Which Are The Best
Cybersecurity Certifications for 2017

What Are The ‘Best’ Cybersecurity Certifications for 2017?


That’s a bit like asking, “where is the best place to live”, or “what is the best food on the planet”?

So, rather than kick the ass out of this let’s just say one thing: all InfoSec and Cybersecurity certifications are good.

We do NOT get involved in any form of discussion about whether certifications are worth it but what we will always stipulate is that any effort that you make in bettering yourself must be congratulated.


This post was written way back and a lot has changed since then.

We’ve interviewed dozens of Cybersecurity Professionals that are either Penetration Testers or Cybersecurity Analysts (go ahead an click those links to see their advice). The reason why we bring that to your attention is because these folk lend advice on what Cyber Certifications they actually needed and took to get where they are, in other words, you’ll get advice from real people in real jobs and therefore their advice is and will always remain invaluable.

Bit Of History To This Post: When we first published this post it was titled: “The Top 9 Cybersecurity Certifications” because, literally, back then there were only really nine ‘major certs’ that we could think of and in fact the list below (which is the original) is still spot-on.

  • CPTC – Certified Penetration Testing Consultant
  • CPTE – Certified Penetration Testing Engineer
  • CompTIA – Security+
  • CSTA – Certified Security Testing Associate
  • GPEN – GIAC Certified Penetration Tester
  • OSCP – Offensive Security Certified Professional
  • CEH – Certified Ethical Hacker
  • ECSA – EC-Council Certified Security Analyst
  • CEPT – Certified Expert Penetration Tester

Unless otherwise stated these certifications are assessed by multiple choice and they require continuing education with the notable exception of the OSCP Certification. We are biased. Our favorite of these certs is the OSCP created and assessed by the fine folks over at Offensive Security, the creators of Kali Linux (the Linux Hacking Distro). For our reasons we love the OSCP and to hear from Cybersecurity Professionals who have taken this Penetration Testing Cert hit this link.

Here Are The ‘Missing Certs’

The Certs that are missing from our above list are the following: CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), GSEC (GIAC Security Essentials Certification), CRISC (Certified in Risk and Information Systems Control) and SSCP (Systems Security Certified Practitioner).

  • Dr. No

    lol since when are ‘penetration testers’ and ‘cybersecurity analysts’ the gold standard?

  • Michael

    In my humble opinion, another certification that is really worth adding to the “Missing Certs” list is CompTIA’s CASP – Advanced Security Practitioner. According to many people, this certification is actually pretty good as it covers a vast number of topics ranging from incident response and risk management, to programming and networking. Also, many people claim online (and the number of these folks is on a steady rise) that CASP exam is actually harder than the almighty behemonth that is the CISSP exam. I’ve been a CISSP and GPEN (along with CCNP) holder for several years now, and I can tell you – these people are mostly right. Here’s my 2c:

    I passed CASP in second attempt so I can tell you that this exam is no joke! When I first sat the exam, I read the exam topics online and I was fairly confident that I’ll pass as basically almost 100% of CASP topics are covered by CISSP and GPEN, certifications I already had. Boy oh boy, was I in for a nasty surprise… I got about 70 questions, along with 10 simulations (questions expecting you to do something, being it a simple drag-and-drop stuff, or typing in actual commands on the command line!). It was a mixed bag of questions asking me to analyze code at hand and figuring out what’s unsecure about it, to design a network in a secure way by putting right devices on the right places in the diagram, to modify an ACL on a Cisco device, to calculate ROI, ALE…, to read and analyze logs and draw conclusions regarding attacks (buffer overflows, sql injections, system files modifications…). Huge questions (basically case studies) requiring you to think about the larger picture and how things fit into the big scheme of things.

    So, I failed hard the first time. 🙂 After taking this exam more seriously and buying and reading a book for exam preparation, I managed to pass.

    I apologize for somewhat longer comment, but in my opinion, CASP is one of the most underrated and underappreciated and overlooked certifications. The exam is hard, the topics are huge. I remember reading someone’s opinion regarding CASP calling it “a more technical CISSP” and IMO, it’s just that. It is not harder than CISSP per se, as CISSP covers more things than CASP and at least 70% of the topics overlap, but in those topics that do overlap, CASP goes dramatically deeper than the CISSP, no doubt about it.

    As someone who has both CISSP and CASP now, I highly recommend checking out CompTIA’s top-of-the line cert.

    Thanks 🙂

  • Leave a comment or reply below...thanks!