Top Certifications for a Career in Information Security

Here is a compiled list of Information Security certifications that will help you stand out against your competition as you work towards advancing your career in Information Security. Not only that, but these certifications will make your knowledge and skills crucial to the company you work for. Different levels of experience are required for each certification as well as perquisites that can be met by completing Cybersecurity training courses. Read more to find out which certification is the best fit for your career.


The CompTIA Security+ certification is a great place to jump start your career in Information Security. This certification will prove that you have the knowledge and skills to implement and monitor security on networks and operating systems, as well as respond to security breaches that may arise.

The Security+ certification training is ideal for:

  • Network Administrators
  • Security Administrators
  • Information Assurance Professionals

CEH (Certified Ethical Hacker)

The EC-Council Certified Ethical Hacker certification is the most advanced hacking course on the market! The CEH certification will exhibit your ability to think like a hacker (a trusted one, of course). This certification will show that you are qualified to scan, test, hack and secure a network.

The CEH certification training is ideal for:

  • Security Officers
  • Auditors
  • Security Professionals
  • Site administrators

CISSP (Certified Information Security Professional)

The (ISC) ² CISSP certification is intended for experienced security professionals. It proves that an individual has in-depth technical and managerial skills and credibility to develop, engineer, implement, and manage information security policies and procedures to prevent attacks.

The CISSP certification is ideal for (to name a few):

  • Security Manager
  • IT Director/Manager
  • Security Auditor
  • Chief Information Security Officer
  • Network Architect

Check out this free CASP vs. CISSP White Paper from TrainACE.

CISM (Certified Information Security Manager)

The ISACA CISM certification is one of the highest paying and in demand IT certifications. The CISM certification validates professionals’ information security management expertise. This certification is highly desired by government agencies and private business. CISM’s manage, design, oversee, and asses an enterprise’s information security.

The CISM certification is ideal for:

  • Information Security professionals with at least 5 years of experience in IS management.

Free MCP Exam Retake for a Limited Time!

Have you heard the latest on Microsoft’s Second Shot offer?

If you were considering becoming a Microsoft Certified Professional (MCP), there is no better time than now! For a limited time, when you take any MCP exam, Microsoft will provide you with a free retake of the same exam if you do not pass on your first attempt.  This deal can be combined with other offers or discounts that you may have acquired.

Second Shot Exams Include: 

  • Microsoft Certified Solutions Expert (MCSE)
  • Microsoft Certified Solutions Developer (MCSD)
  • Microsoft Certified Solutions Associate (MCSA)
  • Microsoft Specialist certification exams
  • Microsoft Dynamics exams

This free Second Shot is only valid between July 12, 2015 and January 12, 2016. However, if you have taken and failed an exam prior to July 12, 2015 but would like to schedule a retake after July 12, 2015, you may do so. Take advantage of this great opportunity while it lasts! The only catch is you must retake the exam within 30 days of the failed exam… not too much of an inconvenience considering it’s free, right?

Rescheduling your exam is super simple as well! For steps on how to do so visit Microsoft’s website.

If you haven’t gotten as far along in the process of becoming a MCP to schedule an exam, consider taking a training course prior to the end of the Second Shot offer! Perhaps start with TrainACE’s MCSA course which is scheduled to run this month!

The Current State of the Security+ Certification

The majority of IT professionals do not specialize in a computer security career path, but security is undoubtedly an essential aspect of all computer-related careers today. Every business has some type of computer system, and the increasing presence of Wi-Fi and internet access make external threats to business data and operating systems a part of everyday life. Security+ is a vendor-neutral certification that is applicable to any computer system, from any vendor, on any network platform.

The Computing Technology Industry Association, better known as CompTIA, was originally organized in 1982 under the name Association of Better Computer Dealers, Inc. It is a non-profit organization that provides a variety of examination and certification services to the IT industry. Security+ is one of these certifications.

The association was involved in some controversy in 2011 when certification standards were updated. The Security+ certification, along with several others, had always been valid for the lifetime of the holder. Beginning in 2011, however, CompTIA changed the certification terms to expire every three years with no provision to grandfather in current certification holders. Recertification was required of everyone, every three years, through either a paid CEU system or through retesting with an additional fee.

Computer security changes so rapidly that, from an industry viewpoint, the changes were required to ensure that certified people really were on top of current threats. Certification holders objected strenuously, and a compromise was reached within a month. Existing certification holders were exempted from retesting requirements, but continuing education requirements were made mandatory.

Security+ certification, first established in 2002 and updated in 2011, is an internationally recognized program that indicates proficiency in computer system security, network security, compliance and operational security, access control and identity management, threats and vulnerabilities, cryptography, and application, data, and host security. It is recognized and used by all branches of the US military and by large electronics firms such as Hewlett-Packard, IBM, Motorola, Symantec, Hitachi, and Unisys.

The 90-minute examination is available in multiple languages and consists of 100 questions for a total possible score of 900 points. The exam covers system security, network infrastructure, cryptography, assessments, and audits, and a score of 750 or higher is required to pass. CompTIA Security+ certification is accredited by the International Organization for Standardization and by the American National Standards Institute.

The certification may be used as an elective for both the MCSA and MCSE security specializations from Microsoft, and it is one of four available options for the DoD Directive 8570, IAT Level II certification requirement for military contractors engaged in information assurance activities.

Security+ online training has become perhaps the most popular way to prepare for the exam. Many of these online classes feature a live instructor who has been recorded so that you can watch lessons several times. Practice exams are available from many third-party testing sites. Many of these sites advertise very high success rates and offer money back guarantees. Whenever purchasing a study guide or access to a practice site, candidates should ensure that the site contains updated information and offers preparation for the current version of the CompTIA Security+ exam. The exam and certification requirements were updated in 2011.

Computer security is one of the fastest growing fields in the undisputedly fastest growing industry. IT professionals with strong security skills are an asset to employers, and CompTIA Security+ certification is an undeniable way to indicate proficiency in this subject area.

Computer Forensics Training is Growing, Fast!

I know, computer forensics is nothing new. People have been studying this for years now and taking classes for years as well.

However, what you didn’t know is that the new premier computer forensics certification is the EC-Council’s CHFI. There really has not been an industry leading computer forensics certification to date. SANS has a forensics analyst certification through their GIAC brand, but that has no real traction in the industry and SANS is getting smoked by the EC-Council right now anyways (because they are so proprietary with their offerings). The CHFI is making its way to the top of the certification must have list because the CEH has spread so quickly. People who now have the CEH are looking for that next thing.

Oh, and a little military birdie told me something else about the new industry leading forensics cert, that birdie mentioned that CHFI may be up for consideration for the DoD8570 directive.

And it definitely should be, its a very worthwhile certification that all pentesters should have. Everyone working in this capacity needs to know the proper way to put together a case against someone or something that has just exploited your organization or gov agency.

So do yourself favor and sign up for the CHFI certification class at Hacker Halted in Miami in late October. You get a free iPad2 and forensics icon Robert Reed is teaching the class. Details here: Hacker Halted Training

The Scoop on the New 2011 PMP Exam Changes – Professionalism and Social Responsibility

Every five years the Project Management Institute (PMI) performs a study to determine if an update to the Project Management Professional (PMP) exam is needed. Well, there will be PMP changes in 2011. Beginning August 31st 2011, the PMI will update the PMP exam to accentuate the importance of Professionalism and Social Responsibility. Previously, Professional and Social Responsibility have been tested as their own domain. Beginning August 31st 2011, Professional and Social Responsibility will be incorporated into all aspects of project management.

The effect this change has on PMP candidates will be minimal. The exam will continue to be based on the 4th edition of the PMBOK. PMBOK 5th edition will not be released until 2012 and until then, the exam will continue to be based on the 4th edition. The exam format will not be changing and will continue to be computer based two hundred questions with a four hour time limit, and the score to pass the exam will remain the same.

Eligibility requirements to sit for the exam will also not change. Bachelor degree holding candidates will be required to hold 4,500 hours of project management experience and a minimum of three years PM experience in the prior six year period to applying. Non-degree holders will be required to have 7,500 hours of project management experience and a minimum of five years of PM experience within the eight year period prior to application. Thirty five learning credit hours will also continue to be needed by candidates.

How a Hands-On CCNA Training Course will Help You Pass the Exam

For IT professionals, the first step in any Information Technology career path begins with the Cisco CCNA exam. If you are considering a career as an IT professional, passing this exam is an essential first step to achieving your career goals. The CCNA certification exam covers the basics that any IT worker must know, including establishing routers and switches, setting up networks, and most importantly; troubleshooting existing network configurations. Because this exam is so crucial to success in the IT field, many people sign up for a CCNA training course to help them brush up on all the topics covered on the certification exam.
There are literally hundreds of CCNA training courses available to choose from, from internet-based self-study classes to hands-on seminars. It can be overwhelming to decide between the different courses, how can a student choose which one is the most effective? Here are a few areas to consider when choosing a CCNA training course:

Prepare for a job, not a test. The best advice for professionals getting ready to take the certification exam is to prepare with the end in mind. In other words, don’t look for a program that will simply teach you how to pass the test, but look for a preparation course that will teach you the skills you need to be the best IT technician possible. The test is simply a demonstration of the skills you already possess; just cramming to pass an exam may win you the certification, but not necessarily prepare you to work on the job with the complexities that arise in any network system. If your goal is to ultimately be a great employee, you want to get the best possible training in your field.

Hands on learning is the most effective. Teachers know that the best way to teach students a new skill is not simply to tell them the information, but to show them how the information fits together. It is the same with network systems. While some CCNA courses provide a lot of information, the best courses are hands-on practice with real network components. Research shows that actually manipulating objects in a classroom leads to better understanding and greater retention of what was taught. When choosing a preparation course, a hands-on training program will lead to greater understanding of the material, making you not only a better test-taker, but more importantly, a better IT professional.

Look for value over price. It can be tempting to seek out the cheapest CCNA course you can find, but keep in mind the old adage “you get what you pay for.” An inexpensive course may provide a lot of information, but may not give you great teaching. Practicing questions on an internet self-study course can be helpful, but it cannot replace the learning you will gain from a real teacher in a physical classroom. A teacher can evaluate your skills and pinpoint areas you need more or less practice with. A self-paced course will not provide this level of attention. The price of a hands-on course with an experienced instructor can be higher, but when you consider the value of the learning you will gain from a hands-on course, there is no comparison.

Certified Ethical Hacker (CEH) Version 7

The motto for the Certified Ethical Hacker training is “if you want to beat the attackers, you’ve got to think like a hacker.” However, in order to achieve that goal, you’ve got to take CEH training or seek approval to take the exam. While CEH Version 6.1 is the current training, CEH Version 7 will be its ultimate replacement in late March 2011. As it stands, the course material is very similar, but Version 7 will be implementing more modules than its previous counterpart. As with all CEH training, real networks are not used, but candidates use the knowledge given to them to secure the system from incoming threats. The v7 courseware and exam both feature new, updated material, enhanced slides for instructors, newer more advanced exploits and exploitation tactics and more.

CEH Version 6.1 features over 20 modules, which may or may not appear on the final certification exam. This is another primary difference between Version 6 and Version 7, the introduction of more than 40 modules. While the majority of these modules appeared on the CEH Version 6.1 exam, Version 7 implements only a few on the exam. This makes it even tougher; however, all of the information learned is vital in protecting the system.

While CEH Version 7 will continue with previous content such as network surveying, service identification and competitive intelligence, Version 7 will introduce new threats, which also includes Bluetooth hacking. While it will be covered in the material, it most likely will not appear on the exam. More details to follow.

QUESTION UPDATE: The question we received via comment was will the Version 6 CEH exam be available after the v7 comes out. I sent that question to one of the high ups for North American Ops for EC-Council. He responded that it will likely carry about a 6 month overlap.