The Best Cybersecurity and Information Security Certifications

Archive for cybersecurity

The Best Cybersecurity and Information Security Certifications

Information Security CertificationsLet’s begin with “Information Security” and “Cybersecurity”.  There are two expressions that people often use somewhat interchangeably. They are not quite the same though, as we have already explained in one or our previous blog posts. In any case, both have – naturally – the security aspect in common. This means, that if you are planning for a professional career in this field, not only are your knowledge and skill set of particular importance, but also are your reputable credentials, such as, Cybersecurity and Information Security Certifications.

Let us have a look at some of the best information security certifications to boost your career as an information security professional.


Information Security Certifications

Certified Penetration Testing Engineer (C)PTE)

The Certified Penetration Testing Engineer certification constitutes an upgrade to the Certified Ethical Hacker/CEH. The Techsherpas certification course is based on proven, hands-on penetration testing methods and the Five Key Elements of Pen Testing:

  • Information Gathering
  • Scanning
  • Enumeration
  • Exploitation
  • Reporting

CISM: Certified Information Security Manager

The certification as a CISM/Certified Information Security Manager demonstrates your proficient knowledge and skill set in the field of Information Security Management, such as:

  • Threat analysis and risks
  • Risk and incident management
  • IS security strategy/frameworks
  • Security programs and CISO roles
  • Creation of policies for audit and risk management, compliance and awareness
  • DR and BCP development/deployment/maintenance


CompTIA Security+

With Information Security Certifications like CompTIA Security+ you demonstrate the necessary computer security skills to successfully perform your duties in a wide range of IT security-related roles. Such skills are, for example:

  • Identification of the fundamental computer security concepts
  • Identification of (potential) security threats
  • Data management and application
  • Host security management
  • Network security implementation
  • Identification/implementation of access control
  • Identification/implementation of account management security measures
  • Identification/implementation of compliance and operational security measures
  • Certificate and risk management
  • Troubleshooting and management of security incidents.
  • Business continuity and disaster recovery planning


CISSO: Certified Information Systems Security Officer

A Certified Information Systems Security Officer (CISSO) demonstrates proficiency in the knowledge and skill set (including industry best practices) that characterize the work of a security manager/security officer, such as:

  • Expertise regarding the in-depth theory of core security concepts, practices, monitoring and compliance
  • Use of a risk-based approach
  • Ability to implement and maintain cost-effective security controls

The CISSO certification training also covers the exam objectives of the CISSP: Certified Information Systems Security Professional


C)IHE: Certified Incident Handling Engineer

The Certified Incident Handling Engineer (C)IHE) is directed toward IT professionals, such as incident handlers, system administrators and general security engineers. The training, which also covers the GCIH- GIAC Certified Incident Handler, teaches students:

  • Planning, creation and utilization of systems for attack prevention, detection and response
  • Step-by-step approaches as used by hackers worldwide
  • Identification of the latest attack vectors and implementation of safeguarding measures
  • Incident handling procedures
  • Strategies for each type of attack
  • Recovery measures after an attack


Have a look at our public training schedule to find out more about how we can support you to achieve the Cybersecurity and Information Security Certification that is best for your career plans.





Can you hack it? Ethical Hacking skills in demand

Turn on the news and you will undoubtedly hear about some new cyber-attack. They happen to individuals, large organizations, financial institutions, retailers, and even government agencies. The latest and now very public issue regarding our nation’s security is the persistent computer-hacking problems the US has been having with China, spanning a decade! These cyber-attacks are quite disturbing because hackers can steal intellectual property, weapons, financial data and other corporate IT-Security-300x261secrets. You may have also heard claims that the US government could be the biggest hacker in the world, investing millions of dollars in offensive hacking operations. Hmmm, that will get you thinking. The point is, Cybersecurity is crucial in this age of advancing technologies, and hacking is one skill that can provide insight and solutions to the rampant stream of cybercrime. President Obama recently stated, “Cyber threat is one of the most serious economic and national security challenges we face as a nation” and “America’s economic prosperity in the 21st century will depend on cybersecurity.” With cyber-attacks on the rise with no sign of slowing, the demand for hackers is higher than ever.

White Hats off for Ethical Hackers
Although there are those who will not support hacking in any way, shape, or form, the growing threat on information systems is evident, and we need to be able to counteract, or even better, prevent these attacks. The terms hacker and hacking typically carry a negative connotation as they are commonly associated with the skill of unlawfully breaking into computer systems. But not all hackers are bad. In fact, through ethical hacking, these ridiculously skilled people have the ability and knowledge to navigate computer systems, diagnose security flaws, and provide insight and solutions to the problems created by “crackers”. An ethical computer hacker, or a computer security expert, aka White Hat hacker, specializes in penetration testing and other testing methodologies to ensure the security of an organization’s information systems. Their job is not to break-in and cause damage, but to determine how to break-in current systems, point out vulnerabilities, and provide suggestions on how to make penetration of the system less likely by Black Hat hackers. Ethical hacking jobs are done with consent from the target.

Although hackers are constantly teetering the gray area, by following certain guidelines hackers can stay within the legal boundaries and out of trouble. Unfortunately, not all do, and eventually some cross over to the dark-side of “cracking” aka Black Hat hacking. On the flip-side, some Black Hat hackers have found the light (mostly after being busted and serving time) and are now White Hat hackers working for government agencies, or running their own consulting firms. (We dive into the famous and infamous hackers in our “Cracker busting Hackers” blog.)

Avoid the underground – the dark side of “cracking”
Although Black Hat hacking can create an exciting big screen drama, the damage it can create in real life can be devastating, costing large amounts of resources and money. Black Hat hackers are those who unlawfully break into computer systems for malicious reasons or personal gain. They can be motivated by profit, protest, or challenge. These are the ones that give hackers the bad rap. These are the bad guys you hear about on the news – the ones that steal confidential information from credit card companies, or money from financial institutions. They cause major damage, comprising security and functionality of websites and networks. They steal:

Client or customer information or other business data
Credit card details and social security numbers, for identity fraud or theft
Passwords for access to our online bank, ISP or web services
Email addresses, which may be used for spamming
Children’s names, photographs, ages or other of their personal details held on the computer
DDoS (Distribution Denial of Service) attacks

Andrew Auernheimer, a 26-year-old independent security researcher, was sentenced to 41 months in prison for programmatically scraping user information from a public AT&T website and sharing it with Auernheimer was charged under the Computer Fraud & Abuse Act, which many feel is too broad. After he was convicted, Auernheimer wrote for Wired that the selective prosecution of some security researchers will deter future hackers from ever disclosing exploits, even critical ones that effect national security. Do you think Auernheimer has a point?

Certified Ethical Hacker Training & Certification
With so many types of cyber-attacks, protection is vital and many people rely on the ethical hackers to help with their protection strategies. People who enter into this particular field are typically computer savvy, and have acquired much of their computer knowledge through self-teaching methods. They likely have a solid understanding in computer programming, and possess creativity skills. In addition to computer programming courses, those interested in ethical hacking should explore certified ethical hacking training, and certifications. The International Council of E- Commerce Consultants offers a professional certification – Certified Ethical Hacker (CEH). CEH training courses provide students with interactive environments where they learn to scan, test, and penetrate their own systems, through various techniques and tools used by black hat hackers. They learn all about ethical hacking and countermeasures. Students are typically required to provide signed documentation that they will not use this knowledge for malicious purposes.

Some of the techniques that hackers use to penetrate the systems include:

Vulnerability Scanner
Password Cracking
Packer Sniffer
Spoofing Attack (Phishing)
Social Engineering
Trojan Horse, Viruses, & Worms
Key Loggers
In addition to CEH training, inspiring hackers should explore these other IT Security courses:

CISSP: Certified Information System Security Professional
Certified Penetration Testing Engineer
Certified Forensics Examiner

Job opportunities and salaries for Ethical Hackers
With the majority, if not all, important business information being stored on computer networks, IT security is more important today than ever before. Both public and private organizations face cyber threats, and take security of confidential information very seriously. A CEH is usually employed by an organization who trusts him or her to attempt to penetrate networks and/or computer systems for the purpose of finding and fixing computer security vulnerabilities. Who better protect your information than a Hacker? Because of this way of thinking there are plenty of job opportunities available for Certified Ethical Hackers (CEH). Here are some of the job positions that CEHs in the US currently hold along with their associated salaries:

Median Salary by Job – Certification: Certified Ethical Hacker (CEH) (United States)Median Salary by Job

Choose the life of a hacker, not a cracker
If you’re going to lead the life of a hacker, you need to be conscientious and responsible as some areas start to look gray, and less black and white. Becoming certified and knowing the law will help you stay out of trouble. White Hat hackers often become Black Hat hackers, and vise-versa. If you are a hacker, we highly encourage you to use your powers for good versus evil. We get it! Hackers enjoy cracking codes. It’s fun! So why not get paid to do it? Get certified and get paid to do what you love. The outlook on finding a job and keeping a job in this field is very promising, as cybercrime increased 8.3% from 2011 to 2012. Ethical hackers have the opportunity to save people, organizations, and agencies from falling victim to costly cyber-attacks. Avoid crossing over to the dark-side, or be prepared to spend life on the other side of steel bars. Go down in history as a famous Hacker, not an infamous Cracker. Read about the most notorious Hackers & Crackers on our next blog.