Security Certifications#
Reference of cybersecurity, cloud, networking, audit, and training certifications. Useful for resume signaling, course content, and procurement gate (GS-13 / DOD 8570 / IAT II / III equivalents). Listings note vendor, level, and the typical audience.
General security#
Cert |
Body |
Level |
Notes |
|---|---|---|---|
Security+ |
CompTIA |
Entry |
Vendor-neutral baseline; DoD 8570 IAT II. |
CySA+ |
CompTIA |
Intermediate |
Cybersecurity Analyst. |
PenTest+ |
CompTIA |
Intermediate |
Vendor-neutral pentest. |
CASP+ |
CompTIA |
Advanced |
Advanced Security Practitioner. |
CISSP |
(ISC)² |
Senior |
The flagship management cert; 5 yrs exp; CBK. |
SSCP |
(ISC)² |
Intermediate |
Systems Security Cert Practitioner. |
CISM |
ISACA |
Senior |
Mgmt-focused; governance. |
CISA |
ISACA |
Senior |
Audit-focused. |
CRISC |
ISACA |
Senior |
Risk + IS controls. |
CGEIT |
ISACA |
Senior |
Governance. |
CSX-P |
ISACA |
Intermediate |
Practitioner perf-based. |
CCSP |
(ISC)² |
Senior |
Cloud security. |
Offensive security / pentest#
Cert |
Body |
Level |
Notes |
|---|---|---|---|
OSCP |
OffSec |
Intermediate |
Practical 24-hr pentest; ground-truth signal for offensive roles. |
OSEP |
OffSec |
Advanced |
Advanced evasion / pivoting. |
OSED |
OffSec |
Advanced |
Exploit development. |
OSWE |
OffSec |
Advanced |
Advanced web attacks. |
OSWP |
OffSec |
Intermediate |
Wireless. |
OSCE3 |
OffSec |
Expert |
OSEP + OSED + OSWE bundle. |
PNPT |
TCM Security |
Intermediate |
Practical Network Pen Tester. |
PJPT |
TCM Security |
Entry |
Junior pentester. |
CRTP |
Altered Security |
Intermediate |
AD red-team (former Pentester Academy). |
CRTE |
Altered Security |
Advanced |
AD enterprise red team. |
CRTO |
Zero-Point Security |
Intermediate |
Cobalt Strike + Red Team Ops. |
CRTL |
Zero-Point Security |
Advanced |
Red Team Lead. |
CARTP |
Altered Security |
Intermediate |
Azure red team. |
CARTE |
Altered Security |
Advanced |
Azure red team enterprise. |
CARTS |
Altered Security |
Advanced |
AWS red team. |
CRTM |
Altered Security |
Advanced |
Multi-cloud / hybrid. |
GPEN |
GIAC |
Intermediate |
SANS network pentest. |
GWAPT |
GIAC |
Intermediate |
SANS web pentest. |
GXPN |
GIAC |
Advanced |
SANS exploit dev / advanced pen test. |
GMOB |
GIAC |
Intermediate |
SANS mobile pentest. |
GAWN |
GIAC |
Intermediate |
SANS wireless. |
GRTP |
GIAC |
Intermediate |
Red team pro. |
CEH (Practical) |
EC-Council |
Intermediate |
Industry-known but quality varies. |
CHFI |
EC-Council |
Intermediate |
Forensic. |
CPTC / CPTS |
HTB Academy |
Intermediate |
Hack The Box practical pen test. |
eJPT |
INE / eLearn |
Entry |
Junior pentester. |
eCPPT |
INE / eLearn |
Intermediate |
Pentest. |
eWPT / eWPTX |
INE / eLearn |
Intermediate |
Web pentest. |
eMAPT |
INE / eLearn |
Intermediate |
Mobile. |
eCRE |
INE / eLearn |
Advanced |
Exploit dev. |
Blue team / defense / IR#
Cert |
Body |
Level |
Notes |
|---|---|---|---|
GCFA |
GIAC |
Intermediate |
Forensic Analyst. |
GCFE |
GIAC |
Intermediate |
Forensic Examiner (Windows). |
GCIH |
GIAC |
Intermediate |
Incident Handler. |
GREM |
GIAC |
Advanced |
Reverse-Engineering Malware. |
GMON |
GIAC |
Intermediate |
Continuous Monitoring. |
GCDA |
GIAC |
Intermediate |
Detection Analyst. |
GCIA |
GIAC |
Intermediate |
Intrusion Analyst. |
GCED |
GIAC |
Intermediate |
Enterprise Defender. |
GDAT |
GIAC |
Intermediate |
Defending Advanced Threats. |
GNFA |
GIAC |
Intermediate |
Network Forensic Analyst. |
GBFA |
GIAC |
Intermediate |
Battlefield Forensics. |
GASF |
GIAC |
Intermediate |
Smartphone Forensic. |
GCTI |
GIAC |
Intermediate |
Cyber Threat Intel. |
GOSI |
GIAC |
Intermediate |
Open-Source Intelligence. |
BTL1 / BTL2 |
Security Blue Team |
Intermediate |
Blue Team Level 1 / 2 (UK). |
CCD |
CyberDefenders.org |
Intermediate |
Cyber Defender / DFIR. |
CDSA |
SANS / GIAC |
Intermediate |
SOC analyst. |
CCSA |
IACIS |
Intermediate |
Computer Forensic Examiner. |
CFCE |
IACIS |
Intermediate |
Forensic Computer Examiner. |
EnCE |
OpenText |
Intermediate |
EnCase Certified Examiner. |
ACE |
AccessData |
Intermediate |
FTK Certified Examiner. |
Cloud security#
Cert |
Body |
Level |
Notes |
|---|---|---|---|
AWS Cert Cloud Pract. |
AWS |
Entry |
Foundational. |
AWS Cert Solutions Ar ch |
AWS |
Associate / Pro |
Architect tracks. |
AWS Cert Security |
AWS |
Specialty |
Security specialty. |
AWS Cert SysOps |
AWS |
Associate |
Ops. |
Azure AZ-900 |
Microsoft |
Entry |
Fundamentals. |
Azure AZ-104 |
Microsoft |
Intermediate |
Administrator. |
Azure AZ-500 |
Microsoft |
Intermediate |
Security Engineer. |
Azure SC-200 |
Microsoft |
Intermediate |
Security Operations. |
Azure SC-300 |
Microsoft |
Intermediate |
Identity & Access. |
Azure SC-400 |
Microsoft |
Intermediate |
Information Protection. |
GCP Pro Cloud Security |
Pro |
Pro Cloud Security Engineer. |
|
GCP Pro Cloud Architect |
Pro |
Pro Cloud Architect. |
|
CCSP |
(ISC)² |
Senior |
Cloud security. |
CCSK |
CSA |
Intermediate |
Cert of Cloud Sec Knowledge. |
CCAK |
CSA + ISACA |
Intermediate |
Cloud Auditing Knowledge. |
CKA |
CNCF |
Intermediate |
Kubernetes Administrator. |
CKAD |
CNCF |
Intermediate |
Kubernetes App Developer. |
CKS |
CNCF |
Intermediate |
Kubernetes Security Specialist. |
KCSA |
CNCF |
Entry |
Kubernetes Cloud Security Associate. |
KCNA |
CNCF |
Entry |
K8s + Cloud Native Associate. |
Networking / vendor#
Cert |
Body |
Level |
Notes |
|---|---|---|---|
Network+ |
CompTIA |
Entry |
Vendor-neutral. |
CCNA |
Cisco |
Associate |
Networking baseline. |
CCNP Sec |
Cisco |
Pro |
Security pro. |
CCIE Security |
Cisco |
Expert |
Top Cisco; rare + lab. |
JNCIA / JNCIS / JNCIP |
Juniper |
Various |
Juniper tracks; -SEC for security. |
PCNSA / PCNSE |
Palo Alto |
Associate / Eng |
Palo Alto admin / engineer. |
NSE 4-8 |
Fortinet |
Intermediate / Adv |
FortiGate certs. |
CWSP |
CWNP |
Intermediate |
Wireless. |
F5-CA / F5-CTS |
F5 |
Various |
F5 BIG-IP. |
HCIA / HCIP / HCIE |
Huawei |
Various |
Huawei tracks (relevant in non-US markets). |
Audit / governance / privacy#
Cert |
Body |
Level |
Notes |
|---|---|---|---|
CISA |
ISACA |
Senior |
Audit (above). |
CISM |
ISACA |
Senior |
Mgmt (above). |
CIPP/E, /US, /A, /C |
IAPP |
Intermediate |
Privacy by region. |
CIPM |
IAPP |
Intermediate |
Privacy management. |
CIPT |
IAPP |
Intermediate |
Privacy tech. |
ISO 27001 LA / LI |
Various |
Practitioner |
Lead Auditor / Lead Implementer. |
CSA STAR Auditor |
BSI / others |
Practitioner |
Cloud audit. |
SOC 1 / 2 / 3 audit |
AICPA |
n/a |
Service Org Control reports (auditor cert: CPA). |
ICS / OT#
Cert |
Body |
Level |
Notes |
|---|---|---|---|
GICSP |
GIAC |
Intermediate |
Global ICS Pro. |
GRID |
GIAC |
Intermediate |
Response + Industrial Defense. |
GCIP |
GIAC |
Intermediate |
Critical Infrastructure Protection. |
ISA/IEC 62443 |
ISA |
Practitioner |
62443 Cybersecurity Fundamentals / Risk / Design / Maint. |
Programming / app sec / DevSecOps#
Cert |
Body |
Level |
Notes |
|---|---|---|---|
CSSLP |
(ISC)² |
Senior |
Secure SDLC. |
GSEC |
GIAC |
Intermediate |
Security Essentials. |
GSSP-JAVA / .NET |
GIAC |
Intermediate |
Secure programming. |
GWEB |
GIAC |
Intermediate |
Web app defender. |
GAS |
GIAC |
Intermediate |
App Sec. |
DCSA |
Practical DevSecOps |
Intermediate |
DevSecOps Cert Architect. |
CDP |
Practical DevSecOps |
Intermediate |
Cert DevSecOps Pro. |
Frameworks / vendor mention#
DoD 8570 / 8140 IAT / IAM / IASAE maps certs to US-DoD baseline IA roles. Common: Sec+ → IAT II; CISSP → IAT III + IAM III; GSEC → IAT II.
NICE Framework, US workforce framework that maps work roles to KSAs and certs.
CREST, UK + global pentest accreditation (CRT, CCT INF/APP, CCSAS, CCSAM); important for UK gov work.
TIBER-EU, ECB threat-led red team framework; aligned with CREST + Bank of England CBEST.
Tiger Scheme, UK red team accreditation (predecessor of CHECK).
CHECK, UK NCSC-backed pentest scheme.
TLPT (DORA), threat-led pentest required of EU financial entities under DORA.
Operator notes#
OSCP > most entry pentest certs for hands-on signal; GIAC and OffSec dominate the high-trust market.
CISSP is the gate for management roles; the test is about NIST-flavoured governance, not technique.
GIAC certs are expensive ($1k+ exam, often coupled to $7-9k SANS courses); but high-respect.
Vendor specialty matters in MSP / consulting (PCNSE, CCIE Sec, NSE 7-8); ignored in pure offensive shops.
Renewal, (ISC)² CPE every 3 yrs; ISACA every 3 yrs; GIAC every 4 yrs; OffSec one-time then continuing OSCC.
Not equivalent, CEH and the OSCP are not equivalent; CEH is theory, OSCP is performance.
Bug-bounty work doesn’t require certs; reputation + HackerOne / Bugcrowd score is the signal (see Bug Bounty Programs).
Government clearance may be a stronger filter than any cert for cleared work.