Certifications

FOUNDATIONAL

CertificationProviderLevelPrerequisitesDescription
CompTIA A+CompTIAEntryNoIT fundamentals; good starting point before Security+
CompTIA Network+CompTIAEntryNoNetworking fundamentals underpinning all security work
CompTIA Security+CompTIAEntryNoGeneral baseline for most roles; DoD 8570 required
Google Cybersecurity CertificateGoogleEntryNoBeginner-friendly intro to cybersecurity concepts
CCNACiscoEntry–MidNoNetwork config & security; prerequisite for advanced Cisco certs

CLOUD SECURITY

CertificationProviderLevelPrerequisitesDescription
Microsoft SC-900MicrosoftEntryNoEntry-level Microsoft security, compliance & identity concepts
Microsoft AZ-500MicrosoftMidAZ-900 recommendedAzure security technologies; strong demand as Azure adoption grows
CCSKCSAMidNoVendor-neutral cloud security knowledge; good foundation before CCSP
CCSPISC2Advanced5yr IT + 3yr infosecMost respected cloud security cert; covers all major platforms
AWS Certified Security – SpecialtyAmazonAdvanced5yr IT expAWS-specific; highly valued if your org runs on AWS

DIGITAL FORENSICS INCIDENT RESPONSE [DFIR]

CertificationProviderLevelPrerequisitesDescription
GCFESANS/GIACMidRecommended expWindows forensics & evidence handling
CHFIEC-CouncilMidNo strict reqCovers forensic investigation methodology; law enforcement friendly
CCEISFCEMid2yr expVendor-neutral computer forensics examiner credential
EnCEOpenTextMid–Advanced18mo exp + examEnCase tool certification; widely used in law enforcement & corporate IR
GCFASANS/GIACAdvancedGCFE or expAdvanced forensics; memory analysis, APT investigations

GOVERNANCE, RISK, COMPLIANCE [GRC]

CertificationProviderLevelPrerequisitesDescription
CISSPISC2Advanced5yr exp in 2+ domainsThe definitive leadership/architecture cert; required for senior roles
CISMISACAAdvanced5yr exp, 3yr mgmtBest for pure security management & governance roles
CISAISACAAdvanced5yr audit/control expTop audit-focused credential; required at many consultancies & banks
CRISCISACAAdvanced3yr risk/IS controlFocused on IT risk management & control frameworks
ISO 27001 Lead ImplementerVarious (PECB etc)AdvancedVaries by bodyValidates ability to implement ISMS per ISO 27001 standard

MALWARE ANALYSIS

CertificationProviderLevelPrerequisitesDescription
eCMAPINE/eLearnSecurityMid–AdvancedProgramming basicsPractical malware analysis cert; more affordable entry point than SANS
FOR610 (→ GREM)SANSAdvancedProgramming knowledgeSANS course covering malware analysis techniques
GREMSANS/GIACAdvancedStrong RE/malware expThe definitive malware RE cert; covers static & dynamic analysis

OPEN SOURCE INTELLIGENCE [OSINT]

CertificationProviderLevelPrerequisitesDescription
GOSISANS/GIACMidRecommended expValidates OSINT methodology, data collection & analysis; most recognised
C|OSINTMcAfee InstituteMidDegree + 2yr expFirst globally accredited OSINT board certification
SEC497 (→ GOSI)SANSMidNoPractical OSINT course covering tools, sock puppets, dark web research
SEC587 (→ GOSINT)SANSAdvancedSEC497 recommendedAdvanced OSINT; data mining, geolocation, advanced investigations

OPERATIONAL TECHNOLOGY [OT]

CertificationProviderLevelPrerequisitesDescription
ICS410 (→ GICSP)SANSMidIT/OT backgroundSANS course covering ICS/SCADA security essentials
GICSPSANS/GIACMid–AdvancedICS/IT exp helpfulMost recognised OT/ICS security cert globally
CSSAIACRBAdvancedICS security expCertified SCADA Security Architect; niche but valued in critical infra

PENETRATION TESTING

CertificationProviderLevelPrerequisitesDescription
CEHEC-CouncilMid2 yrs exp or trainingWell-known but more theory than hands-on; widely recognised by employers
PNPTTCM SecurityMidNoPractical, affordable alternative to OSCP; highly respected in community
CompTIA PenTest+CompTIAMidNetwork+/Security+Vendor-neutral; covers full pentest lifecycle
OSCPOffSecMid–AdvancedYes (hacking exp)Gold standard; 24hr practical exam on real machines
GPENSANS/GIACAdvancedRecommended expCovers network exploitation; pairs with SEC560 course
CRTOZero-Point SecurityAdvancedPentest expFocused on Cobalt Strike & red team ops; very practical
OSEPOffSecAdvancedOSCP recommendedAdvanced evasion & post-exploitation techniques

SOC ANALYST

CertificationProviderLevelPrerequisitesDescription
CSA (Certified SOC Analyst)EC-CouncilEntry–MidNoEntry-level SOC focused; covers monitoring & triage
BTL1 (Blue Team Labs Level 1)Security Blue TeamEntry–MidNoAffordable, hands-on blue team fundamentals
CompTIA CySA+CompTIAMidSecurity+ recommendedThreat detection, SIEM, incident analysis; in-demand for SOC roles
GCIHSANS/GIACMid–AdvancedRecommended expIncident handling & response; covers attacker techniques
GCIASANS/GIACMid–AdvancedRecommended expNetwork forensics & intrusion analysis; pairs with SEC503

THREAT INTELLIGENCE

CertificationProviderLevelPrerequisitesDescription
CTIAEC-CouncilMidCybersec backgroundCovers full threat intel lifecycle incl. OSINT, HUMINT, Python automation
eCTHPINE/eLearnSecurityMidBlue team expPractical threat hunting using MITRE ATT&CK; more affordable than SANS
GCTISANS/GIACAdvancedExp in intel/SOCGold standard for threat intel; pairs with FOR578 course
FOR578 (→ GCTI)SANSAdvancedExp recommendedSANS course covering CTI frameworks, adversary tracking
FOR508 (→ GCFE/GCFA)SANSAdvancedDFIR experienceAdvanced IR & threat hunting; covers ransomware & APT hunting