Cybersecurity certifications

APMG ISO/IEC 20000 Foundation

APMG ISO/IEC 27001 Foundation

BCS Foundation Certificate in Information Security Management Principles

IBITGQ Certified Cyber Security Foundation

CIISec Information and Cybersecurity Fundamentals

IBITGQ Certified ISO 27001 Information Security Management Specialist Foundation

IBITGQ Certified in Implementing IT Governance - Foundation & Principles

DRI Associate Cyber Resilience Professional

EXIN ISO/IEC 27001 Foundation

Fair Institute Analysis Fundamentals

EXIN Information Security Foundation

GIAC Foundational Cybersecurity Technologies

GIAC Information Security Fundamentals

ITIL Foundation is the established entry point into IT service management and teaches the common vocabulary and core principles of the ITIL framework. The certification is widely recognized globally and is required by many organizations as a baseline qualification for IT operations roles. In February 2026, ITIL Version 5 was released with AI-native enhancements and a unified product and service lifecycle model; ITIL-4 holders can transition via a shortened upgrade path. The exam content itself is conceptual and practice-oriented, but not a technical deep-dive – candidates without IT operations experience typically find it more challenging than expected. For pure cybersecurity careers, the certificate has limited depth, but is valuable for anyone working in security-relevant service management roles.

Axelos M_o_R Framework Foundation

PECB ISO/IEC 27001 Foundation

PECB ISO/IEC 27005 Foundation

PECB ISO/IEC 27032 Foundation

SECO Information Security Foundation

SABSA Chartered Security Architect - Foundation Certificate

Microsoft Certified: Security, Compliance, and Identity Fundamentals

AI risk, governance, and regulatory literacy (EU AI Act, NIST AI RMF).

APMG ISO/IEC 20000 Auditor

APMG ISO/IEC 20000 Practitioner

APMG ISO/IEC 27001 Auditor

APMG ISO/IEC 27001 Practitioner

BCS Practitioner Certificate in Information Assurance Architecture

BCS Practitioner Certificate in Information Risk Management

Mile2 Certified Healthcare Information Systems Security Practitioner

Mile2 Information Systems Certification and Accreditation Professional

Mile2 Certified Information security Management Systems Lead Auditor

Mile2 Certified Information Systems Risk Manager

Mile2 Certified Information Systems Security Auditor

Mile2 Certified Information Systems Security Manager

Mile2 Certified Information Systems Security Officer

The CC is ISC2's entry-level certification without experience requirements and explicitly targets career starters, career changers, and students. Notably, ISC2 periodically offers CC training and the exam for free (as part of the 'One Million Certified' initiative), which has significantly increased market penetration. Content covers five domains: Security Principles, Incident Response, Access Control, Network Security, and Security Operations – at a solid but intentionally broad entry level. As a stepping stone to SSCP or CISSP it is well-suited; as a standalone credential it carries less weight than Security+. From September 2026, a new Exam Outline applies.

EC First Certified CCMC Professional

IBITGQ Certified in Managing Cyber Security Risk

EC First Certified Cyber Security Architect

(ISC)2 Certified in Governance, Risk and Compliance

Running a privacy program end-to-end.

IAPP Certified Information Privacy Professional

IBITGQ Certified ISO 27001 Information Security Management Specialist Internal Auditor

IBITGQ Certified ISO 27001 Information Security Management Specialist Lead Auditor

IBITGQ Certified ISO 27005 Information Security Management Specialist Risk Management

IS audit, governance, control testing, and assurance.

PECB Lead Cloud Security Manager

EC-Council certification for responsible AI governance and ethics. Focus on oversight, risk management, regulatory alignment (NIST AI RMF, ISO 42001), accountability across the AI lifecycle. Brand new since February 2026.

AI risk management and governance — emerging blueprint, expect revisions.

Enterprise risk identification, assessment, and response + IT controls.

QAI Certified Software Business Analyst

EC First Certified Security Compliance Specialist

Shared Assessment Certified Third-Party Risk Assessor

Shared Assessment Certified Third-Party Risk Professional

DRI Certified Business Continuity Auditor

DRI Certified Business Continuity Lead Auditor

DRI Certified Cyber Resilience Professional

DRI Certified Risk Management Professional

EC Council Certified Security Specialist

EC Council Information Security Manager

EXIN ISO/IEC 27001 Professional

EXIN Cyber & IT Security

GIAC Critical Controls Certification

GIAC Critical Infrastructure Protection

GIAC Information Security Professional

GIAC Law of Data Security & Investigations

OCEG Governance, Risk, and Compliance Auditor

OCEG Governance, Risk, and Compliance Professional

GIAC Systems and Network Auditor

ISC2 certification for healthcare security and privacy. Will be retired in December 2026. Focus on data protection, compliance, and risk management in healthcare. Relevant in the US (HIPAA), less so in Europe.

The Institute of Internal Auditors Certified Internal Auditor

IIBA Certification in Cybersecurity Analysis

Mile2 IS20 Controls

PECB certification for auditing AI Management Systems according to ISO/IEC 42001. Complementary to Lead Implementer. Growing demand through third-party AI audits and regulatory requirements.

The PECB ISO/IEC 42001 Lead Implementer certificate qualifies professionals to establish and lead an AI Management System (AIMS) according to the international standard ISO/IEC 42001 within an organization—analogous to the well-known ISO 27001 Lead Implementer in the ISMS domain. It is the implementation-oriented counterpart to the Lead Auditor and targets individuals responsible for AIMS rollout. Strength: Strong anchoring in the ISO framework, internationally recognized as a compliance reference for AI governance; practical focus on project management and implementation. Weakness: PECB is a commercial provider with less market recognition than IAPP or CompTIA; the certificate requires substantial professional experience and is therefore not an entry-level certification. The market for ISO-42001-compliant AIMS implementations is still young, which currently limits demand for the certificate.

Certiport IT Specialist - Cybersecurity

Axelos M_o_R Practitioner Risk Management

NCSC Certified Cybersecurity Professional - Lead Practitioner

NCSC Certified Cybersecurity Professional - Practitioner

NCSC Certified Cybersecurity Professional - Senior Practitioner

Palo Alto Networks Certified Cybersecurity Entry-level Technician

PCI Qualified Security Assessor

The PECB ISO/IEC 27001 Lead Auditor is aimed at professionals who want to independently lead or conduct ISMS audits according to ISO 27001. The certificate is well established in Europe and is recognized by many organizations as proof of audit competence. The exam is demanding and combines standards knowledge with practical auditor expertise. Compared to ISO auditor certifications from other providers, PECB positions itself in the mid-price segment with broad international distribution. For beginners without audit experience, the Foundation level is recommended first.

The PECB ISO/IEC 27001 Lead Implementer qualifies holders to establish, implement, and manage an ISMS according to ISO 27001. The certificate is the implementation counterpart to the Lead Auditor and is aimed at individuals who lead ISMS projects internally or as external consultants. It is valued by organizations looking to introduce or maintain ISO 27001. The exam is designed to be practical but requires a solid understanding of the standard. Without real project experience, the learning material often remains abstract.

PECB ISO/IEC 27005 Lead Risk Manager

PECB ISO/IEC 27005 Risk Manager

PECB ISO/IEC 27032 Lead Cybersecurity Manager

SECO Information Security Practitioner

The SABSA Chartered Practitioner (SCP) certification is the most internationally recognized qualification for risk-based security architecture at enterprise level. The SABSA framework pursues a consistently business-driven, attribute-based approach to security architecture, clearly distinguishing itself from technology-heavy frameworks. The market for SABSA is niche but highly specialized: the certification is known and valued particularly in large enterprises, the financial sector, and critical infrastructure. The assignment-based exam requires real practical application and cannot be passed through mere memorization – this increases the credibility of the credential. Limited adoption and lengthy training paths are the main limitations.

The H Layer Security Awareness and Culture Professional

Designs and engineers SailPoint identity solutions across IdentityIQ and Identity Security Cloud (ISC).

Identity governance and administration (IGA) at enterprise scale.

ISACA specialization for AI Audit. First certification worldwide specifically for auditing AI systems. Requires active CISA (or comparable audit certification). Three domains: AI Governance & Risk, AI Operations, AI Auditing.

ISACA specialization for AI risk management. Beta phase since April 2026. Requires active ISACA or equivalent certification. Focus on AI Risk Governance, AI Risk Program Management, and AI Life Cycle Risk Management.

ISACA specialization for AI Security Management. Requires active CISM or CISSP. Focus on AI Governance & Program Management, AI Risk Management, and AI Technologies & Controls. For security leaders managing AI risks.

Breadth across security engineering, architecture, operations, and governance at senior-IC / manager level. The default senior-generalist signal.

Architecture concentration on top of CISSP — trust boundaries, identity / crypto / network composition, defense-in-depth design.

Mile2 Certified Master Information Systems Security Officer

EXIN ISO/IEC 27001 Expert

ISC2 specialization for security engineering, developed in cooperation with NSA. Focus on Systems Security Engineering, Risk Management, and Security Planning. Particularly relevant in US Government/Defense context.

ISC2 specialization for security management. Requires CISSP. Focus on Leadership, Risk Management, Security Operations, and Compliance Management. For CISOs and senior security executives.

SECO Information Security Management Expert

SABSA Chartered Security Architect - Master Certificate

Executive leadership — governance, program mgmt, finance, and strategic planning for security.

Board / executive-level IT governance and investment oversight.

Security program management, risk, governance, and incident governance. The manager / CISO-track signal.

GIAC Strategic Planning, Policy and Leadership

Entry-level pentest — good first offensive signal.

Broad entry-level knowledge across threats, ops, IAM, network, and crypto basics.

The CCNA is the most well-known entry-level certification in networking and provides a broad foundation: network fundamentals, routing & switching, IP services, security basics, as well as automation and cloud. Although primarily a networking certificate, it covers security fundamentals and is therefore also relevant for security beginners. The job market for CCNA holders is stable with consistently over 6,500 open positions per week (as of spring 2026). With version 1.1 (August 2024), AI/ML and cloud management topics were incorporated for the first time. Without hands-on experience in Cisco environments, completion remains rather theoretical.

Offensive-concepts breadth; light on hands-on rigor compared to OSCP.

Cisco DevNet Associate

Fortinet Certificed Associate

Fortinet Certified Fundamentals Cybersecurity

GIAC Foundational Cybersecurity Technologies

Broad defender fundamentals. Often paired with SANS SEC401.

Juniper Networks Certified Internet Associate, Security

CompTIA A+

The CC is ISC2's entry-level certification without experience requirements and explicitly targets career starters, career changers, and students. Notably, ISC2 periodically offers CC training and the exam for free (as part of the 'One Million Certified' initiative), which has significantly increased market penetration. Content covers five domains: Security Principles, Incident Response, Access Control, Network Security, and Security Operations – at a solid but intentionally broad entry level. As a stepping stone to SSCP or CISSP it is well-suited; as a standalone credential it carries less weight than Security+. From September 2026, a new Exam Outline applies.

Cisco Certified Network Professional - Enterprise

Cisco Certified Network Professional - Security

Cisco Certified Technician

EC Council Certified Network Defender

EC Council Certified Network Defense Architect

EC Council Certified Penetration Testing Professional

The CRTO from Zero-Point Security has established itself as one of the most practice-oriented red team certifications on the market. The associated course 'Red Team Ops' focuses on Cobalt Strike, Active Directory attacks, and realistic adversary simulation with OPSEC considerations. The exam format is purely practical and evaluates not only objective achievement but also operational behavior – points are deducted for triggered detections. Particularly attractive is the price-performance ratio compared to SANS certifications, as the course and exam are significantly more affordable. For experienced pentesters looking to develop towards red teaming and C2 deployment, the CRTO is a highly relevant qualification.

Cisco DevNet Professional

EC Council Certified Security Specialist

F5 Big-IP Certified Administrator

Fortinet Certified Professional - Network Security

Fortinet Certified Solution Specialist - Network Security

Fortinet Certified Solution Specialist - Public Cloud Security

Fortinet Certified Solution Specialist - Zero Trust Access

GIAC Assessing Wireless Networks

Packet and log analysis, detection engineering fundamentals.

GIAC Certified Windows Security Administrator

IT + engineering overlap for industrial control systems.

GIAC Network Forensic Analyst

Penetration testing methodology + documentation.

Hack the Box Certified Penetration Testing Specialist

Juniper Networks Certified Internet Professional, Security

Juniper Networks Certified Internet Specialist, Security

CompTIA Linux+

CompTIA Network+

Hands-on penetration testing — exploitation, privilege escalation, AD attacks.

The OffSec Experienced Penetration Tester (OSEP) is based on the PEN-300 course and addresses advanced techniques around antivirus evasion, Active Directory attacks, and living-off-the-land methods. The fully practical 48-hour exam (47:45 hrs exam + 24 hrs report) in a simulated enterprise environment is the key difference from knowledge-based certifications—it tests real attack capabilities. OSEP is considered credible proof of high-level offensive competence in red team circles, but requires solid OSCP knowledge. Together with OSED and OSWE, OSEP forms the OSCE³ trio.

Offensive Security Wireless Professional

Palo Alto Networks Certified Cybersecurity Entry-level Technician

Palo Alto Networks Certified Network Security Administrator

Palo Alto Networks Certified Network Security Engineer

Hands-on network + AD pentesting with OSINT + reporting.

Red Hat Certified Architect

Red Hat Certified Engineer

Red Hat Certified System Administrator

CompTIA Server+

The SSCP is ISC2's entry-level certification below the CISSP and targets technically active security professionals with initial work experience. Since October 2025, the exam uses Computerized Adaptive Testing (CAT), which customizes the exam experience individually and increases integrity. The SSCP covers seven technical domains, from access control through cryptography to network security, and positions itself as practical proof of operational security competence. It is less well-known than Security+ or GSEC, but benefits from ISC2's strong brand and serves well as an intermediate step toward the CISSP. The effort for annual certification maintenance (AMF + CPEs) is moderate.

VMware Certified Professional in Datacenter Virtualization

VMware Certified Professional in Network Virtualization

Cisco Certified Design Expert

Cisco Certified Internetwork Expert - Enterprise Infrastructure

Cisco Certified Implementation Expert - Security

Breadth across security engineering, architecture, operations, and governance at senior-IC / manager level. The default senior-generalist signal.

Architecture concentration on top of CISSP — trust boundaries, identity / crypto / network composition, defense-in-depth design.

F5 Big-IP Certified Solution Expert - Security

The GIAC Security Expert (GSE) is the highest distinction in the GIAC certification system and was fundamentally reformed in 2023/2024: Instead of a single exam, it is now awarded as a portfolio certification. Those who demonstrate six Practitioner and four Applied Knowledge certifications (hands-on, proctored lab exams) automatically receive GSE status. The model enforces genuine breadth and depth – which increases credibility compared to earlier pure knowledge tests. However, the effort (cost, time, multiple exams) is considerable; the GSE is therefore clearly aimed at experienced experts pursuing SANS/GIAC as a career path. In Europe, awareness outside the SANS community is still limited.

ISA Cybersecurity Expert

Juniper Networks Certified Internet Expert, Security

VMware Certified Implementation Expert in Network Virtualization

Day-to-day administration of CyberArk PAM — the dominant enterprise privileged-access platform.

Okta-specific identity deployment (SSO, MFA, lifecycle).

Entra ID deployment, conditional access, privileged access, identity governance.

CREST Registered Technical Security Architect

Vendor-neutral Zero Trust architecture and governance — NIST SP 800-207, ZTA pillars, and program implementation.

Designs and deploys CyberArk PAM at enterprise scale — vault architecture, HA/DR, and complex onboarding.

Fortinet Certified Solution Specialist - Secure Access Service Edge

Fortinet Certified Solution Specialist - Zero Trust Access

GIAC Defensible Security Architecture

The Microsoft Certified: Cybersecurity Architect Expert (SC-100) is Microsoft's highest security certification and targets experienced professionals who design security architectures for hybrid and cloud-native environments based on the Microsoft platform. It requires at least one associate-level security certification (e.g., AZ-500, SC-200, or SC-300) and builds on that knowledge. The certification addresses zero-trust architectures, compliance requirements, identity governance, and infrastructure protection from a strategic perspective. For organizations heavily invested in Microsoft 365 and Azure, SC-100 is valuable proof of expertise; outside the Microsoft ecosystem, its relevance is more limited. The exam will be updated in April 2026.

Cisco Certified Implementation Expert - Security

Breadth across security engineering, architecture, operations, and governance at senior-IC / manager level. The default senior-generalist signal.

Architecture concentration on top of CISSP — trust boundaries, identity / crypto / network composition, defense-in-depth design.

Top-tier CyberArk practitioner — leads complex PAM programs and contributes back to the community.

ISC2 specialization for security architecture. Requires an active CISSP. Focus on GRC, Security Architecture Modeling, Infrastructure Security, and IAM architecture. For senior security architects in enterprise environments.

Offensive-concepts breadth; light on hands-on rigor compared to OSCP.

SECO Secure Programming Foundation

Portswigger Burp Suite Certified Practioner

Mile2 Secure Web Application Engineer

EC Council Certified Application Security Engineer (.NET or Java)

CertNexus Cyber Secure Coder

ISACA certification for Privacy Engineering. Focus on technical implementation of privacy requirements: Privacy Governance, Privacy Architecture, and Data Lifecycle Management. Bridge between privacy and technology.

Privacy engineering, privacy-by-design in products and platforms.

CREST Certified Web Application Tester

CREST Certified Simulated Attack Manager

Secure SDLC, threat modelling, secure architecture across product teams.

F5 Big-IP Certified Administrator

Security-as-code: IaC hardening, CI/CD guardrails, automated cloud response.

GIAC Mobile Device Security Analyst

GIAC Web Application Penetration Tester

Defender-side AppSec — OWASP Top 10, API security, secure design patterns.

Hack the Box Certified Bug Bounty Hunter

Hands-on penetration testing — exploitation, privilege escalation, AD attacks.

Offensive Security Web Assessor

SecOps Group Certified AppSec Practitioner

SANS Security Awareness Professional

CompTIA's SecurityX (formerly CASP+, current exam code CAS-005) is one of the few vendor-neutral advanced certifications for technical security experts without management focus. It deliberately positions itself as a technical alternative to CISSP and is recognized by DoD and US government agencies as an 8570-compliant credential, which is a real advantage in government environments. In the private sector, market perception is mixed: CISSP clearly dominates job postings, but SecurityX provides a credible signal for technically deep skills. The pass/fail format without score disclosure is unusual and criticized by some as lacking transparency. Performance-based questions increase the practical rigor.

Breadth across security engineering, architecture, operations, and governance at senior-IC / manager level. The default senior-generalist signal.

F5 Big-IP Certified Solution Expert - Security

Offensive Security Certified Expert 3

Offensive Security Exploitation Expert

Advanced web application exploitation — whitebox review, vulnerability chain construction.

SECO Secure Programming Certified Leader

Amazon Web Services Certified Solutions Architect - Associate

Microsoft Azure Administrator Associate

Azure-native security engineering: Entra ID, network controls, Defender, Sentinel.

Microsoft Azure Fundamentals

Cloud Native Computing Foundation Certified Kubernetes Administrator

Cloud Native Computing Foundation Certified Kubernetes Application Developer

Cloud Native Computing Foundation Certified Kubernetes Security Specialist

CompTIA Cloud Essentials

GIAC Cloud Security Essentials

Google Associate Cloud Engineer

Cloud Native Computing Foundation Kubernetes and Cloud Native Associate

Microsoft Certified: Security, Compliance, and Identity Fundamentals

Amazon Web Services Certified Cloud Practitioner

The AWS Security Specialty is AWS's most demanding security certification and requires solid practical experience with AWS workloads. It covers a broad spectrum: from IAM and data encryption to incident response, logging, and compliance. The practical relevance is high; pure textbook candidates typically fail. The certification has high market value potential, as it is regarded as proof of quality for security architects in cloud environments. Important: Version SCS-C02 was superseded in December 2025; SCS-C03 is now current.

Amazon Web Services Certified Solutions Architect - Professional

Deep AWS security: IAM, data protection, detection, incident response within AWS primitives.

Mile2 Certified Cloud Security Officer

Cloud security architecture: shared responsibility, identity, data protection, crypto, and cloud-native detection.

CompTIA Cloud+

The CCSK from the Cloud Security Alliance is one of the most widespread vendor-neutral cloud security certifications worldwide. It is based on three core sources: the CSA Security Guidance v4, the ENISA Cloud Computing Risk Assessment, and the CSA Cloud Controls Matrix (CCM). The exam is fully online and open-book — this lowers the entry barrier but also means less practical proof than e.g. CCSP. No professional experience required, no expiration date. Good as an entry point into cloud security and as preparation for the CCSP, but not a strong career building block on its own.

Cloud Security Alliance Cloud Governance & Compliance

EXIN Professional Cloud Administrator

EXIN Professional Cloud Developer

EXIN Professional Cloud Solution Architect

EXIN Professional Cloud Service Manager

EXIN Professional Cloud Security Manager

Fortinet Certified Professional - Public Cloud Security

GIAC Cloud Forensics Responder

GCP-specific security engineering: identity, VPC SC, secrets, logging, compliance.

GIAC Cloud Penetration Tester

Security-as-code: IaC hardening, CI/CD guardrails, automated cloud response.

Google Professional Cloud Architect

Google Professional Cloud Security Engineer

GIAC Public Cloud Security

The Microsoft Certified: Cybersecurity Architect Expert (SC-100) is Microsoft's highest security certification and targets experienced professionals who design security architectures for hybrid and cloud-native environments based on the Microsoft platform. It requires at least one associate-level security certification (e.g., AZ-500, SC-200, or SC-300) and builds on that knowledge. The certification addresses zero-trust architectures, compliance requirements, identity governance, and infrastructure protection from a strategic perspective. For organizations heavily invested in Microsoft 365 and Azure, SC-100 is valuable proof of expertise; outside the Microsoft ecosystem, its relevance is more limited. The exam will be updated in April 2026.

SalesForce Certified Community Cloud Consultant

SecOps Group Certified Cloud Security Practitioner - AWS

Microsoft Azure Solutions Architect Expert

CompTIA's SecurityX (formerly CASP+, current exam code CAS-005) is one of the few vendor-neutral advanced certifications for technical security experts without management focus. It deliberately positions itself as a technical alternative to CISSP and is recognized by DoD and US government agencies as an 8570-compliant credential, which is a real advantage in government environments. In the private sector, market perception is mixed: CISSP clearly dominates job postings, but SecurityX provides a credible signal for technically deep skills. The pass/fail format without score disclosure is unusual and criticized by some as lacking transparency. Performance-based questions increase the practical rigor.

The SecurityOps Group Certified Cloud Pentesting eXpert-AWS

Architecture concentration on top of CISSP — trust boundaries, identity / crypto / network composition, defense-in-depth design.

Microsoft 365 Certified Enterprise Administrator Expert

VMware Certified Design Expert in Datacenter Virtualization

Broad entry-level knowledge across threats, ops, IAM, network, and crypto basics.

Microsoft Azure Administrator Associate

Azure-native security engineering: Entra ID, network controls, Defender, Sentinel.

Day-to-day administration of CyberArk PAM — the dominant enterprise privileged-access platform.

Broad defender fundamentals. Often paired with SANS SEC401.

Okta-specific identity deployment (SSO, MFA, lifecycle).

Entra ID deployment, conditional access, privileged access, identity governance.

Microsoft Certified Information Protection Administrator Associate

Microsoft Certified: Security, Compliance, and Identity Fundamentals

Deep AWS security: IAM, data protection, detection, incident response within AWS primitives.

IMI Certfied Access Management Specialist

Cisco Certified Network Professional - Security

Cloud security architecture: shared responsibility, identity, data protection, crypto, and cloud-native detection.

ISACA certification for Privacy Engineering. Focus on technical implementation of privacy requirements: Privacy Governance, Privacy Architecture, and Data Lifecycle Management. Bridge between privacy and technology.

Identify Management Institute Certified Identify and Access Manager

IDPro Certified Identity Professional

Identify Management Institute Certified Identity Management Professional

IMI Certified Identity and Security Technologist

The CRTO from Zero-Point Security has established itself as one of the most practice-oriented red team certifications on the market. The associated course 'Red Team Ops' focuses on Cobalt Strike, Active Directory attacks, and realistic adversary simulation with OPSEC considerations. The exam format is purely practical and evaluates not only objective achievement but also operational behavior – points are deducted for triggered detections. Particularly attractive is the price-performance ratio compared to SANS certifications, as the course and exam are significantly more affordable. For experienced pentesters looking to develop towards red teaming and C2 deployment, the CRTO is a highly relevant qualification.

Hands-on Active Directory attacker — Kerberos abuse, trust attacks, and lateral movement against a real multi-domain forest.

Vendor-neutral Zero Trust architecture and governance — NIST SP 800-207, ZTA pillars, and program implementation.

Designs and deploys CyberArk PAM at enterprise scale — vault architecture, HA/DR, and complex onboarding.

F5 Big-IP Certified Technical Specialist - Access Policy Manager

Fortinet Certified Solution Specialist - Public Cloud Security

GCP-specific security engineering: identity, VPC SC, secrets, logging, compliance.

GIAC Certified Windows Security Administrator

Hack the Box Certified Penetration Testing Specialist

Hands-on penetration testing — exploitation, privilege escalation, AD attacks.

The OffSec Experienced Penetration Tester (OSEP) is based on the PEN-300 course and addresses advanced techniques around antivirus evasion, Active Directory attacks, and living-off-the-land methods. The fully practical 48-hour exam (47:45 hrs exam + 24 hrs report) in a simulated enterprise environment is the key difference from knowledge-based certifications—it tests real attack capabilities. OSEP is considered credible proof of high-level offensive competence in red team circles, but requires solid OSCP knowledge. Together with OSED and OSWE, OSEP forms the OSCE³ trio.

Palo Alto Networks Certified Network Security Engineer

Hands-on network + AD pentesting with OSINT + reporting.

Designs and engineers SailPoint identity solutions across IdentityIQ and Identity Security Cloud (ISC).

Identity governance and administration (IGA) at enterprise scale.

SalesForce Certified Identity and Access Management Designer

The SSCP is ISC2's entry-level certification below the CISSP and targets technically active security professionals with initial work experience. Since October 2025, the exam uses Computerized Adaptive Testing (CAT), which customizes the exam experience individually and increases integrity. The SSCP covers seven technical domains, from access control through cryptography to network security, and positions itself as practical proof of operational security competence. It is less well-known than Security+ or GSEC, but benefits from ISC2's strong brand and serves well as an intermediate step toward the CISSP. The effort for annual certification maintenance (AMF + CPEs) is moderate.

IMI Certified Identity Governance Expert

Breadth across security engineering, architecture, operations, and governance at senior-IC / manager level. The default senior-generalist signal.

Architecture concentration on top of CISSP — trust boundaries, identity / crypto / network composition, defense-in-depth design.

Multi-forest AD compromise — cross-trust abuse, advanced delegation, and persistence in hardened enterprise environments.

Top-tier CyberArk practitioner — leads complex PAM programs and contributes back to the community.

ISC2 specialization for security architecture. Requires an active CISSP. Focus on GRC, Security Architecture Modeling, Infrastructure Security, and IAM architecture. For senior security architects in enterprise environments.

Microsoft 365 Certified Enterprise Administrator Expert

Day-to-day administration of the market-leading EDR platform — sensor deployment, policy authoring, and detection triage in Falcon.

ASIS Professional Certified Investigator

The BTL1 is one of the most practical entry-level certifications in the defensive area of cybersecurity. The exam is a complete 24-hour incident response scenario in a real lab environment – not a multiple-choice test. For career changers and entry-level professionals, it is a credible proof of competency that offers employers more meaningful value than many purely knowledge-based certificates. The course covers phishing analysis, SIEM, digital forensics, threat intelligence, and incident response. The certificate never expires, making it attractive long-term.

Security Blue Team Level 2

Certified CyberDefender

IACIS Certified Forensic Computer Examiner

EC Council Computer Hacking Forensics Investigator

CREST Practitioner Intrusion Analyst

CREST Registered Intrusion Analyst

CSIAC CyberSecurity Forensic Analyst

ISACA Cybersecurity Practitioner

EC Council Certified Incident Handler

EC Council Disaster Recovery Professional

OpenText EnCase Certified Examiner

Advanced host forensics, memory analysis, timeline reconstruction.

Windows host forensics and digital investigation.

GIAC Cloud Forensics Responder

Incident handling methodology and lifecycle.

GIAC iOS and MacOS Examiner

GIAC Network Forensic Analyst

Active defense and incident response for ICS environments.

SOC operations, alert triage, metrics, SOAR.

Hack the Box Certified Defensive Security Analyst

Offensive Security Defense Analyst

IACIS Certified Advanced Windows Forensic Examiner

Static + dynamic malware analysis, unpacking, custom RE tooling.

The GIAC Security Expert (GSE) is the highest distinction in the GIAC certification system and was fundamentally reformed in 2023/2024: Instead of a single exam, it is now awarded as a portfolio certification. Those who demonstrate six Practitioner and four Applied Knowledge certifications (hands-on, proctored lab exams) automatically receive GSE status. The model enforces genuine breadth and depth – which increases credibility compared to earlier pure knowledge tests. However, the effort (cost, time, multiple exams) is considerable; the GSE is therefore clearly aimed at experienced experts pursuing SANS/GIAC as a career path. In Europe, awareness outside the SANS community is still limited.

ISC2 specialization for security management. Requires CISSP. Focus on Leadership, Risk Management, Security Operations, and Compliance Management. For CISOs and senior security executives.

Security program management, risk, governance, and incident governance. The manager / CISO-track signal.

SOC analyst skills: triage, log analysis, vulnerability management basics.

Introductory course to the MITRE ATT&CK framework. Mandatory prerequisite for all advanced MAD20 tracks. 18 lectures, 1 hands-on lab, 1 range scenario. Covers fundamentals of ATT&CK: tactics, techniques, groups, software and mitigations. Badge upon completion (2 CPE hours).

CREST Practitioner Threat Intelligence Analyst

CREST Registered Threat Intelligence Analyst

EC Council Certified Threat Intelligence Analyst

Structured threat intel production, ATT&CK, analytic tradecraft.

GOAA is GIAC's specialized certification for offensive AI techniques and targets red teamers, penetration testers, and SOC analysts who need to understand and simulate AI-enabled attack tools. It is based on SANS course SEC535 and features GIAC's well-known exam structure with optional CyberLive component (practical lab environment). Strength: GIAC certifications enjoy high credibility in the security industry, and the offensive perspective on AI is a differentiating unique selling point. Weakness: The certification does not cover defensive controls, AI supply chain security, or governance frameworks – it is clearly tailored to offensive specialists and thus addresses only a small segment of the market. At 999 USD exam fee plus additional SANS course costs, the financial investment is substantial.

GIAC Open Source Intelligence

MAD20 track for applying the ATT&CK framework in Cyber Threat Intelligence. 18 lectures, focus on identification, development, analysis and application of ATT&CK-mapped threat intelligence. Badge upon course completion (13 CPE hours).

MAD20 track for Threat Hunting and Detection Engineering with ATT&CK. 28 lectures, complete analytics walkthroughs, 60+ range scenarios. Covers systematic development of detection rules and hunting hypotheses based on ATT&CK techniques. Badge upon completion (9 CPE hours).

Operates and tunes Splunk Enterprise Security — content, correlation searches, notable events, and risk-based alerting.

GIAC Defending Advanced Threats

Entry-level pentest — good first offensive signal.

Offensive-concepts breadth; light on hands-on rigor compared to OSCP.

EXIN Ethical Hacking Foundation

Practical Junior Malware Researcher

SECO Ethical Hacking Foundation

Portswigger Burp Suite Certified Practioner

Mile2 Certified Professional Ethical Hacker

Mile2 Certified Powershell Hacker

Mile2 Certified Penetration Testing Consultant

Mile2 Certified Penetration Testing Engineer

Mile2 Certified Vulnerability Assessor

ISECOM Certified Hacker Analyst

ISECOM Certified Hacker Analyst Trainer

EC Council Certified Penetration Testing Professional

CREST Certified Simulated Attack Specialist

CREST Certified Web Application Tester

CREST Certified Threat Intelligence Manager

CREST Certified Infrastructure Tester

CREST Practitioner Security Analyst

The CREST Registered Penetration Tester is a practical, UK-oriented certification that has established itself as an important industry standard for penetration testers, particularly in the UK market and for organizations with CHECK requirements. Unlike purely theory-based certifications, the CRT exam includes a technical, partially practical component in a controlled test environment. The combination of multiple-choice, flags, and short answers distinguishes CRT from pure CTF formats like OSCP. Outside the UK and Australia, market penetration is limited; internationally, OSCP is significantly better known. However, for testers seeking to work in the UK public sector or at CREST-accredited firms, CRT is effectively mandatory.

The CRTO from Zero-Point Security has established itself as one of the most practice-oriented red team certifications on the market. The associated course 'Red Team Ops' focuses on Cobalt Strike, Active Directory attacks, and realistic adversary simulation with OPSEC considerations. The exam format is purely practical and evaluates not only objective achievement but also operational behavior – points are deducted for triggered detections. Particularly attractive is the price-performance ratio compared to SANS certifications, as the course and exam are significantly more affordable. For experienced pentesters looking to develop towards red teaming and C2 deployment, the CRTO is a highly relevant qualification.

Zero Point Security Red Team Operator II

Hands-on Active Directory attacker — Kerberos abuse, trust attacks, and lateral movement against a real multi-domain forest.

Cyber Struggle Ranger

Cyber Scheme Team Member

Dark Vortex Malware on Steroids

Dark Vortex Offensive Tool Development

Dark Vortex Red Team & Operational Security

eLearnSecurity Certified Professional Penetration Tester

eLearnSecurity Mobile Application Penetration Tester

eLearnSecurity Web Application Penetration Tester

eLearnSecurity Web Application Penetration Tester eXtreme

GIAC Assessing Wireless Networks

GIAC Cloud Penetration Tester

Penetration testing methodology + documentation.

GIAC Red Team Professional

GIAC Web Application Penetration Tester

GIAC Experienced Penetration Tester

Hack the Box Certified Bug Bounty Hunter

Hack the Box Certified Penetration Testing Specialist

Kali Linux Certified Professional

EC Council Licensed Penetration Tester

The most hands-on intensive MAD20 track: Adversary Emulation based on ATT&CK. 30 lectures, 7 hands-on labs, 60+ range scenarios via the ARENAS platform. Covers planning, development and execution of adversary emulation plans. Badge upon completion (21 CPE hours).

MAD20 track for Purple Teaming with ATT&CK methodology. 32 lectures, planning and execution walkthroughs. Covers coordination between red and blue teams using the ATT&CK framework. Badge upon completion (13 CPE hours).

ISECOM OSSTMM Professional Security Tester

Hands-on penetration testing — exploitation, privilege escalation, AD attacks.

Offensive Security Exploit Developer

The OffSec Experienced Penetration Tester (OSEP) is based on the PEN-300 course and addresses advanced techniques around antivirus evasion, Active Directory attacks, and living-off-the-land methods. The fully practical 48-hour exam (47:45 hrs exam + 24 hrs report) in a simulated enterprise environment is the key difference from knowledge-based certifications—it tests real attack capabilities. OSEP is considered credible proof of high-level offensive competence in red team circles, but requires solid OSCP knowledge. Together with OSED and OSWE, OSEP forms the OSCE³ trio.

Offensive Security MacOS Researcher

Offensive Security Web Assessor

Offensive Security Wireless Professional

Pentester Academy Certified Enterprise Security Specialist

Hands-on network + AD pentesting with OSINT + reporting.

SECO Ethical Hacking Practitioner

The SecOps Group Certified AppSec Pentester

The SecOps Group Certified Mobile Pentester - Android

The SecOps Group Certified Mobile Pentester - iOS

The SecOps Group Certified Network Pentester

The SecurityOps Group Certified Cloud Pentesting eXpert-AWS

Mile2 Certified Master Intrusion Prevention Specialist

Multi-forest AD compromise — cross-trust abuse, advanced delegation, and persistence in hardened enterprise environments.

GIAC Exploit Researcher and Advanced Penetration Tester

Hack the Box Certified Web Exploitation Expert

Offensive Security Certified Expert 3

Offensive Security Exploitation Expert

Advanced web application exploitation — whitebox review, vulnerability chain construction.

SECO Ethical Hacker Expert

The SecurityOps Group Certified AppSec Pentesting eXpert

Cyber Scheme Team Leader

SECO Certified Ethical Hacker Leader

Broad entry-level knowledge across threats, ops, IAM, network, and crypto basics.

Foundational SPL fluency — search, filter, and report on Splunk data without breaking it.

Cisco Certified CyberOps Associate Cyber Operations

Day-to-day administration of the market-leading EDR platform — sensor deployment, policy authoring, and detection triage in Falcon.

IBITGQ Cyber Incident Response Management Foundation

SOC analyst skills: triage, log analysis, vulnerability management basics.

Broad defender fundamentals. Often paired with SANS SEC401.

SECO Associate SOC Analyst

The SC-200 is Microsoft's role-based certification for Security Operations – with clear focus on its own product ecosystem (Microsoft Sentinel, Defender XDR, Security Copilot). It is not a vendor-neutral SOC certificate, but specifically validates the ability to detect and respond to threats in Azure and M365 environments. For teams already heavily invested in Microsoft technologies, it is very practical and relevant to the job market. Outside this stack, it loses significant weight. The exam will be updated on April 16, 2026 – candidates should review the current Study Guide.

AccessData Certified Examiner

Deep AWS security: IAM, data protection, detection, incident response within AWS primitives.

The BTL1 is one of the most practical entry-level certifications in the defensive area of cybersecurity. The exam is a complete 24-hour incident response scenario in a real lab environment – not a multiple-choice test. For career changers and entry-level professionals, it is a credible proof of competency that offers employers more meaningful value than many purely knowledge-based certificates. The course covers phishing analysis, SIEM, digital forensics, threat intelligence, and incident response. The certificate never expires, making it attractive long-term.

Security Blue Team Level 2

Mile2 Certified Cybersecurity Analyst

Mile2 Certified Disaster Recovery Engineer

Mile2 Certified Incident Handling Engineer

Mile2 Certified Security Principles

Mile2 Certified Threat Intelligence Analyst

Certified CyberDefender

ISFCE Certified Computer Examiner

ISACA certification for SOC analysts with hybrid exam of multiple choice and performance-based questions. Focus on incident detection, response, and threat analysis. New since 2024.

CertNexus CyberSec First Responder

OpenText Certified Forensic Security Responder

Cisco Certified CyberOps Professional

EC Council Certified Network Defender

CREST Certified Host Intrusion Analyst

CREST Practitioner Intrusion Analyst