Information Security Certifications by Joas Antonio

1. ISC2

1.1. SSCP (Systems Security Certified Practitioner)

1.1.1. SSCP certification demonstrates you have the advanced technical skills and knowledge to implement, monitor and administer IT infrastructure using security best practices, policies and procedures established by the cybersecurity experts at (ISC)².

1.2. CISSP (Certified Information Security System Professional)

1.2.1. Earning the CISSP proves you have what it takes to effectively design, implement and manage a best-in-class cybersecurity program. With a CISSP, you validate your expertise and become an (ISC)² member, unlocking a broad array of exclusive resources, educational tools, and peer-to-peer networking opportunities.

1.3. CSSLP (Certified Secure Software Lifecycle Professional)

1.3.1. CSSLP certification recognizes leading application security skills. It shows employers and peers you have the advanced technical skills and knowledge necessary for authentication, authorization and auditing throughout the SDLC using best practices, policies and procedures established by the cybersecurity experts at (ISC)².

2. ISACA

2.1. CISA (Certified Information Security Auditor)

2.1.1. The CISA certification is world-renowned as the standard of achievement for those who audit, control, monitor and assess an organization’s information technology and business systems. The recent quarterly IT Skills and Certifications Pay Index (ITSCPI) from Foote Partners ranked CISA among the most sought-after and highest-paying IT certifications. This certification is a must have for entry to mid-career IT professionals looking for leverage in career growth.

2.2. CRISC (Certified in Risk and Information Systems Control)

2.2.1. ISACA’s Certified in Risk and Information Systems Control™ (CRISC®) certification indicates expertise in identifying and managing enterprise IT risk and implementing and maintaining information systems controls. Gain instant recognition and credibility with CRISC and boost your career! If you are a mid-career IT professional with a focus on IT and cyber risk and control, CRISC can get you the leverage you need to grow in your career.

2.3. CISM (Certified Information Security Manager)

2.3.1. ISACA’s Certified Information Security Manager® (CISM®) certification indicates expertise in information security governance, program development and management, incident management and risk management. If you are a mid-career IT professional aspiring to senior management roles in IT security and control, CISM can get you the visibility you need.

2.4. CSX-P (Cybersecurity Practitioner Certification)

2.4.1. CSX®-P remains the first and only comprehensive performance certification testing one’s ability to perform globally validated cybersecurity skills spanning five security functions – Identify, Protect, Detect, Respond, and Recover – derived from the NIST Cybersecurity Framework. CSX-P requires that candidates demonstrate critical cybersecurity skills in a live, proctored, virtual environment that assesses their analytical ability to identify assets and resolve network and host cybersecurity issues by applying the foundational cybersecurity knowledge and skills required of an evolving cyber first responder.

2.5. CDPSE (Certified Data Privacy Solutions Engineer)

2.5.1. Modern privacy laws and regulations require organizations to implement privacy by design and by default into IT systems, networks, and applications. To do so, privacy professionals must partner with software developers, system and network engineers, application and database administrators, and project managers to build data privacy and protection measures into new and existing technology environments.

3. EXIN

3.1. Cyber and IT Security Foundation

3.1.1. The EXIN Cyber & IT Security Foundation certification builds IT professionals’ knowledge and understanding of the technical background surrounding digital security. It enables candidates to explain, u....

3.2. Ethical Hacking Foundation

3.2.1. The EXIN Ethical Hacking Foundation certification provides IT professionals with a solid understanding and technical knowledge of the principles behind Ethical Hacking.

3.3. Secure Programming Foundation

3.3.1. EXIN Secure Programming Foundation looks at preventing attacks by building in security during the development phase. It is language neutral and creates an awareness of secure programming practices.

3.4. ISO 27001 Foundation

3.4.1. EXIN Information Security Foundation is a relevant certification for all professionals who work with confidential information.

3.5. Privacy and Data Protection Foundation

3.5.1. EXIN Privacy & Data Protection Foundation covers the main subjects related to the protection of personal data.

3.6. Privacy and Data Protection Essentials

3.6.1. EXIN Privacy & Data Protection Essentials has been created specifically to test candidates on their basic understanding of data protection in the context of the General Data Protection Regulation (GDPR), including the definitions, the requirements to process data and the rights of data subjects.

3.7. ISO 27001 Professional

3.7.1. Information is crucial for the continuity and proper functioning of both individual organizations and the economies they fuel; this information must be protected against access by unauthorized people, protected against accidental or malicious modification or destruction and must be available when it is needed. The module Information Security Management Professional based on ISO/IEC 27001 tests understanding of the organizational, physical and technical aspects of information security.

3.8. ISO 27001 Expert

3.8.1. EXIN Information Security Management Expert tests the candidate’s knowledge, understanding, and skills around the Information Security Management System (ISMS). This includes structuring, maintaining, and optimizing the security of information within an organization. The certification is based on the international standard ISO/IEC 27001.

3.9. Privacy and Data Protection Practitioner

3.9.1. EXIN Privacy and Data Protection Practitioner is an advanced-level certification that validates a professional’s knowledge and understanding of the European General Data Protection Regulation (GDPR). The exam tests the candidate's ability to apply this knowledge and understanding in everyday professional practice.

4. SpecterOps

4.1. ADTRO (Adversary Tactics Red Team Operation)

4.1.1. Leveraging our background conducting hundreds of adversary simulation exercises, SpecterOps gives you the tools to conduct effective red team operations. This course explores the foundation of Red Teaming and how to simulate advanced threat actors, providing defensive staff with visibility in how an adversary would maneuver against them.

4.2. ADTD (Adversary Tactics Detection)

4.2.1. This course focuses on proactively searching for advanced threat actors and closing the gap from infection to detection. You will learn cutting-edge techniques to collect and analyze host-based information and stop adversaries before they cause wide-scale damage.

4.3. ADMT (Adversary Tactics Mac Tradecraft)

4.3.1. Red team operators enjoyed robust community and commercial tooling to simulate advanced adversary tradecraft in traditional enterprise environments. As organizations have increasingly moved to hybrid, or non-Windows, environments our red team community knowledge has not kept pace. This course focuses on bridging that gap, highlighting the latest macOS security enhancements, and arming red teamers with the foundational knowledge to operate against macOS endpoints. The objective is to deep dive into the concepts behind techniques to enable operational flexibility and prepare for future macOS enhancements, rather than simply training with specific available tooling.

4.4. ADTVRO (Adversary Tactics Vulnerability Research Operators)

4.4.1. Relying on publicly available and stock tooling to leverage weaknesses in enterprise Windows environments to execute effective red team operations is becoming increasingly difficult. However, complex environments, with custom applications and configurations, often contain significant exploit potential attackers could utilize. Red team operators capable of taking advantage of these weaknesses can simulate more advanced adversaries, and help organizations remove difficult to identify attack chains. This course teaches the methodology and tools to find, triage, and utilize exploitable vulnerabilities on Windows systems in time-sensitive engagements. You will dive into the vulnerability classes that SpecterOps routinely finds in mature environments and practice methods of identification, triage, and exploitation.

5. eLearnSecurity

5.1. eJPT (eLearn Security Junior Penetration Testing)

5.1.1. The eLearnSecurity Junior Penetration Tester (eJPT) is a 100% practical certification on penetration testing and information security essentials. By passing the exam, a cyber security professional proves to employers they are ready for a rewarding new career.

5.2. eCPPT (eLearn Security Certified Professional Penetration Testing)

5.2.1. The eCPPT designation stands for eLearnSecurity Certified Professional Penetration Tester. eCPPT is a 100% practical and highly respected Ethical Hacking and Penetration Testing Professional certification counting certified professional in all the seven continents.

5.3. eWPT (eLearn Security Web Aplplication Testing)

5.3.1. The eLearnSecurity Web Application Penetration Tester certification assesses a cyber security professional’s web application penetration testing skills. The exam is a skills-based test that requires candidates to perform a real-world web app pentesting simulation.

5.4. eWPTX (eLearn Security Web Application Tester Xtreme)

5.4.1. The eLearnSecurity Web Application Penetration Tester eXtreme (eWAPTX) is our most advanced web application pentesting certification. The eWPTX exam requires students to perform an expert-level penetration test that is then assessed by INE’s cyber security instructors. Students are expected to provide a complete report of their findings as they would in the corporate sector in order to pass.

5.5. eCPTX (eLearn Security Certified Penetration Testing Xtreme)

5.5.1. The eCPTX designation stands for eLearnSecurity Certified Penetration Tester eXtreme and it is the most advanced pentesting certification. Prove your advanced skills and get certified in the fastest growing area of network security.

5.6. eNDP (eLearn Security Network Defender Professional)

5.6.1. The eLearnSecurity Network Defense Professional (eNDP) certification is issued to security engineers that provide proof of their hands-on skills through a comprehensive practical exam.

5.7. eWDP (eLearn Security Web Defense Professional)

5.7.1. The eLearnSecurity Web Defense Professional (eWDP) is a senior-level, practical web defense certification that proves a cyber security professional’s defense domain capabilities.

5.8. eCIR (eLearn Security Certified Incident Response)

5.8.1. The eLearnSecurity Certified Incident Responder (eCIR) exam challenges cyber security professionals to solve complex Incident Handling & Response scenarios in order to become certified.

5.9. eCMAP (eLearn Security Certified Malware Analysis Professional)

5.9.1. eLearnSecurity’s eLearnSecurity Certified Malware Analysis Professional (eCMAP) certification is the most practical and professionally-oriented certification you can obtain in malware analysis. Instead of putting you through a series of multiple-choice questions, you are expected to perform a full analysis on a given malware sample, show proof of what the malware does, and finally write a signature that could be used to detect the malware sample on other systems or networks.

5.10. eCXD (eLearn Security Certified Exploit Development)

5.10.1. The eLearnSecurity Certified eXploit Developer (eCXD) tests a student’s capabilities on Windows and Linux exploit development and software vulnerability identification in general. Exploit developers can prove their advanced skills through a challenging, scenario-based exam that requires both knowledge and critical thinking.

6. Others Certifications

6.1. CCNA (Certified Cisco Network Associate)

6.1.1. The CCNA certification validates your skills and knowledge in network fundamentals, network access, IP connectivity, IP services, security fundamentals, and automation and programmability.

6.2. NSE 1 for NSE7 Fortinet

6.3. Splunk Certifieds

6.4. Azure Certifieds

6.5. AWS Certifieds

6.6. Sophos Certifieds

6.7. Paloalto Certifieds

6.8. Microsoft Certifieds

6.9. PenTester Academy Certifieds

6.10. IACertifications

6.11. Mile2 Certifieds

7. EC-COUNCIL

7.1. CSCU (Computer Secure User)

7.1.1. The purpose of the CSCU training program is to provide individuals with the necessary knowledge and skills to protect their information assets. This class will immerse students into an interactive environment where they will acquire a fundamental understanding of various computer and network security threats such as identity theft, credit card fraud, online banking phishing scams, virus and backdoors, emails hoaxes, sex offenders lurking online, loss of confidential information, hacking attacks and social engineering. More importantly, the skills learned from the class helps students take the necessary steps to mitigate their security exposure.

7.2. NSF (Network Security Fundamentals)

7.2.1. Network Security Fundamentals (N|SF) is an entry-level security program covering the fundamental concepts of network security. It enables students with the skills to identify information security threats which reflect on the security posture of the organization and implement general security controls.

7.3. ECES (Certified Encryption Specialist)

7.3.1. Anyone involved in the selection and implementation of VPN’s or digital certificates should attend this course. Without understanding the cryptography at some depth, people are limited to following marketing hype. Understanding the actual cryptography allows you to know which one to select. A person successfully completing this course will be able to select the encryption standard that is most beneficial to their organization and understand how to effectively deploy that technology. This course is excellent for ethical hackers and penetration testing professionals as most penetration testing courses skip cryptanalysis completely. Many penetration testing professionals testing usually don’t attempt to crack cryptography. A basic knowledge of cryptanalysis is very beneficial to any penetration testing.

7.4. CND (Certified Network Defender)

7.4.1. Cybersecurity is a non-linear process that required a continuous approach to mitigating cyber risks. According to Gartner, traditional “prevent and detect” approaches are inadequate. Developing a continuous Adaptive Security cycle helps organizations stay ahead of cybercriminals, by creating and improving security systems.

7.5. CSA (Certified SOC Analyst)

7.5.1. The Certified SOC Analyst (CSA) program is the first step to joining a security operations center (SOC). It is engineered for current and aspiring Tier I and Tier II SOC analysts to achieve proficiency in performing entry-level and intermediate-level operations.

7.6. CTIA (Certified Threat Intelligence Analyst)

7.6.1. The Certified Threat Intelligence Analyst (CTIA) program is designed and developed in collaboration with cybersecurity and threat intelligence experts across the globe. The aim is to help organizations hire qualified cyber intelligence trained professionals to identify and mitigate business risks by converting unknown internal and external threats into quantifiable threat entities and stop them in their tracks. Much like a ‘hunter-killer’ team, you’ll be deployed as a ‘Blue Team’ operative, tasked with threat identification, and asked to employ the tools at hand to thwart active and potential cyberattacks.

7.7. CEH (Certified Ethical Hacker)

7.7.1. Certified Ethical Hacker CEH will teach you the latest commercial-grade hacking tools, techniques, and methodologies used by hackers and information security professionals to lawfully hack an organization.

7.8. CASE (Certified Application Security Engineering)

7.8.1. The Certified Application Security Engineer (CASE) credential is developed in partnership with large application and software development experts globally. The CASE credential tests the critical security skills and knowledge required throughout a typical software development life cycle (SDLC), focusing on the importance of the implementation of secure methodologies and practices in today’s insecure operating environment.

7.9. ECIH (Certified Incident Handler)

7.9.1. E|CIH is a method-driven program that uses a holistic approach to cover vast concepts concerning organizational incident handling and response from preparing and planning the incident handling response process to recovering organizational assets after a security incident. These concepts are essential for handling and responding to security incidents to protect organizations from future threats or attacks.

7.10. CHFI (Certified Computer Hacking Forense Investigator)

7.10.1. Computer hacking forensic investigation is the process of detecting hacking attacks and properly extracting evidence to report the crime and conduct audits to prevent future attacks. Computer crime in today’s cyber world is on the rise. Computer Investigation techniques are being used by police, government, and corporate entities globally and many of them turn to EC-Council for our Digital Forensic Investigator CHFI Certification Program.

7.11. CPENT (Certified Penetration Testing)

7.11.1. EC-Council’s Certified Penetration Tester (CPENT) program teaches you how to perform an effective penetration test in an enterprise network environment that must be attacked, exploited, evaded, and defended. If you have only been working in flat networks, CPENT’s live practice range will teach you to take your skills to the next level by teaching you how to pen test IoT systems, OT systems, how to write your own exploits, build your own tools, conduct advanced binaries exploitation, double pivot to access hidden networks, and also customize scripts/exploits to get into the innermost segments of the network.

7.12. LPT (Licensed Penetration Testing)

7.12.1. LPT is a license for PenTest professionals, you can earn it through CPENT with 90% or more approval

8. CompTIA

8.1. Network+

8.1.1. A certification aimed at computer networks, being useful to acquire the main fundamentals about networks

8.2. Security+

8.2.1. It is a gateway certification in the security area, where you will learn all the fundamentals of information security in an operational way

8.3. CySA+

8.3.1. A certification aimed at computer networks, being useful to acquire the main fundamentals about networks

8.4. PenTest+

8.4.1. CompTIA PenTest+ assesses the most up-to-date penetration testing, and vulnerability assessment and management skills necessary to determine the resiliency of the network against attacks.

8.5. CASP

8.5.1. CASP+ is the only hands-on, performance-based certification for practitioners — not managers — at the advanced skill level of cybersecurity. While cybersecurity managers help identify what cybersecurity policies and frameworks could be implemented, CASP+ certified professionals figure out how to implement solutions within those policies and frameworks.

9. ZeroPoint Security

9.1. CRTO (Certified Red Team Operator)

9.1.1. Red Team Ops is an online course that teaches the basic principals, tools and techniques, that are synonymous with red teaming. Students will be granted access to the course material (written and video format) and access to a fully immersive lab, where they will learn and conduct every stage of the attack lifecycle - from OSINT to full domain takeover.

10. Offensive Security

10.1. OSCP (Offensive Security Certified Professional)

10.1.1. This online ethical hacking course is self-paced. It introduces penetration testing tools and techniques via hands-on experience. PEN-200 trains not only the skills, but also the mindset required to be a successful penetration tester. Students who complete the course and pass the exam earn the coveted Offensive Security Certified Professional (OSCP) certification.

10.2. OSWP (Offensive Security Wireless Professional)

10.2.1. Wireless Attacks (PEN-210) introduces students to the skills needed to audit and secure wireless devices. It’s a foundational course alongside PEN-200 and would benefit those who would like to gain more skill in network security.

10.3. OSEP (Offensive Security Experienced Penetration Tester)

10.3.1. A passing exam grade will confer the Offensive Security Experienced Penetration Tester certificate. Certified OSEPs have the skills and expertise necessary to conduct penetration tests against hardened systems. They’ve proven their ability to identify more impactful intrusion opportunities and execute advanced, organized attacks in a controlled and focused manner.

10.4. OSWE (Offensive Security Web Exploitation)

10.4.1. Passing the exam confers the Offensive Security Web Expert (OSWE) certification. Certified OSWEs have a clear and practical understanding of the web application assessment and hacking process. They’ve proven their ability to review advanced source code in web apps, identify vulnerabilities, and exploit them.

10.5. OSED (Offensive Security Exploit Developer)

10.5.1. Windows User Mode Exploit Development (EXP-301) is an intermediate-level course which teaches students the fundamentals of modern exploit development. It starts with basic buffer overflow attacks and builds into learning the skills needed to crack the critical security mitigations protecting enterprises.

10.6. OSEE (Offensive Security Exploitation Expert)

10.6.1. Modern exploits for Windows-based platforms require modern bypass methods to circumvent Microsoft’s defenses. In Advanced Windows Exploitation (EXP-401), OffSec challenges students to develop creative solutions that work in today’s increasingly difficult exploitation environment. The case studies in AWE are large, well-known applications that are widely deployed in enterprise networks. The course dives deep into topics ranging from precision heap spraying to DEP and ASLR bypass techniques to 64-bit kernel exploitation.

11. SANS/GIAC

11.1. GISF (GIAC Information Security Fundamentals)

11.1.1. The GIAC Information Security Fundamentals (GISF) certification validates a practitioner's knowledge of security's foundation, computer functions and networking, introductory level cryptography, and cybersecurity technologies. GISF certification holders will be able to demonstrate key concepts of information security including: understanding the threats and risks to information and information resources, identifying best practices that can be used to protect them, and learning to diversify our protection strategy.

11.2. GSEC (GIAC Security Essentials)

11.2.1. The GIAC Security Essentials (GSEC) certification validates a practitioner's knowledge of information security beyond simple terminology and concepts. GSEC certification holders are demonstrating that they are qualified for hands-on IT systems roles with respect to security tasks.

11.3. GCIA (GIAC Certified Intrusion Analyst)

11.3.1. The GIAC Intrusion Analyst certification validates a practitioner's knowledge of network and host monitoring, traffic analysis, and intrusion detection. GCIA certification holders have the skills needed to configure and monitor intrusion detection systems, and to read, interpret, and analyze network traffic and related log files.

11.4. GCDA (GIAC Certified Detection Analyst)

11.4.1. The GIAC Certified Detection Analyst (GCDA) is an industry certification that proves an individual knows how to collect, analyze, and tactically use modern network and endpoint data sources to detect malicious or unauthorized activity. This certification shows individuals not only know how to wield tools such as Security Information and Event Management (SIEM) but that they know how to use tools to turn attacker strengths into attacker weaknesses.

11.5. GDAT (GIAC Defending Advanced Threats)

11.5.1. The GDAT certification is unique in how it covers both offensive and defensive security topics in-depth. Holders of the GDAT certification have demonstrated advanced knowledge of how adversaries are penetrating networks, but also what security controls are effective to stop them. Next to knowing what controls are instrumental to prevent recent attacks, certified GDAT professionals know that prevent-only is not feasible and thus know how to detect and respond to attacks. Combining all these skills, they have the ability to prevent, detect, and respond to both traditional and APT-style attacks!

11.6. GCIH (GIAC Certified Incident Handler)

11.6.1. The GIAC Incident Handler certification validates a practitioner's ability to detect, respond, and resolve computer security incidents using a wide range of essential security skills. GCIH certification holders have the knowledge needed to manage security incidents by understanding common attack techniques, vectors and tools, as well as defend against and respond to such attacks when they occur.

11.7. GPEN (GIAC Penetration Testing)

11.7.1. The GIAC Penetration Tester certification validates a practitioner's ability to properly conduct a penetration test, using best practice techniques and methodologies. GPEN certification holders have the knowledge and skills to conduct exploits and engage in detailed reconnaissance, as well as utilize a process-oriented approach to penetration testing projects.

11.8. GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)

11.8.1. The GIAC Exploit Researcher and Advanced Penetration Tester certification validates a practitioner's ability to find and mitigate significant security flaws in systems and networks. GXPN certification holders have the skills to conduct advanced penetration tests and model the behavior of attackers to improve system security, and the knowledge to demonstrate the business risk associated with these behaviors.

11.9. GCFE (GIAC Certified Forensic Examiner)

11.9.1. The GIAC Certified Forensic Examiner (GCFE) certification validates a practitioner's knowledge of computer forensic analysis, with an emphasis on core skills required to collect and analyze data from Windows computer systems. GCFE certification holders have the knowledge, skills, and ability to conduct typical incident investigations including e-Discovery, forensic analysis and reporting, evidence acquisition, browser forensics and tracing user and application activities on Windows systems.

11.10. GCFA (GIAC Certified Forensic Analyst)

11.10.1. The GCFA certifies that candidates have the knowledge, skills, and ability to conduct formal incident investigations and handle advanced incident handling scenarios, including internal and external data breach intrusions, advanced persistent threats, anti-forensic techniques used by attackers, and complex digital forensic cases. The GCFA certification focuses on core skills required to collect and analyze data computer systems.