Security threats loom over every industry, public or private, high-tech or not. Data breaches have become a difficult reality for all sectors, from healthcare to retail to financial services, and keeping hackers away from sensitive information means working hard to get ahead of increasingly sophisticated cyber-criminals. As such, qualified cyber security professionals at all levels are high in demand.
In the fast-paced world of Information and Computer Security, certifications are one of the best and most accessible ways to improve your knowledge and experience so that you can advance professionally. While certifications are undeniably valuable to anyone working in the cyber security landscape, not all credentials are created equal, and you’ll need to do your research before paying up for a boot camp with a poor reputation or a certification that doesn’t match up with your career goals. To help you out, we’ve listed some of the best options out there for security pros at all levels.
Cisco CCNA Cyber Ops
CCNA certification is one of the first steps you can take to prepare for a career in IT. According to the Cisco website, the exam was designed for associate-level roles and covered fundamentals in IT and security. Cisco recently migrated to a new certification program, which replaced several specialty CCNA certifications with one designation that covers the core basics of modern IT.
There are no formal prerequisites for earning a CCNA certification. However, you will need to have an understanding of security fundamentals, IP addressing, automation, and implementing and administering Cisco solutions. Cisco does offer an online preparation course, Implementing and Administering Cisco Solutions (CCNA), for students that don’t have experience in these areas. Additionally, you can access IT training videos, listen to the Cisco Certifications Podcast, and attend live webinars to reinforce your understanding of key concepts.
Identity Management Institute (IMI) Certifications
Certified Identity and Access Manager (CIAM)
The Certified Identity and Access Manager (CIAM) credential is a globally-recognized information security certification for identity and access managers. Earning this designation can help cyber security professionals improve their job prospects as more organizations need help managing identity and access risks, compliance requirements, and protecting systems against incoming cyber threats. The CIAM validates professionals’ expertise in managing identity and access management risks that may pose a threat to systems and data.
CIAM prerequisites are determined by a point-based system. Applicants must score at least 40 points to qualify for certification. Points are awarded based on the level of educational achievement, work experience, and other factors; each year of work or educational experience is equal to 10 points.
Exam: The CIAM exam includes 100 multiple-choice questions. Applicants must answer 70 questions correctly to receive a passing score and earn their certification.
Cost: $295, which includes a study guide and exam fees
Certified Identity Governance Expert (CIGE)
The CIGE certification demonstrates an understanding of how to design and securely develop systems and according to an organization’s security and privacy requirements. To earn this credential, you’ll need to have an in-depth understanding of the laws, policies, and procedures related to identity protection and governance. The IMI requires applicants to have roughly six years of relevant work experience and recommends this credential to executives and corporate officers in charge of access management within their organization.
To be eligible for CIGE certification, you’ll need to become an IMI member, submit payment, and demonstrate 120 qualifying points based on your experience, education, and training. Applicants will also need to submit a written risk statement. Ten points are awarded per year for education and experience, though applicants must have a minimum of 40 points in the post-high school education category and 60 points in professional experience. While there’s no strict degree requirement, the IMI expects candidates to have taken four years’ worth of college-level courses in a related field along with six years of related work experience.
Exam: According to the organization’s website, CIGEs should be able to demonstrate the following skills:
- Improve decision making to achieve business goals
- Streamline processes (automate, centralize, etc.)
- Standardize (efficiency, consistency, error reduction)
- Reduce cost
- Identify and mitigate risks
- Increase enterprise value
- Meet internal and external requirements
- Empower management and staff
- Ensure security, privacy, and compliance
- Maintain identity data integrity
Certified Identity and Security Technologist (CIST)
CIST professionals develop, deploy, and manage identity and security technologies to help organizations mitigate risks related to system security, communication, access permissions, and identity management.
CIST-certified professionals can find work in a wide range of organizations, from banks to private companies, government agencies, and high-risk industries like healthcare and finance. As security threats become more common, employers from all sectors are likely to see the value in hiring someone with identity and security credentials.
Candidates must have at least four years of professional experience in a technology-related field, which accounts for half of the 80 points required by the IMI. Additionally, you’ll need to become an IMI member before you’re eligible to sit for the exam. CIST candidates must also submit a risk statement in 350 words or less, along with their application to demonstrate their knowledge.
Exam: There is no exam for CIST certifications but candidates must submit an exam waiver and demonstrate expertise across the following five critical risk domains:
- Strategy and analysis
- Planning and design
- Transition and implementation
Cost: $295 for the waiver
Certified Identity Protection Advisor (CIPA)
The CIPA certification is designed for consumer-facing professionals in a position to educate consumers about avoiding identity theft and guide them through prevention and detection methods.
The IMI website also mentions that earning this credential may be a good choice for recent graduates just entering the workforce or those working in positions where part of the product or service offered relates to sensitive information like personal credit, medical or legal information, and financial data. CIPA certification also offers professionals such as attorneys, financial advisors, tax accountants, and others a competitive edge within their respective professional fields, allowing them to demonstrate competence in helping clients avoid fraud and identity theft.
IMI membership: this certification is less technical than some of the others on this list and aims to help people learn how to protect their clients or customers from identity theft.
Exam: The exam consists of 100 multiple choice questions covering topics like fraud prevention, investigation, resolution, awareness, theft prevention, relationship management, and more. Candidates must score 70 or higher to pass the exam.
Certified Red Flag Specialist (CRFS)
CRFS focuses on workplace identity fraud prevention. The training curriculum and certification criteria were designed in close alignment with the US Red Flags Rule, which outlines legal requirements related to fraud prevention and workplace identity theft detection. CRFS is a registered program that aims to educate candidates on how to develop a risk assessment methodology, educate employees on how to minimize identity fraud, and conduct compliance audits.
The IMI website recommends this certification to consultants, compliance officers, auditors, and fraud management staff - particularly those that work with high-risk organizations like banks, investment firms, healthcare providers, car dealers, and finance companies.
To qualify for certification, you must be a member of the IMI. The organization does allow applicants to submit their membership application at the same time as the certification application. Unfortunately, there isn't a list of prerequisites for this certification; however, those most likely to benefit from the CRFS are auditors and information security professionals with some job experience.
Exam: The exam focuses on four general areas: Program Administration, Risk Assessment, Red Flag Management, and Program Management. Candidates must answer 70 out of 100 multiple choice questions correctly to pass the exam and earn the certification.
Certified in Data Protection (CDP)
The CDP addresses data protection risks just like the other IMI certifications we've mentioned, this time focusing on global privacy and general security best practices. Because data protection is becoming a threat to organizations of all kinds, anyone concerned with data protection or who handles sensitive information can benefit from becoming CDP certified.
As is the case with the CIPA credential, CDP is designed for non-technical professionals that deal with sensitive data. The key difference between the two is that CDP is designed for managing data internally, whereas CIPA is for those working in a client-facing role.
IMI membership: this certification, like the CIPA, is focused on helping professionals learn more about current best practices for managing data, global compliance regulations, and managing risks.
Exam: Like the other IMI certifications listed, the CDP exam is composed of 100 multiple choice
International Information System Security Certification Consortium (ISC2) Certifications
Healthcare Information Security and Privacy Practitioner (HCISPP)
The (ISC)2) HCISPP is a healthcare cyber security certification that combines cyber security skills with healthcare information privacy and compliance best practices. The designation is ideal for professionals responsible for protecting healthcare information such as risk analysts, compliance auditors, medical records supervisors, privacy and security consultants, or compliance officers.
To qualify for this certification, you must pass the exam and have at least two years of experience working in one or more of the domains that make up the HCISPP Common Body of Knowledge. After passing the exam, you’ll need to pass the endorsement process, which involves a review of your credentials to ensure that everything you’ve included in your application is true. You’ll also need to agree to the (ISC)2 Code of Conduct and become a member.
Exam: The exam evaluates your competence across seven domains:
- Domain 1. Healthcare Industry
- Domain 2. Information Governance in Healthcare
- Domain 3. Information Technologies in Healthcare
- Domain 4. Regulatory and Standards Environment
- Domain 5. Privacy and Security in Healthcare
- Domain 6. Risk Management and Risk Assessment
- Domain 7. Third-Party Risk Management
NIST Cybersecurity Framework Foundation (NCSF) Practitioner
This certification demonstrates an ability to design and build a cyber security program and educate others on managing risks and protecting critical assets. The NIST program was initially developed by the University of Massachusetts - Lowell to help organizations implement a cyber security framework to protect internal assets and supply chains. Those pursuing the practitioner certification are equipped to implement this framework into their own company, taking on the training process themselves to enable their workforce.
To earn this credential, you’ll need to have already earned the NIST Foundation Certificate or have equivalent knowledge. Those interested in becoming NIST certified don’t necessarily need specific work experience but may want to enroll in one of the many training programs and boot camps offered across the country.
Exam: The exam is closed-book and consists of 100 multiple choice questions you’ll need to complete within 180 minutes. Test-takers must score at least a 70 to pass.
Cost: NIST courses are offered through a range of educational institutions and associated costs vary based on where you enroll in prep courses. It may be difficult to find definitive information regarding the cost to certify.
Certified Information Privacy Professional/Manager/Technologist (CIPP/CIPM/CIPT)
IAPP’s certification programs are designed to demonstrate competency in information privacy. The CIPP covers laws and regulations, the CIPM is for operations managers, and the CIPT is for IT professionals. The different designations all center around security
None of these tests have any specific prerequisites. However, all of them suggest you take a training course, as the tests are difficult to pass, even for professionals in the field.
Exam: All three exams are 2.5 hours long, and the CIPP and CIPT are 75 questions, while the CIPM is 70 questions.
Cost: First-time candidates pay $550, while those retaking or renewing pay $375.
Certified Information Security Manager
The CISM certification is provided by ISACA and is considered a top credential for IT managers aiming to move into a strategic management role. Credential holders must demonstrate skills in risk management, incident monitoring and response, program development, and overseeing enterprise-level security programs. Unlike certifications like the CCNA or the CompTIA+, CISM candidates often have at least a few years of experience working in an IT role.
To qualify for the CISM, you’ll to have at least five years of experience working in information security and three years working in a security management role. The ISACA does allow applicants to substitute educational experience and other certifications (CISA and CISSP count for two years) for work experience that falls outside of that three-year IS management requirement.
Exam: The CISM exam covers four domains relevant to information security management roles. According to the official ISACA website, test-takers can expect to be tested on specific examples that reflect real-life situations. Here are the four domain areas you’ll need to be familiar with before taking the exam:
- Information Security Governance (24%)
- Information Risk Management (30%)
- Information Security Program Development and Management (27%)
- Information Security Incident Management (19%)
ISACA scores all exams on a scale from 200 to 800. You must receive a score of 450 or higher to pass.
Cost: $575 for ISACA members and $760 for non-members.
Certified Cyber Secure Coder
The Certified Cyber Secure Coder designation is designed for developers, testers, and systems architects who develop programs for mobile, web, desktop, and the cloud in a variety of languages. This certification aims to demonstrate competence in developing and delivering software that meets stringent privacy and security standards.
CSC certification is geared toward coders that want to validate their understanding of security best practices. While the certification itself is relatively entry-level, it’s best suited to those already working in a development role or working toward a degree. You’ll need to have experience with multiple programming languages and know how to code, test, and document applications for multiple devices.
Exam: The certification exam is 120 minutes long and consists of a mix of multiple-choice, multiple response, and true-false questions. Candidates must answer at least 56 out of 80 questions correctly to receive a passing score.
Cost: There is no cost associated with this certification.