Information Security Certifications (Complete Non-Vendor Certs List)

Information Security Certifications (Complete Non-Vendor Certs List)

Henry Dalziel | Information Security Certifications | August 2, 2015

What will you learn from this post?
This post is quite old now. We are planning to give it a major overhaul but essentially if you have landed here it’s likely because you want to get get a cyber cert under your belt. Having been in the information security training space since 2012 we feel somewhat experienced in saying that there really isn’t too much difference between studying (and attaining) a vendor-specific cyber security certification and an ‘industry’ or ‘non-vendor’ cert.

This post is to complement our recently published “Information Security Complete Vendor Certs List” which we will be updating frequently over the coming months and years.

What do we mean by “Industry Certifications?”

When we refer to this term we are also talking about ‘vendor neutral’ certifications (for a list of vendor-related certs click here) which, like any other form of professional training and education, can play a vital role in any career within information security. Vendor neutral certs demonstrate an understanding of key security concepts.

Many within the IT Security field feel that vendor-neutral certs tend to be slightly more beneficial that vendor-related certs because they are impartial and there is no ‘agenda to market’ to students and course delegates. Please let us know your thoughts as to whether you agree or not!

OK – so moving on, let’s take a look at the world’s best known Cyber Security Industry Certifications, and their associated awarding and membership bodies.

ASIS International Certifications

ASIS International (which was previously the American Society of Industrial Security) offer a bunch of cyber security (vendor-free) certifications. Interestingly, ASIS was founded way back in 1955, which is older than ISACA, another ‘old-school’ cyber training organization.

ASIS offer certs, security standards, and guidelines for the IT security professional. Their courses are a mix of management, as well as digital forensics (investigations) and physical auditing security.

We’ve listed their recent course listings below.

  • Certified Protection Professional (CPP)
  • Professional Certified Investigator (PCI)
  • Physical Security Professional (PSP)

DRI International Certifications

DRI International is an organization that focuses on business continuity, business mitigation and disaster recovery planning. We always tell our students to specialize on particular cyber niches, and business continuity, like healthcare, is a great one to get stuck into. There is (understandably) a lot of emphasis placed on penetration testing and shoring up corporate defenses, but there is also a clear requirement for the ‘what happens next’ scenario: which all to often is not correctly planned.

If you are interested in healthcare and cybersecurity training certifications then make sure you check out DRI International (see course listings below) since they offer relevant programs and training courses.

  • Associate Business Continuity Professional (ABCP)
  • Certified Functional Continuity Professional (CFCP)
  • Certified Business Continuity Professional (CBCP)
  • Certified Business Continuity Vendor (CBCV)
  • Master Business Continuity Professional (MBCP)
  • Certified Business Continuity Adviser (CBCA)
  • Certified Business Continuity Lead Auditor (CBCLA)
  • Associate Public Sector Continuity Professional (ABSCP)
  • Certified Public Sector Certified Professional (CBSCP)
  • Associate Healthcare Provider Continuity Professional (AHPCP)
  • Certified Healthcare Provider Continuity ProfessionalP (CHPCP)
  • Associate Risk Management Professional (ARMP)
  • Certified Risk Management Professional (CRMP)

EC Council Certifications

We’ve blogged a ton about EC Council and we’ve even helped promote some of their IT Security conferences over the years and they are certainly one of the best known industry-level (vendor-free) training organizations out there. Their most famous certification is their ‘Certified Ethical Hacker’ ‘CEH’ course which has become somewhat of an ‘industry-training-standard’ that, like it or not, many HR managers now actively seek candidates that have attained CEH. The same could also be said for CISSP and Security+.

EC Council have a very impressive and wide-ranging mix of certifications stemming from penetration testing (ethical hacking) through to CISO (C-Level) level management courses and digital forensics.

  • Certified Secure Computer User (CSCU)
  • EC Council Certified Security Specialist (ECSS)
  • Certified Ethical Hacker (CEH) (same thing as Certified Network Defense Architect)
  • EC Council Certified Secure Programmer (ESCP)
  • EC Council Certified VoIP Professional (ECVP)
  • EC Council Certified Encryption Specialist (ECES)
  • EC Council Network Security Administrator (ENSA)
  • EC Council Disaster Recovery Professional (EDRP)
  • EC Council Certified Security Analyst (ECSA)
  • Licensed Penetration Tester (LPT)
  • Computer Hacking Forensic Investigator (CHFI)
  • EC Council Certified Incident Handler (ECIH)
  • Certified Chief Information Security Officer (C|CISO)

SANS Certifications[/iconheading]

SANS offer (very probably) the industry’s best known and widely respected cybersecurity certifications.

SANS is an abbreviation for ‘SystemAdmins, Audit, Networking and Security’, and, as an organization, they are totally dedicated to the professionalism within our industry. Their certs do have a reputation of being rather expensive, but, they are certainly rammed full of value.

SANS IT security certs are listed under their Global Information Assurance Certification Program (GIAC) which validates, awards and monitors student training.

SANS certifications are placed within the following categories: security administration, forensics, management, auditing, software security, legal (compliance, especially healthcare) and becoming an overall ‘Cyber Security Expert’ with their GIAC Security Expert (GSE) cert which is their highest level.

We counted over two dozen cybersecurity certifications that we believe our community would be interested to learn more about and we’ve listed them all below. Please remember to click through to see the latest amendments and availability.

  • GIAC Security Essentials (GSEC)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Intrusion Analyst (GCIA)
  • GIAC Certified Penetration Tester (GPEN)
  • GIAC Web Application Penetration Tester (GWAPT)
  • GIAC Certified Perimeter Protection Analyst (GPPA)
  • GIAC Certified Windows Security Administrator (GCWN)
  • GIAC Information Security Fundamentals (GISF)
  • GIAC Assessing and Auditing Wireless Networks (GAWN)
  • GIAC Certified Enterprise Defender (GCED)
  • GIAC Certified UNIX S Administrator (GCUX)
  • GIAC Exploit Researcher and Advanced P T (GXPN)
  • GIAC Mobile Device Security Analyst (GMOB)
  • GIAC Global Industrial Cyber Security Professional (GICSP)
  • GIAC Critical Controls Certification (GCCC)
  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Certified Forensic Examiner (GCFE)
  • GIAC Reverse Engineering Malware (GREM)
  • GIAC Network Forensic Analyst (GNFA)
  • GIAC Security Leadership Certification (GSLC)
  • GIAC Information Security Professional (GISP)
  • GIAC Certified Project Manger Certification (GCPM)
  • GIAC Systems and Network Auditor (GSNA)
  • GIAC Secure Software Programmer – .NET (GSSP-NET)
  • GIAC SecureSoftware Programmer – Java (GSSP-JAVA)
  • GIAC Certified Web Application Defender (GWEB)
  • GIAC Law of Data Security Investigations (GLEG)
  • GIAC Security Expert (GSE)

ISC2 Certifications[/iconheading]

ISC2 is an abbreviation for the ‘International Information Systems Security Certification Consortium’.

ISC2 provides vendor-neutral cybersecurity courses as well as career services to IT professionals in more than 160 countries. They have certainly built a reputation by offering one of the industry’s most valued IT security certifications: CISSP.

With a over 100,000 certified industry professionals worldwide within their organization (according to their figures) ISC2 have positioned themselves as an industry leader for cyber training.

If you are serious about your career then we certainly recommend investigating passing CISSP since, like CEH (Certified Ethical Hacker, mentioned in this post) it will have (in our opinion) a beneficial effect on your career. HR and hiring mangers often seek certs like CISSP hence our recommendation to get certified.

  • Systems Security Certified Practitioner (SSCP)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Cloud Security Professional (CCSP)
  • Certified Software Security Lifestyle Professional (CSSLP)
  • Certified Cyber Forensics Professional (CCFP)
  • Certified Authorization Professional (CAP)
  • Healthcare Information Security and Privacy Practitioner (HCISPP)

ISACA Certifications[/iconheading]

ISACA, like ISC2 and SANS, is another widely respected Information Security training organization. Although it is now referred to simply by its abbreviation ‘ISACA’, the organization ‘Information Systems Audit and Control Association’ has been around since 1969 with over 140,000 members – that’s an extra 40,000 on top of ISC2’s numbers.

ISACA focuses its attention on ‘developing frameworks, industry standards, guidance, compliance and education’, and their certifications reflect that.

If you are serious about your career we’d certainly recommend that, at the very least, you become an ISACA member.

  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manger (CISM)
  • Certified in the Governance of Enterprise IT (CGEIT)
  • Certified in Risk and Information Systems Control (CRISC)

PCI Standards Council Certifications

PCI Standards is an interesting cyber security professional association because it focuses solely on the ‘Payment Card Industry’; hence the ‘PCI’ in the organization’s name. PCI Standards Council, as an organization, which like most of the other ones mentioned in our Concise Courses Cybersecurity Courses List, is a non-profit.

The organization is sponsored (funded) by VISA, MasterCard, Amex, Discover and JCB.

The main purpose of these certs is to train IT security professionals with the skills to maintain standards with regards to the payment processing. PCI Standards Council has developed several standards that have become the ‘industry standard’ for banks, card issuers and other services that rely on the processing of financial transactions.

If you work, or would like to work within the payment and/ or financial security space, then we’d certainly encourage you to explore PCI Standard Council courses and certifications listed below.

  • Internal Security Assessor (ISA)
  • Qualified Security Assessor (QSA)

Cloud Security Alliance Certifications[/iconheading]

The CSA (Cloud Security Alliance), much like the PCI Standards Council, specializes within a particular IT niche, which in this instance is Cloud Computing. The CSA develops security (industry) standards for cloud service providers therefore ensuring a high level of security and data competence.

In Summary

We will continue to add to this list. We read every comment that you guys drop post, so please do chime in with your thoughts and suggestions as we continue to grow this resource.

We like industry (non-vendor) Information Security certifications because they allow the student (IT professional) to focus and specialize within a particular vertical which, in our opinion, vastly increases your commercial value. Attaining specific niche-related cybersecurity knowledge within a sector is vital, hence why we encourage you to research the above certifications further!

Don’t forget to also go ahead and check out our list of vendor-related information security certifications.

Leave a comment or reply below...thanks!