So you’ve just graduated (or maybe you’re just finishing school) and you’re wondering where to go from here.  Graduate school is expensive and those student loans are coming in every month, how do you continue learning without paying tens of thousands of dollars every year? Certifications are a great path to take, and the best part is they’re relatively cheap.  But with so many possibilities out there, which tests should you take? Here’s my list of certifications that will help you find a great job and even help you advance in your field.

Security+

The Security+ exam covers the most fundamental areas of security.  Anything from securing a network to cryptography is on the exam.  Access control, identity management and cryptography are important topics on the exam, as well as selection of appropriate mitigation and deterrent techniques to address network attacks and vulnerabilities. This is a great certification to start with, as it touches on many different areas of security.  It’s a foundation for every other test you will take as a certified security professional.

Relevant Job Titles

• Security Engineer
• Security Consultant
• Network Administrator
• IA Technician or Manager

SSCP – Systems Security Certified Practitioner

If you’re looking to advance your security career, this is the certification to get.  The SSCP is open to all candidates with as little as one year experience, making it an ideal starting point for a new career in infosec or to add that layer of security you need in your current IT career. This certification is the child of the highly sought after CISSP, and covers a broad range of topics much like the Security+.

Relevant Job Titles

• network security engineer
• systems analyst
• application programmer
• security administrator
• systems administrator
• security architect
• security consultant/specialist

GWAPT – GIAC Web Application Penetration Tester

Web applications are one of the most significant points of vulnerability in organizations today. Most organizations have them (both web applications and the vulnerabilities associated with them). Web app holes have resulted in the theft of millions of credit cards, major financial loss, and damaged reputations for hundreds of enterprises. With such a growing field of security, this certification is a must.  I highly recommend The Web Application Hacker’s Handbook as study material.  It covers all the necessary topics, listed below:

• Ajax
• Automated Web Application Vulnerability Scanners
• Cross Site Scripting and Attack Frameworks
• Programming Fundamentals
• Reconnaissance
• Scanning and Mapping
• Session Tracking and SSL
• Understanding the Web and HTTP
• Web Application Penetration Testing Methodologies and Reporting

CEH – Certified Ethical Hacker

The CEH is probably one of the most well-known certifications in the security field.  It’s based on the idea that if you want to beat a hacker, you need to think like a hacker.  Ethical hacking is extremely similar to penetration testing, as the individual is attempting to penetrate the network/system using similar methodologies.  There are many classes run by the Sans Instituted that will thoroughly prepare you for the test (but they are quite pricey).  I recommend the CEH Certified Ethical Hacker: Exam Guide (All-in-one) as study material.  It gives an in-depth walk through of all the tools and topics needed for the exam.

CISSP – Certified Information Systems Security Professional

This should be every security professional’s end goal.  It is a globally recognized standard of achievement in the field of information security.  The test will cover critical topics in security today, including risk management, cloud computing, mobile security, application development security and more. Candidates must have a minimum of five years of paid full-time work experience in two of the ten domains. This vast breadth of knowledge and the experience it takes to pass the exam is what sets the CISSP apart.

Relevant Job Titles

• Security Consultant
• Security Manager
• Security Architect
• Security Analyst
• Security Systems Engineer
• Chief Information Security Officer
• Director of Security
• Network Architect

Finally, I want to touch on a great source of information and study material.  CBT Nuggets is an INCREDIBLE source for extensive online video training for professionals in all fields. They cover almost every certification you can imagine as well as topics such as IPv4 subnetting, Wireshark, Backtrack/Kali Linux, and more.  At 99$ a month, you’re paying far less than you would for any kind of schooling or classes.  You can learn at your own pace, and target the information your specifically need.  My experience with them has been nothing but wonderful and I highly recommend giving their 7-day free trial a go.