Security Certification Progression Chart - 2019 Refresh

Pmorgan2Pmorgan2 CISSP, A+/Net+/Sec+/Project+, ITIL v3, CIW SDA & WSPPosts: 98Member ■■■■□□□□□□
edited June 27 in General Certification
I have been using the following Security Certification Progression Chart v4.0 for a few years.  Does anyone know who made it so I can give credit?


I decided to give it a 2019 refresh for some of my colleagues, and thought some here might find it useful.

If anyone sees something out of place let me know.  I've obviously not encountered even a fraction of the certifications on this list, so placement was based on the old chart plus some research:



Edit 1:  Updated to add Agile & TOGAF certs.  Moved CGEIT up the ladder.
Edit 2:  Added a row to spread out the bunching just after "Novice".  Brought GSEC and CEH down a notch. Added eJPT, eWPT, eWPTX, eCTPX, and OSWE certifications for penetration testers:
2019 Goals: ITIL Foundation, Project+CIW Site Development Associate, CIW Web Security Professional, CCSP, ECIH, ECES, WGU BSCSIA

Comments

  • MrsWilliamsMrsWilliams Junior Member Posts: 168Member ■■■■□□□□□□
    edited June 22
  • promethuschowpromethuschow Member Northern VA, NYCPosts: 191Member ■■■■□□□□□□
    So far it looks good, except CGEIT is not a cert for Novice, move this to Security Management. 

    Certified in the Governance of Enterprise IT (CGEIT) 

     

    CGEIT provides you the credibility to discuss critical issues around governance and strategic alignment, and the traction to consider a move to the C-suite if you aren't already there.




  • Pmorgan2Pmorgan2 CISSP, A+/Net+/Sec+/Project+, ITIL v3, CIW SDA & WSP Posts: 98Member ■■■■□□□□□□
    promethuschow said:
    So far it looks good, except CGEIT is not a cert for Novice, move this to Security Management. 
    Would you say CGEIT is more or less difficult/useful than CRISC?
    2019 Goals: ITIL Foundation, Project+CIW Site Development Associate, CIW Web Security Professional, CCSP, ECIH, ECES, WGU BSCSIA
  • promethuschowpromethuschow Member Northern VA, NYCPosts: 191Member ■■■■□□□□□□
    I would say CGEIT is 3-5 years away to get momentum like CRISC. Comparing these two without knowing your priority I would say go for CRISC and if time permits do CGEIT once you are done with CRISC. 
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS CCP, CCSK Posts: 396Member ■■■■■□□□□□

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+, Linux+, AWS CCP, CCSK
    2019 goals: GWAPT, Linux+, (possible: SLAE, CCSK, AWS SA-A)
  • NetworkNewbNetworkNewb Posts: 3,277Member ■■■■■■■■■□
    I always thought GSEC was kinda on the Sec+/SSCP level... 
  • Johnhe0414Johnhe0414 A+, Network+, Security+, Project+ USA, CAPosts: 147Registered Users ■■■■□□□□□□
    This is great stuff! Thanks
    Current:  A+ | Network+ | Project+ |Security+
    Working on: Cysa+
  • Pmorgan2Pmorgan2 CISSP, A+/Net+/Sec+/Project+, ITIL v3, CIW SDA & WSP Posts: 98Member ■■■■□□□□□□
    I always thought GSEC was kinda on the Sec+/SSCP level... 
    I've seen GSEC compared to Security+ and I've seen it compared to CISSP.  I haven't taken it, so I'm not sure how to rank it.  I left it where the original author (Drackar?) put it.

    There's probably a good argument for dropping GSEC down into Novice and putting Programming up in it's place.  From blogs and exam descriptions, I still think difficulty / usefulness goes Sec+ -> SSCP -> GSEC.

    I was making a few decisions based on how many rows I had instead of the certs.  So I added another row to fix some mistakes in v5.2.  This allowed me to bring Sec+, SSCP, and GSEC more in line with they're actual difficulty/utility.
    2019 Goals: ITIL Foundation, Project+CIW Site Development Associate, CIW Web Security Professional, CCSP, ECIH, ECES, WGU BSCSIA
  • sfportarosfportaro Posts: 24Member ■■■□□□□□□□
    Great chart.

    No love for CSSLP? 
  • Pmorgan2Pmorgan2 CISSP, A+/Net+/Sec+/Project+, ITIL v3, CIW SDA & WSP Posts: 98Member ■■■■□□□□□□
    sfportaro said:
    Great chart.

    No love for CSSLP? 
    I don't have a lot of knowledge about the CSSLP.  Where do you think it would fit?  In Security Management on par in difficulty and/or career level with TOGAF, CCNA, MCSA, and/or CRISC?
    2019 Goals: ITIL Foundation, Project+CIW Site Development Associate, CIW Web Security Professional, CCSP, ECIH, ECES, WGU BSCSIA
  • sfportarosfportaro Posts: 24Member ■■■□□□□□□□
    I would say management.
  • iBrokeITiBrokeIT GXPN GPEN GWAPT GCIH GCFE GICSP GSEC eJPT Sec+ Posts: 1,260Member ■■■■■■■■■□
    IMO the GXPN and OSCE should be below the GSE.
Sign In or Register to comment.