Last reviewed: March 2017
Training and Certifications for Security and Privacy Professionals
This list provides a starting point for information security and privacy professionals seeking ongoing training and certification opportunities. The options provided below are vendor-neutral. Note that some training options may require low time/financial investment levels while other options require moderate to significant time/financial investment levels.
- IAPP Training
- ISACA Training
- ISSA Webinars
- (ISC)2 Training and Education
- Michigan Cyber Range by Merit
- SANS Online Training, Training, and NetWars
- TeachPrivacy Security and Privacy Training
When selecting your training options, consider non-vendor specific sessions designed to do one of the following:
- Enhance general understanding of security or privacy concepts.
- Enhance general understanding of management or leadership concepts.
Also consider vendor-specific certifications that may be required as part of your current job duties (e.g., Cisco or Microsoft). Training sessions may help you demonstrate proficiency in a wide range of information security topics or in a particular security domain (e.g., auditing, network security, systems security, risk assessment).
This list provides a starting point for information security and privacy professionals considering vendor-neutral certifications. Many vendors such as Cisco and Microsoft offer specific certifications for the use of their products. These certifications may be helpful for information security or privacy professionals using those products.
Low Time/Financial Investment Level
Moderate Time/Financial Investment Level
- CCEP (Certified Ethics and Compliance Professional)
- CCSP (Certified Cloud Security Professional)
- CEH (Certified Ethical Hacker)
- CERT-Certified Computer Security Incident Handler
- CISA (Certified Information Systems Auditor)
- CISM (Certified Information Security Manager)
- CRISC (Certified in Risk and Information Systems Control)
- GIAC (Global Information Assurance Certification) Gold
- GPEN (GIAC Penetration Tester)
- GSEC (GIAC Security Essentials)
- Holistic Information Security Practitioner (HISP) Certification
- SSCP (Systems Security Certified Practitioner)
Significant Time/Financial Investment Level
- CASP (CompTIA Advanced Security Practitioner)
- CIA (Certified Internal Auditor)
- CIPM (Certified Information Privacy Manager)
- CIPP (Certified Information Privacy Professional)
- CIPT (Certified Information Privacy Technologist)
- CISSP (Certified Information Systems Security Professional)
- ECSA (EC-COuncil Certified Security Analyst)
- GIAC (Global Information Assurance Certification) Platinum
- GSE (GIAC Security Expert)
DoD Approved 8570 Baseline Certifications
- Explore the NICS Education and Training Catalog. This page also includes a list of organizations identified by DHS that provide the professional certifications needed for entry or promotion in the cybersecurity career field.
- Review the list of DoD Approved 8570 Baseline Certifications. These certifications have been approved as Information Assurance (IA) baseline certifications for the IA Workforce.
- Learn more about current cybersecurity degrees, certifications, and careers through other websites such as CyberSecurityEducation.org and CyberSecurityU.org. If you'd like to learn more about master's degree programs in information and network security, visit CybersecurityMastersDegree.org.
- View these cybersecurity certification and career diagrams by Gary Hayslip (Security Current).
- Consider attending the annual Security Professionals Conference for professional development.
- Visit the Advance Your InfoSec Career page for other professional development recommendations.
Questions or comments? Contact us.
Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).