American Flag  Official website of the Department of Homeland Security

Professional Certifications

Explore the NICE guide to Cybersecurity Certifications

Certifications are typically earned from a professional society and must be renewed periodically, or may be valid for a specific period of time. Certifications can be a way for organizations to look for people with specific skill sets; they are portable, and do not rely on one company's definition of a certain job. They can help candidates stand out as having necessary professional skills and provide an impartial, third-party endorsement of an individual's professional knowledge and experience.

The National Initiative for Cybersecurity Education (NICE) is in the process of developing a list of applicable professional certifications. The certifications list that will be contained within NICCS supports NICE, which aims to increase the national awareness and importance of cybersecurity while also building a technically adept, capable cadre of cybersecurity professionals to protect the nation’s cyber infrastructure from foreign and domestic threats. To date, NICE has identified the following certifications:

 

Certification Description URL
GIAC Information Security Fundamentals Assures the professional holding this certification has the requisite knowledge and skill to perform the risk management and defense in depth techniques. http://www.giac.org/certification/information-security-fundamentals-gisf
GIAC Security Leadership Certification Assures the professional holding this certification has the necessary knowledge and skill to perform managerial or supervisory responsibilities for information security staff. http://www.giac.org/certification/security-leadership-gslc
CompTIA Security+ Assures the professional holding this certification has the requisite competency in system security, network infrastructure, access control and organizational security. http://certification.comptia.org/getCertified/certifications/security.aspx
(ISC)² Certification and Accreditation Professional Assures the professional holding this certification has the appropriate knowledge, skills and abilities required for authorizing and maintaining security of information systems. https://www.isc2.org/cap/Default.aspx
(ISC)² Certified Information Systems Security Professional This certification is available for professionals who lack the years of professional experience but have industry information security knowledge and can pass the CISSP exam. https://www.isc2.org/cissp/Default.aspx
(ISC)²  Systems Security Certified Practitioner    This credential is a technical certification that verifies the educational standard and hands-on practical experience in implementing the plans and enforcing the policies designed, planned and managed by the CISO or CSO. https://www.isc2.org/SSCP/Default.aspx
ISACA Certified Information Security Manager   This certification is specifically for experienced information security managers and those who have information security management responsibilities. http://www.isaca.org/Certification/CISM-Certified-Information-Security-Manager/Pages/default.aspx?utm_source=multiple&utm_medium=multiple&utm_content=friendly&utm_campaign=cism
ISACA Certified Information Systems Auditor    This certification demonstrates that the professional has the requisite proficiency and technical skill to perform qualified Information Systems audits based on accepted standards. http://www.isaca.org/Certification/CISA-Certified-Information-Systems-Auditor/Pages/default.aspx?utm_source=multiple&utm_medium=multiple&utm_content=friendly&utm_campaign=cisa
GIAC Systems and Network Auditor      Assurance that a certified individual has the appropriate level of knowledge and skill necessary to apply basic risk analysis techniques and to conduct a technical audit of essential information systems. http://www.giac.org/certification/systems-network-auditor-gsna
Electronic Commerce (EC) Council Certified Ethical Hacker        This certification assures that the professional has the required knowledge and skills to ascertain weaknesses and vulnerabilities in target systems and uses this knowledge and tools as a malicious hacker would. https://cert.eccouncil.org/
CompTIA A+ This certification assures the professional has the requisite competencies in the areas of installation, preventative maintenance, networking, security and troubleshooting. http://certification.comptia.org/getCertified/certifications/a.aspx
CompTIA Network+ This certification assures that the professional has the ability to describe the features and functions of networking components, and manage, maintain, troubleshoot, install, operate, and configure basic network infrastructure. http://certification.comptia.org/getCertified/certifications/network.aspx
Security Certified Program (SCP) Security Certified Network Professional           This certification assures the professional has the appropriate knowledge and skills to perform as a network administrator and has the ability to design and implement firewalls, IDS, wireless security, cryptography, Linux security, and Windows security. http://www.infotecpro.com/instructorled/certifications/security/scp.htm
Security Certified Program (SCP) Security Certified Network Architect     This certification assures the professional has the necessary knowledge and technical skills to build trusted networks. http://www.infotecpro.com/instructorled/certifications/security/scp.htm
GIAC Security Expert    This certification assures the professional has an in-depth technical proficiency and expertise and is a master in all areas of information security. http://www.giac.org/certification/security-expert-gse
GIAC Certified Incident Handler Assures the certified professional has the requisite knowledge, skill and abilities to manage incidents; understand common attack techniques and tools; and to defend against and/or respond to such attacks when they occur. http://www.giac.org/certification/certified-incident-handler-gcih
DRI Associate Business Continuity Professional This certification is for the professional who have some knowledge in business continuity planning, but has not acquired the necessary work experience in business continuity planning. https://www.drii.org/certification/abcp.php
DRI Certified Functional Continuity Professional This certification is for the continuity specialist responsible for a specific function area or department. https://www.drii.org/certification/cfcp.php
DRI Certified Business Continuity Professional  This certification is the basic certification level for professionals responsible for business continuity planning or disaster recovery planning. https://www.drii.org/certification/cfcp.php
DRI Master Business Continuity Professional     This certification is for professionals who have demonstrated significant knowledge and skill in business continuity planning or disaster recovery planning responsibilities. https://www.drii.org/certification/cfcp.php
CERT Certified Computer Security Incident Handler        This certification assures the professional has the requisite knowledge and skills to recognize, analyze, and respond to an incident while adhering to and following the incident process as established by the organization’s incident management program. http://www.cert.org/
GIAC Security Essentials Certification   Assures the certified professional has the requisite knowledge, skill and abilities to perform hands-on IT system technical responsibilities and information security tasks. http://www.giac.org/certification/security-essentials-gsec
Certified Penetration Tester       The professional has the requisite knowledge and skill in relation to penetration testing. http://www.giac.org/certification/penetration-tester-gpen
Certified Expert Penetration Tester        The professional has the expert knowledge and skill in relation to penetration testing. http://www.iacertification.org/cept_certified_expert_penetration_tester.html
Certified Wireless Security Professional Assures the certified professional has the requisite knowledge, skill and abilities to secure enterprise Wi-Fi networks from hackers. http://www.cwnp.com/certifications/cwsp/
Certified Hacking Forensic Investigator  The professional has the expert knowledge of law enforcement personnel, system administrators, security officers, defense and military personal, legal professionals, bankers, security professionals, and anyone who is concerned about the integrity of the network infrastructure. http://www.eccouncil.org/Computer-Hacking-Forensic-Investigator/
Security University Qualified/Information Security Professional (Q/ISP) Q/ISP Certification recognizes qualified individuals who have distinguished themselves as knowledgeable and proficient information security practitioners with validated hands-on tactical security skills. http://www.securityuniversity.net/certification.php
Security University Qualified/Information Assurance Professional (Q/IAP) The Q/IAP certification is for IT security professionals, Sys Admins, Security Auditors, Network Auditors, CISO's, all IT personnel and who are looking to build tactical security skills and improve their career and income.  http://www.securityuniversity.net/certification.php
Security University CWNP Wireless This certification program allows IT professionals to gain certifications in various wireless related fields. http://www.securityuniversity.net/certification.php
Security University Qualified/Software Security Expert (Q/SSE) This certification is suited for software testers, software developers, development and test managers, security auditors and anyone involved in software production for resale or internal use will find it valuable. http://www.securityuniversity.net/certification.php

NICE is in the process of expanding this list. In future updates, this list will include more details about each certification. To see the document as it progresses, click here for more information. We do our best to maintain a comprehensive list, but if you think a certain certification should be listed, please let the NICCS Supervisory Office know at NICCS@hq.dhs.gov

The certifications on this web page may contain links to information created and maintained by other public and private organizations. These links are provided for the user's convenience. The Department of Homeland Security does not control or guarantee the accuracy, relevance, timeliness, or completeness of this outside information. Further, the inclusion of links is not intended to endorse any views expressed, or products or services offered, on these outside sites, or the organizations sponsoring the sites. You may wish to review each privacy notice since their information collection practices may differ from ours. In addition, our linking to these sites does not constitute an endorsement of any products or services.