Security Certification Progression Chart - 2019 Refresh
Pmorgan2
Member Posts: 116 ■■■■□□□□□□
I have been using the following Security Certification Progression Chart v4.0 for a few years. Does anyone know who made it so I can give credit?
I decided to give it a 2019 refresh for some of my colleagues, and thought some here might find it useful.
If anyone sees something out of place let me know. I've obviously not encountered even a fraction of the certifications on this list, so placement was based on the old chart plus some research:
Edit 1: Updated to add Agile & TOGAF certs. Moved CGEIT up the ladder.
Edit 2: Added a row to spread out the bunching just after "Novice". Brought GSEC and CEH down a notch. Added eJPT, eWPT, eWPTX, eCTPX, and OSWE certifications for penetration testers:
I decided to give it a 2019 refresh for some of my colleagues, and thought some here might find it useful.
If anyone sees something out of place let me know. I've obviously not encountered even a fraction of the certifications on this list, so placement was based on the old chart plus some research:
Edit 1: Updated to add Agile & TOGAF certs. Moved CGEIT up the ladder.
Edit 2: Added a row to spread out the bunching just after "Novice". Brought GSEC and CEH down a notch. Added eJPT, eWPT, eWPTX, eCTPX, and OSWE certifications for penetration testers:
2021 Goals: WGU BSCSIA, CEH, CHFI | 2022 Goals: WGU MSCSIA, AWS SAA, AWS Security Specialist
Comments
-
COBOL_DOS_ERA
Member Posts: 205 ■■■■■□□□□□
So far it looks good, except CGEIT is not a cert for Novice, move this to Security Management.Certified in the Governance of Enterprise IT (CGEIT)
CGEIT provides you the credibility to discuss critical issues around governance and strategic alignment, and the traction to consider a move to the C-suite if you aren't already there.
CISM, CRISC, CGEIT, PMP, PMI-ACP, SEC+, ITIL V3, A-CSM. And Many More. -
Pmorgan2
Member Posts: 116 ■■■■□□□□□□
promethuschow said:
Would you say CGEIT is more or less difficult/useful than CRISC?So far it looks good, except CGEIT is not a cert for Novice, move this to Security Management.2021 Goals: WGU BSCSIA, CEH, CHFI | 2022 Goals: WGU MSCSIA, AWS SAA, AWS Security Specialist -
COBOL_DOS_ERA
Member Posts: 205 ■■■■■□□□□□
I would say CGEIT is 3-5 years away to get momentum like CRISC. Comparing these two without knowing your priority I would say go for CRISC and if time permits do CGEIT once you are done with CRISC.CISM, CRISC, CGEIT, PMP, PMI-ACP, SEC+, ITIL V3, A-CSM. And Many More.
-
LonerVamp
Member Posts: 518 ■■■■■■■■□□
Looks like it may have come from here: https://community.infosecinstitute.com/discussion/101064/cert-career-map
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs? -
NetworkNewb
Member Posts: 3,298 ■■■■■■■■■□
I always thought GSEC was kinda on the Sec+/SSCP level... -
Johnhe0414
Registered Users Posts: 191 ■■■■■□□□□□
This is great stuff! Thanks
Current: Network+ | Project+Working on: PMP -
Pmorgan2
Member Posts: 116 ■■■■□□□□□□
I've seen GSEC compared to Security+ and I've seen it compared to CISSP. I haven't taken it, so I'm not sure how to rank it. I left it where the original author (Drackar?) put it.NetworkNewb said:I always thought GSEC was kinda on the Sec+/SSCP level...
There's probably a good argument for dropping GSEC down into Novice and putting Programming up in it's place. From blogs and exam descriptions, I still think difficulty / usefulness goes Sec+ -> SSCP -> GSEC.
I was making a few decisions based on how many rows I had instead of the certs. So I added another row to fix some mistakes in v5.2. This allowed me to bring Sec+, SSCP, and GSEC more in line with they're actual difficulty/utility.2021 Goals: WGU BSCSIA, CEH, CHFI | 2022 Goals: WGU MSCSIA, AWS SAA, AWS Security Specialist -
Pmorgan2
Member Posts: 116 ■■■■□□□□□□
I don't have a lot of knowledge about the CSSLP. Where do you think it would fit? In Security Management on par in difficulty and/or career level with TOGAF, CCNA, MCSA, and/or CRISC?sfportaro said:Great chart.
No love for CSSLP?2021 Goals: WGU BSCSIA, CEH, CHFI | 2022 Goals: WGU MSCSIA, AWS SAA, AWS Security Specialist -
iBrokeIT
Member Posts: 1,318 ■■■■■■■■■□
IMO the GXPN and OSCE should be below the GSE.2019: GPEN | GCFE | GXPN | GICSP | CySA+
2020: GCIP | GCIA
2021: GRID | GDSA | Pentest+
2022: GMON | GDAT
2023: GREM | GSE | GCFA
WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops | SANS Grad Cert: Incident Response
