Cybersecurity certifications are becoming an indispensable part of any IT specialist’s career. On various forums, many beginners ask similar questions: “Is certificate A or B a good choice?” While certifications don’t guarantee employment as money doesn’t guarantee happiness, they can significantly enrich your resume when entering the job market. Proper preparation for obtaining these certifications equips you with the knowledge and skills sought after in the cybersecurity market. They are not only proof of specialized knowledge but can also open doors to better job offers, higher salaries, and broader career development opportunities. As the industry sees more unscrupulous fraudsters promising easy entry into the world of cybersecurity, I decided to present a ranking of the most desired certifications by international employers.

If you have previously searched for information on valuable cybersecurity certifications, you might have come across the comprehensive list: Security Certification Roadmap. It’s worth checking out, especially if you’re looking for something in a specific area.

Analysis of the US job market on Indeed indicates that the highest demand is for CISSP specialists:

On the other hand, the best salaries are often offered to cybersecurity specialists in the cloud industry with the universal CCSK certification:

Comparison in the form of charts below:

Cybersecurity certifications can be divided into several levels, from basic to advanced, each addressed to different groups of professionals and educational needs. The following ranking takes into account criteria such as industry recognition, market salary offered, certification costs, difficulty in obtaining, and practical application of the knowledge contained in the certification.

1. Level One – “You’ve Started Doing Something!”

• CompTIA A+ 438$

This basic certification covers a wide range of skills related to computer and mobile technologies, software, and operating systems. It is intended for those starting their IT careers or those who want to confirm their basic technical skills. The CompTIA A+ exam consists of two parts: 220-1001 and 220-1002. The 220-1001 exam focuses on computer hardware basics, networking, connectivity troubleshooting, and modern technologies such as mobile devices, IoT, and cloud types. The 220-1002 exam focuses on operating systems, security, operational procedures, and customer service skills. CompTIA A+ has no formal prerequisites, but 9-12 months of work experience or equivalent practical experience is recommended before taking the exam.

• CC – Certified in Cybersecurity ISC2 50$* (Free if you are an ISC2 member for 50$)

The CC certification is ideal for students, recent graduates, and career changers who want to enter the world of cybersecurity. It is also suitable for those working in technology who want to understand and strengthen their knowledge of security aspects. The CC certification exam focuses on testing knowledge in four main areas: cybersecurity principles and concepts, security management, operational security aspects, and incident response. The test aims to assess the candidate’s ability to understand and apply basic cybersecurity practices in various scenarios.

2. Starting Level – “First Step Taken”

• CompTIA Network+ 319$

CompTIA Network+ is ideal for individuals who already have basic IT knowledge, such as CompTIA A+ holders, and want to further develop their skills in networking. It is also a good choice for those working as network technicians, network administrators, system administrators, and support specialists. The CompTIA Network+ exam covers various aspects of networking, including configuring, managing, and maintaining essential network devices, using devices like switches and routers to segment network traffic and create efficient networks, implementing network security standards, troubleshooting network issues, understanding network protocols, network infrastructure elements, and network services related to operations and security.

• CompTIA PenTest+ 349$

The CompTIA PenTest+ certification is ideal for security professionals, penetration testers, security analysts, security engineers, and anyone working in information security who wants to develop their skills in penetration testing. The CompTIA PenTest+ exam covers five main areas critical to conducting effective penetration tests. The first area, Planning and Scoping, focuses on test preparation, resource reconnaissance, and attack planning. The next area, Scanning and Exploitation, involves scanning systems to identify vulnerabilities and exploiting discovered weaknesses. The third area, Documentation and Reporting, requires preparing detailed reports and security recommendations. The fourth area, Analysis and Communication, emphasizes the ability to analyze test results and communicate recommendations to the IT team and management. The final area, Penetration Testing Methods and Techniques, involves knowing various tools and methods used in penetration tests.

• SSCP – Systems Security Certified Practitioner ISC2 249$

The SSCP certification is ideal for system, network, and security administrators, IT support specialists, and engineers responsible for the operation and security of information systems. It is also valuable for those aspiring to the role of information security administrator. The SSCP exam covers seven main knowledge domains essential for IT security professionals. These are Security Administration and Management, focusing on general management of system security; Networks and Communications Security, protecting data transmitted through networks; Access Controls, managing user access to resources; Monitoring and Analysis, observing systems to detect anomalies; Incident Response and Recovery, preparing for and managing the consequences of security incidents; Cryptography, ensuring data security through encryption; and Risk, Response, and Recovery Management, identifying and managing threats to protect organizational resources.

• ITIL® 4 Foundation – IT Service Management Certification 383$

The ITIL® 4 Foundation certification is the basic level of certification within ITIL 4, providing knowledge on IT service management (ITSM) according to modern practices and principles. This certification focuses on introducing ITIL concepts and terminology, offering an understanding of the structure and core elements of an IT service management system. The ITIL 4 Foundation course and exam cover topics such as creating business value through IT services, key management principles and practices, service value chain management models, and the four dimensions of service management. This certification is especially valuable for IT professionals who want to understand how to effectively support and enhance business value through IT service management. It is ideal for IT managers, support team leaders, IT analysts, and others aiming for a better understanding and implementation of ITIL practices in their organization.

3. Engaging Level – “You’ve Got Something Going”

• CompTIA CySA+ 359$

The CompTIA CySA+ (Cybersecurity Analyst) certification is an intermediate-level certification for IT security professionals, focused on the analytical techniques needed to detect and prevent cybersecurity threats. The CompTIA CySA+ exam covers skills related to network monitoring, threat analysis, interpreting results, and recommending corrective measures, making it ideal for those working in security operations who want to develop their skills in incident analysis and response. This certification prepares individuals for managing information risk, conducting audits, and responding to incidents, as well as implementing preventive measures to improve corporate security. CySA+ is aimed at individuals who already have experience in IT and security and is often chosen by security analysts, security engineers, and IT security managers who want to strengthen their position as experts in cybersecurity.

• CCNA – Cisco Certified Network Associate 330$

The CCNA (Cisco Certified Network Associate) certification is one of the most valued and widely recognized certifications in computer networking. It is designed for network professionals seeking a solid understanding of networking concepts and practical skills in configuring, managing, and troubleshooting computer networks based on Cisco technologies. The CCNA exam covers a range of topics, including network fundamentals, routing and switching, wireless networks, network security, and cloud computing. Holding a CCNA certification demonstrates that the candidate has the knowledge and skills necessary to design, configure, manage, and diagnose computer networks based on Cisco technologies. It is a crucial step in the career of individuals working or aspiring to work as network administrators, network engineers, technical support specialists, or network analysts.

• CEH – EC Council Certified Ethical Hacker 1199$

While it is often ridiculed by seasoned professionals in the industry for its theoretical nature, it is adored by recruiters of all kinds. It is a certification aimed at IT security professionals who want to acquire the skills and knowledge necessary to conduct penetration tests and evaluate the security of information systems from the perspective of a potential attacker. CEH trains participants in identifying weaknesses and vulnerabilities in networks and systems using the same tools and techniques that hackers might use but in a legal and ethical manner. The CEH certification program covers a wide range of topics, including network scanning, penetration testing, virus and worm analysis, reverse engineering, vulnerability testing for denial-of-service attacks, and other threats to network infrastructure and applications. CEH is aimed at security analysts, system and network administrators, auditors, and professionals responsible for security in an organization. This certification not only raises awareness of threats but also enhances professional qualifications, opening the way for career advancement in cybersecurity.

• GSEC – GIAC Security Essentials 949$

The GSEC (GIAC Security Essentials) certification issued by the Global Information Assurance Certification (GIAC) is one of the key certifications for professionals interested in the basics of cybersecurity. The GSEC certification is designed for IT professionals who need a solid understanding of information security from both theoretical and practical perspectives. This certification confirms skills in areas such as risk management and analysis, defense against network attacks, encryption, operating system security, and basic network protocol management. The GSEC certification program emphasizes practical skills needed to secure information systems and networks in an organization. It covers topics such as password management, malware protection, and intrusion prevention and detection techniques. This certification is often required by employers in the cybersecurity industry and is considered a crucial step for those looking to advance their careers in this field. GSEC is ideal for system administrators, security specialists, and individuals who want to understand and implement effective defensive strategies in their organizations.

• Professional Cloud Security Engineer Google 200$

The Professional Cloud Security Engineer certification from Google is designed for security engineers who want to confirm their skills in securing cloud infrastructure on the Google Cloud Platform (GCP). This certification focuses on designing, developing, and managing secure infrastructure in Google Cloud using best practices and security tools available in this environment. Candidates for this certification should have deep knowledge of cloud network configuration, access management, risk management, data analysis, and securing cloud-based applications. The certification also requires knowledge of Google Cloud tools and technologies responsible for monitoring and responding to security incidents, such as Cloud Security Command Center (SCC), Cloud Armor, Identity-Aware Proxy, and others. The Professional Cloud Security Engineer certification confirms the ability to create and implement cloud security in accordance with organizational security policies and Google’s recommendations. It is ideal for IT professionals focusing on security, working or wanting to work with Google Cloud technologies, including security architects, security engineers, and system and network administrators.

• AWS Certified Security – Specialty 300$

The AWS Certified Security – Specialty certification is aimed at experienced IT professionals who have deep knowledge and skills in securing applications and infrastructure on the Amazon Web Services (AWS) platform. This advanced certification confirms the ability to effectively secure data and systems on AWS, paying particular attention to complex cloud security issues. To obtain this certification, candidates must demonstrate skills in several key areas, including identifying and mitigating threats, implementing security controls, automating cloud security, managing identities and access, and data protection. This certification also covers knowledge of AWS security tools and features, such as AWS Identity and Access Management (IAM), AWS Key Management Service (KMS), AWS Security Hub, AWS Config, and Amazon GuardDuty. The AWS Certified Security – Specialty certification is ideal for security specialists, cloud architects, security engineers, and IT auditors responsible for securing applications and data in the AWS environment. This certification not only confirms technical skills but also enhances the market value of professionals, helping them stand out in the industry as experts in AWS security.

4. Advanced Level – “Well Done!”

• CompTIA CASP+ Advanced Security Practitioner 452$

The CompTIA CASP+ (CompTIA Advanced Security Practitioner) certification is an advanced certification in cybersecurity designed for experienced IT professionals who want to develop their skills in risk management, security research, and implementing advanced security solutions. CASP+ is one of the most advanced certifications offered by CompTIA and is intended for those directly involved in securing complex IT environments. The CASP+ exam focuses on practical and analytical security skills needed to assess and integrate security solutions in corporate architectures, manage risk in organizations, and research new and existing threats. The exam covers a broad spectrum of topics, including security architecture, security engineering and integration, threat analysis, operational research, risk management, incident response, and security policy and management. CASP+ is ideal for individuals in roles such as security analysts, security architects, security specialists, and IT security managers who need advanced knowledge and skills to design and implement comprehensive security strategies in their organizations. This certification is well-regarded in the industry and often required by employers seeking advanced security specialists.

• GSE – GIAC Security Expert 3108$

The GSE (GIAC Security Expert) certification is one of the most prestigious and advanced certifications offered by GIAC (Global Information Assurance Certification). It requires passing up to six individual exams. It is a credential for advanced professionals in cybersecurity who want to demonstrate deep technical knowledge and practical skills in various areas of network security. To obtain the GSE certification, candidates must go through a rigorous process that includes not only passing a written exam but also participating in an intensive hands-on exam that tests their skills in realistic test scenarios. This certification covers a wide range of skills, from advanced analysis and incident management to reverse engineering and penetration testing. The GSE is highly valued in the security industry due to its difficulty and comprehensiveness, making it recognized as the pinnacle of achievement for security professionals. Those who have earned this certification are considered experts in their field, capable of solving complex security problems and leading security initiatives in large organizations.

5. Master Level – “You’re Seen as an Expert!”

• CompTIA Security+ 349$

One of the most sought-after and recognized entry-level certifications on the market. Additionally, it is priced in the more affordable category. The CompTIA Security+ certification is recognized worldwide as a key credential in IT security, intended for those who want to understand fundamental concepts related to digital security and are responsible for securing IT infrastructures. This certification confirms the ability to perform security-related tasks such as configuring systems to ensure their integrity, confidentiality, and availability, identifying risks, and participating in security incident responses. The CompTIA Security+ exam covers several key topics, including cryptography, identity and access management, network and application security infrastructure, and issues related to threats and vulnerabilities. Additionally, candidates must demonstrate the ability to effectively apply security laws and regulations, which are crucial for protecting personal and corporate data. The Security+ certification is often chosen by beginner security specialists, system administrators, and those aiming for roles as security analysts or consultants. It is a certification that opens doors to a career in digital security, offering solid foundations and serving as the first step towards more advanced certifications in cybersecurity.

OSCP – Offensive Security Certified Professional 1499$

The OSCP (Offensive Security Certified Professional) certification offered by Offensive Security is recognized as one of the most challenging and prestigious certifications in penetration testing and ethical hacking. It is an advanced certification aimed at IT security professionals who want to confirm their skills in practical use of tools and techniques necessary to conduct effective penetration tests. The OSCP focuses on a realistic and practical approach to security testing. To obtain the certification, candidates must pass a 24-hour practical exam that involves breaking into several machines and networks in a controlled test environment. The exam requires not only technical skills but also the ability to think creatively and find unconventional solutions to security problems. The OSCP training program teaches how to identify vulnerabilities, exploit them in practice, and then escalate privileges in compromised systems. The course covers a variety of attack techniques, from simple exploits to advanced security bypass techniques. The OSCP is valued in the cybersecurity industry for its practical approach to learning and is recommended for those who want to advance their careers as professional penetration testers or security consultants.

• ISACA – CISA, CISM, CRISC, CDPSE, CGEIT, CSX-P 760$* (for each separately)

ISACA is an international professional organization specializing in providing certifications, research, and practical resources for individuals working in auditing, management, security, and risk management of information and technology. It offers a range of certifications widely recognized in the IT and cybersecurity industry:

• CISA (Certified Information Systems Auditor) – This certification is for information systems auditors, confirming skills in auditing, controlling, and securing information systems. CISA is valued by individuals responsible for monitoring and assessing the state of IT in organizations.
• CISM (Certified Information Security Manager) – Focuses on information security management and is intended for managers and leaders responsible for information security policies and organizational strategy. CISM emphasizes skills in managing and designing security programs.
• CRISC (Certified in Risk and Information Systems Control) – A certification for IT professionals dealing with identifying and managing risk and implementing control systems. CRISC is aimed at individuals responsible for managing IT risk and its impact on the organization.
• CDPSE (Certified Data Privacy Solutions Engineer) – The latest ISACA certification focusing on engineering and implementing solutions that ensure data privacy in compliance with various data protection regulations. CDPSE is intended for professionals designing and implementing privacy technologies.
• CGEIT (Certified in the Governance of Enterprise IT) – Dedicated to IT leaders and those responsible for managing, advising, or ensuring corporate governance in information technology. CGEIT focuses on adding value to the enterprise through information technology.
• CSX-P (Cybersecurity Practitioner Certification) – A practical certification aimed at cybersecurity professionals who need to manage, design, and operate security systems daily. CSX-P requires demonstrating skills in a real work environment.

Each of these ISACA certifications addresses specific needs and career goals in information and technology security, providing professionals with solid foundations that help them stand out in the job market and contribute effectively to their organizations.

• CCSP – Certified Cloud Security Professional ISC2 599$

The CCSP (Certified Cloud Security Professional) certification offered by (ISC)² is an advanced certification aimed at security professionals specializing in designing, managing, and securing data, applications, and infrastructure in the cloud. It is especially valuable for cloud architects, security administrators, system engineers, and security consultants. The CCSP exam covers understanding cloud security architecture and design, managing security operations, identifying threats and risk analysis, understanding data regulations in the cloud, securing applications running in the cloud through appropriate encryption methods and other security techniques, and implementing cryptographic technologies. The certification confirms deep technical knowledge in cloud security and the ability to apply this knowledge in practical scenarios, which is highly valued in the job market in the field of cybersecurity.

Azure Security Engineer Associate Microsoft 110$

The Azure Security Engineer Associate certification is designed for IT professionals specializing in securing data, applications, and infrastructure in the Microsoft Azure environment. This certification confirms candidates’ skills in implementing security in hybrid environments as part of a comprehensive security posture management solution. Professionals who earn this certification must demonstrate skills in several key areas, including identity and access management, platform protection, data and application management, and network management. They are also responsible for configuring advanced data protection threats and conducting responses to security incidents. This certification requires knowledge of tools and techniques that ensure the security of cloud infrastructure, including understanding tools such as Azure Security Center, Azure Firewall, and Azure Monitor. With this certification, professionals can better secure Azure environments and develop and implement secure solutions, making them valuable members of cybersecurity teams. It is especially valuable for security engineers, cloud administrators, and security consultants who want to expand their knowledge and skills in securing applications and data in the Microsoft Azure cloud.

6. Holy Grail Level – “You’ve Mastered It. Time to Retire!”

• CISSP Certified Information Systems Security Professional 749$

The CISSP (Certified Information Systems Security Professional) certification offered by (ISC)² is one of the most prestigious and recognized certifications in information security worldwide, and according to salary studies, its holders can expect the best earnings. It is intended for experienced security professionals who want to confirm their skills in designing, implementing, and managing a security program that protects organizations from attacks. CISSP requires thorough knowledge in various security domains, including risk management, asset security, security engineering, network communication, identity and access management, security testing, security operations, and software security. Professionals with the CISSP certification often hold high positions, such as senior security engineer, security director, or security consultant, which demonstrates their expertise and opens doors to advancement in the field of cybersecurity. This certification, requiring at least five years of documented professional experience in two or more security domains, is valued for its comprehensive approach to security.

• CCSK Certificate of Cloud Security Knowledge CSA 395$

Guide to Cybersecurity Certifications with Ranking

The most comprehensive cloud security certification – it doesn’t focus on one vendor. Thus, also the most universal and one of the cheapest. The CCSK (Certificate of Cloud Security Knowledge) certification offered by the Cloud Security Alliance (CSA) is a globally recognized credential that demonstrates knowledge of cloud security. This certification focuses on fundamental principles of cloud security, best practices, and security strategies essential for protecting cloud infrastructure. CCSK is intended for IT and security professionals who want to understand cloud-related risks and how to manage them effectively in a cloud environment. The CCSK program covers a wide range of topics, such as cloud architecture, identity and access management, web application security, cloud operations, and compliance and audit. Obtaining this certification confirms that the candidate has solid foundations in best practices and cloud security standards, which are useful in designing, implementing, and managing secure cloud solutions. CCSK is particularly valuable for those working as cloud administrators, security architects, and security consultants, providing them with credibility and competence necessary for effective security management in a dynamic cloud environment.

Subjective Evaluation and Recommended Educational Materials

Personally, I believe, perhaps contrary to popular opinion, that the best foundation for learning is academic order. After all, it was during research at universities that the beginnings of information technology were created, which were later taken over by private entities and commercialized. Therefore, in my opinion, it is worth starting your path in cybersecurity from the academic walls. With solid foundations, it is easier to obtain commercial certifications. As for certifications and commercial educational materials, I can only recommend those I know well (in no particular order):

• Pentesterlab – the best learning platform I know. Louis Nyffenegger not only created a platform for self-learning a huge amount of vulnerabilities but also explains in many places in detail what the vulnerability is about.
• WebSecurityAcademy – a free platform with exercises, with a large amount of community elaborations. Thanks to it, you will get to know all the functionalities of the basic tool for a pentester, which is Burp Suite.
• INE Security – the exams well reflect the essence of a penetration tester’s work; apart from gaining ‘root’ it also matters to find all other vulnerabilities of the application and create a good report from it.

From our local market, it is worth gaining knowledge by participating in:

• courses/webinars by Adam Haertle – Zaufana Trzecia Strona
• courses/webinars by Sekurak Academy – Sekurak Academy
• courses/webinars by Niebezpiecznik – Niebezpiecznik Training
• courses/webinars by Jakub Mrugalski – Mrugalski.pl
• courses/webinars by Kacper Szurek – Security by Szurek