The Certified Information Systems Security Professional (CISSP) certification has become a prerequisite for anyone developing a senior career in information security. It provides information security professionals with an objective measure of competence and a globally recognized standard of achievement. The CISSP credential suits mid- and senior-level managers who are working towards, or have already attained, positions such as CISO, CSO or senior security engineer.
Path to passing the CISSP examination at one attempt: Here is a collection of resources that have helped previous CISSP test takers pass the test at one attempt
How to qualify for the CISSP certification
To qualify for the CISSP certification, you must:
Have a minimum of five years’ experience in two or more of the eight CBK domains.
Pass the CISSP examination.
Complete the endorsement process and subscribe to the (ISC)² Code of Ethics.
Maintain certification through continuing professional education (CPE) credits.
CISSP was developed and is maintained by (ISC)², the International Information Systems Security Certification Consortium. At the heart of CISSP is an information security common body of knowledge (CBK), which is divided into eight domains:
Security and Risk Management
Communications and Network Security
Identity and Access Management
Security Assessment and Testing
Software Development Security
The Official (ISC)2 Guide to the CISSP CBK is the essential guide for those preparing for the CISSP exam.
Who Earns The CISSP?
According to the official ISC2 website, CISSP is ideal for experienced security practitioners, managers, and executives interested in proving their knowledge across a wide array of security practices and principles, including those in the following positions:
When looking to break into the field of networking or aspiring to obtain a networking certification, the two most popular entry-level certifications are Cisco CCENTand CompTIA Network+.
What is CISCO?
CISCO is a company based in San Jose, California in the USA involved in the manufacturing, designing, and selling of Network Equipment. It has grown from its inception in 1984 to become the most significant networking company in existence. CISCO was added to the NASDAQ stock exchange in 1990 after going public, and in by the year, 2000 became the world’s most marketable company, showing a market capitalization of over $500 billion.
CompTIA (Computing Technology Industry Association) is a non-profit trade association that was formed in 1982. The organization is vendor-neutral and provides certifications in the IT industry. It was at first known as the Association of Better Computer Dealers, but the name was later changed to better imply the company’s ever-changing role in the computer industry.
The organization’s increase saw them eventually include subjects such as networking, imaging, mobile computing, UNIX. In 2010, CompTIA launched the “Creating IT Futures” ambition which sees them offering IT training to individuals with a lower income and veterans returning from their military duties.
Their certifications currently available from CompTIA include:
CISCO CCENT is the first of two exams that can be passed for the student to earn their CCNA (Cisco Certified Networking Associate) certification. The review relating to CISCO CCENT is called ICND1 (Interconnecting Cisco Networking Devices Part 1).
This exam will consist of the following topics:
Explain the operation of data networks:
The student will be required to identify the functions of different network devices and to select the correct components to meet the network’s specifications. Use the protocols of TCP/IP to explain the flow of network data, explain what common web applications and networking applications are.
Implement a small switched network:
Use the correct equipment to network devices, interconnect switches, network devices, and hosts and describe media access control and technology for Ethernet types. Describe what network segmentation is, describe the operation of CISCO switches and their necessary operation, perform initial switch operations and save, and verify them. Work through hardware failures on switched networks.
Implement an IP addressing scheme and IP services to meet network requirements for a small branch office:
Create and execute an addressing scheme to a network, assign and verify IP addresses for hosts, networking devices and servers on a Local Area Network. Describe what DNS operations are and validate them, configure, test and troubleshoot DHCP and DNS on a router and identify and remedy IP address problems.
Implement a small routed network:
Describe what the basic concepts of routing are, explain the basic operation of CISCO routers, interconnect routers with networking devices using the correct equipment, connect, configure, and verify device interface operational status. Verify the device configuration using commands and utilities and ascertain the state of the network and router operation.
Explain and select the appropriate administrative tasks required for a Wireless LAN (WLAN):
Define the standards of wireless media, describe the various components of a small wireless network, specify the parameters and configuration needed for devices to connect to the right areas on a wireless network and identify common issues with wireless networks.
Identify security threats to a network and describe general methods to mitigate those threats:
Describe common network security threats and how the correct security policy helps defend against them. Describe what the best security practices to follow in securing network devices.
Implement and verify WAN links:
Describe what the different methods are to connect to a Wide Area Network, configure an essential WAN serial connection and check that network.
Understanding CompTIA Network+
CompTIA Network+ has a much broader view of networking than CISCO does, but takes a lighter approach in their topics. The topics that are included in the CompTIA Network+ course include the following:
services including TCP/IP suite, Networking protocols default TCP, and UDP port numbers, addressing formats for IPv4, IPv6, and MAC addressing, discussing addressing technologies (subnetting, CIDR, supernetting, NAT, and PAT), a discussion on routing, and a reviewing wireless communication standards, authentication, and encryption.
Network Media and Topologies:
Standard cable types and their properties including transmission speeds, distances, duplexing, noise immunity, and frequencies; cable connector types and common physical network topologies (star, mesh, bus, ring). Various wiring standards, LAN and WAN technology types, and properties plus wiring distribution systems and components.
Includes the range of networking equipment like hubs, network interfaces, modems and media converters, switches, wireless access points, routers, firewalls, etc. Functions of specialized networking devices. There is a broader focus on switch details such as virtual LANs and port mirroring.
An explanation of management at the seven layers of the OSI model, configuration management and it’s documentation, describing how to use literature to verify a network. Monitoring network performance and connectivity, methods for optimizing a system, methods of network troubleshooting and common problem-solving issues.
Different types of software and diagnostic tools used to identify and troubleshoot networking issues. Essential command-line IP tools, different network scanners. Discovering different types of diagnostic hardware such as cable testers, protocol analyzers and TDRs, electrical tools like VOMs, temperature monitors, and various other devices.
An overview of security device functions and features then digs into firewall features and functions, Methods of network access security and user authentication. Device security problems including physical access and logical, secure vs. insecure network access methods and common security threats and security justification techniques.
Cisco CCENT vs. CompTIA Network+
The choice between CISCO CCENT and CompTIA N+ relies on how sincerely you want to delve into the world of networking. CompTIA N+ has a much broader, yet less involved scope towards the subject while CISCO takes a more in-depth approach to networking while having a smaller extent as far as topics covered is concerned.
Both the CISCO CCENT and CompTIA certifications have recognised the world over as good entry level certifications and, whichever of the two you end up choosing, it is sure to set you well on your way to a career in networking or to add that much sought-after certification to your name.
Considering a career in Information Technology (IT)? Well, it all solely depends on some actionable plan. Depending mainly on strengths, many find it seemingly stress-free to decide a track to pursue in the IT field, ranging from Data Analytics, Programming, Networking, Audit, Risk assessment, Blue/Red teaming, database administration, Cloud and Cyber Security.
Bringing a professional IT certification to the table, whether as a prospective or as an existing employee, creates a room to stand out in the job market or being open for a salary renegotiation respectively.
We have arrived at a comprehensive list of top 10 must-have IT certifications for 2019 in ascending order:
#10CERTIFIED SCRUM MASTER (CSM)
A scrum master is the facilitator or coordinator of any team. In recent years, there exists a dire need to have someone who facilitates, moderates, documents and visualizes the team’s projects (called iteration or sprints). Scrum Masters make use of the Agile methodology which is dependent on the Scrum framework.
In an IT product development, for instance, employees are grouped into smaller subsets called sprints, for the primary intent of reviewing progress and analyzing the next line of action (usually called “show and tell”). Meetings are recurring daily and typically last between 30 minutes to 2 hours, with a lot of post-its, markers, and stand-ups.
The CompTIA Security+ is considered the best certification the properly covers the baseline of cybersecurity methodologies including Threats, attacks & vulnerabilities, Identity & access management, technologies & tools, risk management, architecture & design, cryptography & Public key infrastructure (PKI), and Internet of Things (IoT).
Most CompTIA Security+ certification exam takes prefer going the Trifecta route, which involves having to initially obtain the A+ exam, which covers more of IT hardware fundamentals and N+ which includes more of the Network portion of Security+ creating a tremendous overlap between both the Network+ and the Security+ certification exam.
The CCDP is an advanced Cisco certification for senior roles within the IT networking track including Network design engineers and system engineer analysts. Over the years, Cisco certifications are underrated, resulting to minimal attention drawn to advanced level Cisco certifications and Cisco enthusiasts going for the entry and mid-level Cisco certifications like CCENT, CCNA, CCNA Security, CCNP, CCIE and CCDA which are pre-requisites to the CCDP certification.
The CCDP certification tests advanced physical, logical and technical expertise in network design concepts as well as principles required in developing various layers on enterprise architecture for network devices
The CEH is called the ‘recruiter’s certification’ in IT, especially within the cybersecurity track, this is because many hiring managers/recruiters love to see this certification in their prospective employee’s resume. The CEH can land you a wide range of jobs from the Security Operations Centre (SOC) analyst or Incident Response analyst to even senior roles like penetration tester and other red teaming (offensive security) jobs.
Surprisingly, many will argue that the CEH, which remains one of the most expensive certifications has lost its value of credibility and given similar CompTIA certifications like CYSA+ and CompTIA Pentest+ a competitive hedge in recent years
The MCSE certification is a Microsoft certification program that specifically for Windows Operating System engineers. It is broad enough to be sub-categorized based on the career path into four main categories: MCSE: Desktop Infrastructure MCSE: Server Infrastructure MCSE: Business Intelligence MCSE: Private Cloud
“Is MSCE worth it?” is usually a question its enthusiasts can relate to for the one reason that Microsoft Certifications seem underrated and less threat posing in the recruiter’s niche today, or maybe Microsoft is just best at improving the almighty Windows Operating System
Amazon is indisputably the saving grace in e-commerce websites across America and the rest of the world. In 2015, Amazon introduced AWS which is a cloud-based web hosting service that beats its predecessors; Microsoft’s Azure and Google cloud platform hands down.
AWS is a fast-rising certification, gaining credibility and popularity with the intent of becoming IT’s most sought-after certification today. AWS covers the required coursework for cloud practitioners, Web Developers, IT architecture, Security operations and virtual storage techs with four main sub-divisions: – AWS Certified Foundational – AWS Certified Associate – AWS Certified Professional – AWS Certified Specialty
#4 OSCP – OFFENSIVE SECURITY CERTIFIED PROFESSIONAL
Just like its name, the OSCP is the most recognized, top-tiered, respected and valued professional red teaming cybersecurity certification. It entails prior successful completion of the PWK (Penetration with Kali Linux) course as well as the 24-hour hands-on exam testing advanced technical knowledge using the latest ethical hacking tools and techniques and conducting penetration tests.
The OSCP certification is neither a beginner nor intermediate certification but for professional pentesters, blue/red team, security professionals, network administrators and threat hunters seeking an industry leading certification. It requires a strong background off networking, substantial usage of Linux OS and comfortability writing/using bash, Perl and Python scripts.
#3 CISSP – CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL
The CISSP is an independent Information Security IT certification governed by the International Information System Security Certification Consortium or (ISC)², referenced as the “Zenith” of Cybersecurity certifications.
The CISSP is an ideal certification for Chief Information Security Officers (CISO), IT Managers, Security Architecture and Engineering, veteran-grade security practitioners and executives who deem it fit to crown their accomplishments with certifications. The requirements can be cumbersome, one of which includes a minimum of five years of direct full-time security work experience in two or more of the (ISC)² information security Common Body of Knowledge (CBK).
#2 CGEIT – CERTIFIED IN GOVERNANCE OF ENTERPRISE IT
The CGEIT is a highly competitive vendor-neutral certification with the primary aim of testing, validating and certifying IT governance skills, proudly managed by an international professional association known as Information Systems Audit and Control Association or ISACA.
The CGEIT aims at testing the abilities of IT professionals in the practice of delivering quality governance. Similar to the CISSP certification, the CGEIT certification also requires proof of at least five years of experience in job domains related to IT governance including Framework for the governance of enterprise, Risk optimization, Strategic management, Resource optimization and Benefits Realization.
Bearing in mind that a Security clearance is not a certification, a security clearance in “active” status is usually issued, administered and coordinated by the United States Government. It is a must-have document, before securing all Federal and most state jobs with an exception for individuals who demonstrate an ability to acquire one within a stipulated time (usually 3-6 months post-employment).
Most security clearances are issued by the Department of Defense (DoD) and categorized as Confidential, Secret, and Top Secret with the amount and detail of information varies accordingly with the level of clearance requested.
Information Technology (IT) is a fast thriving career path in the last decade, with the capabilities of improving age-old programs like C, Python, Java and eventually creating a new approach towards data analytics including practices implored in machine learning, AI and IoT thereby opening doors to new inventions within the IT sector in general. The modes of obtaining an IT certification are now seemed straightforward, as opposed to the last decades, where materials, exams were either too expensive, with limited availability, deliberately hardened for segregative purposes or simply optimized for senior positions.
Cisco Systems is arguably most known for its business routing and switching products that can handle direct data, voice and video traffic across networks around the globe. However, the company also deals in storage networking, unified communications applications, telepresence and collaboration, and many other services ranging from basic product support to complete data center solutions and cloud management.
The company offers some of the most coveted certifications in the industry, including certifications for every level of IT practitioner: entry-level, intermediate, specialist or even expert-level credentials.
Cisco understands IT professionals need to stay up to date when it comes to mastering the skills necessary to support its products and solve customers’ technology queries at all times. This is why the Cisco Career Certification program commences at the entry level, then evolves to associate, professional and expert levels, and for particular certifications, takes you further up to the architect level.
Each certification level offers one or more credentials, and getting one of those credentials usually involves clearing one or more exams. To earn higher-level credentials, you need to prove you have cleared some prerequisite levels. As the certification level goes higher, you need to have more credentials and prerequisites.
The Cisco certification programs include the following levels:
Although there are multiple certifications and paths you can choose to undertake in Cisco’s career program, the two primary paths are Network Design and Network Operation.
Your typical network operation certification road map starts at the entry level with the CCENT credential. Next up is the CCNA, then the CCNP and, finally, the CCIE.
If your goal is expertise in network design, then you might want to move to CCDA after earning your CCNA. Next, you could earn the more professional-level CCDP, followed by CCDE and later, the CCAr.
The certification program at Cisco also offers a wide range of specializations. These are mainly designed to vouch for a professional’s skills in specific Cisco technologies, like rich media, data center application service, messaging or voicemail. All in all, there are roughly about twenty categories to choose from. Specialist credentials require you to pass one or more exams. And some of these also require prerequisites.
As the names suggest, obtaining the CCENT or CCT requires no prerequisites, and entrants are required to pass a single certification exam for each credential.
A CCENT-certified professional installs, maintains and troubleshoots small networks or a branch of an enterprise network. Implementing basic network security is also a part of the job. This certification is also a prerequisite for associate-level credentials, like the CCNA and CCDA.
On the other hand, a CCT-certified professional primarily works onsite wherever the customers are located, figuring out issues related to network-related gear and how to repair or replace them. Post-CCT, a professional can choose any of the network operation specializations like Routing and Switching or Data Center.
Associate-Level Cisco Certifications
Cisco’s associate-level certifications include:
Cisco Certified Network Associate (CCNA)
Cisco Certified Design Associate (CCDA)
Depending on the path you choose, you need to pass one or two certification exams to obtain a CCNA or CCDA.
CCNA recognizes your basic skills in installing, maintaining and troubleshooting wired and/or wireless networks. Specialization options include:
Routing and Switching
CCNA is also a prerequisite for the professional-level CCNP certification. Prerequisites and the number of required exams depend on which solution track you choose. All solution tracks require one or more exams.
CCDA identifies individuals who can design simple wired and wireless networks, and incorporate voice and security solutions in them. It is a prerequisite for the CCDP certification. To achieve the CCDA, a person must possess either a valid CCENT, CCNA Routing and Switching, or any CCIE certification, and pass a single additional certification exam.
Professional-Level Cisco Certifications
Professional-level Cisco certifications include:
Cisco Certified Network Professional (CCNP)
Cisco Certified Design Professional (CCDP)
To obtain the CCDP, you need to pass three certification exams and possess both CCDA and CCNA Routing and Switching credentials, or any Cisco CCIE certification.
Barring Routing and Switching, all CCNP solution tracks require you to pass four exams, while only three are required for the CCNP: Routing and Switching credential.
CCNP recognizes those who plan, deploy and troubleshoot local networks and wide area networks. CCNP tracks are the same as those for the CCNA, with the exception being Industrial and Cyber Ops, which are not part of the CCNP. CCNP is recommended for climbing the next step in the certification ladder — the Cisco Certified Internetwork Expert (CCIE).
CCDP recognizes skills in designing and deploying scalable and multilayer-switched networks. From the CCDP, you can move on to the Cisco Certified Design Expert (CCDE).
Expert-Level Cisco Certifications
This level includes two main certifications:
Cisco Certified Internetwork Expert (CCIE)
Cisco Certified Design Expert (CCDE)
As of July 2016, Cisco’s expert-level exams include an evolving technologies domain that targets Cloud, network programmability and the Internet of Things (IoT). This section accounts for 10% of the total exam score.
Achieving the CCIE is a career highlight for most network professionals. A CCIE has master-level technical knowledge of Cisco network products and solutions.
Subsequently, CCDE identifies experts who design network infrastructure for large enterprise environments, which often include technological, operational, business and budget aspects of any given project within that environment.
Architect-Level Cisco Certifications
The Cisco Certified Architect (CCAr) certification is perfect for those seeking key positions like network or data center architect. If you were to draw comparisons with traditional academia, a CCAr is like the PhD of the career program at Cisco. Many consider it one of the most difficult certifications to achieve.
Maintaining Cisco Certification
One of the most important things you need to know about these certifications is they are not valid forever. As the IT scene constantly evolves, certified professionals need to constantly stay abreast of all the new innovations in their respective fields. While the entry, associate and professional-level credentials are valid for three years, specialist certifications and the CCIE are each valid for two years. The CCAr is valid for five years.
Certified Cisco professionals need to clear a recertification exam after these time periods to maintain certification or move on to the next level in the program hierarchy.
How to Earn Your Next Cisco Certification
Infosec Institute can help you prepare for Cisco exams with hands-on certification Boot Camps taught by experienced security professionals. The following exams are covered by their own dedicated Boot Camp:
CCNA, CCENT, CCDA, CCNA: Security Boot Camp: This Cisco Certification Boot Camp is an accelerated, in-depth course featuring hands-on exercises and engaging lectures. Students enrolling in this course will earn four certifications in seven days: CCNA, CCENT, CCDA and CCNA: Security. Designed specifically for network engineers and administrators requiring full knowledge of Cisco router and switch configuration, this Boot Camp will prepare you to pass four key Cisco certifications on your first attempt.
CCNP Boot Camp: InfoSec Institute’s CCNP Boot Camp includes 10 full days of training from Cisco-certified industry experts, using high-end Cisco equipment in a state-of-the-art training facility. 93% of CCNP Boot Camp students pass their CCNP certification on their first attempt.
All InfoSec Boot Camps can be taken in-person or online, or you can enroll in a Mentored Online course and learn at your own pace. In a Mentored Online course, you will take the exact same course as the instructor-led Boot Camp, but carried out at your own pace.