Identity & Access Management

AWS Certified Security — Specialty (SCS-C02)

Deep AWS security: IAM, data protection, detection, incident response within AWS primitives.

Microsoft Azure Administrator Associate

Microsoft Azure Administrator Associate

Microsoft Certified: Azure Security Engineer Associate

Azure-native security engineering: Entra ID, network controls, Defender, Sentinel.

IMI Certfied Access Management Specialist

IMI Certfied Access Management Specialist

Cisco Certified Network Professional - Security

Cisco Certified Network Professional - Security

Certified Cloud Security Professional

Cloud security architecture: shared responsibility, identity, data protection, crypto, and cloud-native detection.

Certified Data Privacy Solutions Engineer

ISACA certification for Privacy Engineering. Focus on technical implementation of privacy requirements: Privacy Governance, Privacy Architecture, and Data Lifecycle Management. Bridge between privacy and technology.

Identify Management Institute Certified Identify and Access Manager

Identify Management Institute Certified Identify and Access Manager

IDPro Certified Identity Professional

IDPro Certified Identity Professional

IMI Certified Identity Governance Expert

IMI Certified Identity Governance Expert

Identify Management Institute Certified Identity Management Professional

Identify Management Institute Certified Identity Management Professional

Certified Information Systems Security Professional

Breadth across security engineering, architecture, operations, and governance at senior-IC / manager level. The default senior-generalist signal.

CISSP Information Systems Security Architecture Professional

Architecture concentration on top of CISSP — trust boundaries, identity / crypto / network composition, defense-in-depth design.

IMI Certfied Identity and Security Technologist

IMI Certified Identity and Security Technologist

Certified Red Team Expert

Multi-forest AD compromise — cross-trust abuse, advanced delegation, and persistence in hardened enterprise environments.

Zero Point Security Certified Red Team Operator

The CRTO from Zero-Point Security has established itself as one of the most practice-oriented red team certifications on the market. The associated course 'Red Team Ops' focuses on Cobalt Strike, Active Directory attacks, and realistic adversary simulation with OPSEC considerations. The exam format is purely practical and evaluates not only objective achievement but also operational behavior – points are deducted for triggered detections. Particularly attractive is the price-performance ratio compared to SANS certifications, as the course and exam are significantly more affordable. For experienced pentesters looking to develop towards red teaming and C2 deployment, the CRTO is a highly relevant qualification.

Certified Red Team Professional

Hands-on Active Directory attacker — Kerberos abuse, trust attacks, and lateral movement against a real multi-domain forest.

Certified Zero Trust (CCZT)

Vendor-neutral Zero Trust architecture and governance — NIST SP 800-207, ZTA pillars, and program implementation.

CyberArk Defender — PAM (CDE-PAM)

Day-to-day administration of CyberArk PAM — the dominant enterprise privileged-access platform.

CyberArk Guardian — PAM

Top-tier CyberArk practitioner — leads complex PAM programs and contributes back to the community.

CyberArk Sentry — PAM

Designs and deploys CyberArk PAM at enterprise scale — vault architecture, HA/DR, and complex onboarding.

F5 Big-IP Certified Technical Specialist - Access Policy Manager

F5 Big-IP Certified Technical Specialist - Access Policy Manager

Fortinet Certified Solution Specialist - Public Cloud Security

Fortinet Certified Solution Specialist - Public Cloud Security

Google Cloud Certified — Professional Cloud Security Engineer

GCP-specific security engineering: identity, VPC SC, secrets, logging, compliance.

GIAC Certified Windows Security Administrator

GIAC Certified Windows Security Administrator

GIAC Security Essentials

Broad defender fundamentals. Often paired with SANS SEC401.

Hack the Box Certified Penetration Testing Specialist

Hack the Box Certified Penetration Testing Specialist

Information Systems Security Architecture Professional

ISC2 specialization for security architecture. Requires an active CISSP. Focus on GRC, Security Architecture Modeling, Infrastructure Security, and IAM architecture. For senior security architects in enterprise environments.

Microsoft 365 Certified Enterprise Administrator Expert

Microsoft 365 Certified Enterprise Administrator Expert

Okta-specific identity deployment (SSO, MFA, lifecycle).

Offensive Security Certified Professional

Hands-on penetration testing — exploitation, privilege escalation, AD attacks.

Offensive Security Experienced Penetration Tester

The OffSec Experienced Penetration Tester (OSEP) is based on the PEN-300 course and addresses advanced techniques around antivirus evasion, Active Directory attacks, and living-off-the-land methods. The fully practical 48-hour exam (47:45 hrs exam + 24 hrs report) in a simulated enterprise environment is the key difference from knowledge-based certifications—it tests real attack capabilities. OSEP is considered credible proof of high-level offensive competence in red team circles, but requires solid OSCP knowledge. Together with OSED and OSWE, OSEP forms the OSCE³ trio.

Palo Alto Networks Certified Network Security Engineer

Palo Alto Networks Certified Network Security Engineer

Practical Network Penetration Tester

Hands-on network + AD pentesting with OSINT + reporting.

SailPoint Certified Identity Security Engineer

Designs and engineers SailPoint identity solutions across IdentityIQ and Identity Security Cloud (ISC).

Identity governance and administration (IGA) at enterprise scale.

Microsoft Certified: Identity and Access Administrator Associate

Entra ID deployment, conditional access, privileged access, identity governance.

Microsoft Certified Information Protection Administrator Associate

Microsoft Certified Information Protection Administrator Associate

Microsoft Certified: Security, Compliance, and Identity Fundamentals

Microsoft Certified: Security, Compliance, and Identity Fundamentals

CompTIA Security+

Broad entry-level knowledge across threats, ops, IAM, network, and crypto basics.

SalesForce Certified Identity and Access Management Designer

SalesForce Certified Identity and Access Management Designer

(ISC)2 Systems Security Certified Practitioner

The SSCP is ISC2's entry-level certification below the CISSP and targets technically active security professionals with initial work experience. Since October 2025, the exam uses Computerized Adaptive Testing (CAT), which customizes the exam experience individually and increases integrity. The SSCP covers seven technical domains, from access control through cryptography to network security, and positions itself as practical proof of operational security competence. It is less well-known than Security+ or GSEC, but benefits from ISC2's strong brand and serves well as an intermediate step toward the CISSP. The effort for annual certification maintenance (AMF + CPEs) is moderate.