The field of cybersecurity is one of the hottest tickets in IT, with a 28 percent growth rate projected between 2016 and 2026. With such popularity comes no shortage of certification vendors seeking to convince aspiring security professionals that their credential is the best one to speed them on their way to the next step in their security career ladder.
Even though choices for security certifications are plentiful, choosing the right one for you does not have to be overwhelming. Choosing the right certification really depends on the answers to a few basic questions.
- First, ask yourself what type of certification you need. Are you looking for an entry-level credential or are you already a cybersecurity ninja?
- Second, be certain to take a close look at your current skills, education and certifications. For many certifications, especially the more advanced credentials, you are required to have particular skills or experience before attempting the certification exam.
- Finally, what type of investment (in both time and money) are you willing to make in training, experience, continuing education and ongoing maintenance? Lower level credentials often have fewer requirements and the exams can be less costly than those for more senior credentials.
Here, we’ll take a closer look at several popular cybersecurity certifications, including what skills they validate and what’s needed to maintain the credential. At the end, you’ll find a table summarizing our findings to help you easily select the certification that most closely aligns to where you are now and where you want to be in the future. Note that all of the certifications discussed here require a single exam.
The CompTIA Security+ certification is often the first cybersecurity credential that many IT professionals obtain. To earn this vendor-neutral, entry-level certification, candidates must demonstrate basic cybersecurity knowledge and perform basic security tasks, including configuring, managing and troubleshooting networks. They must also possess the skills necessary to identify threats, detect intrusions and conduct penetration testing, and be well-versed in risk management and mitigation. CompTIA recommends candidates have the Network+ credential and two years of experience in IT administration with a security focus.
This Security+ certification is ideal for anyone just starting their career as a cybersecurity professional. It is valid for three years, and 50 continuing education (CE) credits are required to renew.
Systems Security Certified Practitioner (SSCP) vs. Security+ Certification
The Systems Security Certified Practitioner (SSCP) certification from (ISC)2 is a globally recognized security certification that targets IT professionals in roles such as network security engineer, system administrator, system engineer, security analyst, consultant, database administrator, and system or network analyst. SSCPs possess advanced security administration and operations skills. Successful candidates work in hands-on security roles and recommend and implement cybersecurity best practices, procedures and policies, as well as administer, monitor and implement secure IT infrastructures.
To earn the credential, candidates must pass the SSCP exam and have at least one year of full-time paid experience in one or more of the seven SSCP domains (Access Controls, Security Operations and Administration, Risk Identification, Monitoring and Analysis, Incident Response and Recovery, Cryptography, Network and Communications Security, and Systems and Application Security). The credential is valid for three years; 60 continuing professional education (CPE) credits and an annual maintenance fee of $65 are required to maintain the certification.
While the Security+ and SSCP are both excellent credentials, they are geared to different audiences. Security+ targets entry-level security practitioners who often work in roles such as information security analyst. The SSCP, on the other hand, is geared to IT professionals with more advanced skills in security operations and administration.
Certified Information Systems Security Professional (CISSP) vs. Security+ Certification
Another excellent certification from (ISC)2 is its Certified Systems Security Professional (CISSP) credential. The CISSP certification is a premier, advanced cyber security credential for professionals who are at the pinnacle of their careers. Not only is the CISSP globally recognized, but the financial rewards for credential holders are substantial. According to the Global Knowledge 2018 IT Skills and Salary Report, the CISSP is the number one ranked certification in terms of earning potential.
The CISSP targets seasoned professionals in senior roles such as security director, IT director, IT manager, chief information officer (CIO), chief information security officer (CISO), network architect, security systems engineer, security manager, security analyst, auditor and security architect. CISSPs design, implement and manage cybersecurity solutions. A single CISSP exam is required, along with a minimum of 5 years of paid work experience. The cert is good for three years; to maintain the credential, you must earn 120 CPEs and pay an annual maintenance fee of $85.
In terms of how the CISSP and Security+ stack up against each other, there really is no comparison. The CISSP is an expert-level credential focused on experienced security practitioners who work in senior security leadership roles. Security+ is geared to security professionals beginning their careers and often serves as the foundation to more advanced roles and credentials.
GIAC Security Essentials (GSEC) vs. Security+ Certification
A leader in cybersecurity certifications, GIAC offers more than 30 credentials across six focus areas: penetration testing, management and leadership, development, digital forensics and incident response, industrial control systems (ISC), and cyber defense. Part of GIAC’s cyber defense certification portfolio, the GIAC Security Essentials (GSEC) is an intermediate-level credential targeting IT professionals who are able to perform practical, hands-on security tasks. To earn the credential, candidates must pass a rigorous five-hour exam. The credential can be renewed every four years by earning 36 CPEs and paying a $429 renewal fee.
Comparing the exam requirements for the GSEC and Security+ makes it clear why GSEC is considered an intermediate-level credential. The GSEC builds on the types of skills you would expect to gain through the Security+ credential but takes a deeper dive into the knowledge and skill base. GSEC also covers areas (such as Linux security and services) that are not listed among the Security+ topics. The GSEC would be an excellent credential to test for once you have earned the Security+.
Cisco Certified Network Associate – Security (CCNA Security) vs. Security+ Certification
The Cisco Certified Network Associate Security (CCNA Security) is an entry-level security credential specific to Cisco networks. The CCNA Security targets candidates who develop and secure Cisco security infrastructures, install, monitor and troubleshoot Cisco network devices, and recognize and mitigate cybersecurity risks. Candidates must possess either the Cisco Certified Entry Networking Technician (CCENT) credential, the CCNA Routing and Switching credential, or any Cisco Certified Internetwork Expert (CCIE) credential and pass a single exam focused on implementing Cisco network security. The certification is valid for three years; to renew it, certification holders must pass an exam from an approved list.
Of all the credentials examined in this article, the CCNA Security is the closest to the Security+ certification in terms of expected skill level. Both credentials target professionals who are early in their careers and typically work in junior-level roles. One major difference between the two credentials is Security+ is vendor neutral while CCNA Security is focused on Cisco systems. If you work with Cisco technology, then you should consider the CCNA Security credential. If your focus is broader, then go with the Security+ cert.
Security+ Certification vs. CEH (Certified Ethical Hacker ANSI)
Part of the EC-Council’s core program, the Certified Ethical Hacker (CEH) certification is designed for cybersecurity practitioners with advanced technical skills. CEH credential holders are well-versed in the techniques and tools used by hackers to cause harm. Rather than use their skills for malicious purposes, CEH holders work to beat hackers at their own game by looking for system vulnerabilities and other network system weaknesses. While not required, the official CEH training is highly recommended; it covers over 340 common cyberattack technologies and methods.
There are two paths to earning the CEH. Candidates who attend CEH training can take the CEH exam without going through the application process. Those who choose not to attend training must have at least two years of experience and submit an application package that verifies that work experience; when their applications are approved, candidates are sent an exam voucher code that allows them to attempt the exam. Once candidates obtain the CEH basic credential, they are eligible to test for the CEH Practical credential.
As with the CISSP, the CEH targets a different audience than the Security+. Not only is CEH an expert-level credential for those who possess superior technical skills, it specifically targets security professionals working with ethical hacking. As we have seen, the Security+ is geared to junior-level security team members with basic technical skills.
Regardless of where you are in your career path, there is a security certification that’s right for you. If you’re seeking a credential to help you establish yourself as a cybersecurity professional, then take a close look at the CompTIA Security+. As a vendor-neutral credential, Security+ provides a broad base of knowledge suitable to multiple environments. The CCNA Security is also an early-level credential but is geared to Cisco systems and is therefore best suited to Cisco security professionals. The GSEC and SSCP are appropriate for those who have put in some time in the saddle working with cybersecurity. Of course, cybersecurity experts with a hacking focus should take the CEH, while those at the top of their career need look no further than the CISSP.
Good luck on your certification journey!
Facts at a Glance
|Certification||Number of Exams||Exam Fee||Experience Level||Prerequisites||Maintenance|
|CompTIA Security+||1||$339||Entry||None, but Network+ and 2 years of experience in IT administration with security focus are recommended||Valid for 3 years; 50 CE credits required for renewal|
|SSCP||1||$249||Advanced||1 year of full-time paid experience||Valid for 3 years; renewal requires 60 CPEs plus a $65 annual fee|
|CISSP||1||$699||Expert||5 years of experience||Valid for 3 years; renewal requires 120 CPEs plus an $85 annual fee|
|GSEC||1||$1,899||Intermediate||None||Valid for 4 years; renewal requires 36 CPEs and a $429 fee|
|CCNA Security||1||$300||Entry||Cisco CCENT, CCNA Routing and Switching, or any CCIE certification||Valid for 3 years; must pass one exam to recertify|
|CEH (ANSI)||1||$1,199 (ANSI exam)||Expert||None, but training is highly recommended||Valid for 3 years; 120 CPEs required to renew|