There are few areas in IT that receive more scrutiny than information security. Barely a week goes by without news of a major data breach. These incidents are often followed by reports of the ever-growing information security job gap — a gap that’s only expected to get worse.
Given that fact, breaking into the security field is a smart move. The ever-growing field is extremely relevant — even to professionals outside the IT sphere. Everyone from CEOs to admins and analysts can benefit from a fundamental understanding of security issues.
However, figuring out the right entry point into InfoSec can be challenging. There is such a wide variety of certifications covering a broad spectrum of issues. As a result, it can be confusing — even intimidating — to decide which first step is right for you.
Here are six certifications that are ideal for IT professionals hoping to enter the high-demand field of InfoSec. Keep in mind that this list is also great for general professionals looking to gain a better understanding of how to protect their systems and data.
1. Microsoft Technology Associate (MTA) Security Fundamentals
Microsoft’s MTA Security certification is a great jumping-off point for anyone interested in working with Microsoft tech. Familiarity with those products is recommended, but there are no formal prerequisites to take the exam.
The MTA Security Fundamentals exam covers security matters relating to operating systems, networks and software in 30-50 multiple choice questions, which a test-taker has 50 minutes to complete. Because individual exams vary, passing scores are scaled.
Most IT certifications expire, but the newer MTA does not. While the MTA is not a direct stepping stone to a more advanced certification, it does provide foundational knowledge that can be useful as you build your credentials.
At $127, the MTA is a cost-efficient way to lay a foundation for working in information security.
2. CompTIA Security+
Another excellent starting point for InfoSec is the CompTIA Security+ certification. It’s vendor-neutral, so you do not need to be familiar with any specific products. It is recommended that you have at least two years of experience as an IT admin with a focus on security. So, don’t let the entry-level tag fool you.
The 90-minute exam consists of 90 questions with a passing score of 750 (out of 900). It covers threats and vulnerabilities, network security, and access, identity and risk management.
The exam fee is $320 and the certification is valid for three years. To stay current, you’ll need to earn 50 continuing education credits (CEU) within those three years, as well as pay an annual maintenance fee of $50.
An approved baseline certification for U.S. Department of Defense (DoD) Level II IAT security positions, the Security+ certification is a well-respected credential. It represents a solid first step in demonstrating your dedication to the security field and lays the groundwork for a career in InfoSec.
3. ISACA CSX Cybersecurity Fundamentals Certificate
Unlike the others on this list, the Cybersecurity Nexus (CSX) Fundamentals credential is a certificate, not a certification. As such, it might not have as much clout with employers. But it is a solid starting point for budding security professionals. The CSX will give you some of the latest security skills, increase your ability to tackle threats hands-on, and give you a base to chase higher-level opportunities.
The CSX Fundamentals exam, priced at $150, covers introductory concepts in network, applications and data systems — as well as evolving technologies in the cybersecurity realm. It has 75 multiple-choice questions that need to be completed within two hours. A score of 65 percent is required to earn the certificate.
IT professionals can make the most of a CSX Fundamentals certificate by treating it as a stepping stone toward earning the more-robust CSXP certification. The CSX also shows a basic knowledge of security fundamentals for managers, auditors, and other non-IT professionals.
4. Check Point CCSA R77/R80
If you work with Check Point security products — or plan to — you’d be well-served to pursue the CCSA certification. At least six months of product experience and having a solid understanding of networking principles and TCP/IP is recommended.
Both the R77 and R80 exams have 100 questions and 90 minutes to reach a passing 70 percent score. R77 is more product-focused than R80, which covers unified policy and threat management, as well as security consolidation and cloud technologies.
The cost for either exam is $250 and the certification is valid for two years.
It’s worth pointing out that the R77 certification is rumored to be retired soon. So if you’re thinking about sitting for this exam, do your research. Your long-term InfoSec goals might be more aligned with the CCSA R80 certification.
5. (ISC)2 Systems Security Certified Practitioner (SSCP)
The Systems Security Certified Practitioner (SSCP) is another DoD baseline certification for Level II IAT security positions. Vendor-neutral and covering a full range of security concerns, the SSCP is an excellent way to break into InfoSec.
A bit more demanding than some of the other credentials on this list, qualifying for the SSCP exam requires at least a year of experience in one of the (ISC)2 Common Body of Knowledge (CBK) domains. You can also just happen to have a B.A. or M.A. in a cybersecurity program, and that’ll fill the prerequisite.
The exam will run you $250 and has 125 questions that need to be completed within a three-hour period. A score of 700 (out of a 1,000) will earn you the certification, which needs renewed every three years. To do that, you need to earn 60 Continuing Professional Education credits (CPE).
6. White Hat Hacking
Getting certified in ethical or “white hat — hacking is an outstanding way to show your dedication to InfoSec skills. White Hat hackers learn and implement cybercriminal practices to help good guys, using hacking techniques in a preventative and productive way.
Candidates for associated certifications should have at least two years of experience in the cybersecurity space. The four-hour exam involves 125 questions, with a passing score being between 60-85 percent. If you possess the prerequisite experience, the exam will cost you $500. But it’s $600 if you don’t have the recommended experience.
Any cert on this list can be your entry point into the high-demand field of InfoSec. Whether you stick with one cert, build upon it to advance along a specific track, or use it as one part of building your stackable credentials, an InfoSec certification will be useful to you.
With the daily need for IT security specialists and the constantly growing InfoSec job gap, the value of an InfoSec certification is unquestionable. Putting the time and effort into establishing InfoSec credentials will benefit your career. Building on these certifications only leaves room to raise the demand for your InfoSec skills and expertise.