Top IT Security Certifications 2018

The year 2018 started with Meltdown & Spectre as the most talked about vulnerabilities. Recently Facebook announced the data misuse of around 87 million+ users whose data had been compromised in some manner. What does this mean for in time to come: more breaches, bigger losses, more coverage and more jobs and opportunities for IT and programming professionals. By the end of 2018, the bubbles in the website informationisbeautiful ( would have grown bigger.  Such breaches and vulnerabilities would require more and more security professionals to work in the industry. “Cybersecurity labor crunch to hit 3.5 million unfilled jobs by 2021”is what has been predicted by CSO (

When evaluating prospective InfoSec candidates, employers frequently look to certification as an important measure of excellence and commitment to quality. Here are the top information security certifications of 2018.

CISSP – Certified Information Systems Security Professional

CISSP is currently granted by the International Information System Security Certification Consortium, also known as (ISC)². CISSP covers all the domains of security ranging Risk Management to Security Operations. To become CISSP certified, there is a requirement of having a minimum of 5 years of experience in two or more information security domains of (ISC)².

The certification is aimed at the people who have relevant technical and management skills. CISSP is valid for 3 years and can be renewed by meeting the required number of CPE (Continuing Professional Education) points.

CISA – Certified Information Systems Auditor

This certification is specially designed for professionals who aspire to grow as an Auditor in the field of Information Security. CISA covers the following 5 domains extensively:

Domain 1: The process of auditing information systems
Domain 2: Governance and management of IT
Domain 3: Information systems acquisition, development, and implementation
Domain 4: Information systems operations, maintenance, and support
Domain 5: Protection of information assets
Being a CISA certified establishes the fact that you have knowledge and experience in the above-mentioned domain. CISA is recognized globally and the recertification can be done by submitting the required CPE points with ISACA (Information Systems Audit and Control Association).

CISM – Certified Information Security Manager

CISM is a globally recognized standard in the field of Information security management. CISM is also accredited by ISACA. Anyone who holds the CISM certificate is expected to have a sound knowledge and understanding to establish the relation between Information Security and the Business. CISM focuses on the following domains:

Domain 1: Information Security Governance
Domain 2: Information Risk Management
Domain 3: Information Security Program Development
Domain 4: Information Security Program Management
Domain 5: Incident Management and Response

CRISC – Certified in Risk and Information Systems Control

CRISC certified professionals are expected to build and establish the understanding of the impacts of IT risks and how it will affect the overall business. Hence, for the professionals with an understanding of the Risk Analysis, are targeted for this certification from ISACA. The domains covered under this certification are:

Domain 1—IT Risk Identification
Domain 2—IT Risk Assessment
Domain 3—Risk Response and Mitigation
Domain 4—Risk and Control Monitoring and Reporting

CCFP Certified Cyber Forensics Professional

The CCFP certification offered by (ISC)2 indicates expertise in forensics techniques and procedures, standards of practice, and legal and ethical principles to assure accurate, complete, and reliable digital evidence admissible in a court of law. It also indicates the ability to apply forensics to other information security disciplines, such as e-discovery, malware analysis, or incident response.

CCFP addresses more experienced cyber forensics professionals who already have the proficiency and perspective to effectively apply their cyber forensics expertise to a variety of challenges. In fact, many new CCFP professionals likely hold one or more other digital forensics certifications.

GPEN – GIAC Penetration Tester

GPEN is a certification which is specially designed for professionals whose job role includes vulnerability assessment, Penetration testing, and ethical hacking. As any other GIAC certification, this certification is also completely based on the practical and hands-on experience of the aspirant. It widely covers the various aspects related to Penetration testing, including the legal challenges around penetration testing as well.

GSEC – GIAC Security Essentials Certification

GSEC is an intermediate level certification from GIAC, targeting the security professionals with excellent hands-on skills with respect to the security tasks. There is no specific training or course material as such, because the certification is completely focused on the practical experience of the aspirant and hence establishes the credibility of the professional, once certified. GSEC is valid for 4 years and needs to be renewed after that.

Other Notable Mentions

1. SSCP by (ISC)2
2. Certified Ethical Hacker
3. CompTIA Security+
4. (ISC)² Certified Cloud Security Professional (CCSP)

What do you think about these certifications? Comments welcome.


You may also like to read...

Identification, Authentication, Authorization, and Accountability

Access Control Models - DAC, MAC, RBAC , Rule Based & ABAC

How to Pass SSCP Exam in the First Attempt

Understanding Security Modes - Dedicated , System high, Compartmented , Multilevel

Cloud Computing - The Logical Model