Certification is recommended for security professionals for future career advancement and recognition of their unique, specialized skill set. Many security positions now call for one or more specific security certifications, as a condition of employment. Government agencies, such as the Department of Defense (DoD 8570.1), require security specialists be certified.
Recent Government regulations upon industry have furthered this certification trend, by requiring or promoting security certification. The following is a list of a few of the more common security certifications offered. A number of vendors also offer security security certificiations. Consult the individual vendor for that information. The listing of the security certifications
below does not imply endorsement by Silicon Valley ISSA.
Certified Information Systems Security Professional (CISSP)
One of the oldest, largest, and most recognized security certification, with 60,000 professionals in 135 countries.
The CISSP was the first credential in the field of information security, accredited by the ANSI (American National Standards Institute)
to ISO (International Standards Organization) Standard 17024:2003. Offered by International Information Systems Security Certifications Consortium (ISC2)
Certified Information Security Auditor (CISA)
A CISA certification demonstrates knowledge of IS auditing for control and security purposes.
More than 60,000 professionals have earned the CISA since inception. Offered by Information Systems Audit and Control Association (ISACA)
Certified Information Security Manager (CISM)
CISM certification is for the individual who manages, designs, oversees and/or assesses an enterprise's information security.
Offered by Information Systems Audit and Control Association (ISACA)
Global Information Assurance Certification (GIAC)
GIAC certifications address a range of skill sets including entry level information security and broad based security essentials, as well as advanced subject areas like audit, intrusion detection, incident handling, firewalls and perimeter protection, forensics, hacker techniques, and Windows and Unix operating system security and secure software and application coding.
GIAC has achieved accreditation by ANSI/ISO/IEC 17024. Details at:
CompTIA Security+™ Certification
Security+ validates knowledge of communication security, infrastructure security, cryptography, operational security, and general security concepts. Details at:
Other ISC2 Certications Systems Security Certified Practitioner (SSCP)
SSCP credential is ideal for those entry-level and junior working security professionals, who do not yet meet the more stringent criteria of the CISSP.
Offered by International Information Systems Security Certifications Consortium (ISC2).
Certification and Accreditation Professional (CAP)
Credential applies to professionals responsible for formalizing processes used to assess risk and establish security requirements, as well as ensure information systems possess security commensurate with the level of exposure to potential risk. Offered by ISC2
Information Systems Security Architecture Professional ISSAP
Recognition for Advanced Expertise in Information Security Architecture. Requires current CISSP. Offered by ISC2.
Information Systems Security Engineering Professional ISSEP
Recognition for Advanced Expertise in Information Security Engineering. Requires current CISSP. Offered by ISC2.
Information Systems Security Management Professional ISSMP
Recognition for Advanced Expertise in Information Security Management. Requires current CISSP. Offered by ISC2.