CISA. CISM. CISSP. CEHv8. GSEC. OSCP. Just to list a few.
If you’re a cybersecurity practitioner (or looking to become one) you know these token-like random character strings are actually various cybersecurity certifications. Cyber certs can open doors to new jobs and pay grades, but OMG (that’s not a cert) all the certification options can get overwhelming. So how do you know which cert is right for you? To help answer this question, think of cars.
Cars come in all shapes and sizes, serve many different purposes, and the car you acquire early in your career is usually different than the one you acquire later in your career. Here is a brief overview of some of the top cyber certs and their automotive equivalent.
Security+: Toyota Corolla
The Security+ cert is the basic, entry-level certification for cyber newcomers and serves as a launch point to other certifications. CompTIA Security + is like the obligatory first car that teaches the rules of the road to most driving newcomers, but don’t expect it to come fully loaded.
GIAC Security Essentials (GSEC): Honda Accord
While many cyber practitioners consider the GSEC (yes, that is an acronym within an acronym) an entry-level cert, it requires an understanding beyond just simple security terminology and concepts. It tells potential employers that you understand basic security principles and can execute hands-on security tasks like all-around reliable performer. Following the analogy as a GSEC cert holder, you know what the flashing yellow exclamation point light on the dashboard means, and you can change the flat yourself.
Certified in Risk and Information Systems Control (CRISC): Volvo XC70
CRISC is associated with risk management. This cert helps IT professionals understand how IT risks impact and shape business enterprises. Enterprises rely on CRISC leaders to bridge the gap between technical and business issues. Like automaker Volvo, the CRISC cert focuses on reducing risk and prioritizing the safety of an organization.
Offensive Security Certified Professional (OSCP): Jeep Wrangler Rubicon
If you want to be Elliot from Mr. Robot, earn this cert. OSCP is a practical test. You will actively hack a network and document your penetration test in a comprehensive, detailed penetration test report. Like the off-road warrior, Jeep Wrangler, this cert can go where others can’t. You need a specialized skill set to drive a Jeep, and driving one distinguishes yourself from other drivers. But before you climb through networks, you’ll have hone your skills; OSCP requires extensive research on the security posture of your test network before the 24-hour penetration test.
Certified Information Systems Security Professional (CISSP): BMW M Series
CISSP is a gold standard for cybersecurity professionals. The exam spans diverse topics from risk management to cryptography, mirroring the multi-disciplinary nature of the cybersecurity field. The CISSP is the most in-demand and most respected cert. Like a BMW with an M-Power badge, the CISSP indicates high standards and experience. And after you earn your CISSP cert, you can probably afford a BMW.