Security Certification Guide

Get started Bring yourself up to speed with our introductory content.

IT certification guide: Vendor-specific information security certifications

Newly updated, experts Ed Tittel and Mary Kyle guide you through the crowded field of vendor-specific information security certifications.

Despite the sizable collection of vendor-specific security certifications, identifying which ones best suit your...

educational or career needs is fairly straightforward.

In this latest update to our vendor-specific IT certification list, you'll find an alphabetized security certification list of programs from various vendors, a brief description of each certification and pointers to further details. We also provide some tips on choosing the right certification for your needs.

As always, we want to make sure this guide meets your needs and answers all your certification-related questions. Are there certifications or cert-related topics you'd like to learn more about that aren't listed in this guide? Email and let us know!

Introduction: Choosing vendor-specific security certifications 

The process of choosing vendor-specific security certifications is much simpler than choosing vendor-neutral ones. In the vendor-neutral landscape, you must evaluate the pros and cons of various programs to select a viable option. On the vendor-specific side, it's only necessary to follow these three steps:

  1. Inventory your organization's security infrastructure and identify which vendors' products or services are present.
  2. Check this guide (and vendor websites for items that don't appear here) to determine whether a certification applies to products or services in your organization.
  3. Decide if spending the time and money to obtain such credentials (or to fund them for your employees) is worth the resulting benefits.

In an environment where numerous jobs exist for every qualified IT security professional, the benefits of individual training and certifications can be hard to appraise. Many employers pay the costs involved in achieving certification in an effort to develop and retain their employees, as well as to boost the organization's in-house expertise. Most see this as a win-win for employers and employees alike. On the flip side, however, employers often require full or partial reimbursement for related costs they incur if employees decide to leave their jobs sooner than some specified payback period after cert completion.

Summary of changes

There have been quite a few changes since our last survey update in 2013. We've added various elements that have turned up in the meantime, including security certifications from Cisco Systems Inc., EMC RSA, IBM, McAfee (now owned by Intel Corp.) and Symantec Corp.

Yet, if you look at the summary table, you'll see the number of intermediate vendor certs suffered a significant decline over the past year. This comes primarily as the result of the loss of the Cisco Certified Security Specialist (CCSS). This credential boasted at least seven different concentrations that were counted as individual certifications in our last guide. The CCSS, along with its concentrations, were all retired in 2014. Other certifications, such as the Sourcefire SnortCP and the RHCSS, also retired.

Several certs from Cisco, EMC RSA and Symantec were added in the intermediate category, as well as a new certification from IBM in the advanced area. In the foundation or basic certification level is an interesting new certification from McAfee -- the Certified McAfee Security Specialist (CMSS) -- which comes in five different versions: DLPe, ePO, HIPs, NGFW and NSP. McAfee is in the process of releasing a sixth CMSS certification -- CMSS-SIEM -- and is developing a few other certifications, all of which we hope to report on in the next review cycle.

Now, we're ready to dive into a big heaping bowl of alphabet soup to explore the vendor-specific security-related certification programs that occupy this landscape.

Basic certifications 

CCNA Security -- Cisco Certified Network Associate (CCNA) Security
Prerequisites: A valid Cisco CCNA Routing and Switching, Cisco Certified Entry Networking Technician (CCENT) or Cisco Certified Internetwork Expert (CCIE) certification

This credential recognizes associate-level professionals who can install, troubleshoot and monitor Cisco routed and switched network devices for the purpose of protecting both the devices and networked data. A person with a CCNA Security certification knows how to plan and implement a security infrastructure, can identify threats and vulnerabilities to networks, and can mitigate security threats. CCNA credential holders also possess the technical skills and expertise necessary to maintain access control lists, virtual LANs and routing protocols including IP, Ethernet and gateway. The successful completion of one exam is required to obtain this credential.
Source: Cisco

CCSA R77 -- Check Point Certified Security Administrator
Prerequisites: While there are no prerequisites, CCSA R77 training and six months to one year of experience with Check Point products are recommended.

Check Point's foundation-level credential prepares individuals to manage basic installations of Check Point security systems products and technologies, such as: Security Gateway, firewall, SmartConsole, remote access VPN, IPSEC VPN, user directory, antispam/virus/mail, URL filtering and identity awareness. Credential holders also possess the skills necessary to configure such systems and manage day-to-day operations of Check Point Security Gateway and Management Software Blades systems on GaiA operating systems. Topics covered include securing Internet communications, backing up and restoring networks, upgrading products, troubleshooting network connections, configuring security policies, protecting email, protecting message content, defending networks from intrusions and other threats, analyzing attacks, managing user access in a corporate LAN environment, and configuring tunnels for remote access to corporate resources. Candidates must pass a single exam to obtain this credential.
Source: Check Point Software Technologies Ltd.

CMSS -- Certified McAfee Security Specialist
Prerequisites: None, although completion of an associated training course is highly recommended.

CMSS certification holders possess the knowledge and technical skills necessary to install, configure, manage and troubleshoot specific McAfee products or, in some cases, a suite of products. Candidates should possess one to three years of direct experience with one of the specific product areas.

The current products targeted by this credential include:

  • CMSS -- DLPe, focused on McAfee Data Loss Prevention Endpoint products
  • CMSS -- ePO, focused on McAfee ePolicy Orchestrator and VirusScan products
  • CMSS -- HIPs, focused on McAfee Host Intrusion Prevention system
  • CMSS – NGFW, focused on McAfee Next Generation Firewall
  • CMSS -- NSP, focused on McAfee Network Security Platform

All credentials require passing one exam. The new SIEM credential mentioned in the introduction covers the Security Information and Event Management products from McAfee.
Source: McAfee, Inc.

FCESP -- Fortinet Certified Email Security Professional
Prerequisites: None, although the training course, "221-FortiMail Email Filtering" is highly recommended.

This credential recognizes individuals who configure, manage, monitor and administer FortiMate devices, and work with SMTPS, SMTP over TLS, and S/MIME to regulate use of company resources and protect against spam, malware and message-borne threats. Candidates must possess an understanding of FortiMail administration and configuration functions as well as email security threats and how to protect against them. To obtain the FCESP, candidates must pass a single exam.
Source: Fortinet Inc.

FCNSA -- Fortinet Certified Network Security Administrator
Prerequisites: None, although the training course, "201-FortiGate Multi-Threat Security Systems I" is highly recommended.

This credential recognizes individuals who configure, manage, monitor and administer FortiGate devices, and work with VPNs and firewall policies. Candidates must possess an understanding of the Fortinet line of products, hardware and services. To obtain the FCNSA, candidates must pass a single exam.
Source: Fortinet Inc.

MTA -- Microsoft Technology Associate
This credential started as an academic-only credential for students, but it was made available to the general public in 2012, which is why it is included here. There are 11 different MTA credentials across three tracks (IT Infrastructure with four certs, Database with one and Development with six). Nearly all of these credentials include a security component or topic area.

To earn each MTA certification, candidates must pass the corresponding exam. 
Source: Microsoft

SCS -- Symantec Certified Specialist
This security certification program focuses on data protection, high availability and security skills involving Symantec products. To become an SCS, candidates must select an area of focus and pass an exam. All exams cover core elements, such as installation, configuration, product administration, day-to-day operation and troubleshooting for the selected focus area.

As of this writing, the following exams are available:

  • Exam 250-254: Administration of Symantec Cluster Server 6.1 for Unix
  • Exam 250-255: Administration of Symantec Storage Foundation 6.1 for Unix
  • Exam 250-271: Administration of Symantec NetBackup 7.5 for Unix
  • Exam 250-310: Administration of Symantec Enterprise Vault 10.0 for Exchange
  • Exam 250-315: Administration of Symantec Endpoint Protection 12.1
  • Exam 250-316: Administration of Symantec Backup Exec 2012
  • Exam 250-352: Administration of Veritas Storage Foundation and High Availability Solutions 6.0 for Windows
  • Exam 250-371: Administration of Symantec NetBackup 7.5 for Windows
  • Exam 250-403: Administration of Symantec Management Platform 7.1
  • Exam 250-407: Administration of Symantec Client Management Suite 7.1 / 7.x
  • Exam 250-409: Administration of Symantec Clearwell eDiscovery Platform 7.1
  • Exam 250-410: Administration of Symantec Control Compliance Suite 11.x
  • Exam 250-505: Administration of Symantec Data Center Security: Server Advanced 6.0
  • Exam 250-513: Administration of Symantec Data Loss Prevention 12
  • Exam 250-530: Administration of Symantec Network Access Control 12.1

In addition to exams for current product offerings, Symantec maintains a number of exams on legacy product versions. Current available legacy exam topics include administration of Veritas cluster servers, storage foundation for Unix, Symantec NetBackup and data loss prevention. IT professionals working on legacy products should consult Symantec to determine if a particular credential is still available.
Source: Symantec Corp.

Editor's note: McAfee is currently in the process of developing a Certified McAfee Security Administrator (CMSA) and Certified McAfee Security Expert (CMSX) credentials. While release details are not yet final, we'll update this guide in the next review cycle should those credentials become available.

Intermediate certifications 

CCNP Security -- Cisco Certified Network Professional (CCNP) Security
Prerequisites: CCNA Security or any CCIE certification.

This Cisco credential recognizes professionals who are responsible for router, switch, networking device and appliance security. Candidates must also know how to select, deploy, support and troubleshoot firewalls, VPNs and IDS/IPS products in a networking environment. Successful completion of four exams is required.
Source: Cisco Systems

CCSE R77 -- Check Point Certified Security Expert
Prerequisite: CCSA certification R70 or later

This is an intermediate-level credential aimed at VPN implementations, advanced user management and firewall concepts, policies, data loss prevention, strategies and advanced troubleshooting for Check Point Software Blades. The CCSE focuses on Check Point's VPN, Security Gateway and Management Server systems. To acquire this credential, candidates must pass one exam.
Source: Check Point Software Technologies Ltd.

Cisco Cybersecurity Specialist
Prerequisites: None; however, CCNA Security certification and an understanding of TCP/IP are recommended.

This Cisco credential targets IT security professionals who possess expert-level technical skills and knowledge in the field of threat detection and mitigation. The certification focuses on areas such as event monitoring, event analysis (traffic, alarm, security events) and incident response. One exam is required.
Source: Cisco

CSSA -- Certified SonicWall Security Administrator (CSSA)
The CSSA now comes from Dell Inc. thanks to its 2012 acquisition of SonicWall. The exam covers basic administration of SonicWall appliances and the network and system security behind such appliances. Classroom training is available but not required to earn CSSA; candidates must pass one exam to become certified.
Source: Dell Inc.

EnCE -- EnCase Certified Examiner
Prerequisites: Candidates must attend 64 hours of authorized training or have 12 months of computer forensic experience. Completion of a formal application process is also required.

Aimed at both private- and public-sector computer forensic specialists, this certification permits individuals to become certified in the use of Guidance Software's EnCase computer forensics tools and software.

Individuals gain certification by passing a two-phase exam: a computer-based component and a practical component.
Source: Guidance Software Inc.

EnCEP -- EnCase Certified eDiscovery Practitioner
Prerequisites: Candidates must attend one of two authorized training options and have three months of experience in eDiscovery collection, processing and/or project management. A formal application process is also required.

Aimed at both private- and public-sector computer forensic specialists, this certification permits individuals to become certified in the use of Guidance Software Inc.'s EnCase eDiscovery software, and recognizes their proficiency in eDiscovery planning, project management and best practices from legal hold to file creation. EnCEP professionals possess technical skills necessary to manage e-discovery, including search, collection, preservation and processing of electronically stored information (ESI), in accordance with the Federal Rules of Civil Procedure.

Individuals gain certification by passing a two-phase exam: a computer-based component and a scenario component.
Source: Guidance Software Inc.

FCNSP -- Fortinet Certified Network Security Professional
Prerequisite: Fortinet Certified Network Security Administrator (FCNSA)

The FCNSP credential recognizes individuals who install, configure and troubleshoot all FortiGate product features and functionality. Candidates should also have a good working knowledge of FortiAnalyzer, in addition to a basic understanding of the entire Fortinet line of products and services. FCNSP candidates possess skills necessary to take advantage of features for large-scale environments such as HA and redundant VPNs to configure multiple FortiGate devices.

Candidates must pass the FCNSP exam, and have already passed the FCNSA exam.
Source: Fortinet Inc.

Oracle Certified Expert, Oracle Solaris 10 Certified Security Administrator
Prerequisite: Oracle Certified Professional, Oracle Solaris 10 System Administrator

This credential aims to identify experienced Solaris 10 administrators with security interest and experience. It's a mid-range credential that focuses on general security principles and features, installing systems securely, application and network security, principles of least privilege, cryptographic features, auditing and zone security. A single exam -- geared toward the Solaris 10 operating system or the OpenSolaris environment -- is required to obtain this credential.
Source: Oracle

RSA Archer CA -- RSA Archer Certified Administrator (CA)
Prerequisites: None, although EMC2 highly recommends RSA training and two years of product experience as preparation for RSA certification exams.

EMC2 offers this certification, which is designed for security professionals who manage, administer, maintain and troubleshoot the RSA Archer eGRC platform. Candidates must pass one exam (code 050-v5x-CAARCHER01), which focuses on integration and configuration management, security administration, and data presentation and communication features of the RSA Archer eGRC product.
Source: EMC Corporation

RSA SecurID CA -- RSA SecurID Certified Administrator (RSA Authentication Manager 8.0)
Prerequisites: None, although EMC2 highly recommends RSA training and two years of product experience as preparation for RSA certification exams.

EMC2 offers this certification, which is designed for security professionals who manage, maintain and administer enterprise security systems based on RSA SecurID system products and RSA Authentication Manager 8.0. RSA SecurID CAs can operate and maintain RSA SecurID components within the context of their operational systems and environments, troubleshoot security and implementation problems, and work with updates, patches and fixes. They can also perform administration functions and populate and manage users, set up and use software authenticators, and understand the configuration required for RSA Authentication Manager 8.0 system operations.
Source: EMC Corporation

RSA Security Analytics CA -- RSA Security Analytics Certified Administrator (CA)
Prerequisites: None, although EMC2 highly recommends RSA training and two years of product experience as preparation for RSA certification exams.

This EMC2 certification is aimed at security professionals who configure, manage, administer and troubleshoot the RSA Security Analytics product. Knowledge of the product’s features, as well using the product to identify security concerns, is key. Candidates must pass one exam (code 050-103-CARSASA01), which focuses on knowledge of RSA Security Analytics functions and capabilities, configuration, management, monitoring and troubleshooting.
Source: EMC Corporation

SAINT certification
Prerequisites: None.

SAINT certification requires attending a training course geared toward information security professionals and system administrators. SAINT offers online and Jumpstart training in addition to classroom training. A full-course agenda is required to become certified.

The course focuses on TCP/IP and security fundamentals as well as installing, configuring and using SAINT and SAINTwriter, configuring scan range, performing vulnerability assessments with SAINTscanner, penetration testing with SAINTexploit, and vulnerability management using SAINTmanager. SAINT credential holders possess the technical skills necessary to resolve complex security issues using SAINT technologies.

There is no exam to achieve certification; however, candidates must be attend two days of training.
Source: SAINT Corp.

Advanced certifications 

CCIE Security -- Cisco Certified Internetwork Expert (CCIE) Security
Prerequisites: None; however, three to five years of professional working experience recommended.

Arguably one of the most coveted certifications around, the CCIE is in a league of its own. Having been around since 2002, the CCIE Security track is nonpareil for those interested in dealing with information security topics, tools and technologies in networks built using or around Cisco products and platforms. CCIE candidates possess expert technical skills and knowledge of security and VPN products, understanding of Windows, Unix, Linux, HTTP, SMTP, FTP and DNS, in-depth understanding of Layer 2 and 3 network infrastructures, and ability to configure end-to-end secure networks, as well as troubleshooting and threat mitigation.

To achieve certification, candidates must pass both a written and lab exam. The lab exam must be passed within 18 months of successful completion of the written exam.
Source: Cisco Systems Inc.

CCSM -- Check Point Security Master
Prerequisites: CCSE R70 or later, and experience with Windows Server, UNIX, TCP/IP and networking and Internet technologies.

The CCSM is the most advanced Check Point certification available. This credential is aimed at security professionals who implement, manage and troubleshoot multifaceted Check Point security products. Candidates must be experts in perimeter, internal, Web and endpoint security systems. To acquire this credential, candidates must pass a written exam.
Source: Check Point Software Technologies Ltd.

CSSP -- Certified SonicWall Security Professional
Prerequisites: Associated CSSA certification.

Those who achieve this certification have attained a high level of mastery of Dell SonicWall products. In addition, credential holders can deploy, optimize and troubleshoot all associated product features. Earning a CSSP requires specific experience, taking an "Advanced Administration" course that focuses on either network security or secure mobile access, taking an e-learning course (Network Security track only) and passing the associated certification exam.
Source: Dell Inc.

IBM Certified Administrator – Tivoli Monitoring V6.3
Prerequisites: Security-related requirements include basic knowledge of SSL, data encryption and system user accounts.

Those who attain this certification can plan, install, configure, upgrade and customize workspaces, policies and more. In addition, credential holders can troubleshoot, administer and maintain an IBM Tivoli Monitoring V6.3 environment. Candidates must successfully pass one exam.
Source: IBM

IBM Certified Advanced Deployment Professional -- IBM Service Management Security and Compliance V4
This certification recognizes individuals who demonstrate a high level of implementation knowledge and skills in IBM Tivoli Security, risk and compliance products. Three exams are required to obtain this certification; the two required exams cover Tivoli Identity Manager V5.1 Implementation and Tivoli Access Manager for e-business V6.1.1 Implementation. Candidates may select the third exam from IBM Security Access Manager for Enterprise Single Sign-on V8.2 Implementation, or substitute with the CompTIA Security+, (ISC)2 SSCP or (ISC)2 CISSP. (Candidates should review the website for the current list of exams which qualify to fulfill the third exam requirement.)
Source: IBM

IBM Certified Advanced Deployment Professional -- IBM Service Management Security Intrusion Protection V1
Those who hold this certification must demonstrate they possess in-depth knowledge and technical skills in the area of IBM Tivoli Security Intrusion Protection products. To gain the credential, candidates must pass two IBM-specific exams (IBM Security SiteProtector Systems V2.0 SP8.1 and IBM Security Network Intrusion Prevention System V4.3 Implementation) and pass one of the following exams: (ISC)2 SSCP, (ISC)2 CISSP or SNIA Storage Networking Management & Administration. (Candidates should review the website for the current list of exams which qualify to fulfill the third exam requirement.)
Source: IBM

IBM Certified Deployment Professional -- Tivoli Federated Identity Manager V6.2.2
Prerequisites: None; however, there is an extended list of recommended knowledge and technical skills including knowledge of related products, HTTP, HTML and Web services, and data center methodologies.

Credential holders possess the technical skills necessary to install, configure, administer and maintain an IBM Tivoli Federated Identity Manager V6.2.2. A single exam is required to obtain the credential.
Source: IBM

Master CSSA -- Master Certified SonicWALL Security Administrator
The Master CSSA is an intermediate between the base-level CSSA credential (itself an intermediate certification) and the CSSP. To qualify for Master CSSA, candidates must pass three (or more) CSSA exams and then email to request the designation. There are no other charges or requirements involved.
Source: Dell Inc.

Remember, when it comes to selecting vendor-specific security certifications, your or your organization's existing or planned security product purchases should dictate your options. If your security infrastructure includes products from vendors not mentioned here, be sure to check with them to determine if training or certifications on such products are available. Please let us know if our revised survey of this landscape has missed anything. We can't claim to know, see or be able to find everything, so all feedback -- especially if it adds to this list -- will be gratefully acknowledged. As always, feel free to email us with comments or questions.

About the Authors:
Ed Tittel is a 30-plus year IT veteran who's worked as a developer, networking consultant, technical trainer, writer and expert witness. Perhaps best known for creating the Exam Cram series, Ed has contributed to more than 140 books on many computing topics, including titles on information security, Windows OSes and HTML. Ed also blogs regularly for TechTarget (Windows Enterprise Desktop), Tom's IT Pro, GoCertify and PearsonITCertification.

Mary Kyle is a full-time freelance writer, editor and project manager based in Austin, TX. A former IBMer, Mary has over 10 years of project management experience in IT, software development and IT-related legal issues.

This was last published in February 2015

Dig Deeper on Security industry certifications



Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What about Palo Alto Networks? They are arguably the best NGFW available and we sell them a ton to Fortune 1000 companies.