Security Certifications#

Reference of cybersecurity, cloud, networking, audit, and training certifications. Useful for resume signaling, course content, and procurement gate (GS-13 / DOD 8570 / IAT II / III equivalents). Listings note vendor, level, and the typical audience.

General security#

Cert

Body

Level

Notes

Security+

CompTIA

Entry

Vendor-neutral baseline; DoD 8570 IAT II.

CySA+

CompTIA

Intermediate

Cybersecurity Analyst.

PenTest+

CompTIA

Intermediate

Vendor-neutral pentest.

CASP+

CompTIA

Advanced

Advanced Security Practitioner.

CISSP

(ISC)²

Senior

The flagship management cert; 5 yrs exp; CBK.

SSCP

(ISC)²

Intermediate

Systems Security Cert Practitioner.

CISM

ISACA

Senior

Mgmt-focused; governance.

CISA

ISACA

Senior

Audit-focused.

CRISC

ISACA

Senior

Risk + IS controls.

CGEIT

ISACA

Senior

Governance.

CSX-P

ISACA

Intermediate

Practitioner perf-based.

CCSP

(ISC)²

Senior

Cloud security.

Offensive security / pentest#

Cert

Body

Level

Notes

OSCP

OffSec

Intermediate

Practical 24-hr pentest; ground-truth signal for offensive roles.

OSEP

OffSec

Advanced

Advanced evasion / pivoting.

OSED

OffSec

Advanced

Exploit development.

OSWE

OffSec

Advanced

Advanced web attacks.

OSWP

OffSec

Intermediate

Wireless.

OSCE3

OffSec

Expert

OSEP + OSED + OSWE bundle.

PNPT

TCM Security

Intermediate

Practical Network Pen Tester.

PJPT

TCM Security

Entry

Junior pentester.

CRTP

Altered Security

Intermediate

AD red-team (former Pentester Academy).

CRTE

Altered Security

Advanced

AD enterprise red team.

CRTO

Zero-Point Security

Intermediate

Cobalt Strike + Red Team Ops.

CRTL

Zero-Point Security

Advanced

Red Team Lead.

CARTP

Altered Security

Intermediate

Azure red team.

CARTE

Altered Security

Advanced

Azure red team enterprise.

CARTS

Altered Security

Advanced

AWS red team.

CRTM

Altered Security

Advanced

Multi-cloud / hybrid.

GPEN

GIAC

Intermediate

SANS network pentest.

GWAPT

GIAC

Intermediate

SANS web pentest.

GXPN

GIAC

Advanced

SANS exploit dev / advanced pen test.

GMOB

GIAC

Intermediate

SANS mobile pentest.

GAWN

GIAC

Intermediate

SANS wireless.

GRTP

GIAC

Intermediate

Red team pro.

CEH (Practical)

EC-Council

Intermediate

Industry-known but quality varies.

CHFI

EC-Council

Intermediate

Forensic.

CPTC / CPTS

HTB Academy

Intermediate

Hack The Box practical pen test.

eJPT

INE / eLearn

Entry

Junior pentester.

eCPPT

INE / eLearn

Intermediate

Pentest.

eWPT / eWPTX

INE / eLearn

Intermediate

Web pentest.

eMAPT

INE / eLearn

Intermediate

Mobile.

eCRE

INE / eLearn

Advanced

Exploit dev.

Blue team / defense / IR#

Cert

Body

Level

Notes

GCFA

GIAC

Intermediate

Forensic Analyst.

GCFE

GIAC

Intermediate

Forensic Examiner (Windows).

GCIH

GIAC

Intermediate

Incident Handler.

GREM

GIAC

Advanced

Reverse-Engineering Malware.

GMON

GIAC

Intermediate

Continuous Monitoring.

GCDA

GIAC

Intermediate

Detection Analyst.

GCIA

GIAC

Intermediate

Intrusion Analyst.

GCED

GIAC

Intermediate

Enterprise Defender.

GDAT

GIAC

Intermediate

Defending Advanced Threats.

GNFA

GIAC

Intermediate

Network Forensic Analyst.

GBFA

GIAC

Intermediate

Battlefield Forensics.

GASF

GIAC

Intermediate

Smartphone Forensic.

GCTI

GIAC

Intermediate

Cyber Threat Intel.

GOSI

GIAC

Intermediate

Open-Source Intelligence.

BTL1 / BTL2

Security Blue Team

Intermediate

Blue Team Level 1 / 2 (UK).

CCD

CyberDefenders.org

Intermediate

Cyber Defender / DFIR.

CDSA

SANS / GIAC

Intermediate

SOC analyst.

CCSA

IACIS

Intermediate

Computer Forensic Examiner.

CFCE

IACIS

Intermediate

Forensic Computer Examiner.

EnCE

OpenText

Intermediate

EnCase Certified Examiner.

ACE

AccessData

Intermediate

FTK Certified Examiner.

Cloud security#

Cert

Body

Level

Notes

AWS Cert Cloud Pract.

AWS

Entry

Foundational.

AWS Cert Solutions Ar ch

AWS

Associate / Pro

Architect tracks.

AWS Cert Security

AWS

Specialty

Security specialty.

AWS Cert SysOps

AWS

Associate

Ops.

Azure AZ-900

Microsoft

Entry

Fundamentals.

Azure AZ-104

Microsoft

Intermediate

Administrator.

Azure AZ-500

Microsoft

Intermediate

Security Engineer.

Azure SC-200

Microsoft

Intermediate

Security Operations.

Azure SC-300

Microsoft

Intermediate

Identity & Access.

Azure SC-400

Microsoft

Intermediate

Information Protection.

GCP Pro Cloud Security

Google

Pro

Pro Cloud Security Engineer.

GCP Pro Cloud Architect

Google

Pro

Pro Cloud Architect.

CCSP

(ISC)²

Senior

Cloud security.

CCSK

CSA

Intermediate

Cert of Cloud Sec Knowledge.

CCAK

CSA + ISACA

Intermediate

Cloud Auditing Knowledge.

CKA

CNCF

Intermediate

Kubernetes Administrator.

CKAD

CNCF

Intermediate

Kubernetes App Developer.

CKS

CNCF

Intermediate

Kubernetes Security Specialist.

KCSA

CNCF

Entry

Kubernetes Cloud Security Associate.

KCNA

CNCF

Entry

K8s + Cloud Native Associate.

Networking / vendor#

Cert

Body

Level

Notes

Network+

CompTIA

Entry

Vendor-neutral.

CCNA

Cisco

Associate

Networking baseline.

CCNP Sec

Cisco

Pro

Security pro.

CCIE Security

Cisco

Expert

Top Cisco; rare + lab.

JNCIA / JNCIS / JNCIP

Juniper

Various

Juniper tracks; -SEC for security.

PCNSA / PCNSE

Palo Alto

Associate / Eng

Palo Alto admin / engineer.

NSE 4-8

Fortinet

Intermediate / Adv

FortiGate certs.

CWSP

CWNP

Intermediate

Wireless.

F5-CA / F5-CTS

F5

Various

F5 BIG-IP.

HCIA / HCIP / HCIE

Huawei

Various

Huawei tracks (relevant in non-US markets).

Audit / governance / privacy#

Cert

Body

Level

Notes

CISA

ISACA

Senior

Audit (above).

CISM

ISACA

Senior

Mgmt (above).

CIPP/E, /US, /A, /C

IAPP

Intermediate

Privacy by region.

CIPM

IAPP

Intermediate

Privacy management.

CIPT

IAPP

Intermediate

Privacy tech.

ISO 27001 LA / LI

Various

Practitioner

Lead Auditor / Lead Implementer.

CSA STAR Auditor

BSI / others

Practitioner

Cloud audit.

SOC 1 / 2 / 3 audit

AICPA

n/a

Service Org Control reports (auditor cert: CPA).

ICS / OT#

Cert

Body

Level

Notes

GICSP

GIAC

Intermediate

Global ICS Pro.

GRID

GIAC

Intermediate

Response + Industrial Defense.

GCIP

GIAC

Intermediate

Critical Infrastructure Protection.

ISA/IEC 62443

ISA

Practitioner

62443 Cybersecurity Fundamentals / Risk / Design / Maint.

Programming / app sec / DevSecOps#

Cert

Body

Level

Notes

CSSLP

(ISC)²

Senior

Secure SDLC.

GSEC

GIAC

Intermediate

Security Essentials.

GSSP-JAVA / .NET

GIAC

Intermediate

Secure programming.

GWEB

GIAC

Intermediate

Web app defender.

GAS

GIAC

Intermediate

App Sec.

DCSA

Practical DevSecOps

Intermediate

DevSecOps Cert Architect.

CDP

Practical DevSecOps

Intermediate

Cert DevSecOps Pro.

Frameworks / vendor mention#

  • DoD 8570 / 8140 IAT / IAM / IASAE maps certs to US-DoD baseline IA roles. Common: Sec+ → IAT II; CISSP → IAT III + IAM III; GSEC → IAT II.

  • NICE Framework, US workforce framework that maps work roles to KSAs and certs.

  • CREST, UK + global pentest accreditation (CRT, CCT INF/APP, CCSAS, CCSAM); important for UK gov work.

  • TIBER-EU, ECB threat-led red team framework; aligned with CREST + Bank of England CBEST.

  • Tiger Scheme, UK red team accreditation (predecessor of CHECK).

  • CHECK, UK NCSC-backed pentest scheme.

  • TLPT (DORA), threat-led pentest required of EU financial entities under DORA.

Operator notes#

  • OSCP > most entry pentest certs for hands-on signal; GIAC and OffSec dominate the high-trust market.

  • CISSP is the gate for management roles; the test is about NIST-flavoured governance, not technique.

  • GIAC certs are expensive ($1k+ exam, often coupled to $7-9k SANS courses); but high-respect.

  • Vendor specialty matters in MSP / consulting (PCNSE, CCIE Sec, NSE 7-8); ignored in pure offensive shops.

  • Renewal, (ISC)² CPE every 3 yrs; ISACA every 3 yrs; GIAC every 4 yrs; OffSec one-time then continuing OSCC.

  • Not equivalent, CEH and the OSCP are not equivalent; CEH is theory, OSCP is performance.

  • Bug-bounty work doesn’t require certs; reputation + HackerOne / Bugcrowd score is the signal (see Bug Bounty Programs).

  • Government clearance may be a stronger filter than any cert for cleared work.

References#