8 Best Cybersecurity Certifications
Although the demand for cybersecurity professionals is high, you are not necessarily guaranteed a job in the field just because you have a degree. For this reason, it is important to consider obtaining some professional certifications to help bolster your resume. Certifications look great to employers, as they prove that you are not only proficient in your field, but also driven to succeed.
These certifications are not only for employers, however, as many of them teach on-the-job skills that are often not covered on a lot of degree programs. This makes them especially appealing if you don’t have a strong background in cybersecurity, as they offer a pathway into the field that doesn’t require heavy investment in a second degree.
Top Cybersecurity Certifications
| Certification | Topics | Support | Price |
|---|---|---|---|
| CompTIA Security+ |
|
| Exam: $339 Basic bundle: $499 Exam prep bundle: $649 eLearning bundle: $899 |
| EC-Council: CEH (Certified Ethical Hacker) |
|
|
Application fee: $100 |
| EC-Council: ECSA (Certified Security Analyst) |
|
|
Exam: $999 Course material: $899 Application fee: $100 |
| (ISC)2: CISSP (Certified Information Systems Security Professional) |
|
| Exam: $699 |
| ISACA: CRISC (Certified in Risk and Information Systems Control) |
|
| Exam: $575 (Members), $760 (Non-members |
| (ISC)2: CCSP (Certified Cloud Security Professional) |
|
| Exam: $599 |
| EC-Council: CHFI (Computer Hacking Forensic Investigator) |
|
|
Exam: $650 Application fee: $100 |
| GXPN (GIAC Exploit Researcher & Advanced Penetration Tester) |
|
| Exam + practice tests: $1999 |
1. CompTIA Security+
| Topics | Support | Exam Details | Cost |
|---|---|---|---|
|
|
Duration: 90 minutes Number of questions: 90 Passing percentage: 83% |
Exam: $339 Basic bundle: $499 Exam prep bundle: $649 eLearning bundle: $899 |
The CompTIA Security+ certification is seen by many as one of the first certifications a cybersecurity professional should obtain once they graduate from university. The reason for this is because, unlike some of the other options on this guide, the Security+ certification is a lot more general in its approach. This means it provides a foundation of knowledge that you can then build on as you progress throughout your career, as opposed to a particular set of skills that can only be used for a specific purpose.
Topics
The Security+ certification is primarily aimed at security analysts, giving you knowledge and experience in identifying security threats, designing and implementing security architecture, risk management, and identity and access management. Less specific topics, such as cryptography, are also covered.
This means that despite the certifications focus on teaching relevant security analyst skills; it also works well as a general cybersecurity certification. This is great if you are unsure exactly which direction you want to go in, as it allows you to dip your feet into a number of different topics. However, it could be an issue if you are looking to learn a more specific set of skills, such as penetration testing, or anything forensics based.
Support
One of the best things about this certification is the fact that it offers so much support to aid you as you complete its various modules in preparation for the exam. The support you get will entirely depend on the package you buy, but the fact that you can tailor your preparation to suit your needs is a huge benefit, especially if you tend to struggle with revision and exams.
The certifications online support, in particular, is some of the best we’ve seen, offering video training, interactive labs, and various other learning material. There is also a feature called CertMaster Practice, which assesses your knowledge and exam readiness.
Once you have been assessed, CertMaster Practice can also help you fill knowledge gaps in weaker areas. This makes the tool both useful and versatile, allowing you to use your preparation time more efficiently by focusing only on what you need to.
Exam Details
The exam lasts 90 minutes, making it shorter than the others in this guide by some margin. The reason for this, however, is likely due to the fact that the certification doesn’t cover as many topics as some of the others, making it slightly less comprehensive.
The exam consists of 90 multiple-choice questions, giving you an average of one minute to complete each question. This might not seem like a lot of time, but considering most certification exams consist of 100 questions or more, it could be a lot worse.
To pass the exam, you will need to answer at least 83% of the questions correctly. This is a slightly higher percentage than what you will find on most other certifications and a massive increase from the minimum pass percentages of most university exams.
Cost
The exam itself costs $339, which is pretty reasonable compared to a lot of the others in this guide. However, if you are looking to get the full preparation bundle, which is recommended to ensure the best chances of passing the exam, you will need to invest $899.
If you are already employed, you may be able to get this subsidized by your employer. However, if not, you may be able to get funding through some sort of graduate program.
Link to certification: https://www.comptia.org/certifications/security
2. EC-Council: CEH (Certified Ethical Hacker)
| Topics | Support | Exam Details | Cost |
|---|---|---|---|
|
|
Duration: 4 hours Number of questions: 125 Passing percentage: 60% to 85% |
Exam: $500 Application fee: $100 |
The CEH certification is a desirable addition to any cybersecurity professional’s resume. Not only does it teach valuable on-the-job skills, but it is also one of the most highly recognized certifications in the industry, making it somewhat of a must-have, especially for penetration testers and ethical hackers.
Topics
The CEH certification focuses on teaching a number of different penetration testing skills such as reconnaissance, network scanning, system and server hacking, and SQL injection. There are also modules on social engineering, denial-of-service attacks, and Honeypots, allowing you to establish a core set of ethical hacking skills.
The certification also teaches more modern hacking techniques related to the Internet of Things and cloud computing. This is great to see, as it shows that EC-Council is making sure to keep the material relevant to the modern-day workplace, making the certification a worthwhile investment from a training perspective.
Support
The support available for the CEH certification isn’t as extensive as what is being offered with the Security+ certification, for example, but you do get access to an online training facility, as well as a training partner. You can also purchase a complete CEH textbook if you think it will help you.
Unofficial support may also be available elsewhere online. However, we recommend sticking to official material as much as possible, as this will ensure you are covering all of the essential areas of the exam.
Exam Details
The exam lasts 4 hours, which might seem excessive. However, the reason for this is because of how much material is covered. Having such a lengthy amount of time is also beneficial if you aren’t the type of person who powers though exams, as it means you can spend a decent amount of time on each question.
There are a total of 125 questions on the exam, which gives you just under 2 minutes to answer each question. This amount of time probably won’t be needed for every question, but it is nice to have it in reserve if you get stuck.
The pass percentage for the exam varies, but based on past papers, a score of 60% to 85% should be enough to get you to earn the certification. To ensure you have the best chance of passing the exam, we recommend that you assume you need at least 85%, as if you aim for anything less, you run the risk of not making the cut.
Cost
To take the exam, you will need to pay $500. However, for self-study students, an additional $100 will need to be spent on an eligibility application fee. Any study materials you choose to use, such as textbooks, will require even further investment as well, meaning the costs can quickly ramp up if you have no way of subsidizing them.
Link to certification: https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/
3. EC-Council: ECSA (Certified Security Analyst)
| Topics | Support | Exam Details | Cost |
|---|---|---|---|
|
|
Duration: 4 hours Number of questions: 150 Passing percentage: 70% |
Exam: $999 Course material: $899 Application fee: $100 |
The ECSA certification is a great option if you are looking to become a professional security analyst, as it teaches a number of more advanced penetration testing skills that can be used to combat hackers. It is also an excellent certification to obtain after completing the CEH certification, as it follows on from the material that one covers.
Topics
Despite being targeted towards security analysts, the ECSA certification mainly focuses on penetration testing and ethical hacking. The topics it covers, however, are a lot more advanced than what many of the other options in this guide are boasting, and for this reason, we recommend obtaining one or more of the other options before you consider adding this one to your resume.
If you do decide to go for this certification, you can expect to learn about network hacking, application hacking, database penetration, cloud penetration, and social engineering. You will also learn about the correct way to report your findings, as well as what actions you should be performing once you have completed your tests.
Support
As this certification is provided by EC-Council, the learning support available is the same as what the CEH certification offers. This means you have access to online training, as well as a training partner.
There is also a Master Class option available for this certification, which allows you to receive training from world-class instructors. You also have the option of collaborating with top infosec professionals, giving you the potential to learn some valuable information from those who may have already completed the certification themselves.
Exam Details
The exam lasts a total of 4 hours, and features 150 questions, meaning you will have just over one and a half minutes to answer each of them. This means you will be under slightly more pressure in terms of time compared to the CEH exam. However, you should still be able to complete the exam within the allotted time limit.
To pass the exam, you will need to earn a score of at least 70%. This is pretty reasonable for an advanced certification, and it means you will have a bit of wiggle room if you happen to make a few mistakes. It is also great to see that there is no fluctuation in the pass percentage, as it means you can go into the exam knowing exactly what you need to get in order to pass.
Cost
To take the exam, you will need to pay at least $999, which is pretty steep compared to the price of most of the other exams in this guide. On top of this, a further $899 will need to be spent on course material. This is a pretty hefty investment, but the material you are given is arguably invaluable if you don’t have a body of experience behind you.
If instead, you would rather receive training elsewhere, a $100 application fee will need to be paid. This is to cover an eligibility check that will determine whether or not you are a suitable candidate to take the exam.
This is a cheaper way of doing things if you have the right credentials, but you should note that the fee isn’t refunded if you aren’t accepted. For this reason, we recommend taking the other option if possible, especially if you have a way of subsidizing the cost.
Link to certification: https://www.eccouncil.org/programs/certified-security-analyst-ecsa/
4. (ISC)2: CISSP (Certified Information Systems Security Professional)
| Topics | Support | Exam Details | Cost |
|---|---|---|---|
|
|
Duration: 6 hours Number of questions: 250 Passing percentage: 70% | Exam: $699 |
The CISSP certification is an ideal option for a number of different cybersecurity professions, but its main focus is on teaching relevant security architecture and engineering skills. This makes it a particularly good option if you are an aspiring security analyst, as it will allow you to build a solid foundation of knowledge and expertise in the field.
Topics
As mentioned, this certification focuses on teaching security analyst skills such as security and risk management, software security, security testing, and network security. This makes it a somewhat generic cybersecurity certification compared to some of the other options in this guide, but this may benefit you if you aren’t completely set on any particular career path.
The certification also covers identity and access management, which is a framework of technologies that ensures the correct people have the correct access to certain material and resources. This area of cybersecurity, in particular, is gaining a lot of interest at the moment, due to the increasing complexity of compliance requirements, making it a great time to master this aspect of the field.
Support
The support options on offer for this certification aren’t too extensive, but you do get access to an online instructor, as well as private on-site training and classroom-based training. It should be noted, however, that some of these options are only available in certain locations, which isn’t ideal, but at the same time, the fact that in-person training is even on offer is a bonus.
There are also a number of self-study resources available, allowing you to study at your own pace. You can also schedule when you wish to take the test, which is great if you often struggle with the pressure of exams.
Exam Details
The exam for this certification lasts 6 hours, making it the longest exam featured in this guide by some margin. This might seem like overkill, but considering there are 250 questions to answer, you will most likely be grateful for the additional time.
With 6 hours to play with, you will have just under a minute and a half to complete each question, which should be plenty of time, provided you are feeling confident. The added pressure of having 250 questions to complete will mean more revision is necessary, however, making this exam one of the more difficult to prepare for.
To pass the exam, you will need to score at least 70%. This shouldn’t be too difficult to do, but at the same time, you probably won’t pass if you attempt just to wing it.
Cost
The exam costs $699 to take, which is rather expensive compared to some of the other options in this guide. However, it is in keeping with the average price of most certification exams. Additional training options also cost extra, but as these can be tailored in a number of different ways, there isn’t a set package we can give you the figures for.
Link to certification: https://www.isc2.org/Certifications/CISSP
5. ISACA: CRISC (Certified in Risk and Information Systems Control)
| Topics | Support | Exam Details | Cost |
|---|---|---|---|
|
|
Duration: 4 hours Number of questions: 150 Passing percentage: 56% | Exam: $575 (Members), $760 (Non-members) |
CRISC is another certification aimed towards security analysts. However, due to its focus almost entirely on risk assessment and management, the CRISC certification is also worth considering for a number of other security professions. This is because the training provided can arguably be used across the board, making this certification one of the more versatile in this guide.
Topics
The CRISC certification comes with a rather vague description of the content it covers, but you can expect to be learning plenty about risk assessment and management in relation to computer systems and networks. This means you will be tackling topics such as threat detection and vulnerability analysis, as well as how these elements can affect various technologies.
This means that, despite its vague description, the certification actually teaches a rather specific set of skills. It just so happens that these skills are sought after in a number of different cybersecurity professions.
Support
ISACA offers a pretty decent amount of support to assist you as you prepare for the CRISC exam, which is good to see, considering how many certifications seem to offer only the bare minimum. On top of the extensive study materials available, you can get access to instructor-led training, as well as on-site chapter reviews.
You can also gain access to an online community full of people who are also preparing for the exam. This might not be very useful for everyone, but some people benefit from working with others in a similar position.
Exam Details
The exam lasts for 4 hours, and during this time, you will be required to answer around 150 questions, giving you an average of one and a half minutes to spend on each question. For the most part, this should give you plenty of time to work through the paper. However, if you plan on double-checking your answers at the end, you will probably want to spend closer to one minute on each question during your initial run-through.
To pass the exam, you will need to score at least 56%. This doesn’t necessarily mean the exam is easier than the others in this guide, but it is certainly more lenient. This doesn’t mean you can relax on the exam, but at the same time, obtaining a pass should be more than doable provided you have prepared correctly.
Cost
The cost of the exam differs for both members and non-members. If you are a member of ISACA already, you can take the exam for $575, which is a rather significant reduction, compared to the $760 any non-member will need to pay.
This might seem like a bit of a con if you aren’t a member. However, ISACA is simply trying to incentivize its customers to earn more of their own certifications as opposed to going elsewhere, which makes sense considering how competitive the industry is becoming.
Link to certification: http://www.isaca.org/Certification/CRISC-Certified-in-Risk-and-Information-Systems-Control/Pages/default.aspx
6. (ISC)2: CCSP (Certified Cloud Security Professional)
| Topics | Support | Exam Details | Cost |
|---|---|---|---|
|
|
Duration: 3 hours Number of questions: 125 Passing percentage: 70% | Exam: $599 |
CCSP is a fairly new certification focused on training you in cloud security and other aspects of the technology. Despite its relatively recent emergence, the certification is already highly sought after by employers, which isn’t too surprising considering how important cloud technology has become.
Topics
The training program for the certification covers a wide variety of topics, including cloud concepts, cloud infrastructure, and various cloud security operations and protocols. You will also learn about the risks involved with cloud computing, as well as the legal factors that relate to it.
This makes the certification an excellent option if you have an interest in cloud computing. However, due to its specific curriculum, it may not be the best option to consider if you are looking for a more generic certification to add to your resume.
Support
The certification isn’t supported with a very extensive range of learning options, but it does offer an online instructor, as well as private on-site training and classroom-based training. As is the case with the CISSP certification, however, some of these training options are location-dependant, meaning they won’t be available to everyone.
If you happen to live in a location that doesn’t have access to in-person training, your options are, of course, more limited. Fortunately, however, the ISC provides plenty of online resources that you can make use of, including some excellent self-study tools such as textbooks and practice tests.
Exam Details
The exam lasts a duration of 3 hours, making it one of the shorter options in this guide. However, it also consists of only 125 questions, giving you a reasonable one and a half minutes to answer each one.
To pass the exam, you will need to score at least 70%, which is in keeping with the minimum pass percentages of a lot of the exams in this guide. This, coupled with the fact that you only have 3 hours to complete the exam, may put some added pressure on your shoulders, but if you prepare well enough, you shouldn’t find the exam too difficult.
Cost
To sit the exam, you will need to pay $599, which isn’t unreasonable compared to the costs of the other exams in this guide, but it is still worth trying to subsidize it if possible. Additional investments will need to be made to obtain textbooks and other resources as well. These additional costs can quickly ramp up if you’re not careful, so be sure to double-check what you actually need, especially if you are paying out of your own pocket.
Link to certification: isc2.org/Certifications/CCSP
7. EC-Council: CHFI (Computer Hacking Forensic Investigator)
| Topics | Support | Exam Details | Cost |
|---|---|---|---|
|
|
Duration: 4 hours Number of questions: 150 Passing percentage: 60% to 85% |
Exam: $650 Application fee: $100 |
The CHFI certification is an advanced digital forensics certification, designed to equip you with a multitude of forensics skills that can be used for a variety of different purposes. The certification also covers penetration testing skills such as password cracking, making it a decent option to consider if you are an ethical hacker as well.
Topics
The CHFI certification focuses on a number of advanced forensics topics such as investigating web attacks, mobile forensics, cloud forensics, database forensics, and network forensics. This means you should be able to obtain a pretty well-rounded set of skills from the program, provided digital forensics is the career path you want to pursue.
The certification also covers how to obtain information from hard disks, as well as how to carry out data acquisition and duplication. These areas of the field are usually covered in most related degree programs. However, you may find these modules useful if you are new to the subject, or you need to refresh your memory.
Support
As the certification is provided by EC-Council, you can expect to receive the same support as you would with any of their other certifications. This means access to online learning, as well as the option of having a training partner.
These options aren’t as extensive as what is being offered by many of the other certifications in this guide, but it’s better than nothing. Textbooks and other learning resources can also be purchased from the store if you feel as though they will be useful to you.
Exam Details
You will be given up to 4 hours to complete the exam, where you will be required to answer 150 questions. This gives you around one and a half minutes to complete each question, which puts it in keeping with the other exams we have featured in terms of intensity.
To pass the exam, you will need to score somewhere in the region of 60% to 85%, depending on when the exam form is challenged. This means you should aim to get at least 85% on the exam, as the last thing you want is to fail the exam despite getting 70%, for example.
Cost
To sit the exam, you will need to pay $650. This is somewhat steep compared to a lot of the other exams in this guide. However, as this is an advanced certification, the price hike makes sense.
If you intend on self-studying, an additional $100 will also need to be paid to cover an eligibility check. Any learning resources you need will also require investment as well, so we recommend trying to subsidize the cost, if at all possible.
Link to certification: https://www.eccouncil.org/programs/computer-hacking-forensic-investigator-chfi/
8. GXPN (GIAC Exploit Researcher & Advanced Penetration Tester)
| Topics | Support | Exam Details | Cost |
|---|---|---|---|
|
|
Duration: 3 hours Number of questions: 55-75 Passing percentage: 67% | Exam + practice tests: $1999 |
The GXPN certification is a comprehensive penetration testing certification focused on getting you to a competent level within the field. This makes it a great option for ethical hackers, but for other cybersecurity professions, you may find it to be less useful.
Topics
The GXPN certification is one of the most advanced penetration testing certifications available, covering topics such as advanced fuzzing techniques, cryptography for penetration testing, advanced stack smashing, and network exploiting. This means it might not be best suited to you if you are fresh out of college. However, if you feel confident in your abilities, it could still be worth looking into.
For most people though, we recommend completing the CEH certification before moving onto this one otherwise, you run the risk of trying to run before you can walk. You will also want to make sure you are competent using both Windows and Linux systems, as some of the modules focus on Windows exploitation and dynamic memory.
Support
The support options for this certification are rather disappointing. Nevertheless, you do get access to some pretty extensive online learning resources, as well as a number of practice tests.
Classroom-based training is also available for this certification. However, this option is location-dependent, meaning it won’t be accessible for everyone. For this reason, it is important to check what is available in your area before applying to any of these certifications, especially if in-person support is a deciding factor for you.
Exam Details
The exam lasts for a total of 3 hours, making it somewhat shorter than a lot of others in this guide. Fortunately, however, the exam only includes between 55 and 75 questions giving you an average of two and a half to three minutes to answer each question.
To pass the exam, you will need to score at least 67%. This makes the exam slightly more lenient than some of the others we’ve featured. However, this doesn’t mean you should attempt to take it easy, as many of the questions are likely to catch you out if you don’t put in a decent amount of preparation.
Cost
This certification is by far the most expensive in this guide, costing a whopping $1999 for the exam and two practice tests. This is a pretty ridiculous price to say the least, but the reputation you will gain by having this certification, as well as the potential salary increases it comes with, arguably make it a worthwhile investment.
Link to certification: https://www.giac.org/certification/exploit-researcher-advanced-penetration-tester-gxpn
Contents
- Top Cybersecurity Certifications
- 1. CompTIA Security+
- Topics
- Support
- Exam Details
- Cost
- 2. EC-Council: CEH (Certified Ethical Hacker)
- Topics
- Support
- Exam Details
- Cost
- 3. EC-Council: ECSA (Certified Security Analyst)
- Topics
- Support
- Exam Details
- Cost
- 4. (ISC)2: CISSP (Certified Information Systems Security Professional)
- Topics
- Support
- Exam Details
- Cost
- 5. ISACA: CRISC (Certified in Risk and Information Systems Control)
- Topics
- Support
- Exam Details
- Cost
- 6. (ISC)2: CCSP (Certified Cloud Security Professional)
- Topics
- Support
- Exam Details
- Cost
- 7. EC-Council: CHFI (Computer Hacking Forensic Investigator)
- Topics
- Support
- Exam Details
- Cost
- 8. GXPN (GIAC Exploit Researcher & Advanced Penetration Tester)
- Topics
- Support
- Exam Details
- Cost