Cyber and IT Certifications

Below we provide a list of certifications, sorted by approximate level of experience, knowledge, and difficulty. Some certifications identified may be very similar to other identified certifications, but are issued by different agencies. This should not be considered a complete list. 

Note that most certifications expire after a fixed time period, and maintaining the certification requires submitting Continuing Professional Education (CPE) credits and/or maintaining membership with the certifying authority.

Common CyberSecurity Certifications

In a 2014 survey of security job postings, the 5 most commonly requested cybersecurity certifications were: CISSP, CISA, Security+, CISM and GSEC were the top 5 requested certification (Burning Glass, 2015).

Name of Certification Level Topics covered Requirements Fees
Certified Information Systems Security Professional (CISSP) Advanced Exam covers 8 topic domains, Security and Risk Management, Asset Security, Security Engineering, Communications and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations, Software Development Security Eligibility for those with 5 years of full time experience, and a college degree.

 

Recertification is required every three years, requiring 120 continuing professional education (CPE) credits.

htpps://www.isc2.org/CISSP/Default.aspx

 

$599 exam fee, $85 annual maintenance fee.
CISA: Certified Information Systems Auditor Advanced Process of Auditing Information Systems, Governance and Management of IT, Information Systems Acquisition, Development and Implementation,

Information Systems Operations, Maintenance and Service Management, Protection of Information Assets

Requires a minimum of 5 years of professional information systems auditing, control or security work experience.

 

Recertification is required every three years, requiring 120 continuing professional education (CPE) credits.

 

http://www.isaca.org/Certification/CISA-Certified-Information-Systems-Auditor/Pages/default.aspx

$185 exam fee, $45 annual maintenance fee.
CISM: Certified Information Security Manager Advanced Information Security Governance, Information Risk Management and Compliance, Information Security Program Development and Management, Information Security Incident Management Requires a minimum of 5 years of information security work experience, with a minimum of three years of information security management work.

 

Recertification is required every three years, requiring 120 continuing professional education (CPE) credits.

 

http://www.isaca.org/certification/cism-certified-information-security-manager/pages/default.aspx

Exam fees: $500 members, $685 for non-members (2016 fees), $45 annual maintenance fee.
CompTIA Security+

 

Basic Network security, compliance and operation security, threats and vulnerabilities as well as application, data and host security. Also included are access control, identity management, and cryptography. No previous experience required.

 

Recertification is required every three years, requiring 50 continuing professional education (CPE) units.

 

http://certification.comptia.org/certifications/security

 

$302 exam fee, $49 annual maintenance fee.
GIAC Security Essentials (GSEC) Basic General security, networking and computing topics. No previous experience required.

 

36 CPEs are required over a 4 year period.

$1,149 exam cost, $399 certification maintenance fee (due every 4 years).

 

Certification Companies with Certifications Identified Below

 

Basic Certifications

  • HiTET – High Technology Environment Training – indicates the individual has baseline knowledge of technology and forms of digital evidence prevalent in today’s environment; appropriate for all law enforcement and fusion center personnel (instruction course provided for free through CyberShield, offered by the Federal Bureau of Investigation (FBI); mandatory, as of 1/1/2015, for participants in the Fusion Center Cyber Intelligence Analysis Course, hosted by DHS and USSS, at the National Computer Forensics Institute (NCFI) in Hoover, AL)
  • A+ – indicates the individual has baseline knowledge of computers; appropriate for all law enforcement and fusion center personnel working cyber matters (instruction course provided for free through CyberShield)
  • Network+ – indicates the individual has baseline knowledge of networks; appropriate for all law enforcement and fusion center personnel working cyber matters (instruction course provided for free through CyberShield); appropriate for all law enforcement and fusion center personnel (instruction course provided for free through CyberShield)
  • Security+ – indicates the individual has baseline knowledge relating to securing a network and managing risk; appropriate for all law enforcement and fusion center personnel working cyber matters (instruction course provided for free through CyberShield); appropriate for all law enforcement and fusion center personnel (instruction course provided for free through CyberShield)
  • Linux+ – indicates the individual has the knowledge, skills, and abilities to build, use, and manage Linux operating systems; appropriate for IT professionals.
  • MCSA – Microsoft Certified Solutions Associate – a series of certifications that indicate the individual has an understanding of the named Microsoft Operating System (e.g. MCSA: Windows 8); appropriate for an IT professional.
  • MCP – Microsoft Certified Professional – indicates the individual has an understanding of Microsoft products, technologies, and solutions; appropriate for an IT professional or developer.
  • GSEC – GIAC Security Essentials – indicates the individual has an understanding of information security beyond simple technology and concepts; appropriate for anyone seeking a hands-on role with respect to security tasks.

 

Intermediate Certifications

  • GISP – GIAC Information Security Professional – technical information security information; appropriate for security professionals, IT, and managers
  • DMC – Department of Defense’s (DoD) Digital Media Collector[1] – indicates the individual has the knowledge, skills, and abilities to respond, secure, preserve, and/or collect digital evidence at crime scenes; appropriate for first responders who may be security, or law enforcement professionals.
  • GCFE – GIAC Certified Forensic Examiner – indicates the individual has the knowledge, skills, and abilities to collect and analyze data from Windows systems; appropriate for security, IT, legal, and law enforcement professionals.
  • GCIA – GIAC Certified Intrusion Analyst – indicates the individual has the knowledge, skills, and abilities to configure and monitor intrusion detection systems, and to read, interpret, and analyze network traffic and related log files; appropriate for security operations personnel.
  • GCIH – GIAC Certified Incident Handler – indicates the individual has the knowledge, skills, and abilities to manage security incidents by understanding common attack techniques, vectors, tools and tools as well as defending against and/or responding to such attacks when they occur; appropriate for anyone who may respond to an incident.
  • GLEG – GIAC Law of Data Security and Investigations – indicates the individual has knowledge regarding the law of business, contracts, fraud, crime, IT security, IT liability, and IT policy with a focus on electronically stored and transmitted records; appropriate for security, IT, legal and law enforcement professionals.
  • DFE – DoD’s Digital Forensic Examiner – indicates the individual has the knowledge, skills, and abilities to conduct an examination or analysis of digital media; appropriate for anyone for whom the examination and/or analysis of digital media is a routine portion of their duties, including security and law enforcement professionals.
  • CFCE –Certified Forensic Computer Examiner – indicates the individual has the knowledge, skills, and abilities to conduct a computer forensics examination; appropriate for security, IT, and law enforcement professionals.
  • CCFP – Certified Cyber Forensics Professional: indicates the individual has the knowledge, skills, and abilities to conduct a computer forensics examination; appropriate for security, IT, and law enforcement professionals.
  • CRISC – Certified in Risk and Information Systems Control – indicates the individual has knowledge, skills, and abilities in the field of managing IT risks; it is appropriate for information technology professionals.

 

Advanced Certifications

  • CCI – DOD’s Cyber Crime Investigator – indicates that the individual has advanced knowledge, skills, and abilities requisite for investigating cyber crime, including conducting computer examinations and analysis of digital evidence; appropriate for sworn law enforcement personnel who have graduated from a recognized law enforcement or counterintelligence training facility.
  • GSLC – GIAC Security Leadership – indicates that the individual has advanced knowledge, skills, and abilities requisite for managing information security personnel; appropriate for security professionals with managerial or supervisory responsibility for information security staff
  • GCPM – GIAC Certified Project Manager – indicates the individual has the knowledge, skills, and abilities to participate in or lead project teams and demonstrate an understanding of technical project methodology and implementation, while ensuring effective communication, time, cost, quality, procurement, and risk management; appropriate for security professionals and mangers
  • GPEN – GIAC Penetration Tester – indicates the individual has the knowledge, skills, and abilities to assess target networks and systems to find security vulnerabilities; appropriate for security professionals.
  • GWAPT – GIAC Web Application Penetration Tester – indicates the individual has the knowledge, skills, and abilities to assess web applications for vulnerabilities and conduct web application penetration testing; appropriate for security professionals.
  • GNFA – GIAC Network Forensic Analyst – indicates the individual has the knowledge, skills, and abilities to perform examinations employing network forensic artifact analysis; appropriate for security personnel involved in forensic analysis.
  • GCFA – GIAC Certified Forensic Analyst – indicates the individual has an understanding of computer forensic analysis such that they may conduct typical incident investigations on Windows machines; appropriate for professionals in information security, legal and law enforcement.
  • GXPN – GIAC Exploit Researcher and Advanced Penetration Tester – indicates the individual has the knowledge, skills, and abilities to conduct advanced penetration tests, how to model the abilities of an advanced attacker to find significant security flaws in systems, and demonstrate the business risk associated with these flaws; appropriate for security personnel involved in assessing target networks to find vulnerabilities.
  • GREM – GIAC Reverse Engineering Malware – indicates the individual has the knowledge and skills to reverse-engineer malicious software (malware) that targets common platforms, such as Microsoft Windows and web browsers. These individuals know how to examine inner-workings of malware in the context of forensic investigations, incident response, and Windows system administration; appropriate for anyone involved in protecting against malware and/or malware analysis.
  • CISM – Certified Information Security Manager – indicates the individual has knowledge, skills, and abilities in the field of information security management; appropriate for information security managers.
  • CISSP – Certified Information Systems Security Professional – indicates the individual has knowledge, skills, and abilities in the field of information security; appropriate for information assurance professionals.
  • CISA – Certified Information Systems Auditor – indicates the individual has knowledge, skills, and abilities in the fields of IT security, IT audit, and IT risk management and governance; it is appropriate for auditors of information systems.
  • CEH – Certified Ethical Hacker – indicates the individual has the knowledge, skills, and abilities to understand what a malicious hacker is doing, and to use the same techniques to improve the security of friendly networks; appropriate for security professionals.
  • GSE – GIAC Security Expert – requires passing a multiple-choice exam and a lab exam involving an incident scenario. Considered one of the top security certifications.

Note that DoD courses are available through the Defense Cyber Investigations Training Academy and are only available to DoD and federal employees. Applicants for positions may have these certifications, but fusion centers are not able to send employees to these courses.

IACP Conference