The top IT security certifications

As data becomes the global currency, breaches become increasingly commonplace and sophisticated. This means that security professionals are in higher demand than ever - a demand that often outstrips supply.

McAfee found in its Hacking the Skills Shortage report that 82 percent of IT and cybersecurity decision-makers face a shortage of security skills within their company.

Here are some of the top IT security certifications for either IT candidates looking to boost their skill set and employability, or for organisations looking to get their staff accredited.

Read next: Top IT job hiring trends for 2018

Certified Ethical Hacker (CEH)
© EC-Council

Certified Ethical Hacker (CEH)

Certified Ethical Hacker(CEH) is an intermediate-level certification provided by the International Council of E-Commerce Consultants (EC-Council).

It offers a qualification for penetration testing which is essential for candidates that are pursuing careers in ethical hacking, providing the ability to identify potential security risks in an organisations IT infrastructure.

The requirements to obtain this certification candidates must pass one exam. There is a five-day training course available, and the exam appears at the end of the training. It is a four-hour exam with 125 multiple choice questions.

Pricing is available upon request.

GSEC: SANS GIAC Security Essentials

GSEC: SANS GIAC Security Essentials

GSEC: SANS GIAC Security Essentialsis a certificate designed for security professionals that want to demonstrate they are qualified for IT systems with respect to security tasks.

Some of the exam objectives include contingency plans, active defence, cryptography and end-point security, all of which the candidate must demonstrate a high-level knowledge of.

There is only one exam, with 180 questions and a time limit of five hours. You must obtain 73% to obtain the qualification.

Certified in Risk and Information Systems Control (CRISC)

Certified in Risk and Information Systems Control (CRISC)

Certified in Risk and Information Systems Control (CRISC) is an ISACA certification that provides enterprise-level risk management training.

The certification is useful for IT risk management professionals, control and assurance professionals and CIOs.

To gain the certification, IT professionals must successfully complete the exam. However there are some prerequisites, as stated on the site: A minimum of at least three (3) years of cumulative work experience performing the tasks of a CRISC professional across at least two (2) of the four (4) CRISC domains is required for certification.

If you have fulfilled all these requirements then you are able to apply for certification.

Certified Information Security Manager (CISM)
© ISACA

Certified Information Security Manager (CISM)

The Certified Information Security Manager (CISM) is a high-level credential for IT professionals that are interested in working in security and risk management.

Provided by the Information Systems Audit and Control Association (ISACA), the requirements include five years of experience in cybersecurity and three years in security management to enrol.

It covers practical security management principles that are vital demands for information security professionals, and the course increases the chances of obtaining a role in such a position.

The exam contains 200 questions over four hours. It costs $575 (£449.94) for members and $760 (£594.70) for non-members.

Security+
© NovaInfosec

Security+

Security+is an entry-level certification for those considering moving into the cybersecurity profession.

Provided by CompTIA, Security+ is one of the first certifications that IT professionals should consider earning. It covers the baseline skills of cybersecurity, with emphasis on practical hands-on skills and trends in risk management, mitigation and threat management.

A minimum of two years experience in IT and network security is required. The exam is 90 minutes long, with a maximum of 90 questions.

It costs £207 to buy the exam.

Certified Information Systems Security Professional (CISSP)
© ISC

Certified Information Systems Security Professional (CISSP)

The Certified Information Systems Security Professional (CISSP) is a high-level certification that many IT organisations require as a base requirement for network security professions.

It is provided by the International Information Systems Security Certification Consortium (ISC squared) and covers the essential common body of knowledge (CBK) domains such as asset security, engineering, access management and more.

The requirements for the certification include a minimum of five years experience in at least two CBK domains, or four years experience in two CBK domains and a university degree.

The CISSP exam lasts six hours with 250 questions which costs $699 (£546.97), with an additional four concentration exams at $599 (£468.72) each.

SANS GIAC Security Essentials Certification (GSEC)

SANS GIAC Security Essentials Certification (GSEC)

The GIAC Security Essentials Certification (GSEC) is another entry-level exam requirement for IT professionals that may want to demonstrate skills in IT systems and information security.

It covers the general security best practices as well as methods for applications in the real world. Candidates for this certification tend to gain skills in access controls, password management, network mapping and more.

There are not a lot of requirements to take this certification, other than the ability to demonstrate cybersecurity knowledge beyond the basic terminologies.

The GSEC exam is five hours with 180 questions, there is also SANS training provided included in the price of $729 (£570.44) but $1,699 (£1329.47) without training.

Certified Information Systems Auditor (CISA)

Certified Information Systems Auditor (CISA)

The Certified Information Systems Auditor is another certification provided by the ISACA. It is a high-level certification that focuses on information auditing.

It is required for IT professionals, and demonstrates auditing experience and shows the ability to manage vulnerabilities.

The requirement is five years of experience as a cybersecurity professional. CISA is a four-hour exam with 150 multiple choice questions.

It costs $575 (£449.94) for members and $760 (£594.70) for non-members.

NIST Cybersecurity Framework (NCSF)
© NIST

NIST Cybersecurity Framework (NCSF)

The NIST Cybersecurity Framework (NCSF) consists of one foundation and one practitioner certification.

NCSF provides a flexible and performance-based approach to how professionals can manage cybersecurity risks at all levels in an organisation.

The NCSF foundation course covers the challenges and explains how organisations can implement the NCSF program to mitigate the risks. It is particularly suited for candidates that require a basic understanding of the NCSF, along with experience in IT and security.

Its practitioner certification is required for cybersecurity engineers or operations professionals, providing a more detailed understanding of the NCSF.

Pricing is available upon request.

Copyright © 2019 IDG Communications, Inc.