Security Certification Progression Chart - 2019 Refresh

I have been using the following Security Certification Progression Chart v4.0 for a few years. Does anyone know who made it so I can give credit?

I decided to give it a 2019 refresh for some of my colleagues, and thought some here might find it useful.

If anyone sees something out of place let me know. I've obviously not encountered even a fraction of the certifications on this list, so placement was based on the old chart plus some research:

Image: https://us.v-cdn.net/6030959/uploads/editor/d4/6xpiafgzhpeu.png

Edit 1: Updated to add Agile & TOGAF certs. Moved CGEIT up the ladder.
Edit 2: Added a row to spread out the bunching just after "Novice". Brought GSEC and CEH down a notch. Added eJPT, eWPT, eWPTX, eCTPX, and OSWE certifications for penetration testers:

Find more posts tagged with

Comments

MrsWilliams

Nevermind

COBOL_DOS_ERA

So far it looks good, except CGEIT is not a cert for Novice, move this to Security Management.

Certified in the Governance of Enterprise IT (CGEIT)

CGEIT provides you the credibility to discuss critical issues around governance and strategic alignment, and the traction to consider a move to the C-suite if you aren't already there.

Pmorgan2

promethuschow said:

So far it looks good, except CGEIT is not a cert for Novice, move this to Security Management.

Would you say CGEIT is more or less difficult/useful than CRISC?

COBOL_DOS_ERA

I would say CGEIT is 3-5 years away to get momentum like CRISC. Comparing these two without knowing your priority I would say go for CRISC and if time permits do CGEIT once you are done with CRISC.

LonerVamp

Looks like it may have come from here: https://community.infosecinstitute.com/discussion/101064/cert-career-map

NetworkNewb

I always thought GSEC was kinda on the Sec+/SSCP level...

Johnhe0414

This is great stuff! Thanks

Pmorgan2

NetworkNewb said:

I always thought GSEC was kinda on the Sec+/SSCP level...

I've seen GSEC compared to Security+ and I've seen it compared to CISSP. I haven't taken it, so I'm not sure how to rank it. I left it where the original author (Drackar?) put it.

There's probably a good argument for dropping GSEC down into Novice and putting Programming up in it's place. From blogs and exam descriptions, I still think difficulty / usefulness goes Sec+ -> SSCP -> GSEC.

I was making a few decisions based on how many rows I had instead of the certs. So I added another row to fix some mistakes in v5.2. This allowed me to bring Sec+, SSCP, and GSEC more in line with they're actual difficulty/utility.

sfportaro

Great chart.

No love for CSSLP?

Pmorgan2

sfportaro said:

Great chart.

No love for CSSLP?

I don't have a lot of knowledge about the CSSLP. Where do you think it would fit? In Security Management on par in difficulty and/or career level with TOGAF, CCNA, MCSA, and/or CRISC?

sfportaro

I would say management.

iBrokeIT

IMO the GXPN and OSCE should be below the GSE.