The Top Cybersecurity Certifications Employers Look For

Sponsored School Search

Cybersecurity remains a profession shaped by certification. In fact, according to tech industry job market analytics firm Burning Glass Technologies, about one-third of all cybersecurity jobs demand industry certification, compared to just 23 percent for other IT jobs.

In 2014 alone, nearly 50,000 cybersecurity job vacancy announcements were published calling for candidates with the Certified Information Security Professionals (CISSP) certification—the primary credential in cybersecurity.

The CISSP designation, offered through a number of testing providers, validates knowledge of:

  • Telecommunications
  • Access control
  • Network security
  • Risk management
  • Cryptography
  • Security architecture and design
  • Business continuity
  • Information security governance
  • Software development security

What’s more is that the demand for cyber security talent with professional certification continues to outpace supply. For example, while statistics showed 50,000 job listings calling for a CISSP in 2014, there were just slightly more than 65,000 total active CISSP certification holders nationwide, according to the Information System Security Certification Consortium.

Industry certifications serve as a benchmark for the skills and knowledge required to perform specific cyber security job functions. They also serve to meet employer requirements and are closely associated with improved earning potential and career progression.


The Most Popular Entry-Level and Advanced Cybersecurity Certifications

Top Ranked Cybsecurity Certification Based on Average Salary

The Most Valuable Cybersecurity Certifications for Career Progression


The most recognized cyber security certification vendors are …

CERT: Carnegie Mellon University Software Engineering Institute

  • Insider Threat Program Manager (ITPM) Certificate
  • Insider Threat Vulnerability Assessment (ITVA) Certificate
  • Insider Threat Program Evaluator (ITPE) Certificate
  • SEI Certificate in Incident Response Process
  • SEI Certificate in Information Security
  • CISCO Executive Certificate
  • Secure Coding Professional Certificate: C and C++
  • Secure Coding Professional Certificate: Java

Certified Wireless Network Professional

  • Certified Wireless Technology Specialist (CWTS): Entry-level
  • Certified Wireless Network Administrator (CWNA): Administrator-level
  • Certified Wireless Security Professional (CWSP): Professional-level
  • Certified Wireless Design Professional (CWDP): Professional-level
  • Certified Wireless Analysis Professional (CWAP): Professional-level
  • Certified Wireless Network Expert (CWNE): Expert-level
  • Certified Wireless Network Instructor (CWNT)


  • Security+

The CompTIA Security+ certification serves as a benchmark for best practices in IT security by covering the essential principles for network security and risk management. It is recommended that candidates for the Security+ exam possess at least two years of experience in IT administration with a security focus.

Exam topics cover:

  • Network security
  • Compliance and operation security
  • Threats and vulnerabilities
  • Application, data, and host security
  • Access control
  • Identity management
  • Cryptography


  • Certified Ethical Hacker (CEH)
  • Certified Incident Handler (CIH)
  • Computer Hacking Forensic Investigator (CHFI)
  • Licensed Penetration Tester (LPT)
  • Network Security Administrator (ENSA)
  • Certified Secure Programmer (ECSP)
  • Disaster Recovery Professionals (EDRP)
  • Certified Chief Information Security Officer (CCISO)
  • Certified Secure Computer User (CSCU)
  • Certified Security Analyst (ECSA)

Global Information Assurance Certification (GIAC)

  • GIAC Security Essentials (GSEC): security administration

The GSEC certification is an entry-level certification that requires no specific training.  The GSEC exam consists of 180 questions on topics such as:

  • Critical security controls
  • Authentication and password management
  • Attacks and countermeasures
  • Firewalls
  • Information warfare

Candidates for the GSEC exam may achieve the required knowledge through practical training, books on computer information security, a course provided by SANS or another training provider.

  • GIAC Certified Incident Handler (GCIH): security administration

The GCIH designation is designed for incident handlers who manage security incidents by understanding common attack techniques, vectors, and tools and who can defend against and/or respond to such attacks when they occur. No specific training is required for the GCIH designation.

  • GIAC Certified Intrusion Analyst (GCIA): security administration

The GCIA is designed for individuals responsible for network and host monitoring, traffic analysis, and instruction detection. No specific training in required for the GIAC designation; however, candidates should have the ability knowledge, skills, and abilities to configure and monitor intrusion detection systems and to read, interpret, and analyze network traffic and related log files.

  • GIAC Certified Forensic Analyst (GCFA): forensics
  • GIAC Penetration Tester (GPEN): security administration
  • GIAC Security Leadership (GSLC): management
  • GIAC Web Application Penetration Tester (GWAPT): security administration
  • GIAC Certified Forensic Examiner (GCFE): forensics
  • GIAC Reverse Engineering Malware (GREM): forensics
  • GIAC Systems and Network Auditor (GSNA): audit
  • GIAC Certified Perimeter Protection Analyst (GPPA): security administration
  • GIAC Certified Windows Security Administrator (GCWN): security administration
  • GIAC Information Security Fundamentals (GSIF): security administration
  • GIAC Certified Enterprise Defender (GCED): security administration
  • GIAC Information Security Professional (GISP): management
  • GIAC Assessing and Auditing Wireless Networks (GAWN): security administration
  • Global Industrial Cyber Security Professional (GICSP): security administration
  • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN): security administration
  • GIAC Certified UNIX Security Administrator (GCUX): security administration
  • GIAC Secure Software Programmer – Java (GSSP-JAVA): software security
  • GIAC Mobile Device Security Analyst (GMOB): security administration
  • GIAC Network Forensic Analyst (GNFA): forensics
  • GIAC Critical Controls Certification (GCCC): security administration
  • GIAC Certified Web Application Defender (GWEB): software security
  • GIAC Law of Data Security and Investigations (GLEG): legal
  • GIAC Continuous Monitoring Certification (GMON): security administration
  • GIAC Secure Software Programmer – .NET (GSSP-.NET): software security
  • GIAC Certified Project Manager (GCPM): management
  • GIAC Python Coder (GPYC): security administration
  • GIAC Advanced Smartphone Forensics (GASF): forensics

International Association of Privacy Professionals

  • Certified Information Privacy Professional (CIPP) – law and regulations

The CIPP designation is an entry-level certification that details a cybersecurity professional’s knowledge about privacy laws and regulations. The CIPP designation provides two concentrations: CIPP/US for the private sector and CIPP/G for the U.S. government. Cybersecurity professionals can prepare for this exam by reading the exam blueprint and the related textbook.

  • Certified Information Privacy Manager (CIPM) – operations
  • Certified Information Privacy Technologist (CIPT) – technology

Information Assurance Certification Review Board (IACRB)

  • Certified Expert Penetration Tester (CEPT)
  • Certified Application Security Specialist (CASS)
  • Certified SCADA Security Architect (CSSA)
  • Certified Reverse Engineering Analyst (CREA)
  • Certified Penetration Tester (CPT)
  • Certified Data Recovery Professionals (CDRP)
  • Certified Computer Forensics Examiner (CCFE)
  • Certified Windows Security Specialist (CWSS)
  • Certified Web App Penetration Tester (CWAPT)
  • Certified DIACAP Engineer (CDAE)

International Information Systems Security Certification Consortium, Inc. (ISC²)

  • Certified Information Systems Security Professionals (CISSP)
  • Certified Cloud Security Professional (CCSP)
  • Systems Security Certified Practitioner (SSCP)

The SSCP credential is an entry-level certification that requires candidates to possess at least one year of related experience to qualify to take the exam. SSCP holders have proven their ability to implement, monitor, and administer IT infrastructure according to information security policies and procedures that ensure data integrity, availability, and confidentiality. Candidates can prepare by studying the related textbooks provided by ISC².

  • Certified Authorized Professionals (CAP)
  • Certified Secure Software Lifecycle Professional (CSSLP)
  • Certified Cyber Forensics Professional (CCFP)
  • Healthcare Information Security and Privacy Practitioner (HCISPP)
  • CISSP Concentration in Architecture (ISSAP)
  • CISSP Concentration in Engineering (ISSEP)
  • CISSP Concentration in Management (ISSMP)

Infotech Pro

  • Computer Hacking Forensic Investigator (CHFI)
  • Certified Security Analyst (ECSA)
  • License Penetration Tester (LPT)
  • Certified Incident Handler (E CIH)
  • Certified Secure Computer User (CSCU)
  • Certified Information Systems Security Professional (CISSP)
  • Healthcare Information Security and Privacy Practitioner Certification (HISSP)
  • Certified Information Security Manager (CISM)
  • Certified Information Security Auditor (CISA)
  • Certified in Risk and Information Systems Control (CRISC)


  • Certified Information Systems Auditor (CISA)

The CISA designation is a globally recognized certification for IS audit control, assurance, and security professionals. To qualify to take the CISA exam, candidates must possess at least 5 years of professional information systems auditing, control, or security work experience. Candidates can prepare to take the CISA exam by obtaining CISA Exam preparation resources through ISACA and the chapters that host CISA Exam review courses.

  • Certified Information Security Manager (CISM)

The CISM designation allows cybersecurity professionals to demonstrate their information security management expertise. Candidates must possess at least 5 years of information security work experience, with at least 3 of those years in information security management to quality to take the CISM exam.

  • Certified in the Governance of Enterprise IT (CGEIT)
  • Certified in Risk and Information Systems Control (CRISC)
  • Cybersecurity Nexus (CSX, CSX-P)

Learning Tree International

  • Cyber Security Specialist
  • Expert Certifications
    • Network Defense Analyst
    • Network Infrastructure Defender
    • Incident Responder
    • Security and Vulnerability Assessor

McAfee Institute

  • Certified Cyber Investigative Expert (CCIE)
  • Certified Forensic HiTech Investigator (CFHI)
  • Certified Cyber Threat Forensic Investigator (CTFI)
  • Qualified Cyber Intelligence Investigator (QCII)
  • Qualified Counter-Intelligence Threat Analyst (QCTA)
  • Qualified E-Commerce Fraud Investigator (QEFI)


  • C)ISSO Certified Information Systems Security Officer
  • C)IPTE Certified Penetration Testing Engineer
  • C)PTC Certified Penetration Testing Consultant
  • C)DRE Certified Disaster Recovery Engineer
  • C)DFE Certified Digital Forensics Examiner
  • C)NFE Certified Network Forensics Examiner
  • C)SWAE Certified Secure Web Applications Engineer
  • C)IHE Certified Incident Handling Engineer
  • C)WSE Certified Wireless Security Engineer
  • C)SS Certified Security Sentinel
  • C)VA Certified Vulnerability Assessor
  • C)SLO Certified Security Leadership Officer
  • C)PEH Professional Ethical Hacker
  • C)ISSM Certified Information Systems Security Manager
  • C)ISSA Certified Information Systems Security Auditor
  • C)ISRM Certified Information Systems Risk Manager
  • C)VME 6.0 Certified Virtual Machine Engineer
  • ISCAP Information Systems Certification and Accreditation Professional
  • C)ISMS-LA Certified Information Security Management Systems Lead Auditor
  • C)ISMS-LI Certified Information Security Management Systems Lead Implementer

Security University

  • Q/ISP Qualified/Information Security Professional Certificate of Mastery
  • Q/IAP Qualified/Information Assurance Professional Certificate of Mastery
  • Q/WP Wireless Certifications Certificate of Mastery
  • Q/WAD Qualified/Wireless Analyst & Defender

Logical Operations

  • CyberSec First Responder

American Board for Certification in Homeland Security

  • Sensitive Security Information, Certified
  • The Intelligence Analyst, Certified
  • Certified Aviation Security Professional
  • Certified in Cyber Warfare

Offensive Security

  • Offensive Security Certified Professional (OSCP)
  • Offensive Security Wireless Professional (OSWP)
  • Offensive Security Certified Expert (OSCE)
  • Offensive Security Exploitation Expert (OSEE)
  • Offensive Security Web Expert (OSWE)

The Most Popular Entry-Level and Advanced Cybersecurity Certifications

As of 2014, the most popular entry-level certifications (those that require less than 3 years of experience) for cybersecurity professionals were:

  1. Systems Security Certified Practitioner (Security+)
  2. GIAC Security Essentials (GSEC)
  3. Certified Information Privacy Professionals (CIPP)
  4. Systems Security Certified Practitioner (SSCP)

Advanced certifications (those that require about 3 to 5 years of experience) that cybersecurity analysts, architects, engineers, administrators and auditors most often held were:

  1. Certified Information Systems Security Professionals (CISSP)
  2. Certified Information Systems Auditor (CISA)
  3. Certified Information Security Manager (CISM)
  4. GIAC Certified Incident Handler (GCIH)
  5. GIAC Certified Intrusion Analyst (GCIA)

Top Ranked Cybsecurity Certification Based on Average Salary

Recent statistics reveal the value of cyber security certification in terms of salary potential. For example, professionals holding a Security+ designation, one of the most common entry-level certifications for cybersecurity professionals, earned an average salary of $75,484 in 2014, according to job postings analyzed by SANS. However, job postings for cybersecurity professionals with a CISM designation, an advanced-level certification, revealed an average salary of $95,450—or nearly $20,000 more than what those with the Security+ earned.

The top cybersecurity certs available in terms of salary potential are:

Certified Information Security Manager (CISM) – 7 percent of all job postings and an average salary of $95,450

The Certified Information Security Professionals (CISSP) – the most sought-after certification among employers in 2014, with nearly 21 percent of all job postings specifically naming it as a required certification. The average salary for CISSP holders was $93,010 that year.

GIAC Certified Incident Handler (GCIH) – 2 percent of all job postings and an average salary of $92,759

Certified Information Privacy Professionals (CIPP) – 2 percent of all job postings and an average salary of $90,550

The Certified Information Systems Auditor (CISA) – 14 percent of all job postings and an average salary of $86,238

GIAC Certified Intrusion Analyst (GCIA) – 1 percent of all job postings and an average salary of $84,392

GIAC Security Essentials (GSEC) –2 percent of all job postings and an average salary of $81,631

Systems Security Certified Practitioner (SSCP) –2 percent of all job postings and an average salary of $80,718

Systems Security Certified Practitioner (Security+) – 6 percent of all job postings and an average salary of $75,484

The Most Valuable Cybersecurity Certifications for Career Progression

The majority of respondents (58 percent) in the SANS Institute 2014 survey cited network and IT security certification as the biggest contributor to their career success, with many reporting these certifications as being “critical” to their success in cybersecurity.

Certification in the cybersecurity profession is often used by employers as a requirement to employment and as a way to differentiate candidates. For cybersecurity professionals, certification allows them to build skillsets, demonstrate an advanced level of competency in an area of cybersecurity, and demonstrate their commitment and dedication to their career– and to the pursuit of new knowledge and skills.

Respondents in the SANS Institute survey reported on their own appraisal of the value of the top certifications for career sucess:

  1. GIAC Security Expert (GSE)
  2. Certified Information Systems Security Professionals (CISSP)
  3. GIAC Certified Forensics Analyst (GCFA)
  4. GIAC Penetration Tester (GPEN)
  5. GIAC Industrial Cyber Security Professionals (GICSP)
  6. GIAC Certified Incident Handler (GCIH)
  7. ISACA Certified Information Systems Auditor (CISA)
  8. GIAC Security Essentials Certification (GSEC)
  9. GIAC Certified Intrusion Analyst (GCIA)
  10. GIAC Security Leadership Certification (GSLC)
  11. CompTIA Security+
  12. ISC (2) Certified Cyber Forensics Professional (CCFP)
  13. EC-Council Certified Ethical Hacker (CEH)
  14. Cisco Certified Network Professional (CCNP)
  15. Cisco Certified Security Professional (CCSP)

Back to Top