Top 9 IT Security Certifications

Top 9 IT Security Certifications

Henry Dalziel | Concise Courses | December 30, 2012

This is the original content of the post here – hence why there are comments. This will be re-populated with the original once we’ve updated the other post!

Hope that makes sense!

  • Gary Kohler

    You don’t discuss CISSP but then you go and cover Security+. Really?

    • We mention CISSP at the start of the post but your right, it does not more exposure to do this post justice. We will be updated shortly. Thanks for your feedback.

  • SAH

    By the “replies” to the informational posts regarding I.T. certifications that I have seen, there is much distress over which certifications are the best, and which are not- yadie yadie.. The fact of the matter is that it really does not matter which are the “best”, but where the people with good, comparable qualifications will fit where, the best. This is the main component any employer will look at in my humble opinion, and not so much as to what tests you have passed. Of course the skills matter! But the person with the “best” certs is not always the “best” fit.

    There are many obvious reasons why companies and individuals alike promote certain certifications (it is a business after all), but the best advice that someone new to the industry could hear would be to pick a certification path, stick with it, LEARN EVERYTHING YOU CAN, and be the BEST you can! -no matter what. That is the real formula for success.

    Who cares what path you take? At the end of the day we are all professionals, but only if we think, act, and conduct ourselves accordingly. Am I wrong?

    • An excellent comment and thanks very much for sharing your thoughts.

      100% agree with you. To have called our list of certifications ‘best’ should not be regarded as an absolute. We always tell our students that simply getting a certification without any experience will not generally get you the job, rather, experience WITH a specific certification would be more beneficial. Thanks again for your comment.

      • SAH

        Your welcome! Just to clear it up, I was referring to people that comment about articles more than your specific article. I believe the article you wrote is well laid out and informative. Thank you for your advice and work on this.

  • Sondra schneider

    Hey !
    Lets talk about THE OLDEST performance based hands-on Security certifications – since 1999 – 4+years before EC-Council CEH.

    Q/ISP Qualified/ Information Security Professional –

    Q/ISP Certification Program/ WORLD CLASS Graduate and Master Certificate

    4 CyberSecurity Certification + 3 Practicals

    Q/ISP® Cert Exam CNSS 4011/4012/4013/4015/4016A
    Q/EH® Qualified/ Ethical Hacker Certification
    Q/SA® Qualified/ Security Analyst Pen Tester Cert.
    Q/PTL® Qualified/ Penetration Tester License
    Q/FE® Qualified/ Forensic Expert Certification
    Q/ND® Qualified/ Network Defender Certification

    23,000 students enrolled – US GI Bill approved, ACCET Accredited.

    • Thanks for this! CEH and the other usual suspects often take all the limelight, and maybe for some solid reasons but it’s good to know that there are others out there.

  • Jaz

    The new way to monetize the IT industry. I really can’t believe why many people are into certification – well I guess they simply want to propel their salary and probably fool someone that they know the subject matter. I personally lost my confidence with this certiying bodies when I learned that “dump sites” exist and its ok with them. If this certifying bodies truly give pride on their examinations then how come none of them is sending DMCA to take down these websites? Or maybe, they prefer the dollars from the cert fanboys who are continuously fooled.

    Few Google search, compile their searches…voila! We have the course outline and we’re now a certifying body. As if any group of friends can now build some sort of organization and call themselves “standard” of something…yeah right!

    • Thanks for your comments – they are certainly valid.

      Bottom line is that these vendor-free certifications work by selling exam vouchers and the license fee associated with franchising their courses. Take for example CompTIA which anyone can study for free using brain dumps, YouTube, etc etc, but you still have to pay for the exam voucher – so CompTIA still wins.

      With reference to the course ‘helping’ a career I think that essentially they do. No, you cant get a job by having zero experience and then doing a CEH or CISSP course, but what the cert will do is ‘strengthen’ your job application – especially if you are applying for a security job role within IT. I have heard that many HR people actually view CISSP as a ‘gold standard’ and actively look for people that have that cert. The same HR person might know very little about the usefulness of the CISSP course but the point here is that they are LOOKING for people with that particular certification.

      Final point I’ll make is that demand is outstripping supply when it comes to truly qualified skilled information security specialists – so that is the good news. Lastly – all education should be perceived in a good light. I’m sure you have heard this but here’s a qoute by Henry Ford:

      Anyone who stops learning is old, whether at twenty or eighty. Anyone who keeps learning stays young. The greatest thing in life is to keep your mind young.

      • Jaz

        Thanks for the reply Henry, I absolutely agree with Henry Ford’s quotation. As a matter fact, the invention of Internet gives everyone the opportunity to learn at their phase. The bad news, some people are somehow brainwashing or creating some sort of norms that people with cert are really skilled. Some HR personnel will immediately jump to the question – do you have certification? And the simple reason behind this, is most of them are not qualified to assess the real skill of the applicant. Same with the owner of a big business who happens to have money and setup an IT company. S/He cannot assess the skill of the applicant but s/he likes to have an IT company, so they will immediately look to someone with certification.

        Good thing, that you also mentioned these vendor-neutral certification because obviously vendor-specific certs is all about money and marketing BUT there are still people who are taking this and passed the exam. These leakage sites or dump sites is not about learning – this is all about memorizing the questions and answers then take the exam. Again, the question is – why none of these certiying body are taking down these websites.

        All the materials are freely available online and all we need to do is study.
        But to be certify and get my money? That’s another story.

        Red Hat Linux is the only remaining credible certification body for me – since they will really put your skill in a real test nott just multiple choice.

      • Jaz

        I just want to add and maybe this is off the topic.

        You will also notice the encarnation of PCI-DSS, HIPPA, Sabanes-Oxley and other industry certiying bodies.
        Seriously, who are these people (college friends?) – who gave them the right to certify specific industry?
        Most of them are not even sanctioned by the government. Most of them are not even technically inclined but they have the nerve to call themselves auditors…yeah right! Funny when I got the checklist of PCI-DSS, I can’t help not to laugh because the list only consist of common sense. Well, after all common sense is not common – so yeah organization like this are simply taking advantage other people.

        You will also laugh if you read their organizations missions & vision – the main goal is to HELP.
        But hey, we have a good news you need to pay. Obviously, the main and TRUE goal is to EARN.

        Organizations like OWASP, Wikipedia, Open-Source OS and tools are the best example of the people who are truthfully willing to help IT industry and individuals.

  • Absul wahab

    accorging to you isnt CCNA and CCNP a good security certifications

    • Absolutely. CCNA (Cisco Certified Network Professional) is a very popular certification – which focuses on networking. As a vendor-specific cert by Cisco it is considered as being the ‘gold standard’ for their technologies – the certs in our list are mostly vendor neutral information security certs so that’s the difference. CCNA is assessed by a 90 minute exam and as far as I know you don’t need any previous experience – but don’t quote me on that!

      CCNP (Cisco Certified Network Professional) and CCIE (Cisco Certified Internetwork Expert) are also two excellent certifications.

      Good luck! Have you started to study any cert?

      • FA1LURE

        CCNA is no longer a general entry level certification since Cisco has restructured their exams. Their CCENT is their entry level certification which allows anyone seeking further Cisco specific certification to do so in a more direct manner – such as down a path of routing/switching, or security, etc. with CCNA, CCNP and CCIE level exams for each. Quite a bit of their prior CCNP R/S material has now for instance made its way down to the ICND2/CCNA R/S exams. While I would add that their IS value in vendor specific certifications to respond to some of what others have said, specifically when said vendor still retains a majority of the current market share within a given industry. With that said, I do believe that anyone looking to be effective in their role especially in the area of IT, and Networking/Security should be prepared to continually learn, truly understand and grasp the fundamentals and ultimately be able to apply them while evolving with the industry, if not staying a head of, when able.

        Also, to discredit a certification because someone can cheap is a ridiculous notion. If someone wants to spend a couple hundred dollars to sit and take an exam for which they utilized materials as noted above in the manner described…. then more power to them. I would pay, should they get hired, to see how long they last. Since if they had to cheat and stoop to such levels to pass the exam they are undeserving of, they will likely not be able to live up to the expectations and needs of the company when asked to completed routine and expected duties.

  • Arnold

    What about CISE (Certified Information Security Expert)?

  • Sherisse G

    What is the average salaries for people who is certified in CPTC and CPTE?

    • Very difficult to say – a lot depends on experience (of course) but you with experience you *should* be on at least $65+ – but that is dependent on so many things….where you live is obviously a factor – but experience always plays a vital role.

      The $65+ was based upon me asking our team here (our instructors are all CISSP/ Pentesters, Consultants etc) and that is what they replied with 🙂

      Good luck and let us know if you need any help or other info.

  • Yuvraj

    Could anyone please help me out by suggesting an entry level certification in information security..??
    I have completed my MCA degree and i am planning to do my career in information security auditing and consulting.

    • Sure! Please get in contact with us if you would like more detailed information.

      Congratulations on your MCA Degree!

      OK…in terms of entry level InfoSec certs, we can only really refer to those offered by EC Council, ISC2, CompTIA and Mile2 since these are our areas of expertise.

      There are several entry levels. The one that we like the most is the CompTIA Security+ Certification which is widely recognized and has been around for ages. CompTIA recently updated the syllabus and the exam structure which ought to have the benefit of making it more appreciated by employers. The two good things about Security+ is that it is a recognized cert with an in-depth security syllabus and secondly, that it is very affordable. Our pricing is under $400 and that includes everything – exam voucher, study materials such as books, practice exams etc.

      Network 5, Wireless 5, Security 5, Certified Security Specialist (ECSS) and the Certified e-Business Professional (CEP).
      These are offered by EC Council and are all regarded as entry level certs.

      Our advice would be to take a look at these listed above and then get in touch with us if you have any questions! Good luck.

    • Kumar

      Go with CDAC or university courses. They are the cheapest

  • mohsen

    hi, i have an MCSE degree, CCIE, and now I work Security info. now i am a pentester i have road ceh, sec+, Ecsa , lpt , web app pentes. How can i work from remote , i live in iran and i want to work with international company.

  • Spencer

    I pretty much disagree with most of your list, form the perspective of a security consultant based out of western Canada with 12 years of experience. Many of those certificates I have never heard of. Absolutely I agree that the certification doesn’t mean anything in a practical sense – I know some talented people with no certs and some utterly useless ones with all the certs. But when I look at job offers and when I meet with recruiters locally, they are all looking for CISSP. They don’t know what it means, but those are the letters they want to see on job applications.

    • Thanks for your comment.

      Certainly, information security IT certifications are indeed ever-evolving. CISSP does seem to be the most popular from all the certifications in our experience – many even call it the ‘Gold Standard’ – sure there are plenty of critics on either side of the fence – but – what I can tell you is this: if HR/ Recruitment Mangers are seeking people with the CISSP designation; then yes, it will help you get that interview and position.

  • Parshu

    Was reading other comments but wanted to make a point here, those who criticize cissp they should at least appear to the exam once & face that 250 questions bombarding, specially when you have to decide what that question & up to what level the question is expecting. How can a person criticize cissp certification without ever checking what actually it demands ? 🙂

  • santosh

    what about CISE: “certified information security expert”. Who is the organiser of this exam and what is the standard ?

  • Tomas

    LPIC-3 Security – that’s hardcore one.

  • Yama

    Hey guys, i’ve just started my path into securities and was wondering what certifications would be handy for entry level, who has no experience. I’m taking my Comptia Network + exam in a couple days, and I’m moving onto Comptia Security +, also my post grad is a program at my local college in Information security Management. What would be another good certification that would be beneficial to get into the market, with 0 experience. Thank you so much for your help in advance.

  • Rene Bosch

    Hello there. I have studied BCOM information systems management and have mainly specialized in change management. I have been looking after operations security in the last year but have no formal qualification. My work wants me to do a course in Information Security and hells bells, I have no clue which is the appropriate course that will add value. may I kindly ask for some suggestions please.


    i am a graduate of comp.sci HND.which of these certifications is best for me as a starter.As I would want to be a computer security guru.
    thank you as i would be expecting your reply ASAP.

  • Cisco CCNP Wireless

    This is really great piece of information, thanks for sharing for about it It field is on top now and many of students are turning to it.

  • vin

    Hi. I am working in thr fielld of information security from past 1 and half year.. and conpleted ceh certification.. now i am planning to do nxt level certification in security field. Kindly suggest all the possibe ways. Thanks..

    • Hi Vin, the fact that you have be working in information security for close to two years means that you are already have necessary experience to apply for middle management. I’d take a look at CISSP if you are interested in taking your career to a more managerial level.

  • Siva

    Being money minded and longevity i want to get into a network security domain…I’m planning CCIE security…please help me…i am a Bachelor of Engineering guy….

  • Ehtishamul Huq

    I’m an ECE final year student . To enter IT security, which certificate would give me more employment opportunities? Which is better among CEH or COMPTIA Security+ ?

  • Ehtishamul Huq

    I’m an ECE final year student. To enter IT SECURITY field, which certificate would give more employment opportunities? Is CEH or COMPTIA SECURITY + a better certification?

  • Jaison R

    I think from all these certifications , only Offensive Security provides practical exam & i hear its pretty tough. I am an OS guy & i tend to look things from the core to break it from by perspective, the above certification fascinates me.

    But for a company looking for infosec professional, CISSP is very desired positio. I think if you are interested in IT R&D team of infosec, Offensive Security will really help you think differently.

  • Anonymous Coward

    You put Security+ and GPEN above OSCP? FAIL!!! Moving on as this article poorly demonstrates any meaningful analysis in this subject..

  • Billy

    Wait, CPTE and SECURITY+ tromps OSCP?

    OK, obviously this was written by someone who clearly doesn’t know what these certifications entail. I smell a skiddie. Security+ is entry level, OSCP is the certification if you want to actually get into systems and know how things work. I won’t even mention the CISSP, that’s the brain cert where you speak business babble but really have no idea what it takes to defend or break into systems.

    • You are right.

      This list does need to be improved. In the meantime hit our homepage and you will see that we have added a new search directory to seek Cybersecurity Courses and Training Programs – many of which are valid for Continuing Education credits which can be used against ISC2, EC Council etc – and also CompTIA!

  • marcos

    I think OSCP is the best one.

  • vignesh

    is there a course available in .net?

  • DPunk

    will you learn everything thy have in there list or do you have to choose one

    • Thank you for your comment. Each of the cyber certs listed above are specializing in a particular IT Security Niche – so chose that first (i.e. decide on a cyber niche) then look at certification. Good luck!

  • Sudhakar Ranipeta

    Dear Sir,

    Please send me details about the CEH and ICSA certifications ASAP:
    1. Duration of the course
    2. Venue
    3. Who gives certification
    Price of the program


  • Raj Bharti

    Dear sir,
    I want to certificate :
    1) Complete CEH
    2) Exploits Development
    3) VAPT
    4) Android development
    5) Cyber Security & awareness

    Give me details of all program to course with duration.
    I am wait your response.

  • Raghavendra


    I am working as spam analyst past 1 year. I thought of doing some certification. Plz suggest the entry level certification for my area of working.

  • Eli

    I’d personally go for OSCP, Offsec is the company who created Kali linux, backtrack, and all sorts of cool services.

  • Eli

    Hii all! This post is really really great. I was considering OSCP, the certificate from Offensive Security, I’ve heard it’s really good. Can anyone accommodate for these recommendations?

  • Asante


    Please, I want to know more about the courses regarding R and D team of infosec and Offensive Security: its requirements, duration and others. I am a first year information technology student-diploma at a university in Ghana.

  • Asante

    Please, I would like to know more about hacking, cyber crime and security, ethical hacking.

    Thank you for the reply.

  • Mark

    I was wondering. You have suggested the CompTIA Security for beginners basically but after that do you move on to the CEH? Ar all the others for more advanced security professionals? I was thinking of being more of a consultant so I just needed some advice on the correct path.

  • Nakul Kohli

    Hi ,

    My name is Nakul Kohli working as a Sr.executive in IT operations and having a around 3 years of work exp & last month did ITIL service managment certification now want to move into IT securities courses to make a good rise in my carrier .

    Kindly advice where to start from and from ehich inst which would be valid world wide .

  • Government Jobs

    Yes! Finally someone writes about CBSE results 2016.

  • Ram Malapati

    Hi Guys,

    Thanks for taking your time to put this List of Recognized Penetration testing Certifications Lists.

    Being a Software Tester I am working in Internet E-commerce Space from last 4 years and my company is looking forward to Invest on me to get some certification in Security field as we are PCI compliance company.I don’t have programming skills and I am more looking forward for a Security certification that focuses on Web Application Penetration rather than dealing with Networks or Infrastructure.

    Can someone suggest me a certification that is designed to deal with Web Application vulnerabilities.

    Thanks in Advance.

  • Harry

    I am an OS guy with the MCSA certification and CCNA. What Security cert will you suggest

Leave a comment or reply below...thanks!