CompTIA certifications have remained the most popular for the entry-level information security professional, but there are a number of CompTIA alternatives that made the list. See the five best entry-level information security certifications to earn below.
1. CompTIA “core” certifications
For the number one spot, we cheated a bit, but that’s because where you start your certification journey largely depends on your existing knowledge and experience. As the saying goes, cybersecurity is not an entry-level skill, and you need to understand how a network works before you can understand how to secure it. CompTIA’s “core” certification path is designed to build and validate the knowledge you’d gain over your first two years working in IT and cybersecurity.
1a. CompTIA A+ and Network+
Both the CompTIA A+ and CompTIA Network+ certifications are a great starting point for those looking for their first certification. The information and knowledge covered by these certifications can be considered almost “general education” when it comes to information security.
A+ certifies the competency to install, operate, maintain and troubleshoot devices, much like an entry-level helpdesk professional would. Network+ covers areas such as the design and implementation of functional networks, network management, network maintenance, configuring networks, effective usage of switches/routers, identifying pros and cons of network configurations, and implementation of information security policies and procedures.
For those considering these certifications, Infosec partners with CompTIA to offer training for all of their IT and security certifications. Find more information on what you’ll learn in the CompTIA A+ boot camp and CompTIA Network+ boot camp. You can also train on-demand for CompTIA certifications with a subscription to Infosec Skills.
1b. CompTIA Security+
If there had to be just one entry-level information security certification to earn, I would strongly suggest the CompTIA Security+. And the industry agrees, which is why Security+ has grown to become the most popular cybersecurity certification in the world. Simply put, Security+ represents all of the knowledge and tools required for entry-level information security professionals to begin a successful career. Security+ is an entry-level, vendor-neutral, global information security certification. Earning this certification demonstrates competency to perform core information security functions. Employers who see this certification on a resume can rest assured that the certification holder is serious about progressing in their information security career. The primary Security+ objectives, according to CompTIA, are:
Assess the security posture of an enterprise environment and recommend and implement appropriate security solutions Monitor and secure hybrid environments, including cloud, mobile and IoT Operate with an awareness of applicable laws and policies, including principles of governance, risk and compliance Identify, analyze and respond to security events and incidents
Most Security+ certification candidates will choose Security+ to be either their first or second information security certification. True as this may be, it extends far up the rungs of the proverbial corporate ladder, as you will be hard-pressed to find a Chief Information Officer without a Security+ certification (or at the very least a Security+ study guide that they use as reference material). The knowledge and tools covered by Security+ form such a strong foundation for information security and information technology careers that its basics will follow an information security professional throughout their entire career. As mentioned above, CompTIA and Infosec partner to provide an in-depth, five-day Security+ Training Boot Camp to help candidates tackle this universe of information and successfully pass the Security+ exam. You can also train on-demand with courses taught by Mike Meyers in Infosec Skills. For more on the Security+ certification, view our Security+ certification hub.
2. (ISC)² Security Certified Practitioner (SSCP)
The SSCP certification from (ISC)² is similar to the Security+ in that both are considered entry-level: (ISC)² has a one-year experience requirement for SSCP and CompTIA has a two-year experience recommendation for Security+. However, a degree (bachelor’s or master’s) in a cybersecurity program can also fulfill the one-year work experience requirement for SSCP. The primary difference is that the SSCP is a bit more focused on the IT administration side compared to the Security+, which focuses more on a SOC analyst-type role. As (ISC)² explains, the “SSCP certification demonstrates you have the advanced technical skills and knowledge to implement, monitor and administer IT infrastructure using security best practices, policies and procedures.”
Associate of (ISC)²: More certification options
For those specifically looking at more advanced (ISC)² certifications but who don’t have the required work experience to earn them, there is the option to become an Associate of (ISC)². For example, the following (ISC)² certifications require multiple years of experience — in addition to passing the exam:
Certified Authorization Professional (CAP), which requires two years of experience Certified Secure Software Lifecycle Professional (CSSLP), which requires four years of experience Certified Information Systems Security Professional (CISSP), which requires five years of experience Certified Cloud Security Professional (CCSP), which requires five years of experience
However, candidates can take the certification exam before they have any experience and then submit their experience toward their certification as they earn the experience. This can be a good option if you feel have some knowledge and experience from other projects, but not the paid experience (or unpaid internships) that is required. For most entry-level professionals, starting with the SSCP or another entry-level certification will be the best path for success.
3. EC-Council Certified Ethical Hacker (CEH)
As the EC-Council website puts it: “To beat a hacker, you need to think like one!” This vendor-neutral certification demonstrates that the certification holder has the knowledge and tools that malicious hackers have and can use those same forces against them. This certification of lawful and legitimate hacking skills also shows the world that the information security professional knows how to assess the security posture of a system/network and how to find weaknesses and vulnerabilities within it. Information security professionals that want to bring hacking skills to their day job should consider the CEH certification. This is for one reason: an organization that is trying to protect itself from outside hackers should hire a hacker. Having a hacker in your organization can help the organization better spot its own vulnerabilities and will be able to shed light on how hackers think in any given situation, making a CEH a valuable addition to the team. Please note, though, that this certification is not completely, bare-bones entry-level. To be eligible to take the CEH certification exam, candidates must have at least two years of experience working in the information security industry — or take an official EC-Council approved training course if they don’t have the required experience. In either case, candidates are required to pay a non-refundable application fee. Candidates can expect an exam that will be four hours in duration and contain 125 questions. For those interested, Infosec is an EC-council accredited training partner and offers an Ethical Hacking Dual Certification Boot Camp, which prepares you for both the CEH and CompTIA’s PenTest+ certification. It teaches you the skills to successfully (and ethically) hack an organization and features a repeatable, documentable penetration testing method that can be used on the job. The PenTest+ is generally considered more difficult than the CEH, but there is about a 70% overlap in the material, so it may make sense to train for both at the same time.
4. GIAC Security Essentials (GSEC)
Managed by GIAC, GSEC is another entry-level certification that validates in-demand skills. In short, GSEC certification demonstrates that the holder has knowledge of best practices for general information security and the methodology required for effective real-world application. GSEC is an excellent choice for an entry-level information security professional, although the exam is much more expensive than the other options on this list. It can be difficult to distinguish yourself from the pack when you are an entry-level information security professional, but earning the GSEC certification and listing it on your resume or CV can certainly help.
5. CCNA (and other vendor-specific certs)
We close out this list with yet another small cheat: vendor-specific certifications. The four listed above are what’s known as vendor-neutral, which means the knowledge and skills covered on the exam is not specific to any one vendor or technology. However, you should at a minimum be aware of all the certification options out there that are focused on a specific vendor. One of the most popular vendor-specific certifications is the Cisco Certified Networking Associate (CCNA), which covers installing, configuring and operating Cisco devices. It’s comparable to the Network+ in that both cover networking fundamentals, but if you know the jobs you’re applying for are using Cisco equipment, getting the Cisco-specific networking certification may help you stand out. Most large technology companies offer some form of vendor-specific certifications to validate your skills in using their technology. Vendor-neutral certifications like the ones listed above tend to have broader appeal and popularity, but you should be aware of these other types of certifications as you progress in your career.
Which entry-level security certification should you choose?
There are many certifications available for entry-level information security professionals. The five listed above are among the most popular and well-known, but there are a number of others out there to pursue, especially once you go beyond the foundations and can certify towards specific job roles, tasks or technology stacks. Even if you don’t take the exam and earn the certification, the certification exam outlines are a great place to find areas of study to build your knowledge. But earning a cert (or a few certs) can help open doors for a number of entry-level roles by proving you have a minimum level of knowledge, as well as the initiative to build your skills.