U.S. Department of Health and Human Services

Certifications

Why is Cybersecurity Important?

Cybersecurity Education

K - 12

Higher Education

Scholarships

Certifications

Cybersecurity Job Opportunities

Man at computer terminal. Information Technology certifications are a way for you to demonstrate proficiency in skills by passing standardized exams. Employers may require certain certifications. Even for those employers who don't require them, having one or more professional certifications often increases your employability and salary.

Some certifications are created and awarded by vendors such as Cisco, while other certifications are vendor neutral. Certification exam requirements vary. For example, Security+ does not have prerequisites, while Certified Information Systems Security Professional (CISSP), arguably the most prestigious certification, requires a minimum period of work history with experience in specific skill sets.

Certifications
Certification	Awarding Organization	Description
Vendor-Neutral
Security+	CompTIA	Validates the baseline skills needed to perform core security functions such as network security, compliance and operational security, threats and vulnerabilities, application, data and host security, access control and identity management and cryptography. Prerequisites: Successfully pass the exam. (Network+ certification is recommended but not required before taking the exam.)
Information Security Fundamentals (GISF)	Global Information Assurance Certification	Validates that managers, information security officers, and system administrators know key concepts of information security, including the ability to understand the threats and risks to information and information resources and how to protect them using diverse strategies. Prerequisites: Successfully pass the exam.
Certified Ethical Hacker (CEH)	International Council of Electronic Commerce Consultants (EC-Council)	Validates a security professional's skills in understanding information system weaknesses and vulnerabilities, and their ability to use that knowledge and hacking tools to legally and ethically assess the security posture of target systems. Prerequisites: Successfully pass the exam.
CISSP	International Information Systems Security Certification Consortium (ISC)²	Validates that a security professional has the skills needed to effectively design, implement, and manage an effective cybersecurity program. Prerequisites: Successfully pass the exam. Provide proof of a minimum of five years' professional experience in the information security field, with a work history that shows a skill set that embraces at least two of the ten domains in the (ISC)² CISSP Common Body of Knowledge. Provide an endorsement from a CISSP-certified professional.
Certified Information Security Manager (CISM)	Information Systems Audit and Control Association (ISACA)	Validates that an information security manager can plan and institute information security programs and practices that prevent security breaches and quickly mitigate damage should a breach occur. Prerequisites: Successfully pass the exam. Adhere to ISACA's Code of Professional Ethics. Agree to comply with the Continuing Education Policy. Provide documentation of work experience in the field of information security. Submit an Application for CISM Certification.
Vendor Specific
Cisco Certified Network Associate (CCNA) Security	CISCO	Validates associate-level knowledge and skills required to secure Cisco networks. Prerequisites: Any valid Cisco CCENT , CCNA Routing and Switching , or any CCIE certification. Successfully pass the exam.
Offensive Security Certified Professional (OSCP)	Offensive Security	Validates a security professional's skills in performing legal and ethical penetration testing aimed at identifying system vulnerabilities. Prerequisites: Successfully pass the 24 hour exam. Complete the Penetration Testing with Kali Linux training course , which teaches students how to identify and exploit a wide array of operating systems in an online VPN lab environment.