Cybersecurity (sometimes called computer security or information security) is the practice of protecting computers and networks from theft, damage, or unauthorized access.
As our interconnectivity increases, so do the opportunities for bad actors to steal, damage, or disrupt. A rise in cybercrime has fueled a demand for cybersecurity professionals. Job outlook is expected to grow by more than 30 percent between 2019 and 2029 [1].
While most cybersecurity professionals have at least a bachelor’s degree in computer science, many companies prefer candidates who also have a certification to validate knowledge of best practices. There are literally hundreds of certifications available, from general to vendor-specific, entry-level to advanced.
Before you spend your money and time on a certification, It’s important to find one that will give you a competitive advantage in your career.
We performed a search for 306 different cybersecurity certifications on three popular job boards, LinkedIn, Indeed, and Simply Hired. These 10 certifications appeared in the greatest number of total job listings in the United States (as of December 2020), suggesting that these are the certifications companies are actively hiring for.
Certification | Indeed | Simply Hired | Total | |
---|---|---|---|---|
CISSP | 30,857 | 11,630 | 7,756 | 50,243 |
CISA | 7,262 | 5,432 | 3,485 | 16,179 |
CISM | 5,173 | 3,779 | 2,488 | 11,440 |
CEH | 4,179 | 2,717 | 1,858 | 8,754 |
Security+ | 3,618 | 2,933 | 2,202 | 8,753 |
GSEC | 3,039 | 1,873 | 1,521 | 6,433 |
SSCP | 2,908 | 1,850 | 1,490 | 6,248 |
CCSK | 5,466 | 264 | 151 | 5,881 |
CCNA Security | 2,879 | 1,566 | 1,034 | 5,479 |
CASP | 2,342 | 1,556 | 1,208 | 5,106 |
Number of US job search results for each certification when searched on December 22, 2020
The CISSP certification from the cybersecurity professional organization (ISC)² ranks among the most sought-after credentials in the industry. Earning your CISSP demonstrates that you’re experienced in IT security and capable of designing, implementing, and monitoring a cybersecurity program.
This advanced certification is for experienced security professionals looking to advance their careers in roles like:
Chief information security officer
Security administrator
IT security engineer
Senior security consultant
Information assurance analyst
Requirements: To qualify to take the CISSP exam, you’ll need five or more years of cumulative work experience in at least two of eight cybersecurity domains. These include Security and Risk Management, Asset Security, Security Architecture and Engineering, Communication and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations, and Software Development Security.
A four-year degree in computer science satisfies one year of the work requirement. Part-time work and paid internships also count.
Cost (US): $749
Next steps: After you’ve become a CISSP, you can build upon the credential with three additional specialized credentials: information systems security architecture (ISSAP), information systems security engineering (ISSEP), and information systems security management (ISSMP).
This credential from IT professional association ISACA helps demonstrate your expertise in assessing security vulnerabilities, designing and implementing controls, and reporting on compliance. It’s among the most recognized certifications for careers in cybersecurity auditing.
The CISA is designed for entry to mid-level IT professionals looking to advance into jobs like:
IT audit manager
Cybersecurity auditor
Information security analyst
IT security engineer
IT project manager
Compliance program manager
Requirements: You need at least five years of experience in IT or IS audit, control, security, or assurance. A two or four-year degree can be substituted for one or two years of experience, respectively.
Cost: $575 for members, $760 for non-members
Get started with Coursera: Learn the fundamentals of information systems auditing with the Information Systems Auditing, Controls and Assurance course—a good starting point if you plan to pursue the CISA.
The CISM certification, also from ISACA, validates your expertise in the management side of information security, including topics like governance, program development, and program, incident, and risk management.
If you’re looking to pivot from the technical to the managerial side of cybersecurity, earning your CISM could be a good choice. Jobs that use the CISM include:
IT manager
Information systems security officer
Information risk consultant
Director of information security
Security services manager
Data governance manager
Requirements: To take the CISM exam, you need at least five years of experience in information security management. Satisfy up to two years of this requirement with general information security experience. You can also waive one or two years with another certification in good standing or a graduate degree in an information security-related field.
Cost: $575 for members, $760 for non-members
Get started with Coursera: Get a head start toward building your managerial skills in cybersecurity by completing the Managing Cybersecurity Specialization.
Ethical hacking, also known as white hat hacking or penetration testing, involves lawfully hacking organizations to try and uncover vulnerabilities before malicious players do. The EC-Council offers the CEH Certified Ethical Hacker certification that demonstrates skills in penetration testing, attack detection, vectors, and prevention.
The CEH certification helps you to think like a hacker and take a more proactive approach to cybersecurity. Consider this certification for jobs like:
Penetration tester
Cyber incident analyst
Threat intelligence analyst
Defense assessment analyst
Cloud security architect
Cybersecurity engineer
Requirements: You can take the CEH exam if you have two years of work experience in information security or if you complete an official EC-Council training.
Cost: $950 to $1,199, depending on testing location
Next steps: Once you’re a Certified Ethical Hacker, you can go on to earn your CEH Practical and CEH Master certifications.
CompTIA Security+ is an entry-level security certification that validates the core skills needed in any cybersecurity role. This certification is designed to demonstrate your ability to assess the security of an organization, monitor and secure cloud, mobile, and internet of things (IoT) environments, understand laws and regulations related to risk and compliance, and identify and respond to security incidents.
Earning your Security+ certification can help you in roles such as:
Systems administrator
Helpdesk manager
Security engineer
Network or cloud engineer
Security administrator
IT auditor
Software developer
Requirements: While there are no strict requirements for taking the Security+ exam, you’re encouraged to earn your Network+ certification first and gain at least two years of IT experience with a security focus.
Cost: $370
Next steps: CompTIA offers three additional certifications geared toward cybersecurity professionals: Cybersecurity Analyst, Advanced Security Practitioner, and PenTest+.
This certification from the Global Information Assurance Certification (GIAC) is an entry-level security credential for those with some background in information systems and networking. Earning this credential validates your skills in security tasks like active defense, network security, cryptography, incident response, and cloud security.
Consider taking the GSEC exam if you have some background in IT and wish to move into cybersecurity. Job roles that use the skills demonstrated by the GSEC include:
IT security manager
Forensic analyst
Penetration tester
Security administrator
IT auditor
Data compliance lead
Software development engineer
Requirements: There are no specific requirements to take the GSEC exam. Set yourself up for success by gaining some information systems or computer networking experience first.
Cost: $2,499 (includes two practice tests)
Next steps: GIAC offers specialized certifications in Cyber Defense, Offensive Operations, Digital Forensics, Cloud Security, Industrial Control Systems, and Management and Leadership. The GIAC Security Expert is the highest level you can achieve through GIAC.
This advanced security credential from (ISC)² shows employers that you have the skills to design, implement, and monitor a secure IT infrastructure. The exam tests expertise in access controls, risk identification and analysis, security administration, incident response, cryptography, and network, communications, systems, and application security.
The SSCP is designed for IT professionals working hands-on with an organization’s security systems or assets. This credential is appropriate for positions like:
Network security engineer
Systems administrator
Systems engineer
Security analyst
Database administrator
Security consultant
Requirements: Candidates for the SSCP need at least one year of paid work experience in one or more of the testing areas. This can also be satisfied with a bachelor’s or master’s degree in a cybersecurity-related program.
Cost: $249
Next steps: Many cybersecurity professionals use the SSCP as a stepping stone toward earning the higher-level CISSP credential.
Get started with Coursera: Prepare to sit the SSCP exam with the (ISC)² Systems Security Certified Practitioner (SSCP) Specialization through Coursera. Work through the six courses at your own pace as you gain confidence to sit and pass the exam.
The CCSK from the Cloud Security Alliance ranks among the most widely recognized cloud security credentials. Topics covered include cloud architecture, governance, risk management, infrastructure security, data security and encryption, incident response, and security as a service, among others.
The CCSK is intended as an entry-level certificate for IT professionals looking to specialize in cloud security. Jobs that call for a CCSK include:
Security architect
Cloud security consultant
Cloud security engineer
IT security analyst
Lead solutions architect
Risk and compliance engineer
Requirements: While there are no experience requirements for taking the CCSK test, you’re encouraged to familiarize yourself with the CSA Guidance, CSA Cloud Control Matrix, and the ENISA report.
Cost: $395 (includes two exam attempts)
Next steps: After earning this vendor-neutral certificate, consider pursuing credentials specific to cloud-based platforms like Okta, Amazon Web Services (AWS), Google, or Microsoft Azure.
Get started with Coursera: Boost your cloud security skills with the Google Cloud Security Professional Certificate.
Earning the CCNP Security certification demonstrates your proficiency with security solutions. Candidates can customize this credential by taking one exam on core security technologies and another on a chosen concentration.
The CCNP Security certification program is designed for working security professionals looking to advance their careers in security technology. This is a good option for jobs like:
Application security engineer
Network analyst
Senior network architect
Network operations manager
Information assurance expert
Threat intelligence analyst
Requirements: While there are no formal prerequisites to take this intermediate-level exam, it’s a good idea to have a year of cybersecurity experience with Cisco solutions first.
Cost: $400 for core test and $300 for concentration exam
Next steps: Once you’ve earned the professional-level CCNP Security certification, you can go on to earn the expert-level Cisco Certified Internetwork Expert Security (CCIE Security) credential.
The CASP+ is designed for cybersecurity professionals who demonstrate advanced skills but want to continue working in technology (as opposed to management). The exam covers advanced topics like enterprise security domain, risk analysis, software vulnerability, securing cloud and virtualization technologies, and cryptographic techniques.
The CASP+ can open up opportunities for advanced roles in architecture, risk management, and enterprise security integration. Possible job titles include:
Security architect
Security engineer
Application security engineer
Technical lead analyst
Vulnerability analyst
Requirements: There’s not a formal prerequisite for taking the CASP+ exam. CompTIA recommends it only for experienced cybersecurity professionals with at least ten years of IT administration experience (including five years of broad hands-on experience with security).
Cost: $466
Earning a certification in cybersecurity can validate your hard-earned skills and help you advance your career. Here are some things to consider when choosing which certification is right for you.
Your level of experience: Start with a certification that matches your current skill set. Invest in a certification you know you can achieve, and use it to advance toward more challenging certifications later in your career.
Cost: Getting certified typically costs several hundred dollars (or more), plus the additional fees to maintain it. The right certification can open up better job prospects or higher salaries, but it’s important to invest wisely.
Tip: Some universities and employers will help pay for your certification, so it’s always a good idea to ask first.
Area of focus: If you’re just getting started in cybersecurity or want to move into a managerial role, a more general certification might be a good choice. As you advance in your career, you might decide to specialize. A certification in your concentration area can validate your skills to potential employers.
Potential employers: Check some job listings of employers you may want to work for (or job titles you plan to apply for) to see what certifications are commonly required.
Many of the most coveted certifications require (or at least recommend) some previous experience in cybersecurity or IT. If your career goals include a job in this in-demand industry, there are some steps you can take now to start gaining the experience you need.
While you don’t need a degree to enjoy a successful career in cybersecurity, it can help you build a strong foundation. Many of the most prestigious certifications will waive some of the work experience requirements if you’ve earned a bachelor’s or master’s degree in computer science or a related field.
The University of Pennsylvania offers an Ivy League Master of Computer and Information Technology degree designed especially for students without a computer science background. Try a course before you apply to see if this program is a good fit.
Hands-on experience is often the most effective way to prepare for certification exams. Start accumulating work experience with an entry-level role as a cybersecurity analyst. Many cybersecurity professionals start off in more general IT roles.
Enhance your resume and make yourself more attractive to hiring managers with a certification that doesn’t require previous experience.
Entry-level IT certification options include lower-level credentials from some of the companies listed above. You can also build job-ready skills with no previous experience with the Google IT Support Professional Certificate and IBM Cybersecurity Analyst Professional Certificate through Coursera.
The length of time you’ll need to prepare for a certification exam will depend on what you already know and what you’ll need to learn. Preparing could take anywhere from a week to several months (assuming you meet the work prerequisites).
You probably won’t need to know how to code for most entry-level cybersecurity jobs. The ability to read and understand code becomes increasingly helpful as you advance in the field. Some programming languages you might consider learning include JavaScript, HTML, Python, C, and C++.
If you’re interested in computers, networks, and how they work, a career in cybersecurity could be a good fit for you. Jobs in the field tend to be in-demand and high-paying. The median salary for an information security analyst, for example, is $99,730 per year [2].
The skills, practices, and technologies you’ll use as a cybersecurity professional will continue to evolve along with computer and network technology. The desire to learn, ability to problem solve, and attention to detail will serve you well in this field.
1. US Bureau of Labor Statistics. "Information Security Analysts, https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm." Accessed March 25, 2021.
2. US Bureau of Labor Statistics. "Information Security Analysts, https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm." Accessed March 25, 2021.