Currently, CISSP, CEH and CISA seem to be leading the way as the most popular IT security certifications out there.

Some individuals strive to certify in a combination of these qualifications, or even all of them.

These certifications require an individual to pass an exam and usually to provide evidence that the individual has been working within the security industry for a certain number of years before being awarded the certification by the governing body.




IT Security Certifications for cybersecurity professionals




CompTIA is a none profit organisation that educates and trains individuals within different areas of IT. ComTIA deliver CompTIA Security+ that certifies an individual on their understanding and competency within the security field, which includes network security, compliance, application security, cryptography, access control and others.


Critical Infrastructure Institute is a provider of the Professional in Critical Infrastructure Protection (PCIP) certification.

The certification is available within the US and shows an individual has the ability to assess and manage risks, and to be able to respond to incidents and then recover operations and service delivery.


DRI International educates and certifies individuals on business continuity and disaster recovery.

Certifications include the following:

Associate Business Continuity Professional
Certified Functional Continuity Professional
Certified Business Continuity Professional
Master Business Continuity Professional


EC-Council is an organisation which certifies individuals and organisations in a number of areas around e-business and IT security, of which some of these are listed below:

Certified Ethical Hacker (CEH) is one of EC-Council's most popular IT security certification. An ethical hacker’s task would be to penetrate / exploit a system\network and report on the results found (assuming they have the company’s permission to do so). EC-Council also offer other certifications such as Computer Hacking Forensic Investigator (CHFI) certification and Certified Security Analyst (CSA) certification.

Qualified Security Assessor (QSA) by PCI Security Standards Council is a certification for assessing and certifying that a company is complying with the Payment Card Industry Data Security Standards (PCIDSS). Not anyone is able to take the course and exam, as there has to be a certain number of pre-requisites in place, such as the company of an individual must first be an authorised member.

Other courses by EC-Council include the following:

Computer Hacking Forensic Investigation
Certified Security Analyst
Licensed Penetration Tester
Network Security Administrator
Certified Secure Programmer
Certified VoIP Professional
Disaster Recovery And Virtualization
Certified Network Defense Architect
Certified Incident Handler
Certified Security Specialist
Wireless Certification


The Global Information Assurance Certification (GIAC) was introduced to validate the skills of IT security professionals and offers a number of other certifications.

GIAC covers areas such as auditing, IDS, Windows and Linux security, firewalls, forensics and other specific areas. GIAC has to be retaken every four years.

Certifications by GIAC include the following:

GIAC Security Essentials GSEC
GIAC Certified Incident Handler GCIH
GIAC Certified Intrusion Analyst GCIA
GIAC Penetration Tester GPEN
GIAC Certified Firewall Analyst GCFW
GIAC Certified Windows Security Administrator GCWN
GIAC Web Application Penetration Tester GWAPT
GIAC Assessing and Auditing Wireless Networks GAWN
GIAC Certified UNIX Security Administrator GCUX
GIAC Information Security Fundamentals GISF
GIAC Certified Enterprise Defender GCED
GIAC Exploit Researcher and Advanced Penetration Tester GXPN


International Association of Privacy Professionals (IAPP) provides a centralised place for privacy professionals to get together and share ideas and knowledge. IAPP supports privacy professionals through networking, education and certification.

Certified Information Privacy Professional (CIPP) by International Association Of Privacy Professionals (IAPP) is a privacy and data protection certification in compliance within the US. IAPP provide other certifications as well.

Other courses by IAPP include the following:

Certified Information Privacy Professional/Canada (CIPP/C)
Certified Information Privacy Professional/Information Technology (CIPP/IT)
Certified Information Privacy Professional/Europe (CIPP/E)
Certified Information Privacy Professional/Government (CIPP/G)


ISACA is a none profit organisation that provides guidance and benchmarks for organisations that make use of information technology systems. ISACA provides a range of IT Governance services.

Some of the certifications provided by ISASA are detailed as follows:

Certified Information Security Auditor (CISA) is a professional IT security certification governed by ISACA. CISA is suited for IT security auditors, or anyone who has an interest around this area.

Certified Information Security Manager (CISM) by ISACA is aimed towards security professionals with IT Security management responsibilities.

Other courses by ISACA are detailed as follows:

Certified in the Governance of Enterprise IT (CGEIT)
Certified in Risk and Information Systems Control (CRISC)


ISC2 is a none profit organisation which provides education and certification to it's members within IT security. ISC2 have a strong and reputable presence throughout the world.

Certified Information System Security Professional (CISSP) certification by ISC2 is a globally recognised standard of achievement. CISSP is a senior certification for IT professionals throughout the world. For an individual to gain CISSP they must have at least five years of direct IT security experience and pass the CISSP exam.

Other courses by ISC2 are as follows:

Systems Security Certified Practitioner
Certified Authorization Professional
Certified Secure Software Lifecycle Professional
CISSP Concentrations (Architecture, Engineering or Management)


ISO 27001 Lead Auditor qualification is for security professionals who want to work with an internationally recognised best practise standard and specialise in information security management systems. Organisations who achieve ISO 27001 certification does not mean an organisation is fully secure as there is no such thing; rather it shows they follow a high standard to securing information. This then gives partners and customers the confidence to work with these organisations who have met the requirements of the qualification.

Becoming an ISO 27001 Lead Auditor means you can provide competent consultancy and assist organisations in meeting the standard.