Today’s cyber-attacks are highly sophisticated and exploit specific vulnerabilities,   The regulatory compliance requirements are becoming stringent and there is a shortage of cybersecurity professionals.

To grow in this dynamic profession and a wide variety of the tool and technology landscape, it is always confusing what to do next to progress in career and how to take the advantage of this rising tide of cyber-attacks and regulatory requirements.

For the organization, it is always a tough choice to select the right candidate and how to plan the progression to retain these professionals.

The (ISC)² CEO David Shearer provides a good guidance on this, he says, “Statistically, someone who goes through the formal [certification] process tends to be a candidate with more educational experience,”  He continues “The certifications give professionals the “deep dive” expertise they need to drive their careers”

When we start searching for the first or the next certifications, most of us are always get lost in the sea of certification options available which will surely help us to take to the next milestone of our career.

We have done some research for you and identified top five certifications which will help you in progression in your career. If you want to get specialized in particular industry domain e.g. Payment card Industry, banking and Finance then you should go for the PCI-DSS and/or PA-DSS certification. There are multiple options available either to upgrade your career or to work as the freelancer then go for PCIP (Payment Card Industry Professionals). Or if you want to become Cloud security expert then go for CCSK or CCSP.

In this article, we have provided the information on top five certifications which are most valued by the industry. These certifications cover the beginner to expert level.

CISSP – (CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL) – Conducted by ISC2

• About Certification – The most coveted and accepted computer security certification around. This general computer security knowledge certification exam covers eight Common Body of Knowledge (CBK) domains, including access control, operations security, cryptography, and more. The most-esteemed cybersecurity certification in the world. The CISSP recognizes information security leaders who understand cybersecurity strategy, as well as hands-on implementation. It shows you have the knowledge and experience to design, develop and manage the overall security posture of an organization. Are you ready to prove you’re an expert?

• Prerequisites – Five years cumulative, paid full-time work experience in two or more of the eight domains of the CISSP Common Body of Knowledge (CBK).
• Cost of Certification – Initial exam cost is USD $599 (Annual renewal fee is applicable to maintain certification)
• How to prepare / Resources for study – For self-study ( which we recommend) utilize following books or podcasts
  • Official (ISC)² Guide to the CISSP CBK, Fourth Edition
  • Official (ISC)² CISSP Study Guide
  • Official (ISC)² CISSP Practice Tests
  • CISSP ® Certified Information Systems Security Professional Study Guide 7th Ed – By James Stewart, Mike Chapple, Darril Gibson
  • CISSP Study Guide Paperback by Eric Conrad
  • Also, listen to CyberSecStudy’s CISSP Training Podcast
• Link to certification Authority – https://www.isc2.org/Certifications/CISSP
• Exam Passing Criteria – Total 250 questions, 25 questions are experimental and not graded. Which questions these are is unknown. Pass marks are 700 out of 1000 – weighted scoring, 6 hours to complete the exam.

CISM (CERTIFIED INFORMATION SECURITY MANAGER) by ISACA

• About Certification – CISM demonstrates a deep understanding of the relationship between information security programs and broader business goals and objectives. CISM promotes international security practices and CISM-certified employees provide enterprises with an information security management certification recognized by organizations and clients around the globe. So having a CISM certification adds directly to the value you offer the enterprise you serve. The uniquely management-focused CISM certification promotes international security practices and recognizes the individual who manages, designs, and oversees and assesses an enterprise’s information security.
• Prerequisites – Verified evidence of a minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas.
• Cost of Certification – Early Registration is $415 for Members and $545 for Non-Members; Final Registration is $465 for Members and $595 for Non-Members.
• How to prepare / Resources for study – For self-study ( which we recommend) utilize following books
  • CISM Review Manual 15th Edition Print | ePUB
  • CISM Review Questions, Answers & Explanations Manual 9th Edition
  • CISM Review Questions, Answers and Explanations Database – 12 Month Subscription
• Link to certification Authority – http://www.isaca.org/Certification/Pages/Exam-Registration.aspx
• Exam Passing Criteria – ISACA uses a 200-800 point scale with 450 as the passing mark for the exams. A scaled score is a conversion of the raw score on an exam to a common scale.A candidate must receive a scaled score of 450 or higher to pass the exam.

GIAC –GSEC (Global Information Assurance Certification) Security Essentials (GSEC) by  SANS

• About Certification – Each GIAC certification is designed to stand on its own and represents a certified individual’s mastery of a particular set of knowledge and skills. Security Professionals that want to demonstrate they are qualified for IT systems hands-on roles with respect to security tasks. Candidates are required to demonstrate an understanding of information security beyond simple terminology and concepts.
• Pre Requisites – There are no official prerequisites to take the GIAC certifications. Any candidate who feels that he or she has the knowledge and ability to pass the certification requirements may take the certification. However, students should be aware of the technical level of the course they wish to take. The 500 level courses are more advanced than the 400 and the 400 more advanced than the 300.
• Cost of Certification – GIAC Certification Attempt cost in USD is $1,699.Refer this link for details https://www.giac.org/certifications/pricing (Annual certification maintenance fee is applicable)
• How to prepare / Resources for study – GIAC training courses online or instructor lead (e.g.https://www.sans.org/course/security-essentials-bootcamp-style) An average of 55 hours of study time over and above of any classroom training. The first practice test to gauge progress. Practice tests provide information on the types of questions to expect in certification exam, as well as the testing interface. Practice using any references you plan on bringing with you to the testing center to simulate the exam experience.
• Link to certification Authority – https://www.giac.org/registration/cert-attempt
• Exam Passing Criteria – GIAC exams are taken online in a proctored environment through GIAC’s state-of-the-art exam engine. GIAC Certification attempts will be available in candidates’ accounts for 4 months. Depends on which certification you are attempting, the time limit for the exam ranges from 2 to 5 hours. The exams are open book

CompTIA Security+

• About Certification – An entry-level certification for security professionals in the early stages of their careers. The successful candidate has the knowledge and skills required to install and configure systems to secure applications, networks, and devices; perform threat analysis and respond with appropriate mitigation techniques; participate in risk mitigation activities; and operate with an awareness of applicable policies, laws, and regulations. The successful candidate will perform these tasks to support the principles of confidentiality, integrity, and availability.
• Pre Requisites – Experience is not required, candidates typically have expertise in a broad range of security topics and have been working in the field for about two years before taking the exam.
• Cost of Certification – Exam Fees USD $320
• How to prepare / Resources for study – Instructor-Led or online training courses (recommended)  Self Study – CompTIA CertMaster is an online learning tool (https://certification.comptia.org/training/certmaster). plenty of certification-related books, like the A+ Guide to Technical Support and e-books
• Link to certification Authority – https://certification.comptia.org/certifications/security#overview
• IExam Passing Criteria – Maximum of 90 questions, Multiple choice, and performance-based. Passing Score – 750 (on a scale of 100-900)

Certified Ethical Hacker (CEH) – International Council of Electronic Commerce Consultants by EC-Council

• About certification – Ethical Hackers are professionals who use the same tools as their malicious counterparts to pinpoint weaknesses and vulnerabilities in target systems in order to assess the security and help plug the holes. Savvy businesses proactively protect their networks by hiring the services of CEHs in order to beat hackers at their own game. The CEH credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective.
• Pre Requisites – 2 years of verifiable experience. Link to the eligibility criteria – https://cert.eccouncil.org/application-process-eligibility.html
• Cost of Certification – EC – Council Training including Exam – USD $950 Self Study – Exam fees USD $500 Additional $100 eligibility application fee
• How to prepare / Resources for study – EC Council Training course is Recommended
  • Self-Study These books are good knowledge source apart from the hands-on experience
  • CEH v9: Certified Ethical Hacker – Version 9 Study Guide
  • CEHTM – Official Certified Ethical Hacker Review Guide: Exam 312-50 PAP/CDR Edition (English, Paperback, Todd Lammle, Kimberly Graves)
  • CEH Certified Ethical Hacker Bundle, Second Edition (All-in-One Series)

• Link to certification Authority – https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/
• Exam Passing Criteria – Prometric VUE – 125 question – Multiple Choice, 70% to pass Duration – 4 hours

Hope this information will help to make your certification journey easy.

Keep learning, keep progressing in your career.