U.S. Army and Air Force Cybersecurity Careers: Information for Students by Michael Erbschloe - HTML preview

Cybersecurity Professional Certifications

Certifications are industry-recognized validations of having a specific skill, or experience in a particular subject area. Employers often use certifications as a way to identify people with specific skill sets and certifications may help you stand out in a competitive job market. Security-related certifications are also a prerequisite for many commercial cybersecurity and defense-related IT security jobs.

There are hundreds of cybersecurity training programs offered and many certificates that professionals can study for and take rigorous exams to prove their knowledge and skills. However many are not accredited and thus are not recognized by many companies and organizations that hire cybersecurity professionals. It is advisable to make sure that any certificate students may select to pursue in the future are accredited and can actually add value to a career.

The Cybersecurity Credentials Collaborative (C3) and its member organizations have adopted A Unified Principles of Professional Ethics in Cyber Security, adapted from the Unified Framework of Professional Ethics for Security Professionals, originally set forth by the Security Professionals Ethics Working Group. In addition to C3 member organizations, the Unified Principles of Professional Ethics in Cyber Security have also been formally endorsed by ISSA. ISSA was one of the original participants in the Security Professionals Ethics Working Group.

The American National Standards Institute (ANSI) has a lead role in assuring that accrediting organizations adhere to well established procedures and widely accepted ethics when accrediting any training or education programs. Accrediting organizations often divide their programs into three categories:

• Entry-level certifications are meant to ground professionals in foundation principles, best practices, important tools, latest technologies, etc.
• Intermediate and expert-level certifications presume that professionals have extensive job experience and a detailed grasp of the subject matter.

Information and background on accrediting organizations and current cybersecurity certifications can be found at:

• Cybersecurity Credentials Collaborative (C3)
• Information Assurance Certification Review Board (IACRB)
• Information Systems and Audit and Control Association (ISACA)
• International Information Systems Security Certification Consortium, Inc. (ISC2)

Some of the popular cybersecurity certificates are:

• Certified Ethical Hacker (CEH) is often discussed among white hat hackers and penetration testers.
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA) is designed for professionals who audit, control, monitor and assess information technology and business systems.
• Certified Information Systems Security Professional (CISSP)
• Certified Secure Software Lifecycle Professional (CSSLP)
• Check Point Certified Security Expert (CCSE)
• CompTIA Security+
• Cybersecurity Forensic Analyst certification (CSFA)
• EC-Council Certified Secure Programmer
• EC-Council Certified Security Analyst/Licensed Penetration Tester (CSA/LPT)
• GIAC Certified Enterprise Defender (GCED)
• GIAC Certified Forensic Examiner (GCFE)
• GIAC Certified Forensics Analyst (GCFA)
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Certified Penetration Tester
• GIAC Global Industrial Cyber Security Professional (GICSP)
• GIAC Mobile Device Security Analyst (GMOB)
• GIAC Penetration Tester (GPEN)
• GIAC Security Essentials Certified (GSEC)
• GIAC Security Leadership Certification (GSLC)
• GIAC Systems and Network Auditor (GSNA)
• Information Systems Security Engineering Professional (ISSEP/CISSP)
• Systems Security Certified Practitioner (SSCP)