- Author: Dan Young, CCIE, PMP and VP of Operations at StormWind
Cybersecurity is an essential need for organizations, and proper training will better prepare your team to handle an array of troubleshooting needs. A good place to start is to review main vendor-neutral IT security certification paths and requirements through ISC2, EC-Council, SANS, CompTIA and ISACA. StormWind currently offers training for four of these groups. We don’t currently teach SANS (nobody’s perfect). Interestingly, there is a good deal of overlap in these certifications, which could leave you wondering which route is best for you, your team, and organization. Here is a breakdown of what to expect from each certification path, to better help you choose a course that would be the most useful.
- CISSP (ISC2), CISM (ISACA) and CASP (CompTIA)– These security certifications are top-tier security certs focusing on hardcore security professionals, IT managers, CISOs, CTOs and CIOs. If you were to choose one of these, all things being equal, you’d want to choose CISSP. The CISSP certification has more recognition (by far). However, the requirements for CISSP are measurable, and sometimes temporarily insurmountable without the passage of significant time in the industry. For these reasons, you may want to pursue CISM or CASP. Both are significant and validate similar bodies of knowledge.
- Security+ (CompTIA) and GSEC (SANS) – Don’t mistake these as entry level certs. They may be the first step into the security world, but you need real knowledge and chops to pick up the knowledge contained within these classes. It is also a good warmup to deeper certifications such as CEH and CISSP. Both certifications will provide security theory that is used to build a foundation in cybersecurity principals.
- CEH (EC-Council) and Pentest+ (CompTIA) – EC-Council will tell you that CEH is not a pentesting certification (so will pentesters for that matter). That said, not everyone can make hacking a full-time all-consuming passion and hobby, which is a trait of all true pentesters. Here, a little knowledge goes a long way for mainstream blue-team IT professionals who should have a bit of knowledge about how the other side (i.e. red team “hackers/pentesters”). That said, we like the content in Pentest+ a bit better. Nevertheless, go for CEH first if you were to pursue one of these. It just has way more recognition in the industry, and we don’t see that changing.