Going after certifications is a great way to advance a career, gain new skills or stay up-to-date. In computer security there are so many certification options it can be overwhelming. The best in my mind are GIAC (SANS) and Offensive Security (Known for the OSCP and Kali Linux). For those just getting started, CompTIA has the Pentest+ and Security+ certifications which are great starting points.
Global Information Assurance Certification (GIAC)
GIAC is a certification organization founded by the well known SANS Institute. GIAC probably has the widest range of information security training and certifications available. The certifications cover areas like: computer forensics, pentesting, security administration, auditing, management and many more. They are very expensive though. You are talking over $5000 USD in most cases to take the class and the test. These are best suited for if your employer is willing to pay for the training, but in some cases could be worth the personal investment.
Home to the motto, “Try Harder” and the Offensive Security Certified Professional (OSCP) certification. Offensive Security provides a number of penetration testing courses and certifications. What is unique about Offensive Security is that the exams are practical tests of your skills in a lab environment. They are some of the hardest certification tests to pass, many people do not pass on the first try. If you want to be a penetration tester, the OSCP, or any other Offensive Security certification will help set you apart. From a cost perspective, you are talking around $1000-$2000 depending on the course/cert and maybe more money if you need extra lab time or exam attempts.
The first certification I went after was the CompTIA A+ when I was in college. CompTIA is a respected certification organization and the certs are very approachable. For those looking to get into security the Security+ and Pentest+ are good options. This is also one of the most affordable options from a training and testing cost perspective. For a few hundred dollars you should be able to get the training material and pay for the test.
International Information System Security Certification Consortium, Inc. (ISC)²
(ISC)² has a number of certifications like the popular Certified Information Systems Security Professional (CISSP). When I first wrote this the CISSP was very popular. Since then, it has become the most hated on cert in infosec for some reason. Personally, it helped me learn a baseline knowledge of areas I never would have bothered looking into otherwise and from a career advancement perspective I am certain it has helped me acquire more than one job. The certification’s available cover everything from forensics and computer security to secure software development. It also is fairly affordable compared to SANs or even Offensive Security. The main downside is a lot of their certifications require a certain number of years of experience in security, so it is more focused for professionals already in security.