There is an appreciable number of available, high-quality certification programs that focus on digital investigations and forensics. However, there are also many certifications and programs in this area that are far less transparent and widely known.

There’s been a steady demand for digital forensics certifications for the past several years, mainly owing to the following:

• Computer crime continues to escalate. As more cybercrimes are reported, more investigations and qualified investigators are needed. This is good news for law enforcement and private investigators who specialize in digital forensics.
• There’s high demand for qualified digital forensics professionals because nearly every police department needs trained candidates with suitable credentials.
• IT professionals interested in working for the federal government (either as full-time employees or private contractors) must meet certain minimum training standards in information security. Digital forensics qualifies as part of the mix needed to meet them, which further adds to the demand for certified digital forensics professionals.

As a result, there is a continuing rise of companies that offer digital forensics training and certifications. Alas, many of these are “private label” credentials that are not well recognized. Making sense of all options and finding the right certification for you may be trickier than it seems.

To help choose our top five certifications for 2019, we looked at several popular online job boards to determine the number of advertised positions that require these certifications. While the real results vary from day to day and by job board, this should supply you an idea of the number of digital forensic jobs with specific certification requirements.

Job board search results (in alphabetical order, by certification)*

*We covered two GIAC credentials, presented together in a single GIAC section below.

Digital forensics is a relatively lucrative space for practitioners. The average salary for intermediate digital forensic jobs in the U.S. – $63,959, according to SimpyHired – trails that of network engineers, system administrators and project managers. However, a senior specialist or forensic analyst, whether working in the private industry or government channels, will often earn six figures in major metro areas. We found salaries on the high end running almost $107,000 for forensic analysts and more than $127,000 for digital forensic roles.

ACE: AccessData Certified Examiner

AccessData is the maker of the popular Forensic Toolkit (FTK) solution for digital investigations. The company also offers a variety of related products and services, such as AD Lab, AD eDiscovery, AD Enterprise and AD Triage.

The AccessData Certified Examiner (ACE) is worth pursuing for those who already use or plan to use FTK, which enjoys widespread use in law enforcement and private research and consulting firms. The certification requires one exam, which covers the FTK Imager, Registry Viewer, PRTK (Password Recovery Toolkit) and FTK Examiner Application/Case Management Window tools in detail. AccessData recommends basic to moderate forensic knowledge before attempting the exam. This includes an understanding of digital artifacts, Registry files, encrypting and decrypting files, hashing, attack types, using live and index searching, and other topics. See the latest ACE Study Guide for details.

Recertification is required every two years. Credential holders must pass the current ACE exam, which focuses on the most current versions of FTK and other tools, to maintain their credentials.

ACE facts and figures

CFCE: Certified Forensic Computer Examiner

The International Association of Computer Investigative specialists (IACIS) is the organization behind the Certified Forensic Computer Examiner (CFCE) credential. This organization caters primarily to law enforcement personnel, and you must be employed in law enforcement to qualify for regular IACIS membership.

A formal application form, along with an application fee, is necessary to join IACIS. Regular membership includes current computer/digital forensic practitioners who are current or former government or law enforcement employees or forensic contractors to a government agency. All other practitioners can apply for Associate membership to IACIS, provided they can pass a background check. Membership fees and annual renewal fees are required. IACIS membership is not required to obtain the CFCE credential.

To obtain the CFCE credential, candidates must demonstrate proficiency with CFCE core competencies. One option is IACIS’ Basic Computer Forensic Examiner (BCFE) two-week training course; it meets the 72-hour training requirement, costs $2,995, includes a free laptop and waives the IACIS membership fee for nonmembers. IACIS membership is required to attend the course. Candidates completing the training course can enroll directly in the CFCE program upon completion of the course. Those not attending the BCFE course may meet the 72-hour training requirement with a comparable course (subject to IACIS approval), pay a $750 registration fee, and successfully pass a background check to enroll in the CFCE program and sit for the exam.

The CFCE test is a two-step testing process that includes a peer review and CFCE certification testing:

1. The peer review consists of accepting and completing four assigned practical problems based on core knowledge and skills areas for the credential. These must be solved and then presented to a mentor for initial evaluation (and assistance, where needed) before being presented for peer review. Candidates have 30 days to complete each of the practical problems.
2. Upon successful conclusion of the peer review, candidates automatically progress to the certification phase.
   • Candidates must begin work on a hard-drive practical problem within seven days of the completion of the peer review phase. Forty days are allotted to candidates to independently analyze and report upon a forensic image of a hard drive provided to them. Following specific instructions, a written report is prepared to document the candidate’s activities and findings.
   • Once that report is accepted and passed, the process concludes with a 100-question written test (which includes true/false, multiple-choice, matching and short-answer questions). Candidates have 14 days to complete the written examination. A passing score of 80 percent or better is required for both the forensic report and the written test to earn the CFCE.

Upon completion of both the peer review and the certification phase, candidates must submit a notarized form certifying that the practical and written exams were completed independently without assistance from anyone else.

Certificants must recertify every three years to maintain the CFCE credential. Recertification requires proof of at least 40 hours of professional education, a passing score on a proficiency test in the third year, proof of computer/digital forensics work experience, or passing scores on three proficiency tests within three years, and either three years of IACIS membership or payment of a $150 recertification fee.

Despite the time and expense involved in earning a CFCE, this credential has high value and excellent name recognition in the computer forensics field. Many forensics professionals consider the CFCE a necessary merit badge to earn, especially for those who work in or for law enforcement.

CFCE facts and figures

CHFI: Computer Hacking Forensic Investigator

The EC-Council is a well-known training and certification organization that specializes in the areas of anti-hacking, digital forensics and penetration testing. The organization’s Computer Hacking Forensic Investigator (CHFI) certification emphasizes forensics tools, analytical techniques, and procedures involved in obtaining, maintaining, and presenting digital forensic evidence and data in a court of law.

The EC-Council offers training for this credential but permits candidates to challenge the test without taking the course, provided they have a minimum of two years of information security experience and pay a non-refundable $100 eligibility application fee.

The CHFI course covers a wide range of Topics and tools (click the test Blueprint button on the certification webpage). Topics include an overview of digital forensics, in-depth coverage of the computer forensics investigation process, working with digital evidence, anti-forensics, database and cloud forensics, investigating network traffic, mobile and email forensics, and ethics, policies and regulations. Courseware is available, as well as instructor-led classroom training.

The EC-Council offers numerous other certifications of potential value to readers interested in the CHFI. These include the Certified Ethical Hacker (CEH), CEH (Practical), EC-Council Certified Security Analyst (ECSA), ECSA Practical, Certified Network Defender (CND) and Licensed Penetration Tester (LPT), Certified Application Security Engineer (CASE), and Certified Chief Information Security Officer (CCISO). It also offers credentials in related areas such as disaster recovery, encryption and security analysis. Visit the EC-Council site for more info on its popular and respected credentials.

CHFI facts and figures

EnCe: EnCase Certified Examiner

Guidance Software, acquired by OpenText in 2017, is a leader in the forensics tools and services arena. Its well-known and widely used EnCase Forensic software helps professionals acquire data from many different types of devices, complete disk-level examinations and produce reports of their findings. The company also sells software for remote investigations (EnCase Endpoint Investigator), eDiscovery, risk management, mobile investigations and endpoint security.

The company’s certification program includes the Certified Forensic Security Responder (CFSR), EnCase Certified eDiscovery Practitioner (EnCEP) and EnCase Certified Examiner (EnCe). Available to professionals in the public and private sector, the EnCE recognizes an individual’s proficiency using EnCase Forensic software and mastery of computer investigation methodology, including evidence collection, preservation, file verification, file signatures and hashing, first responder activities, and much more.

To achieve EnCe certification, candidates must show proof of a minimum of 64 hours of authorized computer forensic training or 12 months of qualified work experience, complete an application, and then successfully complete a two-phase test that includes a written and practical portion.

EnCE certifications are valid for three years from the date obtained. Recertification requires one of the following:

• 32 credit hours of continuing education in computer forensics or incident response
• A computer forensics or incident response-related certification
• Attendance at an Enfuse conference (at least 10 sessions)

EnCE facts and figures

GCFA And GCFE Certifications

SANS is the organization behind the Global Information Assurance Certification (GIAC) program. It is a well-respected and highly regarded player in the information security field in general. SANS not only teaches and researches in this area, it also provides breaking news, operates a security alert service, and serves on all kinds of government, research and academic information security task forces, working groups, and industry organizations.

The organization’s incident response and forensics credentials include the following:

• GIAC Certified Forensic Examiner (GCFE)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Reverse Engineering Malware (GREM)
• GIAC Network Forensic Analyst (GNFA)
• GIAC Advanced Smartphone Forensics (GASF)
• GIAC Cyber Threat Intelligence (GCTI)

The intermediate GCFE and the more senior GCFA are the focus of this section. Neither credential requires taking SANS courses (which have a strong reputation for being among the best in the cybersecurity community, with high-powered instructors to match), but they are recommended to candidates and often offered before, during or after SANS conferences held around the U.S. at regular intervals.

Both the GCFE and GCFA focus on computer forensics in the context of investigation and incident response, and thus also focus on the skills and knowledge needed to collect and analyze data from Windows and/or Linux computer systems during such activities. Candidates must possess the necessary skills, knowledge, and ability to conduct formal incident investigations and advanced incident handling, including dealing with internal and external data breaches, intrusions, and cyberthreats; collecting and preserving evidence; understanding anti-forensic techniques; and building and documenting advanced digital forensic cases.

Most SANS GIAC credentials are valid for four years. Candidates may recertify for the GCFE and GCFA by earning 36 continuing professional experience (CPE) credits. In addition, credential holders must pay a certification maintenance fee of $429 every four years.

The SANS GIAC program encompasses more than 36 information security certifications across a broad range of Topics and disciplines. IT professionals interested in information security in general, as well as digital forensics, would be well advised to investigate further on the GIAC homepage.

GCFE and GCFA facts and figures

Beyond the top 5: More digital forensics certifications

There are lots of other certification programs that can help to further the careers of IT professionals who work in digital forensics.

One certification we’ve featured in the past is the CyberSecurity Institute’s CyberSecurity Forensic Analyst (CSFA). The CyberSecurity Institute provides digital forensic services aimed at law firms, businesses and individuals, and administers a small but well-respected certification program. The CSFA is designed for security professionals with at least two years of experience performing digital forensic analysis on computers and devices running the Windows operating system and creating investigative reports. Although the certification didn’t generate as many job board hits as our other featured certifications, the CSFA is still worth your attention.

The same goes for the Certified Computer Examiner (CCE) from the International Society of Forensic Computer Examiners, also known as ISFCE. The CCE is well recognized in the industry and in the law enforcement community as a leading credential for digital forensics professionals, but it fell a little short on job board hits during our review this year.

Other good certifications include the Professional Certified Investigator (PCI), a senior-level, vendor-neutral computer investigations and forensics credential available through ASIS International. The organization also offers the Certified Protection Professional (CPP), which includes an investigation component, and the Physical Security Professional (PSP) in its certification program. Forensics candidates can also pursue one of the High Tech Crime Network vendor-neutral certifications – the Certified Computer Crime Investigator or Certified Computer Forensic Technician, both of which have a Basic and an Advanced credential.

If you look around online, you’ll find numerous other forensics hardware and software vendors that offer certifications and plenty of other organizations that didn’t make the cut for the 2019 list of the best digital forensics certifications. But before you wander outside the items mentioned in this article, you might want to research the sponsoring organization’s history and the number of people who’ve earned its credentials, and then determine whether the sponsor not only requires training but stands to profit from its purchase.

You might also want to ask a practicing digital forensics professional if they’ve heard of the certifications you found on your own and, if so, what that professional thinks of those offerings.

100 Elite Ethical Hackers Inducted into EC-Council's 2023 Certified Ethical Hacker (C|EH) Hall of Fame

Top Cybersecurity Professionals from 50 Nations Recognized for their Industry Accomplishments and Excellence as Ethical Hackers

Today EC-Council announced it has inducted the top 100 Certified Ethical Hackers from around the world into their 2023 Certified Ethical Hacker (C|EH) Hall of Fame. Selected from over 3,000 applicants in 50 countries worldwide, each honoree was required to have passed the Certified Ethical Hacker test with a score of at least 90%. These inductees were chosen based on their accomplishments across 26 different industries.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20230216005048/en/

(Graphic: Business Wire)

The announcement comes on the heels of a year that saw a marked uptick in global cybercrime as well as an increasingly acute shortage of skilled cybersecurity workers. Despite calls from governments and industries worldwide for more skilled cybersecurity workers, many nations currently have as many as 50% of their cybersecurity positions unfilled. The C|EH program provides fundamental training in cybersecurity, with many national governments and industries mandating the certificate for numerous cyber jobs.

“The need for a trained-up cybersecurity workforce has reached a tipping point, with huge numbers of open positions on the one hand and an increasingly complex threat environment on the other,” said Jay Bavisi, Founder and CEO of EC-Council. “Securing our businesses and government agencies around the world requires trained cyber professionals, and the ability of those professionals to think like a hacker and take appropriate measures is critical to that training. This year’s C|EH Hall of Fame inductees include the best of the best in cybersecurity talent, and there’s much we can learn from them.”

The Certified Ethical Hacker program provides a means of training cybersecurity professionals and ensuring their capabilities. 97% of ethical hackers surveyed found the C|EH training directly relevant to their work defending their organizations’ assets. The C|EH program is widely recognized for its comprehensive curriculum, which is one of the reasons why ethical hacker skills have broad applications across a wide range of organizations. More than 88% of the Hall of Fame inductees consider the C|EH program to have the most comprehensive curriculum in the industry.

A critical aspect of being prepared to handle emerging cybersecurity threats is having real experience working with them. One of the key ingredients in the C|EH training curriculum is the cyber lab, which gives participants a way to safely gain hands-on experience that closely parallels the high-stakes experiences of cybersecurity professionals engaged in active combat. “The C|EH is a foundational course for offensive and defensive security professionals,” said newly inducted Hall of Famer Ramin Nafisi, a security researcher at Microsoft. “It covers a broad range of comprehensive, fundamental, and relevant security assessment Topics possessed by computer and network security practitioners.”

The cybersecurity landscape is continuously evolving, with new challenges presented by cloud, robotics, mobile, and AI technologies. Ransomware alone grew by 41% compared to the year prior, according to a 2022 IBM study.

The impact of the C|EH training has proven to yield tangible, quantifiable benefits to the organizations that employ ethical hackers. As Hall of Famer Guerrino Mazzarolo, an IT manager for NATO in Belgium, said, “I developed and implemented organization security strategies and frameworks that reduced insider security-related breaches by 20% compared to reports for the last three years.”

The ethical hackers who were inducted into the Hall of Fame are practitioners on organizations’ front lines. “My team performed over 800 cybersecurity missions while achieving a 99.8% operational readiness rating,” said inductee Stephen Reid, a security engineer in the U.S. Army.

Many of the inductees spoke about the impact their C|EH credentials had on their careers. 97% said they chose the C|EH at least partly because the certification would facilitate career growth. More than half of this year’s Hall of Fame inductees were able to point to a promotion received after earning their C|EH certificate. 92% of the hiring managers surveyed for the Hall of Fame report said they prefer candidates with the C|EH certification for positions requiring ethical hacking skills.

To view the full report, including all survey data and references, see Leading the Ethical Hacking Community in 2023: The 2023 C|EH Hall of Fame Annual Report.

ABOUT EC-COUNCIL

Founded in 2001 in response to 9/11, EC-Council invented the Certified Ethical Hacker. EC-Council's mission is to provide training and certifications for both aspiring and experienced cybersecurity professionals to help keep corporations, government agencies and others who employ them safe from attack.

Today, EC-Council offers 200 different training programs, certifications, and degrees in everything from Digital Forensic Investigation and Security Analysis to Threat Intelligence and Information Security. An ISO/IEC 17024 Accredited Organization recognized under the U.S. Defense Department Directive 8140/8570 and many other authoritative cybersecurity bodies worldwide, the company has certified 50,000 professionals across the globe. Trusted by seven of the Fortune 10, half of the Fortune 100, and the intelligence communities of 140 nations, EC-Council is the gold standard in cybersecurity education and certification.

A truly global organization with a driving belief in bringing diversity, equity and inclusion to the modern cybersecurity workforce, EC-Council maintains 11 offices in the U.S., the U.K., India, Malaysia, Singapore, and Indonesia. The company can be reached online at https://www.eccouncil.org/

press@eccouncil.org

View source version on businesswire.com: https://www.businesswire.com/news/home/20230216005048/en/

• The U.S. job market has almost 600,000 openings requesting cybersecurity-related skills. 
• Employers are struggling to fill these openings due to a general cyber-skill shortage, with many openings remaining vacant each year. 
• When evaluating prospective information-security candidates, employers should look for certifications as an important measure of excellence and commitment to quality.
• This article is for business owners looking to hire cybersecurity experts, or for individuals interested in pursuing a cybersecurity career. 

Cybersecurity is one of the most crucial areas for ensuring a business’s success and longevity. With cyberattacks growing in sophistication, it’s essential for business owners to protect their companies by hiring qualified cybersecurity experts to manage this aspect of their business. The best candidates will have a certification in information security and cybersecurity. This guide breaks down the top certifications and other guidance you’ll need to make the right hire for your company. It’s also a great primer for individuals who are embarking on a cybersecurity career.

Best information security and cybersecurity certifications

When evaluating prospective InfoSec candidates, employers frequently look to certification as an important measure of excellence and commitment to quality. We examined five InfoSec certifications we consider to be leaders in the field of information security today.

This year’s list includes entry-level credentials, such as Security+, as well as more advanced certifications, like Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA). According to CyberSeek, more employers are seeking CISA, CISM and CISSP certification holders than there are credential holders, which makes these credentials a welcome addition to any certification portfolio.

Absent from our list of the top five is SANS GIAC Security Essentials (GSEC). Although this certification is still a very worthy credential, the job board numbers for CISA were so solid that it merited a spot in the top five. Farther down in this guide, we offer some additional certification options because the field of information security is both wide and varied.

1. CEH: Certified Ethical Hacker

The CEH (ANSI) certification is an intermediate-level credential offered by the International Council of E-Commerce Consultants (EC-Council). It’s a must-have for IT professionals who are pursuing careers in white hat hacking and certifies their competence in the five phases of ethical hacking: reconnaissance, enumeration, gaining of access, access maintenance and track covering. 

CEH credential holders possess skills and knowledge of hacking practices in areas such as footprinting and reconnaissance, network scanning, enumeration, system hacking, Trojans, worms and viruses, sniffers, denial-of-service attacks, social engineering, session hijacking, web server hacking, wireless networks and web applications, SQL injection, cryptography, penetration testing, IDS evasion, firewalls and honeypots. CEH V11 provides a remapping of the course to the NIST/NICE framework’s Protect and Defend (PR) job role category, as well as an additional focus on emerging threats in cloud, OT and IT security, such as fileless malware.

To obtain a CEH (ANSI) certification, candidates must pass one exam. A comprehensive five-day CEH training course is recommended, with the test presented at the course’s conclusion. Candidates may self-study for the test but must submit documentation of at least two years of work experience in information security with employer verification. Self-study candidates must also pay an additional $100 application fee. Education may be substituted for experience, but this is evaluated on a case-by-case basis. Candidates who complete any EC-Council-approved training (including with the iClass platform, academic institutions or an accredited training center) do not need to submit an application prior to attempting the exam.

Because technology in the field of hacking changes almost daily, CEH credential holders are required to obtain 120 continuing-education credits for each three-year cycle.

Once a candidate obtains the CEH (ANSI) designation, a logical progression on the EC-Council certification ladder is the CEH (Practical) credential. The CEH (Practical) designation targets the application of CEH skills to real-world security audit challenges and related scenarios. To obtain the credential, candidates must pass a rigorous six-hour practical examination. Conducted on live virtual machines, candidates are presented 20 scenarios with questions designed to validate a candidate’s ability to perform tasks such as vulnerability analysis, identification of threat vectors, web app and system hacking, OS detection, network scanning, packet sniffing, steganography and virus identification. Candidates who pass both the CEH (ANSI) and the CEH (Practical) exams earn the CEH (Master) designation.

CEH facts and figures

Certified Ethical Hacker (CEH) training

While EC-Council offers both instructor-led and online training for its CEH certification, IT professionals have plenty of other options for self-study materials, including video training, practice exams and books.

Pluralsight currently offers an ethical-hacking learning path geared toward the 312-50 exam. With a monthly subscription, you get access to all of these courses, plus everything else in Pluralsight’s training library. Through Pluralsight’s learning path, students can prepare for all of the domains covered in the CEH exam.  

CyberVista offers a practice test for the CEH 312-50 certification that includes several sets of exam-like questions, custom quizzes, flash cards and more. An test prep subscription for 180 days costs $149 and gives candidates access to online study materials, as well as the ability to get the materials for offline study. Backed by its “pass guarantee,” CyberVista is so confident its practice test will prepare you for the CEH test that the company will refund its practice questions costs if you don’t pass.

FYI: Besides certifications in information security and cybersecurity, the best IT certifications cover areas such as disaster recovery, virtualization and telecommunications.

2. CISM: Certified Information Security Manager

The CISM certification is a top credential for IT professionals who are responsible for managing, developing and overseeing information security systems in enterprise-level applications or for developing organizational security best practices. The CISM credential was introduced to security professionals in 2003 by the Information Systems Audit and Control Association (ISACA).

ISACA’s organizational goals are specifically geared toward IT professionals who are interested in the highest-quality standards with respect to the auditing, control and security of information systems. The CISM credential targets the needs of IT security professionals with enterprise-level security management responsibilities. Credential holders possess advanced and proven skills in security risk management, program development and management, governance, and incident management and response.

Holders of the CISM credential, which is designed for experienced security professionals, must agree to ISACA’s code of ethics, pass a comprehensive examination, possess at least five years of experience in information security management, comply with the organization’s continuing education policy and submit a written application. Some combinations of education and experience may be substituted for the full experience requirement.

The CISM credential is valid for three years, and credential holders must pay an annual maintenance fee of $45 (ISACA members) or $85 (nonmembers). Credential holders are also required to obtain a minimum of 120 continuing professional education (CPE) credits over the three-year term to maintain the credential. At least 20 CPE credits must be earned every year.

CISM facts and figures

Other ISACA certification program elements

In addition to CISM, ISACA offers numerous certifications for those interested in information security and best practices. Other credentials worth considering include the following:

• Certified Information Systems Auditor (CISA)
• Certified in the Governance of Enterprise IT (CGEIT)
• Certified in Risk and Information Systems Control (CRISC)

The CISA designation was created for professionals working with information systems auditing, control or security and is popular enough with employers to earn it a place on the leaderboard. The CGEIT credential targets IT professionals working in enterprise IT management, governance, strategic alignment, value delivery, and risk and resource performance management. IT professionals who are seeking careers in all aspects of risk management will find that the CRISC credential nicely meets their needs.

Certified Information Security Manager (CISM) training

Pluralsight offers a CISM learning path containing five courses and 17 hours of instruction. The courses cover the domains addressed in the exam, but the learning path is aimed at the CISM job practice areas. 

CyberVista offers a CISM online training course in both live and on-demand formats. The course includes more than 16 hours of training videos, supplementary lessons, custom quizzes, practice test questions and access to experts through the instructor. As with other CyberVista courses, the CISM training course comes with a “pass guarantee.” 

Did you know?: According to CyberSeek, there are enough workers to fill only 68% of the cybersecurity job openings in the U.S. A cybersecurity certification is an important way to demonstrate the knowledge and ability to succeed in these job roles.

3. CompTIA Security+

CompTIA’s Security+ is a well-respected, vendor-neutral security certification. Security+ credential holders are recognized as possessing superior technical skills, broad knowledge and expertise in multiple security-related disciplines.

Although Security+ is an entry-level certification, the ideal candidates possess at least two years of experience working in network security and should consider first obtaining the Network+ certification. IT pros who obtain this certification have expertise in areas such as threat management, cryptography, identity management, security systems, security risk identification and mitigation, network access control, and security infrastructure. The CompTIA Security+ credential is approved by the U.S. Department of Defense to meet Directive 8140/8570.01-M requirements. In addition, the Security+ credential complies with the standards for ISO 17024.

The Security+ credential requires a single exam, currently priced at $381. (Discounts may apply to employees of CompTIA member companies and full-time students.) Training is available but not required.

IT professionals who earned the Security+ certification prior to Jan. 1, 2011, remain certified for life. Those who certify after that date must renew the certification every three years to stay current. To renew, candidates must obtain 50 continuing-education units (CEUs) or complete the CertMaster CE online course prior to the expiration of the three-year period. CEUs can be obtained by engaging in activities such as teaching, blogging, publishing articles or whitepapers, and participating in professional conferences and similar activities.

CompTIA Security+ facts and figures

CompTIA Security+ training

You’ll find several companies offering online training, instructor-led and self-study courses, practice exams and books to help you prepare for and pass the Security+ exam.

Pluralsight offers a Security+ learning path as a part of its monthly subscription plan for the latest SY0-601 exam. Split into six sections, the training series is more than 24 hours long and covers attacks, threats and vulnerabilities; architecture and design; implementation of secure solutions; operations and incident response; and governance, risk and compliance.

CyberVista offers a Security+ practice test so you can test your security knowledge before attempting the SY0-601 exam. The test comes with a 180-day access period and includes multiple sets of test questions, key concept flash cards, access to InstructorLink experts, a performance tracker and more. As with CyberVista’s other offerings, this practice test comes with a “pass guarantee.”

4. CISSP: Certified Information Systems Security Professional

CISSP is an advanced-level certification for IT pros who are serious about careers in information security. Offered by the International Information Systems Security Certification Consortium, known as (ISC)2 (pronounced “ISC squared”), this vendor-neutral credential is recognized worldwide for its standards of excellence.

CISSP credential holders are decision-makers who possess the expert knowledge and technical skills necessary to develop, guide and manage security standards, policies and procedures within their organizations. The CISSP certification continues to be highly sought after by IT professionals and is well recognized by IT organizations. It is a regular fixture on most-wanted and must-have security certification surveys.

CISSP is designed for experienced security professionals. A minimum of five years of experience in at least two of (ISC)2’s eight common body of knowledge (CBK) domains, or four years of experience in at least two of (ISC)2’s CBK domains and a college degree or an approved credential, is required for this certification. The CBK domains are security and risk management, asset security, security architecture and engineering, communications and network security, identity and access management, security assessment and testing, security operations, and software development security.

(ISC)2 also offers three CISSP concentrations targeting specific areas of interest in IT security:

• Architecture (CISSP-ISSAP)
• Engineering (CISSP-ISSEP)
• Management (CISSP-ISSMP)

Each CISSP concentration test is $599, and credential seekers must currently possess a valid CISSP.

An annual fee of $125 is required to maintain the CISSP credential. Recertification is required every three years. To recertify, candidates must earn 40 CPE credits each year, for a total of 120 CPE credits within the three-year cycle.

CISSP facts and figures

Certified Information Systems Security Professional (CISSP) training

Given the popularity of the CISSP certification, there is no shortage of available training options. These include classroom-based training offered by (ISC)2, as well as online video courses, practice exams and books from third-party companies.

Pluralsight’s CISSP learning path includes 12 courses and 25 hours of e-learning covering the security concepts required for the certification exam. Available for a low monthly fee, the CISSP courses are part of a subscription plan that gives IT professionals access to Pluralsight’s complete library of video training courses.

When you’re ready to test your security knowledge, you can take a simulated test that mimics the format and content of the real CISSP exam. Udemy offers CISSP practice questions to help you prepare for this challenging exam.

5. CISA: Certified Information Systems Auditor

ISACA’s globally recognized CISA certification is the gold standard for IT workers seeking to practice in information security, audit control and assurance. Ideal candidates can identify and assess organizational threats and vulnerabilities, assess compliance, and provide guidance and organizational security controls. CISA-certified professionals demonstrate knowledge and skill across the CISA job practice areas of auditing, governance and management, acquisition, development and implementation, maintenance and service management, and asset protection.

To earn the CISA certification, candidates must pass one exam, submit an application, agree to the code of professional ethics, agree to the CPE requirements and agree to the organization’s information systems auditing standards. In addition, candidates must possess at least five years of experience working with information systems. Some substitutions for education and experience with auditing are permitted.

To maintain the CISA certification, candidates must earn 120 CPE credits over a three-year period, with a minimum of 20 CPE credits earned annually. Candidates must also pay an annual maintenance fee ($45 for members; $85 for nonmembers).

CISA facts and figures

Certified Information Systems Auditor (CISA) training

Training opportunities for the CISA certification are plentiful. Udemy offers more than 160 CISA-related courses, lectures, practice exams, question sets and more. On Pluralsight, you’ll find 12 courses with 27 hours of information systems auditor training covering all CISA job practice domains for the CISA job practice areas.

Beyond the top 5: More cybersecurity certifications

In addition to these must-have credentials, many other certifications are available to fit the career needs of any IT professional interested in information security. Business owners should consider employing workers with these credentials as well.

• The SANS GIAC Security Essentials (GSEC) certification remains an excellent entry-level credential for IT professionals seeking to demonstrate that they not only understand information security terminology and concepts but also possess the skills and technical expertise necessary to occupy “hands-on” security roles.
• If you find incident response and investigation intriguing, check out the Logical Operations CyberSec First Responder (CFR) certification. This ANSI-accredited and U.S. DoD-8570-compliant credential recognizes security professionals who can design secure IT environments, perform threat analysis, and respond appropriately and effectively to cyberattacks. Logical Operations also offers other certifications, including Master Mobile Application Developer (MMAD), Certified Virtualization Professional (CVP), Cyber Secure Coder and CloudMASTER.
• The associate-level Cisco Certified CyberOps Associate certification is aimed at analysts in security operations centers at large companies and organizations. Candidates who qualify through Cisco’s global scholarship program may receive free training, mentoring and testing to help them achieve a range of entry-level to expert certifications that the company offers. CompTIA Cybersecurity Analyst (CySA+), which launched in 2017, is a vendor-neutral certification designed for professionals with three to four years of security and behavioral analytics experience.
• The Identity Management Institute offers several credentials for identity and access management, data protection, identity protection, identity governance and more. The International Association of Privacy Professionals (IAPP), which focuses on privacy, has a small but growing number of certifications as well.
• The SECO-Institute, in cooperation with the Security Academy Netherlands and APMG, is behind the Cyber Security & Governance Certification Program; SECO-Institute certifications aren’t well known in the United States, but their popularity is growing. 
• It also may be worth your time to browse the Chartered Institute of Information Security accreditations, the U.K. equivalent of the U.S. DoD 8570 certifications and the corresponding 8140 framework.

Also, consider these five entry-level cybersecurity certifications for more options.

Tip: Before you decide to purchase training for a certification or an test voucher, see if your employer will cover the cost. Employers may cover all or part of the cost if you have a continuing education or training allowance, or if the certification is in line with your current or potential job duties.

Information security and cybersecurity jobs

According to CyberSeek, the number of cybersecurity job openings in the U.S. stands at almost 598,000, with about 1.05 million cybersecurity professionals employed in today’s workforce. Projections continue to be robust: The U.S. Bureau of Labor Statistics expects 33% growth in information security analyst positions between 2020 and 2030; in comparison, the average rate of growth for all occupations is about 8%.

Security-related job roles include information security specialist, security analyst, network security administrator, system administrator (with security as a responsibility) and security engineer, as well as specialized roles, like malware engineer, intrusion analyst and penetration tester.

Average salaries for information security specialists and security engineers – two of the most common job roles – vary depending on the source. For example, SimplyHired reports about $74,000 for specialist positions, whereas Glassdoor‘s national average is about $108,000. For security engineers, SimplyHired reports almost $112,000, while Glassdoor’s average is more than $111,000, with salaries on the high end reported at $261,000. Note that these numbers frequently change as the sources regularly update their data. [Meet the man who kept Microsoft safe and secure for more than a decade.]

Our informal job board survey from April 2022 reports the number of job posts nationwide in which our featured certifications were mentioned on a given day. This should supply you an idea of the relative popularity of each certification.

Job board search results (in alphabetical order by cybersecurity certification)

Did you know?: Cybersecurity matters even when you’re traveling. Find out how to keep your computer secure when you’re on the road for business or pleasure.

The importance of hiring information security and cybersecurity professionals

According to Risk Based Security‘s 2021 Year End Data Breach Quickview Report, there were 4,145 publicly disclosed breaches throughout 2021, containing over 22 billion records. This is the second-highest number of breached records, after an all-time high the year before. The U.S. was particularly affected, with the number of breaches increasing 10% compared with the previous year. More than 80% of the records exposed throughout 2021 were due to human error, highlighting an ever-increasing need for cybersecurity education, as well as for highly skilled and trained cybersecurity professionals. [Learn how to recover from a data breach.]

If you’re serious about advancing your career in the IT field and are interested in specializing in security, certification is a great choice. It’s an effective way to validate your skills and show a current or prospective employer that you’re qualified and properly trained. If you’re a business owner, hiring certified professionals and skilled IT managers can help prevent cyberattacks and provide confidence that your company’s security is in the right hands. In the meantime, review our quick cybersecurity tips to Improve your company’s protection.

Jeremy Bender contributed to the writing and research in this article.

Source Name : EC-Council

Category Name : General

Top Ten Elite Indian Ethical Hackers Inducted into EC-Council's 2023 International Certified Ethical Hacker (C|EH) Hall of Fame

Updated: 17/02/2023

EC-Council's Annual Recognition of the World’s Top 100 Ethical Hackers includes 10 Indian Cybersecurity Professionals

Hyderabad, Telangana, India(NewsVoir)    

Today EC-Council announced it has inducted 10 Indian cybersecurity professionals into its 2023 Certified Ethical Hacker (C|EH) Hall of Fame. Inductees are chosen based on a combination of their C|EH certification test scores and their industry accomplishments within a wide range of public and private sector cybersecurity roles. The announcement comes on the heels of a year that saw a marked uptick in cybercrime worldwide and a renewed focus on ensuring a ready cybersecurity workforce to protect Indian businesses and government agencies. 

“As Prime Minister Modi has said, India’s IT sector is our great strength, and cybersecurity has become a matter of national security. It is critical to the nation’s growth and well-being that we can protect our businesses and government agencies,” said Jay Bavisi, Founder and CEO of EC-Council. “The gold standard Certified Ethical Hacker training provides a unique skillset, actively preparing Certificate holders to think like hackers and find critical vulnerabilities. The 10 Indian ethical hackers inducted this year represent some of the globe’s top cybersecurity talent, and this induction not only honours them but also serves as a cardinal direction for others who similarly feel called to serve the nation in this way.” 

The C|EH program is widely recognised for its comprehensive curriculum, which is one of the reasons ethical hacker skills have broad applications across a wide range of organisations. More than 88% of the Hall of Fame inductees consider the C|EH program to have the most comprehensive curriculum in the industry. There are many stories of how C|EH training directly pertains to on-the-job challenges. 

A critical aspect of being prepared to handle emerging cybersecurity threats is having real experience working with them. One of the key ingredients in the C|EH training curriculum is the cyber lab, which gives participants a way to safely gain hands-on experience that closely parallels the high-stakes experiences of cybersecurity professionals engaged in active combat. 

“In a security testing project, I demonstrated the issues in charging stations to cloud connectivity through an MITM attack and manipulation of health and consumption data. In another project for train control systems, I demonstrated the replay attacks and takeovers of autonomous trains for the government of India,” said Hall of Fame inductee Shiv Kataria, a Security Architect working at Siemens. 

The cybersecurity landscape is continuously evolving, with new challenges presented by cloud, robotics, mobile, and AI technologies. Ransomware alone grew by 41% compared to the year prior, according to a 2022 IBM study. 

The impact of the C|EH training has proven to yield tangible, quantifiable benefits to organisations that employ ethical hackers. “There was a time when our team was unable to locate a criminal who was using the fake email address of a very powerful person to cheat and draw money from innocent people. Using OSINT skills as well using the Burpsuite technique I learned during the C|EH program, I was able to intercept a request, so we were able to track him down and to arrest him. I did this within a few hours,” said Hall of Fame inductee Vishal Sheelwant, a Security Analyst working at Maharashtra Cyber Digital Crime Unit. 

Indeed, 97% of Hall of Fame inductees found the C|EH labs highly effective at simulating real-world threat scenarios, and 92% found that their C|EH training helped them feel more confident in their work. 

“I performed 30+ bank cybersecurity audits in 1 year and 10 months along with the Reserve Bank of India, and I am proud to serve the nation. In 2017, I had a big role in protecting the organisation's critical systems and servers from a WannaCryransomware attack,” said Hall of Fame inductee Swapnil Sonawne, a Manager and Payment Systems/Cybersecurity Auditor working at Reserve Bank Information Technology Pvt. Ltd. 

Many of the inductees spoke about the impact that their C|EH accreditation had on their careers. 97% said they chose the C|EH at least partly because the certification would facilitate career growth. More than half of this year’s Hall of Fame inductees were able to point to a promotion received after earning their C|EH certificate. 

To view the full report, including all survey data and references, see Leading the Ethical Hacking Community in 2023: The 2023 C|EH Hall of Fame Annual Report. 

About EC-Council

Founded in 2001 in response to 9/11, EC-Council invented the Certified Ethical Hacker. EC-Council's mission is to provide training and certifications for both aspiring and experienced cybersecurity professionals to help keep corporations, government agencies and others who employ them safe from attack. 

Today, EC-Council offers 200 different training programs, certifications, and degrees in everything from Digital Forensic Investigation and Security Analysis to Threat Intelligence and Information Security. An ISO/IEC 17024 Accredited Organisation recognised under the U.S. Defense Department Directive 8140/8570 and many other authoritative cybersecurity bodies worldwide, the company has certified 50,000 professionals across the globe. Trusted by seven of the Fortune 10, half of the Fortune 100, and the intelligence communities of 140 nations, EC-Council is the gold standard in cybersecurity education and certification. 

A truly global organisation with a driving belief in bringing diversity, equity, and inclusion to the modern cybersecurity workforce, EC-Council maintains 11 offices in the U.S., the U.K., India, Malaysia, Singapore, and Indonesia.

The company can be reached online at www.eccouncil.org. 

Image:CEH Hall of Fame Report 2023

(Disclaimer: The above press release comes to you under an arrangement with Newsvoir. PTI takes no editorial responsibility for the same.)

Top Cybersecurity Professionals from 50 Nations Recognized for their Industry Accomplishments and Excellence as Ethical Hackers

TAMPA, Fla.–(BUSINESS WIRE)–#ceh–Today EC-Council announced it has inducted the top 100 Certified Ethical Hackers from around the world into their 2023 Certified Ethical Hacker (C|EH) Hall of Fame. Selected from over 3,000 applicants in 50 countries worldwide, each honoree was required to have passed the Certified Ethical Hacker test with a score of at least 90%. These inductees were chosen based on their accomplishments across 26 different industries.

The announcement comes on the heels of a year that saw a marked uptick in global cybercrime as well as an increasingly acute shortage of skilled cybersecurity workers. Despite calls from governments and industries worldwide for more skilled cybersecurity workers, many nations currently have as many as 50% of their cybersecurity positions unfilled. The C|EH program provides fundamental training in cybersecurity, with many national governments and industries mandating the certificate for numerous cyber jobs.

“The need for a trained-up cybersecurity workforce has reached a tipping point, with huge numbers of open positions on the one hand and an increasingly complex threat environment on the other,” said Jay Bavisi, Founder and CEO of EC-Council. “Securing our businesses and government agencies around the world requires trained cyber professionals, and the ability of those professionals to think like a hacker and take appropriate measures is critical to that training. This year’s C|EH Hall of Fame inductees include the best of the best in cybersecurity talent, and there’s much we can learn from them.”

The Certified Ethical Hacker program provides a means of training cybersecurity professionals and ensuring their capabilities. 97% of ethical hackers surveyed found the C|EH training directly relevant to their work defending their organizations’ assets. The C|EH program is widely recognized for its comprehensive curriculum, which is one of the reasons why ethical hacker skills have broad applications across a wide range of organizations. More than 88% of the Hall of Fame inductees consider the C|EH program to have the most comprehensive curriculum in the industry.

A critical aspect of being prepared to handle emerging cybersecurity threats is having real experience working with them. One of the key ingredients in the C|EH training curriculum is the cyber lab, which gives participants a way to safely gain hands-on experience that closely parallels the high-stakes experiences of cybersecurity professionals engaged in active combat. “The C|EH is a foundational course for offensive and defensive security professionals,” said newly inducted Hall of Famer Ramin Nafisi, a security researcher at Microsoft. “It covers a broad range of comprehensive, fundamental, and relevant security assessment Topics possessed by computer and network security practitioners.”

The cybersecurity landscape is continuously evolving, with new challenges presented by cloud, robotics, mobile, and AI technologies. Ransomware alone grew by 41% compared to the year prior, according to a 2022 IBM study.

The impact of the C|EH training has proven to yield tangible, quantifiable benefits to the organizations that employ ethical hackers. As Hall of Famer Guerrino Mazzarolo, an IT manager for NATO in Belgium, said, “I developed and implemented organization security strategies and frameworks that reduced insider security-related breaches by 20% compared to reports for the last three years.”

The ethical hackers who were inducted into the Hall of Fame are practitioners on organizations’ front lines. “My team performed over 800 cybersecurity missions while achieving a 99.8% operational readiness rating,” said inductee Stephen Reid, a security engineer in the U.S. Army.

Many of the inductees spoke about the impact their C|EH credentials had on their careers. 97% said they chose the C|EH at least partly because the certification would facilitate career growth. More than half of this year’s Hall of Fame inductees were able to point to a promotion received after earning their C|EH certificate. 92% of the hiring managers surveyed for the Hall of Fame report said they prefer candidates with the C|EH certification for positions requiring ethical hacking skills.

To view the full report, including all survey data and references, see Leading the Ethical Hacking Community in 2023: The 2023 C|EH Hall of Fame Annual Report.

ABOUT EC-COUNCIL

Founded in 2001 in response to 9/11, EC-Council invented the Certified Ethical Hacker. EC-Council’s mission is to provide training and certifications for both aspiring and experienced cybersecurity professionals to help keep corporations, government agencies and others who employ them safe from attack.

Today, EC-Council offers 200 different training programs, certifications, and degrees in everything from Digital Forensic Investigation and Security Analysis to Threat Intelligence and Information Security. An ISO/IEC 17024 Accredited Organization recognized under the U.S. Defense Department Directive 8140/8570 and many other authoritative cybersecurity bodies worldwide, the company has certified 50,000 professionals across the globe. Trusted by seven of the Fortune 10, half of the Fortune 100, and the intelligence communities of 140 nations, EC-Council is the gold standard in cybersecurity education and certification.

A truly global organization with a driving belief in bringing diversity, equity and inclusion to the modern cybersecurity workforce, EC-Council maintains 11 offices in the U.S., the U.K., India, Malaysia, Singapore, and Indonesia. The company can be reached online at https://www.eccouncil.org/

Contacts

press@eccouncil.org

"As Prime Minister Modi has said, India's IT sector is our great strength, and cybersecurity has become a matter of national security. It is critical to the nation's growth and well-being that we can protect our businesses and government agencies," said Jay Bavisi, Founder and CEO of EC-Council. "The gold standard Certified Ethical Hacker training provides a unique skillset, actively preparing Certificate holders to think like hackers and find critical vulnerabilities. The 10 Indian ethical hackers inducted this year represent some of the globe's top cybersecurity talent, and this induction not only honours them but also serves as a cardinal direction for others who similarly feel called to serve the nation in this way."

The C|EH program is widely recognised for its comprehensive curriculum, which is one of the reasons ethical hacker skills have broad applications across a wide range of organisations. More than 88 per cent of the Hall of Fame inductees consider the C|EH program to have the most comprehensive curriculum in the industry. There are many stories of how C|EH training directly pertains to on-the-job challenges.

A critical aspect of being prepared to handle emerging cybersecurity threats is having real experience working with them. One of the key ingredients in the C|EH training curriculum is the cyber lab, which gives participants a way to safely gain hands-on experience that closely parallels the high-stakes experiences of cybersecurity professionals engaged in active combat.

"In a security testing project, I demonstrated the issues in charging stations to cloud connectivity through a MITM attack and manipulation of health and consumption data. In another project for train control systems, I demonstrated the replay attacks and takeovers of autonomous trains for the government of India," said Hall of Fame inductee Shiv Kataria, a Security Architect working at Siemens.

The cybersecurity landscape is continuously evolving, with new challenges presented by cloud, robotics, mobile, and AI technologies. Ransomware alone grew by 41 per cent compared to the year prior, according to a 2022 IBM study.

The impact of the C|EH training has proven to yield tangible, quantifiable benefits to organisations that employ ethical hackers. "There was a time when our team was unable to locate a criminal who was using the fake email address of a very powerful person to cheat and draw money from innocent people. Using OSINT skills as well using the Burpsuite technique I learned during the C|EH program, I was able to intercept a request, so we were able to track him down and to arrest him. I did this within a few hours," said Hall of Fame inductee Vishal Sheelwant, a Security Analyst working at Maharashtra Cyber Digital Crime Unit.

Indeed, 97 per cent of Hall of Fame inductees found the C|EH labs highly effective at simulating real-world threat scenarios, and 92 per cent found that their C|EH training helped them feel more confident in their work.

"I performed 30+ bank cybersecurity audits in 1 year and 10 months along with the Reserve Bank of India, and I am proud to serve the nation. In 2017, I had a big role in protecting the organisation's critical systems and servers from a WannaCry ransomware attack," said Hall of Fame inductee Swapnil Sonawne, a Manager and Payment Systems/Cybersecurity Auditor working at Reserve Bank Information Technology Pvt. Ltd.

Many of the inductees spoke about the impact that their C|EH accreditation had on their careers. 97 per cent said they chose the C|EH at least partly because the certification would facilitate career growth. More than half of this year's Hall of Fame inductees were able to point to a promotion received after earning their C|EH certificate.

To view the full report, including all survey data and references, see Leading the Ethical Hacking Community in 2023: The 2023 C|EH Hall of Fame Annual Report.

Founded in 2001 in response to 9/11, EC-Council invented the Certified Ethical Hacker. EC-Council's mission is to provide training and certifications for both aspiring and experienced cybersecurity professionals to help keep corporations, government agencies and others who employ them safe from attack.

Today, EC-Council offers 200 different training programs, certifications, and degrees in everything from Digital Forensic Investigation and Security Analysis to Threat Intelligence and Information Security. An ISO/IEC 17024 Accredited Organisation recognised under the U.S. Defense Department Directive 8140/8570 and many other authoritative cybersecurity bodies worldwide, the company has certified 50,000 professionals across the globe. Trusted by seven of the Fortune 10, half of the Fortune 100, and the intelligence communities of 140 nations, the EC-Council is the gold standard in cybersecurity education and certification.

A truly global organisation with a driving belief in bringing diversity, equity, and inclusion to the modern cybersecurity workforce, EC-Council maintains 11 offices in the U.S., the U.K., India, Malaysia, Singapore, and Indonesia.

The company can be reached online at www.eccouncil.org.

This story has been provided by NewsVoir. ANI will not be responsible in any way for the content of this article. (ANI/NewsVoir)