With many options to choose from, it can be hard to know what the right certification to pursue is, especially for individuals that are new to the industry or are looking to pursue a different path in information security. We've broken down the pros, cons, and other considerations of five of the top entry-level certifications for information security professionals available today.
CompTIA Sec+
A popular certification amongst infosec newbies, the CompTIA Security+, or Sec+ for short, is an exam covering basic security skills and knowledge. While not required, it is recommended that individuals pursuing the Sec+ certification have two years of industry experience and have passed the CompTIA Network+ exam.
+ No explicit prerequisites+ Well known amongst industry professionals
+ Prep materials available from CompTIA (and others)
* Required correct percent = ~83%
* Cost = $392 (every time)
* 90 questions over 90 minutes (1 question/minute)
- Overused, and therefore devalued, in the job marketplace
- Overly generalized information security concepts
- Exam series does not provide significant increase in credibility or functionality
Certified Ethical Hacker (CEH)
The EC-Council's CEH is designed predominantly for, as the name suggests, individuals seeking to perform ethical hacking as part of their job including penetration testers, consultants, and SOC/NOC analysts. While it doesn't brand itself as entry level, it is the baseline certification for many pentesters and is required for many entry-level roles.
+ Specialized, role-centric certification
+ Well received amongst industry professionals
+ Prep materials available from EC-Council (and others)
* Covers 20 domains of ethical hacking
* Dozens of certifications available in different paths
* Created in 2003 (20+ years)
- 4 hour, 125 question multiple choice exam and 6 hour, 20 challenge practical exam
- Cost = $1199 + $100 remote proctoring fee
- Prep materials and training courses cost thousands of dollars
ISC2 Associate
The ISC2 Associate credential is actually a stepping stone on the way to one of their larger certifications. Many people become an associate first if they don't meet the requirement for years of industry experience and/or certifications to get a more consequential certification. In order to get the Associate designation, one must take and pass an exam for a certification that requires documented years of work experience in the industry, such as the CISSP. While the CISSP is well recognized, it is a difficult exam and requires many years of experience to achieve.
+ No explicit prerequisites
+ Comes from a respectable organization
+ Designates that an individual has passed an ISC2 exam
* Can be pursued at any time
* Cost = $50 annual maintenance fee + exam cost for certification being pursued (e.g $699 for the CISSP)
* Exams must be taken in an approved Pearson Vue testing center
- Essentially means "ISC2 Member", does not carry any specific designation or importance
- Not recognized comparably in the job market
- Maintenance fees can add up year after year
ISACA CSX Cybersecurity Fundamentals Certificate
An easy-win certification for novice infosec professionals looking to fill out their resumes. This certificate isn't as well not as some others, but it comes from ISACA, a well-respected organization in the world of security certifications.
+ Cost = $150
+ Requires 65% to pass
+ No explicit prerequisites
* Newer certification than some (<10 years old)
* Organization has other, more advanced certifications
* 75 questions over 120 minutes (.625 question/minute)
- Not as widely accepted as Sec+ or similar
- Organization's main focus is on audit and risk management
- No clear growth path within ISACA
CAPCI Information Security Novice Certification
The ISNC is a certification recommended for individuals with less than two years of industry experience, or those looking to pursue a certification series. It covers basic infosec concepts designed to validate a person's knowledge base so they can pursue entry-level roles with confidence. While the number of questions ranges from 35 to 45, the exam duration is always 60 minutes. The ISNC is one of the most cost-effective information security certifications on the market today.
+ Cost = $100 + $25 remote proctor exam fee ($25/retake)
+ Organization has specialization paths and advanced certifications (20+ certifications)
+ No explicit prerequisites, perfect for individuals who are new to information security.
* Requires an 80% to pass
* Easy to use, low-stress test taking using Google products for proctoring and exam
* Up to 45 questions over 60 minutes (.75 question/minute at most)
- Not as widely accepted as Sec+ or similar
- Covers only high-level information security concepts
- Newer certification (~5 years old)