill any cybersecurity/information security specialist should be privy to. This certification covers topics such as identifying vulnerabilities, threats, and attacks, implementation of management and access control in systems, identifying common tools and techniques that address potential security issues, risk management (cybersecurity policy and action plans), understanding application development/deployment, understanding basic concepts in cryptography and public key infrastructure. This certification is offered by the Computing Technology Industry Association (CompTIA). There are a total of 90 questions on this exam with the allotted test time of 90 minutes. This also includes a performance based section where you will work hands-on with real world problems in a virtual or simulated environment. In order to pass you must score a minimum of 750 out of 900 possible points.
Requirements:
There are no set requirements for taking this exam, however CompTIA does recommend having at least two years experience in the cybersecurity field and having already completed the CompTIA Network+ certification before choosing to take the exam.
Cost:
This certification’s cost is on the cheaper side costing only about $370
Upkeep:
Like with most certifications the lifespan of the CompTIA Security+ is 3 years, requiring a minimum of 50 CEU (Continuing Education Units) to renew this certification. It can also be automatically renewed if you were to renew another CompTIA certification and/or complete a higher level certification test from the same organization.
There are quite a few training programs you can take that are approved by CompTIA that can aid to your renewal, since no less than 50% of the renewal tasks must be aligned to the content tested in the CompTIA Security+ exam, this may be the easiest option for you
Vendors such as:
Amazon (2 courses)
Apple (4 courses)
Brocade (1)
CIsco (10)
EC-Council (12)
IBM (13)
Microsoft (10)
McAfee (28)
SANS (68)
There are plenty more vendors on the approved list that offer a few courses and of course you are welcome to take any course from any vendor as long as it meets the necessary requirement for content.
You can also aid in renewal by being and active member of the IT Association ( up to 6 CEUs per 3 years), attending a conference or webinar ( 1 CEU per 1 hour with a limit of 10 CEU hours over 3 years), completing a college course worth 3-4 credits can earn you 10CEUs with a maximum of 40CEUs over a 3 year period.
An quick renewal can also be accomplished with taking the CompTIA Exam Development Workshop as a subject matter expert, gaining the instant require 50 CEUs
Intermediate Level Certifications
Certified Information Systems Security Professional (CISSP)
The Certified Information Systems Security Professional (CISSP) certification is one of the most common certifications for an IT security professional to obtain covering a range of topics from engineering to managing information security programs. This certification is administered by the International Information System Security Certification Consortium (ISC)^2 and is considered an intermediate-level certification due to its level of requirements but is also a standard certification to let employers know the level of understanding and capability you bring to the cybersecurity and iT security field. The exam is between 125-175 multiple choice computerized adaptive test questions with an allotted test time of 4 hours. In order to pass you must obtain a 700 out of a possible 1000 points.
Cost:
$749
Requirements:
There is a required minimum of five years full time experience in the information security field with at least two of those years having to pertain to the CISSP Common Body of Knowledge (CBK). One year of experience is waived if you have earned a four year degree or a credential (alternative certs) from the approved (ISC)^2 list. You don’t have to have gained all full time experience in a consecutive 5 years however, since the experience will still be counted as cumulative.
If you do not have the required experience level but still want to take the exam, you may become an Associate of (ISC)^2 by taking and passing the exam, this means you will have an allotted time of six years to gain the required amount of experience and be fully recognized as achieving the CISSP certification.
Lastly you will need a recommendation from an active member and certified professional of the (ISC)^2. You will have to get this recommendation no later than 9 months after you have passed your exam or else a retake is necessary.
Upkeep:
The CISSP certification cycle lasts 3 years, requiring a completion of 120 CPE credits or retake of the exam for renewal. A minimum of 40 CPE is required per year and members ($125) and associates ($50) must pay a yearly fee. You must also uphold the (ISC)^2 Code of Ethics to maintain the certificaton’s validity and renewal. You can find a list of recommended tasks and their weight here.
CompTIA PenTest+
The CompTIA PenTest+ is an intermediate level certification that is for those cybersecurity professionals looking to hone their skills on penetration testing and vulnerability assessments in critical security systems. The content of this exam revolves around planning and scoping, information gathering and vulnerability identification, understanding and administering attacks and exploits, identification and use of common penetration testing tools, and reporting findings from penetration testing and vulnerability assessments to the patron. This exam is administered by the Computing Technology Industry Association ( CompTIA). This certification exam is a 85 question test with multiple choice, drag and drop, and performance based questions involving simulated environments. The allotted test time is 165 minutes and in order to pass the exam you must score a 750 on a scale of 100-900.
Cost:
$381
Requirements:
There are no specific requirements to take the CompTIA PenTest+ exam, however it is recommended that the applicant have at least taken the CompTIA Network+ or CompTIA Security+ certification or have an equivalent knowledge to take the exam. A minimum of 3-4 years hand-on experience in the information security sector will be helpful as well.
Upkeep:
The CompTIA PenTest+ certification, like most, has a three year validity and requires a completion of 60 CEUs to be renewed, but there are various fairly easy ways of accomplishing this.
You can renew this certification by taking one of the many approved training courses giving you an instant 60 CEUs such as the CertMaster CE. You can also take a certification of higher caliber and receive the 60 CEUs where that be with CompTIA or another nationally recognized certification administration. Since this certification is on the cheaper side as certs go, renewal can also be done by simply retaking the CompTIA PenTest+ certification after the three year cycle has expired. The tasks approved for renewal of the certification are in alignment with all the other CompTIA certifications listed above.
Advanced Level Certifications
Certified Information Security Manager (CISM)
Administered by ISACA, the CISM (Certified Information Security Manager) certification is for those who are looking to prove their credibility as manager of information security for a business/program. It includes understanding and testing on knowledge involving information risk management, information security management, information security program development, and information security incident management. It is a 150 question multiple choice exam with a score range of 200-800, a passing score for this exam is a 450 or higher. This is considered an advanced-level certification
Cost:
The cost of the exam by itself is $760 but if you choose to participate in online or live training courses that number could go up significantly
Requirements:
Must have 5 or more years of verified experience in the information security field with a minimum of 3 years experience in infosec management or working with CISM content
Experience must have been from no longer than 10 year previous to application date
Upkeep:
Must sustain proficiency in the knowledge and practices required of the Infosec field
Must complete a minimum 20 hours of CPE yearly
Must complete 120 hours of CPE in a three year period
Must uphold the standards of the ISACA’s Code of Professional Ethics
Must pay the annual maintenance fee ($45 for members $85 for non members)
The tasks involved with maintaining the CISM are very similar to those of the CEH, however the reporting is slightly different where the CISM CPE is reported in hours instead of credits, therefore each task has a corresponding number of hours you can earn for completion (for example any 50 minute continuous CISM relevant activity counts as 1 CPE credit hour)
CompTIA Advanced Security Practitioner (CASP)
The CompTIA Advanced Security Practitioner (CASP) certification is an advanced level certification taking the skills learned in the CompTIA Security+ certification into a deeper and more complex knowledge of architecture, management, and engineering within a traditional, cloud, or hybrid system. There is a 90 question multiple choice and performance based section of this exam, with the total allotted test time of 165 minutes. There is no specific score you must get on the exam to pass, this certification is pass/fail
Cost:
$485
Requirements:
There are no mandatory requirements to take the CASP+ exam however it is recommended by CompTIA that you have a minimum of 10 years of experience in IT administration with five of those years pertaining to hands on technical security experience
Upkeep:
In order to renew the CASP+ certification you must complete a total of 75 CEUs over the span of the year active period. The tasks you can complete to accomplish this is essentially the same as the CompTIA Security+ tasks listed above.
