Cybersecurity (sometimes called computer security or information security) is the practice of protecting computers, networks, and data from theft, damage, loss, or unauthorized access.
As our interconnectivity increases, so do the opportunities for bad actors to steal, damage, or disrupt. A rise in cybercrime has fueled a demand for cybersecurity professionals. Job outlook is expected to grow by 33 percent between 2020 and 2030 [1].
While most cybersecurity professionals have at least a bachelor’s degree in computer science, many companies prefer candidates who also have a certification to validate knowledge of best practices. There are literally hundreds of certifications available, from general to vendor-specific, entry-level to advanced.
Before you spend your money and time on a certification, it’s important to find one that will give you a competitive advantage in your career. Here are the number of US job listings across three job sites that require these cybersecurity certifications.
Read more: 10 Cybersecurity Jobs: Entry-Level and Beyond
Certification | Indeed | Simply Hired | Total | |
---|---|---|---|---|
CISSP | 52,000 | 23,711 | 11,547 | 87,258 |
CISA | 22,063 | 12,544 | 7,127 | 41,734 |
CISM | 14,795 | 7,021 | 3,463 | 25,279 |
Security+ | 7,366 | 10,161 | 3,235 | 20,762 |
CEH | 21,125 | 3,961 | 1,918 | 27,004 |
GSEC | 4,189 | 4,054 | 2,545 | 10,788 |
SSCP | 4,177 | 3,569 | 2,231 | 9,977 |
CASP | 3,096 | 1,391 | 925 | 5,412 |
GCIH | 4,111 | 2,985 | 1,764 | 8,860 |
OSCP | 4,162 | 3,054 | 1,232 | 8,448 |
Number of US job search results for each certification as of May 2022
If you're just starting out in the world of cybersecurity, consider an entry-level credential, like the IBM Cybersecurity Analyst Professional Certificate. You can build job-ready skills in less than six months while earning a shareable certificate from an industry leader.
professional certificate
Get ready to launch your career in cybersecurity. Build job-ready skills for an in-demand role in the field, no degree or prior experience required.
4.6
(6,663 ratings)
77,389 already enrolled
BEGINNER level
Average time: 8 month(s)
Learn at your own pace
Skills you'll build:
information security analyst, IT security analyst, security analyst, Junior cybersecurity analyst, Information Security (INFOSEC), IBM New Collar, Malware, Cybersecurity, Cyber Attacks, database vulnerabilities, Network Security, Sql Injection, networking basics, scripting, forensics, Penetration Test, Computer Security Incident Management, Application Security, threat intelligence, network defensive tactics, cyber attack, Breach (Security Exploit), professional certificate, cybersecurity analyst
All salary data represents average US salaries sourced from Glassdoor in May 2022
The CISSP certification from the cybersecurity professional organization (ISC)² ranks among the most sought-after credentials in the industry. Earning your CISSP demonstrates that you’re experienced in IT security and capable of designing, implementing, and monitoring a cybersecurity program.
This advanced certification is for experienced security professionals looking to advance their careers in roles like:
Chief information security officer - $202,390
Security administrator - $70,512
IT security engineer - $94,971
Senior security consultant - $143,410
Information assurance analyst - $110,061
Requirements: To qualify to take the CISSP exam, you’ll need five or more years of cumulative work experience in at least two of eight cybersecurity domains. These include Security and Risk Management, Asset Security, Security Architecture and Engineering, Communication and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations, and Software Development Security.
A four-year degree in computer science satisfies one year of the work requirement. Part-time work and paid internships also count.
Cost (US): $749
If you’re new to cybersecurity and lack the necessary experience, you can still take the exam to become an Associate of (ISC)². Once you pass the exam, you’ll then have six years to build the relevant experience for full CISSP certification.
This credential from IT professional association ISACA helps demonstrate your expertise in assessing security vulnerabilities, designing and implementing controls, and reporting on compliance. It’s among the most recognized certifications for careers in cybersecurity auditing.
The CISA is designed for mid-level IT professionals looking to advance into jobs like:
IT audit manager - $142,459
Cybersecurity auditor - $94,454
Information security analyst - $104,567
IT security engineer - $114,128
IT project manager - $110,612
Compliance program manager - $110,452
Requirements: You need at least five years of experience in IT or IS audit, control, security, or assurance. A two or four-year degree can be substituted for one or two years of experience, respectively.
Cost: $575 for members, $760 for non-members
Learn the fundamentals of information systems auditing with the Information Systems Auditing, Controls and Assurance course—a good starting point if you plan to pursue the CISA.
With the CISM certification, also from ISACA, you can validate your expertise in the management side of information security, including topics like governance, program development, and program, incident, and risk management.
If you’re looking to pivot from the technical to the managerial side of cybersecurity, earning your CISM could be a good choice. Jobs that use the CISM include:
IT manager - $117,510
Information systems security officer - $96,854
Information risk consultant - $96,953
Director of information security - $177,911
Data governance manager - $121,208
Requirements: To take the CISM exam, you need at least five years of experience in information security management. Satisfy up to two years of this requirement with general information security experience. You can also waive one or two years with another certification in good standing or a graduate degree in an information security-related field.
Cost: $575 for members, $760 for non-members
Get a head start toward building your managerial skills in cybersecurity by completing the Managing Cybersecurity Specialization.
CompTIA Security+ is an entry-level security certification that validates the core skills needed in any cybersecurity role. With this certification, demonstrate your ability to assess the security of an organization, monitor and secure cloud, mobile, and internet of things (IoT) environments, understand laws and regulations related to risk and compliance, and identify and respond to security incidents.
Earning your Security+ certification can help you in roles such as:
Systems administrator - $93,197
Help desk manager - $91,768
Security engineer - $113,661
Cloud engineer - $117,167
Security administrator - $70,512
IT auditor - $97,138
Software developer - $111,751
Requirements: While there are no strict requirements for taking the Security+ exam, you’re encouraged to earn your Network+ certification first and gain at least two years of IT experience with a security focus.
Cost: $370
If you’re just getting started in information technology (IT), CompTIA recommends that you get your Google IT Support Professional Certificate first. You’ll build foundational skills in IT while preparing to pass the CompTIA A+ exams—the first step in the CompTIA certification path.
professional certificate
This is your path to a career in IT. In this program, you’ll learn in-demand skills that will have you job-ready in less than 6 months. No degree or experience required.
4.8
(133,098 ratings)
1,004,053 already enrolled
BEGINNER level
Average time: 6 month(s)
Learn at your own pace
Skills you'll build:
Debugging, Encryption Algorithms and Techniques, Customer Service, Network Protocols, Cloud Computing, Binary Code, Customer Support, Linux, Troubleshooting, Domain Name System (DNS), Ipv4, Network Model, Powershell, Linux File Systems, Command-Line Interface, Directory Service, Lightweight Directory Access Protocol (LDAP), Backup, Cybersecurity, Wireless Security, Cryptography, Network Security
Read more: 10 Essential IT Certifications
Ethical hacking, also known as white hat hacking, penetration testing, or red team, involves lawfully hacking organizations to try and uncover vulnerabilities before malicious players do. The EC-Council offers the CEH Certified Ethical Hacker certification. Earn it to demonstrate your skills in penetration testing, attack detection, vectors, and prevention.
The CEH certification helps you to think like a hacker and take a more proactive approach to cybersecurity. Consider this certification for jobs like:
Penetration tester - $108,520
Cyber incident analyst - $83,276
Threat intelligence analyst - $102,523
Cloud security architect - $150,509
Cybersecurity engineer - $111,025
Requirements: You can take the CEH exam if you have two years of work experience in information security or if you complete an official EC-Council training.
Cost: $950 to $1,199, depending on testing location
Read more: How to Become a Penetration Tester
Practice your penetration testing skills on WebGoat, a deliberately vulnerable application, by taking the Exploiting and Securing Vulnerabilities in Java Applications course from UC Davis on Coursera.
This certification from the Global Information Assurance Certification (GIAC) is an entry-level security credential for those with some background in information systems and networking. Earning this credential validates your skills in security tasks like active defense, network security, cryptography, incident response, and cloud security.
Consider taking the GSEC exam if you have some background in IT and wish to move into cybersecurity. Job roles that use the skills demonstrated by the GSEC include:
IT security manager - $137,487
Computer forensic analyst - $81,534
Penetration tester - $108,520
Security administrator - $70,512
IT auditor - $97,138
Software development engineer - $133,864
Requirements: There are no specific requirements to take the GSEC exam. Set yourself up for success by gaining some information systems or computer networking experience first.
Cost: $2,499 (includes two practice tests)
GIAC also offers the Information Security Fundamentals (GISF) as its entry-level certification for those new to IT. If you’re still gaining experience with networking and information systems, this could be a good place to start.
With this intermediate security credential from (ISC)², you can show employers that you have the skills to design, implement, and monitor a secure IT infrastructure. The exam tests expertise in access controls, risk identification and analysis, security administration, incident response, cryptography, and network, communications, systems, and application security.
The SSCP is designed for IT professionals working hands-on with an organization’s security systems or assets. This credential is appropriate for positions like:
Network security engineer - $118,565
System administrator - $72,647
Systems engineer - $102,175
Security analyst - $96,018
Database administrator - $97,781
Security consultant - $87,135
Requirements: Candidates for the SSCP need at least one year of paid work experience in one or more of the testing areas. This can also be satisfied with a bachelor’s or master’s degree in a cybersecurity-related program.
Cost: $249
Prepare to sit the SSCP exam with the (ISC)² Systems Security Certified Practitioner (SSCP) Specialization through Coursera. Work through the six courses at your own pace as you gain confidence to sit and pass the exam.
The CASP+ is designed for cybersecurity professionals who demonstrate advanced skills but want to continue working in technology (as opposed to management). The exam covers advanced topics like enterprise security domain, risk analysis, software vulnerability, securing cloud and virtualization technologies, and cryptographic techniques.
The CASP+ can open up opportunities for advanced roles in architecture, risk management, and enterprise security integration. Possible job titles include:
Security architect - $157,713
Security engineer - $113,661
Application security engineer - $117,423
Technical lead analyst - $137,042
Vulnerability analyst - $103,523
Requirements: There’s not a formal prerequisite for taking the CASP+ exam. CompTIA recommends it only for experienced cybersecurity professionals with at least ten years of IT administration experience (including five years of broad hands-on experience with security).
Cost: $466
Learn more about CompTIA’s cybersecurity certification path with our IT Certification Roadmap.
Earning the GCIH validates your understanding of offensive operations, including common attack techniques and vectors and your ability to detect, respond, and defend against attacks. The certification exam covers incident handling, computer crime investigation, hacker exploits, and hacker tools.
This certification is meant for anyone working in incident response. Job titles might include:
Security incident handler - $62,758
Security architect - $157,713
System administrator - $72,647
Requirements: There are no formal prerequisites for taking the GCIH exam, though it’s a good idea to have an understanding of security principles, networking protocols, and the Windows Command Line.
Cost: $2,499 (includes two practice tests)
Start building the technical skills you’ll need as an incident responder with the Cyber Incident Response Specialization from Infosec.
The OSCP from Offensive Security has become one of the most sought-after certifications for penetration testers. The exam tests your ability to compromise a series of target machines using multiple exploitation steps and produce detailed penetration test reports for each attack.
The OSCP is a good option for jobs like:
Penetration tester - $108,520
Ethical hacker - $116,243
Threat researcher - $83,882
Application security analyst - $110,714
Requirements: There are no formal requirements to take the exam. Offensive Security recommends familiarity with networking, Linux, Bash scripting, Perl or Python, as well as completion of the Penetration Testing with Kali course.
Cost: From $999 (Basic package includes Penetration Testing with Kali Linux (PWK/PEN-200) course, 30 days of lab access, and one exam attempt)
A survey by (ISC)² found that 70 percent of cybersecurity professionals surveyed in the US were required to have a certification by their employers. Security certification can also come with a salary boost of $18,000, according to the same study. The right credential can also make you more attractive to both recruiters and hiring managers [2].
Earning a certification in cybersecurity can validate your hard-earned skills and help you advance your career. Here are some things to consider when choosing which certification is right for you.
Your level of experience: Start with a certification that matches your current skill set. Invest in a certification you know you can achieve, and use it to advance toward more challenging certifications later in your career. If you're new to IT, take a look at these beginner IT certifications and certificates.
Cost: Getting certified typically costs several hundred dollars (or more), plus the additional fees to maintain it. The right certification can open up better job prospects or higher salaries, but it’s important to invest wisely.
Tip: Some employers will help pay for your certification, so it’s always a good idea to ask first. According to the (ISC)² survey, 40 percent of respondents said that their organization covered the cost of their courses, exam, and fees [2].
Area of focus: If you’re just getting started in cybersecurity or want to move into a managerial role, a more general certification might be a good choice. As you advance in your career, you might decide to specialize. A certification in your concentration area can validate your skills to potential employers.
Potential employers: Check some job listings of employers you may want to work for (or job titles you plan to apply for) to see what certifications are commonly required.
Consider one of these beginner IT certifications or certificates to build entry-level skills and advance your career.
Many of the most coveted certifications require (or at least recommend) some previous experience in cybersecurity or IT. If your career goals include a job in this in-demand industry, there are some steps you can take now to start gaining the experience you need.
While you don’t need a degree to enjoy a successful career in cybersecurity—eight percent of surveyed professionals only reported a high school diploma—it can help you build a strong foundation [2]. Many of the most prestigious certifications will waive some of the work experience requirements if you’ve earned a bachelor’s or master’s degree in computer science or a related field.
The University of Pennsylvania offers an Ivy League Master of Computer and Information Technology degree designed especially for students without a computer science background. Try a course before you apply to see if this program is a good fit.
Hands-on experience is often the most effective way to prepare for certification exams. Start accumulating work experience with an entry-level role as a cybersecurity analyst. Many cybersecurity professionals start off in more general IT roles.
Learn more: How to Get a Job in IT: 7 Steps
Enhance your resume and make yourself more attractive to hiring managers with a certification that doesn’t require previous experience.
Entry-level IT certification options include lower-level credentials from some of the companies listed above. You can also build job-ready skills with no previous experience with the Google IT Support Professional Certificate and IBM Cybersecurity Analyst Professional Certificate through Coursera.
professional certificate
This is your path to a career in IT. In this program, you’ll learn in-demand skills that will have you job-ready in less than 6 months. No degree or experience required.
4.8
(133,098 ratings)
1,004,053 already enrolled
BEGINNER level
Average time: 6 month(s)
Learn at your own pace
Skills you'll build:
Debugging, Encryption Algorithms and Techniques, Customer Service, Network Protocols, Cloud Computing, Binary Code, Customer Support, Linux, Troubleshooting, Domain Name System (DNS), Ipv4, Network Model, Powershell, Linux File Systems, Command-Line Interface, Directory Service, Lightweight Directory Access Protocol (LDAP), Backup, Cybersecurity, Wireless Security, Cryptography, Network Security
professional certificate
Get ready to launch your career in cybersecurity. Build job-ready skills for an in-demand role in the field, no degree or prior experience required.
4.6
(6,663 ratings)
77,389 already enrolled
BEGINNER level
Average time: 8 month(s)
Learn at your own pace
Skills you'll build:
information security analyst, IT security analyst, security analyst, Junior cybersecurity analyst, Information Security (INFOSEC), IBM New Collar, Malware, Cybersecurity, Cyber Attacks, database vulnerabilities, Network Security, Sql Injection, networking basics, scripting, forensics, Penetration Test, Computer Security Incident Management, Application Security, threat intelligence, network defensive tactics, cyber attack, Breach (Security Exploit), professional certificate, cybersecurity analyst
Getting a cybersecurity certification typically involves passing an exam (sometimes multiple exams). Some certifications also require you to sign a code of ethics. To maintain your certification, you’ll need to complete a specified amount of continuing education.
The length of time you’ll need to prepare for a certification exam will depend on what you already know and what you’ll need to learn. Preparing could take anywhere from a week to several months (assuming you meet the work prerequisites).
If you're just starting out in cybersecurity, consider the IBM Cybersecurity Analyst Professional Certificate to build foundational skills and get hands-on experience with cybersecurity analyst tools. Once you've established familiarity with cybersecurity technology and best practices, the CompTIA Security + is considered among the best entry-level, vendor-neutral credentials.
You probably won’t need to know how to code for most entry-level cybersecurity jobs. The ability to read and understand code becomes increasingly helpful as you advance in the field. Some programming languages you might consider learning include JavaScript, HTML, Python, C, and C++.
If you’re interested in computers, networks, and how they work, a career in cybersecurity could be a good fit for you. Jobs in the field tend to be in-demand and high-paying. The median salary for an information security analyst, for example, is $103,590 per year [3].
The skills, practices, and technologies you’ll use as a cybersecurity professional will continue to evolve along with computer and network technology. The desire to learn, ability to problem solve, and attention to detail will serve you well in this field. Other, more technical skills and technologies to learn include:
1. US Bureau of Labor Statistics. "Information Security Analysts, https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm." Accessed June 14, 2022.
2. (ISC)². "Cybersecurity Workforce Study, https://blog.isc2.org/isc2_blog/2021/01/cybersecurity-workforce-study-certifications-boost-salaries-by-an-average-of-18000.html." Accessed June 14, 2022.
3. US Bureau of Labor Statistics. "Information Security Analysts, https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm." Accessed June 14, 2022.
This content has been made available for informational purposes only. Learners are advised to conduct additional research to ensure that courses and other credentials pursued meet their personal, professional, and financial goals.