Listing of Security Related Certs I have compiled

This is the long and convoluted list facing IT security Professionals. I will re-categorize by skill and review if i have some time later =) For now know that all these are only as good as what your employer is looking for. Exemptions imo are OSCP, CISSP, GSE. These are the three I aspire to.

(CPTS) Certified Penetration Testing Specialist


(CPTE) Certified Pen Testing Expert

(CISSP) Certified Information Systems Security Professional

(CWSP) Certified Wireless Security Professional

(CEH) Certified Ethical Hacker

(ECSA) EC-Council Certified Security Analyst

(LPT) Licensed Penetration Tester


(S+) Security+

(SCNS) Security Certified Network Specialist

(SCNP) Security Certified Network Professional

(SANS) SysAdmin, Audit, Network, Security Institute

(GISF) GIAC Information Security Fundamentals

(GSEC) GIAC Security Essentials Certification

(GPEN) GIAC Certified Penetration Tester

(GCIH) GIAC Certified Incident Handler

(GSE) GIAC Security Expert

(SCNA) Security Certified Network Architect

(SSCP) Systems Security Certified Practitioner

(CNDA) Certified Network Defense Architect

(CIW) CIW Security Professional/Analyst

(OSCP) Offensive Security Certified Professional

(OSPA) OSSTMM Professional Security Analyst

(OPST) OSSTMM Professional Security Tester

(BISA) Brainbench Information Security Administrator

2 thoughts on “Listing of Security Related Certs I have compiled

  1. OSCP is the best technical certification program I have seen so far, especially to 2008/2009 standards. GSE just has insane requirements and a minimal set of people have met them (11 in 5 years?!).

    OPST is very forwarding looking. This is only worthwhile if you have mastered the technical focus of your career and want to postulate what is possible on the strategic process side. It could also become a dominant measure of tactical technical ability, but in 2008/2009 it is not quite there yet.

    CISSP and all ISC2 certifications are on their way out, regardless of the promises, the re-certification, and the continual education processes. However, many venues will continue to worship them for an unknown reason.

    One of the major institutions requiring certification is the US military and government information assurance programs. The DODI 8570.01M is the manual that anyone interested in certification should read (please don’t read just the SANS version, they are very biased).

    SCNP/SCNA is a very good path to take for the IAT track – the material is good and widely available. SANS and ISC2 pretty much own all of the other track paths, although the CERT CSIH and ISACA CISA keep the program somewhat vendor neutral.

    I have never considered ISC2 or SANS to be vendor neutral (they are vendors in my mind). However I have some nice things to say about SANS, but they are hit or miss and will have to wait for another time.

    OSCP is certainly worth everyone’s time and energy. While there is more depth to CWSP, I think OSWP is more relevant today. I do not like the OSWP reliance on Backtrack tools, even though right now they happen to be the most complete.

    OSWP is going to be both important and popular soon. The training and certification are cheap, consistent, and timely. This is a serious win. Although the syllabus for OSWP is awesome — the SANS Wireless Ethical Hacking Pen-Test course appears to be even better if you check out Days 1-6 in detail. I would recommend both to those who want to specialize in WiFi/WEP assessments. Woops I just said something nice about SANS training, although you should note that it is incredibly expensive and taking 6 days out of your work life might be a pretty big deal.

  2. haha! good comments ntp!

    I will take all these into account. Email me sometime, i’d love to chat more about security =)

Leave a Reply

Your email address will not be published. Required fields are marked *