(ISC)2 certifications to accelerate your cybersecurity career
If you are a Cyber Security professional you have most likely heard of a certification named “CISSP”. Though who makes this certification and what else do they do? Enter the International Information Systems Security Certification Consortium (ISC)2. (ISC)2 is a non-profit membership association best known for the Certified Information Systems Security Professional certification or CISSP for short. Though what else do they offer and what other (ISC)2 certifications can be used to accelerate your cyber security career?
This page is meant to act as a concise overview of the main ISC2 certification offerings. To learn everything there is to know about the individual security certification, make sure to follow the link to see what is covered, grab a course brochure and more. If you want a single page overview of all the (ISC)2 certifications and training offerings, click here to be taken to the ISC2 page.
CAP: Certified Authorization Professional
Starting off we will look at the Certified Authorization Professional course or CAP for short. Created for information security practitioners who champions system security commensurate with an organization’s mission and risk tolerance, while meeting legal and regulatory requirements. In this course, you will review the knowledge, skills, and abilities required for personnel involved in the process of authorizing and maintaining information systems. While you don’t need to have any prior experience to attend the course, to obtain your certification you need to have 2 years of full-time experience that relates to the certification.
To qualify for the CAP (certification), you must have a minimum of two years of cumulative paid full-time information security professional work experience in one or more of the seven (7) domains: (1) Risk Management Framework, (2) Categorization of Information Systems, (3) Selection of Security Controls, (4) Security Control Implementation, (5) Security Control Assessment, (6) Information System Authorization and (7) Monitoring of Security Controls.
CCFP: Certified Cyber Forensics Professional
UPDATE: THE CCFP HAS BEEN RETIRED BY THE ISC2. Certified Cyber Forensics Professional or CCFP is a course which provides individuals with a full review of cyber forensic concepts as well as looking at the industry best practices. Further, students will analyze techniques, procedures, standards of practice as well as legal and ethical principles. Ideal for those looking at getting into cyber forensics or for those looking to further their knowledge in the sector. Similar to the last course mentioned there are no requirements for taking the course, however, to take the certification exam you will need to meet (ISC)2 requirements.
To qualify for the CCFP certification, you must have a four-year college degree leading to a Baccalaureate, or regional equivalent, plus three years of cumulative paid full-time digital forensics or IT security experience in three (3) or more of the following areas (those who do not have a degree must have six years of experience): (1) Legal and Ethical Principles, (2) Investigations, (3) Forensics Science, (4) Digital Forensics, (5) Application Forensics, and (6) Hybrid and Merging Technologies.
CCSP: Certified Cloud Security Professional
The CCSP course is designed for those who are experienced information security professionals which are deeply involved in cloud operations. As such, the CCSP certification is a great fit for individuals who have the responsibility of procuring, securing and managing cloud environments or purchased cloud services on a day-to-day basis. Within the course, you will review cloud security concepts, industry best practices while covering the 6 domains of the CCSP common body of knowledge. Much like the prior courses, there are not any restrictions on attending the course, however, there are on being certified which has been imposed by (ISC)2.
To qualify for the CCSP, you must have a minimum of five years of cumulative paid full-time information technology work experience, of which three years must be in information security and one year in one of the six domains: (1) Architectural Concepts & Design Requirements, (2) Cloud Data Security, (3) Cloud Platform & Infrastructure Security, (4) Cloud Application Security, (5) Operations, and (6) Legal & Compliance.
CISSP: Certified Information Systems Security Professional
Of all the (ISC)2 certifications, this is the one that you have most likely heard of before. Many consider the CISSP as the holy grail for cyber security certifications, employers want it and therefore you do too. The CISSP is a five-day course that takes a comprehensive dive into the technical and managerial knowledge and experience required to effectively design, engineer as well as manage the overall security posture of an organization whilst protecting them from sophisticated attacks. Under the umbrella which is the CISSP certification, there are multiple different specializations which could be ideal for different professionals which go as follows: Architecture, Engineering as well as Management. As the trend has been, you can take the course you do not need to fill any requirements but to take the exam you need the following:
To qualify for the CISSP certification, you must have a minimum of five years of cumulative paid full-time work experience in two or more of the eight domains: (1) Security and Risk Management, (2) Asset Security, (3) Security Engineering, (4) Communications and Network Security, (5) Identity and Access Management, (6) Security Assessment and Testing, (7) Security Operations and (8) Software Development Security.
SSCP: Systems Security Certified Practitioner
Systems Security Certified Practitioner is a course that is ideal for those interested in reviewing proven technical skills and practical knowledge found in hands-on operational IT roles. Attending the SSCP will give you the opportunity to gain the technical ability to tackle the demands and responsibilities of security practitioners, this includes authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures and more. In all, this course will help professionals to review and refresh their information security knowledge as well as help identifying areas they need to study for the SSCP exam issued by (ISC)2. As it goes, there are restrictions on who is able to take the exam, as issued by (ISC)2:
To qualify for the SSCP, you must have a minimum of one year of cumulative paid full-time work experience in two or more of the seven domains: (1) Access Controls, (2) Security Operations and Administration, (3) Risk Identification, Monitoring and Analysis, (4) Incident Response and Recovery, (5) Cryptography, Networks and Communications Security, and (6) Systems and Application Security.
CSSLP: Certified Secure Software Lifecycle Professional
The Certified Secure Software Lifecycle Professional course is ideal for professionals that wish to validate their software expertise, ensuring they have the knowledge and skills to properly incorporate security practices, authentication, authorization and auditing into each of the phases of SDLC. As with all of the (ISC)2 certifications, there are prerequisites you should make sure you meet before taking the exam, however, taking this course without the required experience will prove to be beneficial to professionals in the space, as they will be equipped with practical knowledge. (ISC)2’s requirements for taking the exam goes as follows:
To qualify for the CSSLP, you must have a minimum of four years of cumulative paid full-time work experience in the software lifecycle (SDLC) in one or more of the eight domains: (1) Secure Software Concepts, (2) Secure Software Requirements, (3) Secure Software Design, (4) Secure Software Implementation/Coding, (5) Secure Software Testing, (6) Software Acceptance, (7) Software Deployment, Operations, Maintenance and Disposal, and (8) Supply Chain and Software Acquisition.
HCISPP: HealthCare Information Security and Privacy Practitioner
The HealthCare Information Security and Privacy Practitioner was designed to validate a professional’s experience in protecting patient data. Further, the HCISPP will develop and validate a professional’s ability to implement, manage, or assess the appropriate security and privacy controls for a healthcare organization. As this is a highly focused certification, those who wish to take the exam will need to fill the following requirements:
To qualify for the HCISPP certification, you must have a minimum of two years of cumulative paid full-time work experience in one or more of the six domains, with one of the required years in healthcare: (1) Healthcare Industry, (2) Regulatory Environment, (3) Privacy & Security in Healthcare, (4) Information Governance & Risk Management, (5) Information Risk Assessment, and (6) Third Party Risk Management.
That concludes our overview of the various (ISC)2 certifications that you should investigate to accelerate your cyber security career. Make sure you check out the various links to gain access to all of the resources we have for you. Want to talk with a training advisor? Call us at 1-855-732-3348 and we would be happy to walk you through your options for (ISC)2, ISACA, CompTIA, EC-Council or Cloud Security Alliance training options.