Which Cybersecurity Certification is Right for You?

Beyond20 Logo
Written by Beyond20 Staff

First, let’s address why you should care about cybersecurity. This is not something that should be relegated to the IT folks in your basement, or attic, or crawlspace, or wherever you keep them (and if you do keep them in any of those spaces, shame on you). This is something you need to know about because you cannot protect your organization, resources (technological and information), or people without it. For another, successful IT Service Management (ITSM) must incorporate an understanding of cybersecurity. Okay, you can do it, but not well, and speaking in absolutes is more dramatic. Most important of all, it is hard to make smart decisions without understanding cybersecurity, so you wind up on the sidelines in any conversation about it just like you are now when it comes to that show you don’t watch that everyone else does.

Now, let’s look at the ways in which you can build your cyber security knowledge through certification. There are three main options, each with its own strengths and qualifications – each of them also satisfies different levels of DoD 8570 training requirements. Let’s break them down:


The Security+ certification from CompTIA is a particularly good one to start with because it helps you build a strong knowledge base. Security+ also meets Information Assurance (IA) level one requirements for DoD 8570 at both the Technical and Management level, and is therefore one of the most popular courses for folks working for or with the Department of Defense.  There is a 90-question multiple-choice and performance-based exam that runs through scenarios so you can demonstrate you know what you’re doing. But given that this certification is for those who have two-years’ experience in security, we assume you know what you are doing. You do, right?


The CISSP certification from (ISC)2 (that’s “ISC Squared” for those of you who are reading aloud) is for those who have a management focus in their responsibilities, like a security auditor or assessor. Naturally, it has more stringent requirements—you must have five-years’ experience in two or more CISSP domains and put your skills to the test in a six-hour, 250-question multiple-choice examapalooza! It’s daunting. It’s a doozy. So maybe stay hydrated.

Certified Ethical Hacker (CEH)

Now this one is real next-level certification, as in it is geared to serious security pros performing tasks like security assessments, penetration testing, and hands-on network or system administration. Essentially, if you develop and test technology to verify your systems, this is for you. The exam is a four-hour feast of 125 multiple-choice questions and you need a 70% score to pass, but you can do it. I believe in you.

As you can see, you probably do not want to take all three exams at once, unless you have found a way to give up sleep without passing out. If you are relatively new to all things cyber security, start with Security+ to pick up the core concepts and then take on CISSP if your focus is on policies and procedures, or CEH if you are doing hands-on security work or managing an IT team.

All of which to say, it’s time to get certified once, or twice, or even three times. After all, you can never be too secure.


Ready to get certified? Check out our upcoming cybersecurity training courses!


Originally published April 04 2017, updated December 12 2019