Skip to site content


Head with puzzle pieces for brain.Information Technology certifications are a way for you to demonstrate proficiency in skills by passing standardized exams. Employers may require certain certifications. Even for those employers who don’t, having one or more professional certifications often increases your employability and salary.

Some certifications are created and awarded by vendors such as Cisco, while other certifications are vendor neutral. Certification exam requirements vary. For example, Security+ does not have prerequisites, while Certified Information Systems Security Professional (CISSP), arguably the most prestigious certification, requires a minimum period of work history with experience in specific skill sets.

Certification Awarding Organization Description



Validates the baseline skills needed to perform core security functions such as network security, compliance and operational security, threats and vulnerabilities, application, data and host security, access control and identity management and cryptography.

Prerequisites: Successfully pass the exam. (Network+ certification is recommended but not required before taking the exam.)

Information Security Fundamentals (GISF)

Global Information Assurance Certification

Validates that managers, information security officers, and system administrators know key concepts of information security, including the ability to understand the threats and risks to information and information resources and how to protect them using diverse strategies.

Prerequisites: Successfully pass the exam.

Certified Ethical Hacker (CEH)

International Council of Electronic Commerce Consultants (EC-Council)

Validates a security professional's skills in understanding information system weaknesses and vulnerabilities, and their ability to use that knowledge and hacking tools to legally and ethically assess the security posture of target systems.

Prerequisites: Successfully pass the exam.


International Information Systems Security Certification Consortium (ISC)2

Validates that a security professional has the skills needed to effectively design, implement, and manage an effective cybersecurity program.


  1. Successfully pass the exam.
  2. Provide proof of a minimum of five years’ professional experience in the information security field, with a work history that shows a skill set that embraces at least two of the 10 domains in the (ISC)2 CISSP CBK.

Certified Information Security Manager (CISM) 

Information Systems Audit and Control Association (ISACA)

Validates that an information security manager can plan and institute information security programs and practices that prevent security breaches and quickly mitigate damage should a breach occur.


  1. Successfully pass the exam.
  2. Adhere to ISACA's Code of Professional Ethics.
  3. Agree to comply with the Continuing Education Policy.
  4. Provide documentation of work experience in the field of information security.
  5. Submit an Application for CISM Certification.
Vendor Specific

Cisco Certified Network Associate Security (CCNA Security) (vendor specific)


Validates associate-level knowledge and skills required to secure Cisco networks.


  1. Any valid Cisco CCENT, CCNA Routing and Switching, or any CCIE certification.
  2. Successfully pass the exam.

Offensive Security Certified Professional (OSCP)

Offensive Security

Validates a security professional’s skills in performing legal and ethical penetration testing aimed at identifying system vulnerabilities.

Prerequisites: Complete the Penetration Testing with Kali Linux training course, which teaches students how to identify and exploit a wide array of operating systems in an online VPN lab environment.