Tip

Guide to vendor-specific IT security certifications

The abundance of vendor-specific information technology security certifications can overwhelm any infosec professional. Expert Ed Tittel helps navigate the crowded field.

Despite the wide selection of vendor-specific information technology security certifications, identifying which ones best suit your educational or career needs is fairly straightforward.

This guide to vendor-specific IT security certifications includes an alphabetized table of security certification programs from various vendors, a brief description of each certification and advice for further details.

Introduction: Choosing vendor-specific information technology security certifications

The process of choosing the right vendor-specific information technology security certifications is much simpler than choosing vendor-neutral ones. In the vendor-neutral landscape, you must evaluate the pros and cons of various programs to select the best option. On the vendor-specific side, it's only necessary to follow these three steps:

  1. Inventory your organization's security infrastructure and identify which vendors' products or services are present.
  2. Check this guide (or vendor websites, for products not covered here) to determine whether a certification applies to the products or services in your organization.
  3. Decide if spending the time and money to obtain such credentials (or to fund them for your employees) is worth the resulting benefits.

In an environment where qualified IT security professionals can choose from numerous job openings, the benefits of individual training and certifications can be hard to appraise.

Many employers pay certification costs to develop and retain their employees, as well as to boost the organization's in-house expertise. Most see this as a win-win for employers and employees alike, though employers often require full or partial reimbursement for the related costs incurred if employees leave their jobs sooner than some specified payback period after certification.

There have been quite a few changes since the last survey update in 2015. The Basic category saw a substantial jump in the number of available IT security certifications due to the addition of several Brainbench certifications, in addition to the Cisco Certified Network Associate (CCNA) Cyber Ops certification, the Fortinet Network Security Expert Program and new IBM certifications. 

2017 IT security certification changes

Certifications from AccessData, Check Point, IBM and Oracle were added to the Intermediate category, increasing the total number of certifications in that category, as well. However, the number of certifications in the Advanced category decreased, due to several IBM certifications being retired. 

Vendor IT security certifications

Basic information technology security certifications 

Brainbench basic security certifications
Brainbench offers several basic-level information technology security certifications, each requiring the candidate to pass one exam. Brainbench security-related certifications include:

  • Backup Exec 11d (Symantec)
  • Check Point FireWall-1 Administration
  • Check Point Firewall-1 NG Administration
  • Cisco Security
  • Microsoft Security
  • NetBackup 6.5 (Symantec)

Source: Brainbench Information Security Administrator certifications

CCNA Cyber Ops
Prerequisites: None required; training is recommended.

This associate-level certification prepares cybersecurity professionals for work as cybersecurity analysts responding to security incidents as part of a security operations center team in a large organization.

The CCNA Cyber Ops certification requires candidates to pass two written exams.

Source: Cisco Systems CCNA Cyber Ops

CCNA Security
Prerequisites: A valid Cisco CCNA Routing and Switching, Cisco Certified Entry Networking Technician or Cisco Certified Internetwork Expert (CCIE) certification.

This credential validates that associate-level professionals are able to install, troubleshoot and monitor Cisco-routed and switched network devices for the purpose of protecting both the devices and networked data.

A person with a CCNA Security certification can be expected to understand core security concepts, endpoint security, web and email content security, the management of secure access, and more. He should also be able to demonstrate skills for building a security infrastructure, identifying threats and vulnerabilities to networks, and mitigating security threats. CCNA credential holders also possess the technical skills and expertise necessary to manage protection mechanisms such as firewalls and intrusion prevention systems, network access, endpoint security solutions, and web and email security.

The successful completion of one exam is required to obtain this credential.

Source: Cisco Systems CCNA Security

Check Point Certified Security Administrator (CCSA) R80
Prerequisites: Basic knowledge of networking; CCSA training and six months to one year of experience with Check Point products are recommended.

Check Point's foundation-level credential prepares individuals to install, configure and manage Check Point security system products and technologies, such as security gateways, firewalls and virtual private networks (VPNs). Credential holders also possess the skills necessary to secure network and internet communications, upgrade products, troubleshoot network connections, configure security policies, protect email and message content, defend networks from intrusions and other threats, analyze attacks, manage user access in a corporate LAN environment, and configure tunnels for remote access to corporate resources.

Candidates must pass a single exam to obtain this credential.

Source: Check Point CCSA Certification

IBM Certified Associate -- Endpoint Manager V9.0
Prerequisites: IBM suggests that candidates be highly familiar with the IBM Endpoint Manager V9.0 console. They should have experience taking actions; activating analyses; and using Fixlets, tasks and baselines in the environment. They should also understand patching, component services, client log files and troubleshooting within IBM Endpoint Manager.

This credential recognizes professionals who use IBM Endpoint Manager V9.0 daily. Candidates for this certification should know the key concepts of Endpoint Manager, be able to describe the system's components and be able to use the console to perform routine tasks.

Successful completion of one exam is required.

Editor's note: IBM is retiring this certification as of May 31, 2017; there will be a follow-on test available as of April 2017 for IBM BigFix Compliance V9.5 Fundamental Administration, Test C2150-627.

Source: IBM Certified Associate -- Endpoint Manager V9.0

IBM Certified Associate -- Security Trusteer Fraud Protection
Prerequisites: IBM recommends that candidates have experience with network data communications, network security, and the Windows and Mac operating systems.

This credential pertains mainly to sales engineers who support the Trusteer Fraud product portfolio for web fraud management, and who can implement a Trusteer Fraud solution. Candidates must understand Trusteer product functionality, know how to deploy the product, and be able to troubleshoot the product and analyze the results.

To obtain this certification, candidates must pass one exam.

Source: IBM Certified Associate -- Security Trusteer Fraud Protection

McAfee Product Specialist
Prerequisites: None required; completion of an associated training course is highly recommended.

McAfee information technology security certification holders possess the knowledge and technical skills necessary to install, configure, manage and troubleshoot specific McAfee products, or, in some cases, a suite of products.

Candidates should possess one to three years of direct experience with one of the specific product areas.

The current products targeted by this credential include:

  • McAfee Advanced Threat Defense products
  • McAfee ePolicy Orchestrator and VirusScan products
  • McAfee Network Security Platform
  • McAfee Host Intrusion Prevention
  • McAfee Data Loss Prevention Endpoint products
  • McAfee Security Information and Event Management products

All credentials require passing one exam.

Source: McAfee Certification Program

Microsoft Technology Associate (MTA)
Prerequisites: None; training recommended.

This credential started as an academic-only credential for students, but Microsoft made it available to the general public in 2012.

There are 10 different MTA credentials across three tracks (IT Infrastructure with five certs, Database with one and Development with four). The IT Infrastructure track includes a Security Fundamentals credential, and some of the other credentials include security components or topic areas.

To earn each MTA certification, candidates must pass the corresponding exam. 

Source: Microsoft MTA Certifications

Fortinet Network Security Expert (NSE)
Prerequisites: Vary by credential.

The Fortinet NSE program has eight levels, each of which corresponds to a separate network security credential within the program. The credentials are:

  • NSE 1 -- Understand network security concepts.
  • NSE 2 -- Sell Fortinet gateway solutions.
  • NSE 3 (Associate) -- Sell Fortinet advanced security solutions.
  • NSE 4 (Professional) -- Configure and maintain FortiGate Unified Threat Management products.
  • NSE 5 (Analyst) -- Implement network security management and analytics.
  • NSE 6 (Specialist) – Understand advanced security technologies beyond the firewall.
  • NSE 7 (Troubleshooter) -- Troubleshoot internet security issues.
  • NSE 8 (Expert) -- Design, configure, install and troubleshoot a network security solution in a live environment.

NSE 1 is open to anyone, but is not required. The NSE 2 and NSE 3 information technology security certifications are available only to Fortinet employees and partners. Candidates for NSE 4 through NSE 8 should take the exams through Pearson VUE.

Source: Fortinet NSE

Symantec Certified Specialist (SCS)
This security certification program focuses on data protection, high availability and security skills involving Symantec products.

To become an SCS, candidates must select an area of focus and pass an exam. All the exams cover core elements, such as installation, configuration, product administration, day-to-day operation and troubleshooting for the selected focus area.

As of this writing, the following exams are available:

  • Exam 250-215: Administration of Symantec Messaging Gateway 10.5
  • Exam 250-410: Administration of Symantec Control Compliance Suite 11.x
  • Exam 250-420: Administration of Symantec VIP
  • Exam 250-423: Administration of Symantec IT Management Suite 8.0
  • Exam 250-424: Administration of Data Loss Prevention 14.5
  • Exam 250-425: Administration of Symantec Cyber Security Services
  • Exam 250-426: Administration of Symantec Data Center Security -- Server Advanced 6.7
  • Exam 250-427: Administration of Symantec Advanced Threat Protection 2.0.2
  • Exam 250-428: Administration of Symantec Endpoint Protection 14
  • Exam 250-513: Administration of Symantec Data Loss Prevention 12

Source: Symantec Certification

Intermediate information technology security certifications 

AccessData Certified Examiner (ACE)
Prerequisites: None required; the AccessData BootCamp and Advanced Forensic Toolkit (FTK) courses are recommended.

This credential recognizes a professional's proficiency using AccessData's FTK, FTK Imager, Registry Viewer and Password Recovery Toolkit. However, candidates for the certification must also have moderate digital forensic knowledge and be able to interpret results gathered from AccessData tools.

To obtain this certification, candidates must pass one online exam (which is free). Although a boot camp and advanced courses are available for a fee, AccessData provides a set of free exam preparation videos to help candidates who prefer to self-study.

The certification is valid for two years, after which credential holders must take the current exam to maintain their certification.

Source: Syntricate ACE Training

Cisco Certified Network Professional (CCNP) Security
Prerequisites: CCNA Security or any CCIE certification.

This Cisco credential recognizes professionals who are responsible for router, switch, networking device and appliance security. Candidates must also know how to select, deploy, support and troubleshoot firewalls, VPNs and intrusion detection system/intrusion prevention system products in a networking environment.

Successful completion of four exams is required.

Source: Cisco Systems CCNP Security

Check Point Certified Security Expert (CCSE)
Prerequisite: CCSA certification R70 or later.

This is an intermediate-level credential for security professionals seeking to demonstrate skills at maximizing the performance of security networks.

A CCSE demonstrates a knowledge of strategies and advanced troubleshooting for Check Point's GAiA operating system, including installing and managing VPN implementations, advanced user management and firewall concepts, policies, and backing up and migrating security gateway and management servers, among other tasks. The CCSE focuses on Check Point's VPN, Security Gateway and Management Server systems.

To acquire this credential, candidates must pass one exam.

Source: Check Point CCSE program

Cisco Cybersecurity Specialist
Prerequisites: None required; CCNA Security certification and an understanding of TCP/IP are strongly recommended.

This Cisco credential targets IT security professionals who possess in-depth technical skills and knowledge in the field of threat detection and mitigation. The certification focuses on areas such as event monitoring, event analysis (traffic, alarm, security events) and incident response.

One exam is required.

Source: Cisco Systems Cybersecurity Specialist

Certified SonicWall Security Administrator (CSSA)
Prerequisites: None required; training is recommended.

The CSSA exam covers basic administration of SonicWall appliances and the network and system security behind such appliances.

Classroom training is available, but not required to earn the CSSA. Candidates must pass one exam to become certified.

Source: SonicWall Certification programs

EnCase Certified Examiner (EnCE)
Prerequisites: Candidates must attend 64 hours of authorized training or have 12 months of computer forensic work experience. Completion of a formal application process is also required.

Aimed at both private- and public-sector computer forensic specialists, this certification permits individuals to become certified in the use of Guidance Software's EnCase computer forensics tools and software.

Individuals can gain this certification by passing a two-phase exam: a computer-based component and a practical component.

Source: Guidance Software EnCE

EnCase Certified eDiscovery Practitioner (EnCEP)
Prerequisites: Candidates must attend one of two authorized training courses and have three months of experience in eDiscovery collection, processing and project management. A formal application process is also required.

Aimed at both private- and public-sector computer forensic specialists, this certification permits individuals to become certified in the use of Guidance Software's EnCase eDiscovery software, and it recognizes their proficiency in eDiscovery planning, project management and best practices, from legal hold to file creation.

EnCEP-certified professionals possess the technical skills necessary to manage E-discovery, including the search, collection, preservation and processing of electronically stored information in accordance with the Federal Rules of Civil Procedure.

Individuals can gain this certification by passing a two-phase exam: a computer-based component and a scenario component.

Source: Guidance Software EnCEP Certification Program

IBM Certified Administrator -- Security Guardium V10.0
Prerequisites: IBM recommends basic knowledge of operating systems and databases, hardware or virtual machines, networking and protocols, auditing and compliance, and information security guidelines.

IBM Security Guardium is a suite of protection and monitoring tools designed to protect databases and big data sets. The IBM Certified Administrator -- Security Guardium credential is aimed at administrators who plan, install, configure and manage Guardium implementations. This may include monitoring the environment, including data; defining policy rules; and generating reports.

Successful completion of one exam is required.

Source: IBM Security Guardium Certification

IBM Certified Administrator -- Security QRadar Risk Manager V7.2.6
Prerequisites: IBM recommends a working knowledge of IBM Security QRadar SIEM Administration and IBM Security QRadar Risk Manager, as well as general knowledge of networking, risk management, system administration and network topology.

QRadar Risk Manager automates the risk management process in enterprises by monitoring network device configurations and compliance. The IBM Certified Administrator -- Security QRadar Risk Manager V7.2.6 credential certifies administrators who use QRadar to manage security risks in their organization. Certification candidates must know how to review device configurations, manage devices, monitor policies, schedule tasks and generate reports.

Successful completion of one exam is required.

Source: IBM Security QRadar Risk Manager Certification

IBM Certified Analyst -- Security SiteProtector System V3.1.1
Prerequisites: IBM recommends a basic knowledge of the IBM Security Network Intrusion Prevention System (GX) V4.6.2, IBM Security Network Protection (XGS) V5.3.1, Microsoft SQL Server, Windows Server operating system administration and network security.

The Security SiteProtector System enables organizations to centrally manage their network, server and endpoint security agents and appliances. The IBM Certified Analyst -- Security SiteProtector System V3.1.1 credential is designed to certify security analysts who use the SiteProtector System to monitor and manage events, monitor system health, optimize SiteProtector and generate reports.

To obtain this certification, candidates must pass one exam.

Source: IBM Security SiteProtector Certification

Oracle Certified Expert, Oracle Solaris 10 Certified Security Administrator
Prerequisite: Oracle Certified Professional, Oracle Solaris 10 System Administrator.

This credential aims to certify experienced Solaris 10 administrators with security interest and experience. It's a midrange credential that focuses on general security principles and features, installing systems securely, application and network security, principle of least privilege, cryptographic features, auditing, and zone security.

A single exam -- geared toward the Solaris 10 operating system or the OpenSolaris environment -- is required to obtain this credential.

Source: Oracle Solaris Certification

Oracle Mobile Security
Prerequisites: Oracle recommends that candidates understand enterprise mobility, mobile application management and mobile device management; have two years of experience implementing Oracle Access Management Suite Plus 11g; and have experience in at least one other Oracle product family.

This credential recognizes professionals who create configuration designs and implement the Oracle Mobile Security Suite. Candidates must have a working knowledge of Oracle Mobile Security Suite Access Server, Oracle Mobile Security Suite Administrative Console, Oracle Mobile Security Suite Notification Server, Oracle Mobile Security Suite Containerization and Oracle Mobile Security Suite Provisioning and Policies. They must also know how to deploy the Oracle Mobile Security Suite.

Although the certification is designed for Oracle PartnerNetwork members, it is available to any candidate. Successful completion of one exam is required.

Source: Oracle Mobile Security Certification

RSA Archer Certified Administrator (CA)
Prerequisites: None required; Dell EMC highly recommends RSA training and two years of product experience as preparation for the RSA certification exams.

Dell EMC offers this certification, which is designed for security professionals who manage, administer, maintain and troubleshoot the RSA Archer Governance, Risk and Compliance (GRC) platform.

Candidates must pass one exam, which focuses on integration and configuration management, security administration, and the data presentation and communication features of the RSA Archer GRC product.

Source: Dell EMC RSA Archer Certification

RSA SecurID Certified Administrator (RSA Authentication Manager 8.0)
Prerequisites: None required; Dell EMC highly recommends RSA training and two years of product experience as preparation for the RSA certification exams.

Dell EMC offers this certification, which is designed for security professionals who manage, maintain and administer enterprise security systems based on RSA SecurID system products and RSA Authentication Manager 8.0.

RSA SecurID CAs can operate and maintain RSA SecurID components within the context of their operational systems and environments; troubleshoot security and implementation problems; and work with updates, patches and fixes. They can also perform administrative functions and populate and manage users, set up and use software authenticators, and understand the configuration required for RSA Authentication Manager 8.0 system operations.

Source: Dell EMC RSA Authentication Manager Certification

RSA Security Analytics CA
Prerequisites: None required; Dell EMC highly recommends RSA training and two years of product experience as preparation for the RSA certification exams.

This Dell EMC certification is aimed at security professionals who configure, manage, administer and troubleshoot the RSA Security Analytics product. Knowledge of the product's features, as well the ability to use the product to identify security concerns, are required.

Candidates must pass one exam, which focuses on RSA Security Analytics functions and capabilities, configuration, management, monitoring and troubleshooting.

Source: Dell EMC RSA Security Analytics

Advanced information technology security certifications 

CCIE Security
Prerequisites: None required; three to five years of professional working experience recommended.

Arguably one of the most coveted certifications around, the CCIE is in a league of its own. Having been around since 2002, the CCIE Security track is unrivaled for those interested in dealing with information security topics, tools and technologies in networks built using or around Cisco products and platforms.

The CCIE certifies that candidates possess expert technical skills and knowledge of security and VPN products; an understanding of Windows, Unix, Linux, network protocols and domain name systems; an understanding of identity management; an in-depth understanding of Layer 2 and 3 network infrastructures; and the ability to configure end-to-end secure networks, as well as to perform troubleshooting and threat mitigation.

To achieve this certification, candidates must pass both a written and lab exam. The lab exam must be passed within 18 months of the successful completion of the written exam.

Source: Cisco Systems CCIE Security Certification

Check Point Certified Managed Security Expert (CCMSE)
Prerequisites: CCSE certification R75 or later and 6 months to 1 year of experience with Check Point products.

This advanced-level credential is aimed at those seeking to learn how to install, configure and troubleshoot Check Point's Multi-Domain Security Management with Virtual System Extension.

Professionals are expected to know how to migrate physical firewalls to a virtualized environment, install and manage an MDM environment, configure high availability, implement global policies and perform troubleshooting.

Source: Check Point CCMSE

Check Point Certified Security Master (CCSM)
Prerequisites: CCSE R70 or later and experience with Windows Server, Unix, TCP/IP, and networking and internet technologies.

The CCSM is the most advanced Check Point certification available. This credential is aimed at security professionals who implement, manage and troubleshoot Check Point security products. Candidates are expected to be experts in perimeter, internal, web and endpoint security systems.

To acquire this credential, candidates must pass a written exam.

Source: Check Point CCSM Certification

Certified SonicWall Security Professional (CCSP)
Prerequisites: Attendance at an advanced administration training course.

Those who achieve this certification have attained a high level of mastery of SonicWall products. In addition, credential holders should be able to deploy, optimize and troubleshoot all the associated product features.

Earning a CSSP requires taking an advanced administration course that focuses on either network security or secure mobile access, and passing the associated certification exam.

Source: SonicWall CSSP certification

IBM Certified Administrator -- Tivoli Monitoring V6.3
Prerequisites: Security-related requirements include basic knowledge of SSL, data encryption and system user accounts.

Those who attain this certification are expected to be capable of planning, installing, configuring, upgrading and customizing workspaces, policies and more. In addition, credential holders should be able to troubleshoot, administer and maintain an IBM Tivoli Monitoring V6.3 environment.

Candidates must successfully pass one exam.

Source: IBM Tivoli Certified Administrator

Master Certified SonicWall Security Administrator (CSSA)
The Master CSSA is an intermediate between the base-level CSSA credential (itself an intermediate certification) and the CSSP.

To qualify for Master CSSA, candidates must pass three (or more) CSSA exams, and then email [email protected] to request the designation. There are no other charges or requirements involved.

Source: SonicWall Master CSSA

Conclusion 

Remember, when it comes to selecting vendor-specific information technology security certifications, your organization's existing or planned security product purchases should dictate your options. If your security infrastructure includes products from vendors not mentioned here, be sure to check with them to determine if training or certifications on such products are available.

About the author:
Ed Tittel is a 30-plus year IT veteran who's worked as a developer, networking consultant, technical trainer, writer and expert witness. Perhaps best known for creating the Exam Cram series, Ed has contributed to more than 100 books on many computing topics, including titles on information security, Windows OSes and HTML. Ed also blogs regularly for TechTarget (Windows Enterprise Desktop), Tom's IT Pro and GoCertify.

Next Steps

Learn more about the importance of ISO 27001 and other security certifications

Read about the best certifications for cloud security

Find out more about the latest certification programs from Cisco

Dig Deeper on Careers and certifications

Networking
CIO
Enterprise Desktop
Cloud Computing
ComputerWeekly.com
Close