Guide to information security certifications
Check out the other guides in this series:
Despite the sizable collection of vendor-specific security certifications, identifying which ones best suit your educational or career needs is fairly straightforward.
In this latest update to our vendor-specific IT certification list, you'll find an alphabetized security certification list of programs from various vendors, a brief description of each certification and pointers to further details. We also provide some tips on choosing the right certification for your needs.
As always, we want to make sure this guide meets your needs and answers all your certification-related questions. Are there certifications or cert-related topics you'd like to learn more about that aren't listed in this guide? Email firstname.lastname@example.org and let us know!
The process of choosing vendor-specific security certifications is much simpler than choosing vendor-neutral ones. In the vendor-neutral landscape, you must evaluate the pros and cons of various programs to select a viable option, but on the vendor-specific side, it's only necessary to address three issues:
- Inventory your organization's security infrastructure and identify which vendors' products or services are present.
- Check this guide (and vendor websites for items that don't appear here) to determine whether a certification applies to products or services in your organization.
- Decide if spending the time and money to obtain such credentials (or to fund them for your employees) is worth the resulting benefits.
In an environment where numerous jobs exist for every qualified IT security professionals, individual benefits are hard to overstate. Perhaps this explains why so many employer-funded certification arrangements include payback clauses if employees leave sooner than a specified time after completion -- it's really a ploy for employee development and retention, as well as a boost to an organization's in-house expertise.
As is typical for this survey, which we started in 2001, there have been some changes since our last update in 2012. We’ve added various elements that have turned up in the meantime, including security certifications from Fortinet, IBM, McAfee, Microsoft and SonicWall (now owned by Dell). But, if you look at the summary table, you’ll see the number of vendor certs has stayed the same since 2010, with no growth in the basic or intermediate categories, with one new advanced certification (+1). Overall, vendors continue to invest in security-related certification programs across the board. That said, this is only a minimal amount of change, on par with our previews review.
Now we're ready to dive into a big bowl of alphabet soup by exposing all the vendor-specific security-related certification programs that occupy this landscape.
CCNA Security -- Cisco Certified Network Associate (CCNA) Security
This credential recognizes associate-level professionals who can install, troubleshoot and monitor Cisco routed and switched network devices. A person with a CCNA Security certification knows how to develop a security infrastructure, can recognize threats and vulnerabilities to networks, and can mitigate security threats. CCNA credential holders also possess the technical skills and expertise necessary to maintain access control lists (ACLs), virtual LANs (VLANS) and routing protocols (IP, Ethernet and gateway). Successful completion of two exams is required to obtain this credential.
Source: Cisco Systems
CCSA -- Check Point Certified Security Administrator
Prerequisites: CCSA R75 training; six months to one year of experience with Check Point products
Check Point's foundation-level credential prepares individuals to manage basic installations of Check Point 3D Security systems products, such as: security gateway, firewall, smart console, remote access VPN, IPSEC VPN, user directory, antispam/virus/mail, URL filtering, and identity awareness. Credential holders also possess the skills necessary to configure such systems and manage day-to-day operations. Topics covered include securing Internet communications, backing up and restoring networks, upgrading products, troubleshooting network connections, configuring security policies, protecting email, protecting message content, defending networks from intrusions and other threats, analyzing attacks, managing user access in a corporate LAN environment, and configuring tunnels for remote access to corporate resources. Those with CCSA R70 and above must complete two training courses and pass their exams to recertify.
FCESP -- Fortinet Certified Email Security Professional
Prerequisites: There are no prerequisites for FCESP. However, training course 221-FortiMail Email Filtering is highly recommended. This credential recognizes individuals who configure, manage, monitor and administer FortiMate devices, and work with SMTPS, SMTP over TLS, and S/MIME to regulate use of company resources and protect against spam, malware, and message-borne threas. Candidates must possess an understanding of FortiMail administration and configuration functions. To obtain the FCESP, candidates must pass a single exam.
Source: Fortinet Inc.
FCNSA -- Fortinet Certified Network Security Administrator
Prerequisites: There are no prerequisites for FCNSA. However, training course 201-FortiGate Multi-Threat Security Systems I is highly recommended. This credential recognizes individuals who configure, manage, monitor and administer FortiGate devices, and work with VPNs, firewall policies. Candidates must possess an understanding of the Fortinet line of products, hardware and services. To obtain the FCNSA, candidates must pass a single exam.
Source: Fortinet Inc.
McAfee Assessment Certification
This credential recognizes network security professionals, such as penetration testers, auditors, consultants and administrators, who are familiar with the following:
- Profiling and inventorying
- Vulnerability identification
- Vulnerability exploitation
- Expanding influence
Candidates must have one to three years of experience. To earn the McAfee Assessment Certification credential, you must pass one exam.
McAfee Product Certification
This credential recognizes individuals who install, configure, manage and troubleshoot a specific McAfee product, such as ePolicy Orchestrator, Network Security Platform or Host Intrusion Prevention for Server. Candidates must have one to three years of experience with that product. To earn the McAfee Product Certification, you must pass one corresponding exam.
MTA-- Microsoft Technology Associate
This credential started as an academic-only credential as a “super-entry level” program for students. But it was made available to the general public in 2012, so now we include it here. There are a dozen different MTA credentials across three tracks (IT Infrastructure with 4 certs; Database with 1, and Development with 7). Nearly all of these credentials include a security component or topic area, so we include them here.
To earn each MCTS certification, you must pass the corresponding exam(s).
SCS -- Symantec Certified Specialist
This security certification program focuses on data protection, high availability and security skills involving Symantec solutions. To become an SCS, candidates must select an area of focus and pass an exam. All exams cover core elements, such as: installation, configuration, product administration, day-to-day operation and troubleshooting for the selected focus area. As of this writing, the following exams are available:
- Exam 250-252: Administration of Veritas Storage Foundation 6.0 for Unix
- Exam 250-253: Administration of Veritas Cluster Server 6.0 for Unix
- Exam 250-271: Administration of Symantec NetBackup 7.5 for Unix
- Exam 250-310: Administration of Symantec Enterprise Vault 10.0 for Exchange
- Exam 250-315: Administration of Symantec Endpoint Protection 12.1
- Exam 250-316: Administration of Symantec Backup Exec 2012
- Exam 250-352: Administration of Veritas Storage Foundation and High Availability Solutions 6.0 for Windows
- Exam 250-371: Administration of Symantec NetBackup 7.5 for Windows
- Exam 250-402: Administration of Symantec Client Management Suite 7.1 / 7.x
- Exam 250-403: Administration of Symantec Management Platform 7.1
- Exam 250-406: Administration of Symantec Clearwell eDiscovery Platform 7.x
- Exam 250-512: Administration of Symantec Data Loss Prevention 11.5
- Exam 250-530: Administration of Symantec Network Access Control 12.1
CCNP Security -- Cisco Certified Network Professional (CCNP) Security
Prerequisites: CCNA Security, or CCSP Certification, or CCNA plus SND exam pass
This Cisco credential recognizes professionals who are responsible for router, switch and networking device and appliance security. Candidates must also know how to select, deploy, support and troubleshoot firewalls, VPNs and IDS/IPS products in a networking environment. Successful completion of four exams is required.
Source: Cisco Systems
CCSE -- Check Point Certified Security Expert
Prerequisites: CCSA R70/R71 training; six months to one year of experience with Check Point products
This is an intermediate-level credential aimed at VPN implementations, advanced user management and firewall concepts, policies, data loss prevention, strategies and advanced troubleshooting for R75 Check Point Software Blades. The CCSE focuses on Check Point’s VPN-1, Security Gateway and Management Systems.
CSSA - Certified SonicWALL Security Administrator (CSSA)
The CSSA now comes from Dell thanks to its recent acquisition of SonicWALL. The exam covers basic administration of SonicWALL appliances and network/system security behind such appliances. Classroom training is available, but not required to earn CSSA; candidates must pass one exam to become certified.
Cisco Certified Security Specialist
Prerequisites: CCDA, CCDP, CCNA Security or any CCIE certification (varies by specialty)
Cisco offers a variety of certification programs for Cisco security professionals. Candidates can pursue mid-level certifications across a broad array of subjects and technologies. This program includes several credentials with strong -- if not exclusive -- security components:
- Cisco ASA Specialist*
- Cisco Firewall Security Specialist*
- Cisco IOS Security Specialist
- Cisco IPS Specialist
- Cisco Network Admission Control Specialist
- Cisco Security Solutions and Design Specialist
- Cisco VPN Security Specialist
Source: Cisco: Security Certifications
EnCE -- EnCase Certified Examiner
Aimed at both private- and public-sector computer forensic specialists, this certification permits individuals to become certified in the use of Guidance Software's EnCase computer forensics tools and software. Prerequisites include 64 hours of authorized training or 12 months of computer forensic experience and a formal application process. Individuals gain certification by passing a two-phase exam: a computer-based component and a practical component.
Source: Guidance Software
EnCEP -- EnCase Certified eDiscovery Practitioner
Aimed at both private- and public-sector computer forensic specialists, this certification permits individuals to become certified in the use of Guidance Software Inc.'s EnCase eDiscovery software, and recognizes their proficiency in eDiscovery planning, project management and best practices from legal hold to file creation. EnCEP professionals possess technical skills necessary to manage e-discovery, including search, collection, preservation and processing of electronically stored information (ESI), in accordance with the Federal Rules of Civil Procedure. Prerequisites include authorized training, three months experience in eDiscovery collection, processing and/or project management plus a formal application process. Individuals gain certification by passing a two-phase exam: a computer-based component and a scenario component.
Source: Guidance Software
FCNSP -- Fortinet Certified Network Security Professional
Prerequisite: Fortinet Certified Network Security Administrator (FCNSA)
The FCNSP credential recognizes individuals who install, configure and troubleshoot all FortiGate product features and functionality. Candidates should also have a good working knowledge of FortiAnalyzer, in addition to a basic understanding of the entire Fortinet line of products and services. FCNSP candidates possess skills necessary to take advantage of features for large-scale environments such as HA and redundant VPNs to configure multiple FortiGate devices. Candidates must pass the FCNSP exam, and have already passed the FCNSA exam.
Source: Fortinet Inc.
Oracle Solaris 10 Certified Security Administrator
This credential aims to identify experienced Solaris 10 administrators with security interest and experience. It's a mid-range credential that focuses on system lockdown, best security practices, a good understanding of file and system resources protection, and encryption and authentication methods. A single exam -- geared toward the Solaris 10 operating system or the OpenSolaris environment -- is required to obtain this credential. Exam topics include general security principles and features, installing systems securely, application and network security, principles of least privilege, cryptographic features, audit and zone security.
RHCSS -- Red Hat Certified Security Specialist
Prerequisite: Red Hat Certified Engineer (RHCE). Training courses are recommended but not required.
This credential recognizes individuals who configure security for Red Hat Enterprise Linux, SELinux and Red Hat Directory Server in an enterprise environment. Candidates must pass three exams in addition to having obtained the RHCE credential.
Source: Red Hat
RSA SecurID CA -- RSA SecurID Certified Administrator
EMC2 offers this certification, which is designed for security professionals who manage, maintain and administer enterprise security systems based on RSA SecurID system products. RSA SecurID CAs can operate and maintain RSA SecurID components within the context of their operational systems and environments, troubleshoot security and implementation problems, and work with updates, patches and fixes. They can also perform administration functions and populate and manage users, set up and use software authenticators, and understand the configuration required for RSA Authentication Manager system operations.
SAINT certification requires attending a two-day course geared toward information security professionals and system administrators. The course focuses on TCP/IP and security fundamentals as well as installing, configuring and using SAINT and SAINTwriter, configuring scan range, performing vulnerability assessments with SAINTscanner, penetration testing with SAINTexploit, and vulnerability management using SAINTmanager. SAINT candidates possess the technical skills necessary to resolve complex security issues using SAINT technologies.
Source: SAINT Corp.
SnortCP -- Snort Certified Professional
The SnortCP is provided by Sourcefire Inc. The exam covers Snort IDS/IPS technology theory, installation and deployment, Snort configuration and usage, Snort tuning techniques, Snort rules, language and syntax, rule set management and maintenance, and implementation of supporting tools and applications. Candidates must pass one exam.
Source: Sourcefire Inc.
SFCP -- Sourcefire Certified Professional
The SFCP identifies individuals who demonstrate a thorough knowledge of Sourcefire products and their underlying technical concepts. Candidates are assessed on their knowledge of Sourcefire IPS, Defense Center, Sourcefire RNA, installation and deployment, administration and management, policy configuration and management, policy non-compliance and remediation, user administration and management, and reporting creation and management.
Source: Sourcefire Inc.
If a vendor-specific security certification isn't right for you, or you simply want to expand your horizons, check out our resources on vendor-neutral security certifications.
On the security certification path: Vendor-neutral certifications guide
Introduction: Vendor-neutral security certification list for your career path
CCSE -- Check Point Certified Security Expert
Prerequisites vary depending on product training background (see the CCSE chart).
This credential recognizes security professionals who have mastered configuration, troubleshooting, testing and management of Check Point Security products. To acquire this credential, candidates must pass an exam. Certifications are valid for two years.
Arguably one of the most coveted certifications around, the CCIE is in a league of its own. Having been around since 2002, the CCIE Security track is nonpareil for those interested in dealing with information security topics, tools and technologies in networks built using or around Cisco products and platforms. CCIE candidates possess expert technical skills and knowledge of security and VPN solutions, understanding of Windows, Unix, Linux, HTTP, SMTP, FTP and DNS, in-depth understanding of Layer 2 and 3 network infrastructures, and ability to configure end-to-end secure networks, as well as troubleshooting and threat mitigation. Candidates must pass both a written and lab exam. The lab exam must be passed within 18 months of successful completion of the written exam.
Source: Cisco Systems
CCMA -- Check Point Certified Master Architect
Prerequisites: CCSA, CCSE, CCSE+
The CCMA is the pinnacle of Check Point certifications. This credential is aimed at security professionals who design, implement, manage and troubleshoot multifaceted Check Point security architectures. Candidates must be experts in perimeter, internal, Web and endpoint security systems. To acquire this credential, Check Point recommends at least five years of experience with Check Point technologies and eight years of IT experience. Candidates must pass both a written and hands-on lab exam.
Certified SonicWALL Security Professional (CSSP)
Those who attain this certification have attained a high level of mastery of Dell SonicWALL products. In addition, credential holders can deploy, optimize, and troubleshoot all associated product features. Earning a CSSP requires taking an Advanced Administration course and passing the associated certification exam.
IBM Certified Administrator – Tivoli Monitoring V6.2.3
Those who attain this certification can plan, install, configure, upgrade and customize workspaces, policies and more. In addition, credential holders can troubleshoot, administer and maintain an IBM Tivoli Monitoring V6.2.3 environment. Security-related requirements include basic knowledge of SSL, data encryption and system user accounts. Candidates must successfully pass one exam.
IBM Certified Advanced Deployment Professional - IBM Service Management Security and
Individuals pursuing this certification must have a strong background in and knowledge of the following as they relate to security: communications, infrastructure, cryptography, access control, authentication, external attacks and organizational issues. The certification recognizes individuals who demonstrate a higher level of implementation knowledge and skills in the IBM Tivoli Security, risk and compliance solutions area. Three exams are required to obtain this certification. Two exams covering Tivoli Identity Manager V5.1 Implementation and Tivoli Access Manager for e-business V6.1.1 Implementation are required. Candidates may select the third exam from Tivoli Directory Server Implementation or Tivoli Directory Integrator, or substitute with the CompTIA Security+, (ISC)2 SSCP or (ISC)2 CISSP.
IBM Certified Advanced Deployment Professional – IBM Service Management Security Intrusion
Those who hold this certification possess in-depth knowledge and technical skills in the area of IBM Tivoli Security Intrusion Protection solutions. Candidates must pass two IBM-specific exams and pass one of the following exams: the Certified Information Systems Security Professional (CISSP), SNIA Storage Networking Management and Administration, or Systems Security Certified Practitioner (SSCP) exams to gain the credential.
IBM Certified Advanced Solutions Expert – Security Software Solutions and Services V1
Those who hold this certification possess in-depth knowledge of IBM Software Security solutions including InfoSphere, Rational AppScan, IBM Security Systems, IBM Tivoli and WebSphere DataPower. As an advanced credential, certification seekers must pass five exams to gain the credential.
IBM Certified Deployment Professional – Tivoli Identity Manager V5.1
Master CSSA – Master Certified SonicWALL Security Administrator
The Master CSSA is an intermediate between the base-level CSSA credential (itself an intermediate certification), and the CSSP. To qualify for Master CSSA, candidates must pass any three (or more) CSSA exams, then e-mail email@example.com to request this designation. There are no other charges or requirements involved.
SFCE -- Sourcefire Certified Expert
The SFCE identifies individuals with mastery over the content of both the Snort Certified Professional and the Sourcefire Certified Professional. Candidates are assessed against more advanced material.
Source: Sourcefire Inc.
Remember, when it comes to selecting vendor-specific security certifications, your planned or existing product choices will probably dictate your options. If your security infrastructure includes products from vendors not mentioned here, be sure to check with them to determine if training or certifications on such products are available. Please let us know if our revised survey of this landscape has missed anything. We can't claim to know, see, or be able to find everything, so all feedback -- especially if it adds to this list -- will be gratefully acknowledged. As always, feel free to email us with comments or questions.
About the authors:
Ed Tittel is a 30-plus year veteran of the computing industry, and has contributed to over more than 100 computing books. Perhaps best known for creating the Exam Cram series of IT cert prep books in the late 1990s, Ed has contributed to 5 editions of the CISSP Study Guide, and numerous other infosec-related titles. These days, Ed blogs regularly for TechTarget, Tom’s IT Pro, and PearsonITCertification.com. Visit his website at edtittel.com.
Mary Lemons is a professional writer, editor, and content manager who has worked with Tittel for more than 15 years. She has contributed to books on markup languages and information security, and has edited and managed content for such companies as HP, Sony, Verizon, and Microsoft.
Editor's note: Contributors Mary Kyle and Kim Lindros contributed to previous versions of this article.
This was first published in May 2013