Here we are going to discuss more on the certification. What do certification mean? How the exams are conducted and the price points so importance of a cybersecurity certification first and foremost, when I see a certification, I look at it from three different aspects.
The first is the training itself, which allows me to gain the knowledge which allows me to understand the aspects of security or whatever the certification is therefore, the second aspect is the exam itself.
How do I need to prepare myself for the exam? And how do I need to approach the exam? How do I need to ensure that I pass in my first attempt, and the third aspect is the certification itself, which allows me to be eligible to apply for a particular job rule.
So obtaining a cybersecurity certification ensures or shows to the organization that you’re applying to that you do have the prerequisite knowledge and you should be shortlisted for an interview.
The knowledge that you have gained during the training will help you when you attend that interview. And when you attempt to answer the questions asked to you. So the certification are designed for a specific rule.
For example, a forensic investigation certificate will teach you how to investigate a crime scene forensically digital crime scene for a matter of fact, a Certified Ethical Hacking course will teach you about penetration testing.
So it is you who’s going to decide which certification you require and then attempt to get certified on it. Of course, a fresher with a cybersecurity certification will have better employment opportunities because they can showcase their knowledge with the certification that they already have.
Even professionals who want to enhance their careers can get into managerial or advanced certification to improve on their knowledge and get promoted in the job profiles
1. CCNA Routing and Switching certification
CCNA Routing and Switching certification basically, it helps you build your networking career, you will join an organization as a network engineer where you can help the organization establish the routing, the pathing of how data packets will travel across the network.
This certification covers all the basic concepts that you require to understand networking, the basic requirements for the certification are that the candidate must have a bachelor’s degree.
But apart from that there are no other prerequisites. So it’s just that you need a bachelor’s degree and then you can apply, you can study for this, you can undergo training and then you can attempt the exam, the certification provider, obviously, Cisco so the knowledge that is limited to this training and certification is for Cisco devices, only.
The exam fees for this certification is approximately $325. The exam when it is conducted, it has around 50 to 60 odd questions which need to be answered in 90 minutes.
The type of questions that you’re going to get is multiple choice questions where you have a question and four answers. And you have to choose the correct answers among those drag and drop where you have to click on an object and drag it to its appropriate place, probably architectural diagram.
And you have to, let’s say, pick on a router and place it into a particular position. If you place it correctly, you want to answer the question correctly, otherwise, it’s wrong
And a simulator where you go where there could be a configuration, you need to configure it in a particular manner, and then check whether the configuration is correct or not.
The pass mark is around 800 to 850 out of a possible thousand marks. So each question will have a different weight age, depending on the depth of the question, depending on the difficulty level of the question, or the difficulty level of the question,
which would then count towards your marks. And if you score 800 to 850, that’s when you clear the exam.
The job roles as we have discussed over here would be more more on the network administrator side or a network engineer side depending on the level of experience that you have the salaries that are expected from this job rules in the US around $55,000 to $90,000 annually.
2. CompTIA certification
CompTIA is also a global Certification Authority for infosec courses. So this certification teaches candidates on how to secure applications networks and devices. It focuses on hands on practical skills in the field of network security.
It deals with the concepts to the core. It helps you understand the concepts and then in the practical hands on demo. You need to execute the practical yourself so that you can gain that knowledge.
The recommended level for a candidate to attempt this training would be at least around two years of experience in the IT sector. If you have already been certified for network plus certification from CompTIA, which is the baseline networking certification, this is also a preferred way to go for the certification.
CompTIA is the certificate provider and the exam fees for this certification is $339. The exam is quite simple 90 questions in 90 minutes. That’s one minute per question. It sounds like a lot of time, but believe me, the questions can be a little bit confusing can be a little bit lengthy.
So you will require all those 90 minutes to answer these questions, especially when they are tricky, and they’re technical in nature, the questions would be multiple choice and performance based, the pass mark for this exam is around 750 points out of a possible 900.
The job profiles for this game for certification is when you want to apply for a security analyst position or a security engineers position where you’re going to analyze some data to understand and figure out what problems are ongoing in the organization,
3. Certified Ethical Hacker: EC Council certification
EC Council is a global certifying authority very well accepted across a lot of countries. This is an offensive certification. So here, you’re basically trying to become a penetration tester, you’re taught how to hack, you’re taught how to attack a particular organization, from ethical hackers perspective.
So the job profiles that we’ll be looking here are of a pentester, where you go into an organization, you test their security controls, or you test their devices, find out flaw flaws within them, and then provide recommendations of how to plug those flaws or mitigate those flaws and improve the security of that organization.
it is recommended that you have two years of experience, at least in networking or security for these two attempt this kind of trainings and certification. Again, a basic understanding of networking, or maybe a little bit of applications, operating systems would be necessary. before attempting this certification.
The certification provider is EC Council. And the exam fees for this certification is $500. So the exam here would be 125 questions, which needs to be attempted in four hours. And you will only get multiple choice questions in here.
For CEH there are two exams. One is the multiple choice questions. And the second is a practical exam, where you need to solve some given problems to you in a lab scenario. And if you are able to solve them properly, you then get certified for CEH practical,
the cutoff varies from 65 to 85%, depending on the questions that you have answered in the weightage associated with each and every question. As I said, the job roles would be as a penetration tester or security engineer and your salaries would start from around $90,000 annually.
4. Certified network defender from EC Council
Now this is more on the network defense side. So here again, the job roles would be network that you have, and you’re going to try to secure the network and the communications that are going to travel over the network.
So you need to be a network administrator or a network security engineer or in a similar profile to understand how networks work. And then you’re going to attempt to secure those networks.
The certificate provider, again is EC Council and the certification is placed a little bit below CEH so it becomes network defense, then CEH
you’re going to become a penetration tester. The exam fees for this certification is 350 US dollars
the exam is of 100 questions to be answered in four hours. Again, it’s just a multiple choice questions. So you get a question with four options, you answer the correct one, and you move on to the next question. The past percentage against varies from 60 to 85%. Depending on the questions answered
job roles to be applied network defense technician CMD analysts or a security analyst from a network perspective, salaries would range from 65,000 to $75,000. per annum.
5. Computer Hacking forensic investigator certification
This will help you understand how computers work where data is stored, and how we can treat that data to investigate a crime that has taken place. So the candidate must have at least two years of experience in the information security sector,
they need a good understanding of how networks work, how computers work, how operating systems work, how they store data of the location where that data is stored, how databases work, how those databases to those data, and so on, so forth.
This certification is sought after mainly in the law enforcement areas. But there are a few corporates that offer forensic investigation as a service, especially when corporate gets compromised, and they want to conduct their own investigations. The certification provider for this is also EC Council and the exam fees are $500.
This is an advanced level certification. So understanding of applications networks and operating systems is a must before you attend this, the exam is quite similar 150 questions in four hours.
Again, it’s just a multiple choice question. Exactly. The cutoff again is from 60% to 85%, depending on the questions and the weightage of each and every question,
job roles, IT security specialists network security, Pro, the job roles, forensic investigators, law enforcement agencies, security specialists, Homeland Security, jobs and salaries will be around $88,000.
6. CISM certification
It stands for certified Information Security Manager. And as the name suggests, it’s a security manager certification, it helps the candidate in understanding the relationship between business goals and information security.
So now you’re going into the space where you’re not only technical in nature, but you also have to understand the business needs the goals of the business. And you have to align the information security of your infrastructure, along with the business needs and the business goals.
So it is your inputs that are going to go to the management to see if the infrastructure is aligned to the business goals. Or if the infrastructure or the business goals need any fine tuning
around five years of work experience is recommended in the information security field for attempting the CISSP out of the five years, the candidate must have a background as an Information Security Manager for three years.
So you have some experience as a manager, you have implemented those things yourselves, which will give you a better understanding. And then you attempt the certification, providing by Isaca.
the exam fees for Isaca members is $575. For Non members, it is $760. The exam is where you have to answer 150 questions in four hours, quite a bit of time.
But questions are going to be scenario based questions where they’re going to give you a lot of scenarios, you have to think about it and you have to give the most probable and the correct answer for that particular scenario.
The past mark is 450 out of 800. Your job profiles would be either a risk manager or a risk consultant, analyzing the business requirements to the infrastructure security that that you have. And to identify any risks associated with the infrastructure, highlight those risks, and then put in security controls and manage those controls in a way where security is mitigated.
Your average salaries would be around $88,000.
7. CISA certification
certified Information Systems auditor certification, it not only looks into security, but it also looks into auditing and controls in Information Systems. This is a highly reputed certificate, and you gain a better understanding of governance regulations and auditing your information landscape.
Again, a minimum of five years of working work experience in the field of information systems, auditing, control or security is necessary.
Now here the question would be what’s the difference? Security is where your technical in nature you have done, let’s say whatever the assessment or a penetration test,
you have implemented firewalls, you’ve architected security controls are all about the security controls that you’re going to implement, like firewalls, IDSS, IPSS, data loss prevention systems
So experience in architecting, or implementing those controls in an effective manner, mitigating your security or you have your vulnerabilities that you have identified in the organization.
And auditing would basically mean about looking at compliance to ensure that everything is in place you’re compliant with let’s say, ISO 27,001 guidelines or the policies that you have created yourself, and everything is working in order.
So it’s more of a checklist where you’re going to just check everything is in place and you’re conforming to standards. This certification is also provided by ISACA. And the exam fees for itself. Members are $575 whereas non ISACA members will have to pay $760 for the certification
150 questions again in four hours multiple choice questions scenario based, so you have to really understand the real world scenarios of where what controls and what audit mechanisms should be increased passmark is 450 out of 800.
Your job roles would be mainly becoming an auditor or a senior auditor or director for information security information audit manager or information technology consultant where you provide intelligence on how the company should implement their infrastructure,
average salaries would be 103,000.
8. CRISC certification
certified in risk and Information Systems control certification helps the candidate design and maintain Information Systems controls for an organization. This is one of the most sought after certification.
As far as risk management is concerned in Europe. And in us. If you have this kind of certification, you automatically qualify for a risk manager or a security risk manager or a information security consultant kind of role,
you should have a minimum of three years of experience in the field of ISC controls. That means information security controls, you should have knowledge about firewalls, you should know about how to mitigate risks, how to identify risks in the first place, risk analysis, risk management, and after which you’re going to implement security controls to mitigate that risk, or bring it to acceptable levels.
At this point in time, you will also be responsible to create policies, revolving those risks and how you want to calculate those risks and treat those risks in their lifetime certificate provider again, is the ISACA , $575 for soccer members $760 for non ISACA members for the exam fees,
a similar question 150 questions to be answered in four hours multiple choice based on performances. So they may give you a scenario where you have to perform a risk analysis and provide a report and a solution based on your findings.
Again, the pass mark is 450 out of 800. The job profiles associated as discussed earlier, our dietary Risk Management Professionals where they’re going to identify risks, treat those risks, calculate analyze, maybe do a business impact analysis to a certain how the organization is going to be affected.
And then you will also be looking at compliances. As far as these job roles are concerned, average annual salary would be hundred and 19,000.
9. CISSP certification
It is stand for certified Information Systems Security professional. This is the gold standard of all certification. If you have this certificate, you can basically be assured of a job in the IT world. Now just to qualify, you’ll have to have five years of experience in the information security field.
There are eight domains that are specified by CISSP. And you have to prove that you have knowledge and your work experience of around five years in at least two of those domains.
If you do not have those kind of experiences, you can still attempt the exam, but you become an associate of IC square, which means that you get six years to accomplish the five years of experience requirement for this certification.
Before taking the Cisco certification, it is suggested that the candidate clears all the intermediate level certification, not all but some of them.
The certificate provider is ISC . The exam fees is $699. Like I said, this certification is where most sought after the gold standard. In fact, there’s hardly any other certification after this that you might want to do
the questions now the exam has changed if it is the English version that you’re giving it’s 150 questions to be answered in three hours. If it is a non English exam that you’re attempting, then it is 250 questions in six hours,
And if you’re opting for the six hour exam, you need to plan it really well. It sounds really easy, but the questions are quite tough. They’re scenario based and the answers are quite confusing as well.
You would get multiple choice questions you would get drag and drop and you might get simulators as well. The past mark is 700 out of 1000 but each question has a different weight age.
So it depends on which questions are asked of you and which questions you have answered correctly. The job rules associated with this certification would be anything in everything in information security at the manager level and above.
So Information Security Manager Risk Manager system information system security officer, chief information security officer, any role that you might think of as a risk from a risk compliance strategy could be achievable after this kind of a certification.
The average annual salary is $108,000 for this certification.