Security Certification Progression Chart - 2019 Refresh

Pmorgan2Pmorgan2 Member Posts: 116 ■■■■□□□□□□
edited June 2019 in General Certification
I have been using the following Security Certification Progression Chart v4.0 for a few years.  Does anyone know who made it so I can give credit?


I decided to give it a 2019 refresh for some of my colleagues, and thought some here might find it useful.

If anyone sees something out of place let me know.  I've obviously not encountered even a fraction of the certifications on this list, so placement was based on the old chart plus some research:



Edit 1:  Updated to add Agile & TOGAF certs.  Moved CGEIT up the ladder.
Edit 2:  Added a row to spread out the bunching just after "Novice".  Brought GSEC and CEH down a notch. Added eJPT, eWPT, eWPTX, eCTPX, and OSWE certifications for penetration testers:
2021 Goals: WGU BSCSIA, CEH, CHFI | 2022 Goals: WGU MSCSIA, AWS SAA, AWS Security Specialist

Comments

  • MrsWilliamsMrsWilliams Member Posts: 192 ■■■■□□□□□□
    edited June 2019
  • COBOL_DOS_ERACOBOL_DOS_ERA Member Posts: 205 ■■■■■□□□□□
    So far it looks good, except CGEIT is not a cert for Novice, move this to Security Management. 

    Certified in the Governance of Enterprise IT (CGEIT) 

     

    CGEIT provides you the credibility to discuss critical issues around governance and strategic alignment, and the traction to consider a move to the C-suite if you aren't already there.




    CISM, CRISC, CGEIT, PMP, PMI-ACP, SEC+, ITIL V3, A-CSM. And Many More.
  • Pmorgan2Pmorgan2 Member Posts: 116 ■■■■□□□□□□
    promethuschow said:
    So far it looks good, except CGEIT is not a cert for Novice, move this to Security Management. 
    Would you say CGEIT is more or less difficult/useful than CRISC?
    2021 Goals: WGU BSCSIA, CEH, CHFI | 2022 Goals: WGU MSCSIA, AWS SAA, AWS Security Specialist
  • COBOL_DOS_ERACOBOL_DOS_ERA Member Posts: 205 ■■■■■□□□□□
    I would say CGEIT is 3-5 years away to get momentum like CRISC. Comparing these two without knowing your priority I would say go for CRISC and if time permits do CGEIT once you are done with CRISC. 
    CISM, CRISC, CGEIT, PMP, PMI-ACP, SEC+, ITIL V3, A-CSM. And Many More.
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    I always thought GSEC was kinda on the Sec+/SSCP level... 
  • Johnhe0414Johnhe0414 Registered Users Posts: 191 ■■■■■□□□□□
    This is great stuff! Thanks
    Current: Network+ | Project+ 
    Working on: PMP
  • Pmorgan2Pmorgan2 Member Posts: 116 ■■■■□□□□□□
    I always thought GSEC was kinda on the Sec+/SSCP level... 
    I've seen GSEC compared to Security+ and I've seen it compared to CISSP.  I haven't taken it, so I'm not sure how to rank it.  I left it where the original author (Drackar?) put it.

    There's probably a good argument for dropping GSEC down into Novice and putting Programming up in it's place.  From blogs and exam descriptions, I still think difficulty / usefulness goes Sec+ -> SSCP -> GSEC.

    I was making a few decisions based on how many rows I had instead of the certs.  So I added another row to fix some mistakes in v5.2.  This allowed me to bring Sec+, SSCP, and GSEC more in line with they're actual difficulty/utility.
    2021 Goals: WGU BSCSIA, CEH, CHFI | 2022 Goals: WGU MSCSIA, AWS SAA, AWS Security Specialist
  • sfportarosfportaro Member Posts: 34 ■■■□□□□□□□
    Great chart.

    No love for CSSLP? 
  • Pmorgan2Pmorgan2 Member Posts: 116 ■■■■□□□□□□
    sfportaro said:
    Great chart.

    No love for CSSLP? 
    I don't have a lot of knowledge about the CSSLP.  Where do you think it would fit?  In Security Management on par in difficulty and/or career level with TOGAF, CCNA, MCSA, and/or CRISC?
    2021 Goals: WGU BSCSIA, CEH, CHFI | 2022 Goals: WGU MSCSIA, AWS SAA, AWS Security Specialist
  • sfportarosfportaro Member Posts: 34 ■■■□□□□□□□
    I would say management.
  • iBrokeITiBrokeIT Member Posts: 1,318 ■■■■■■■■■□
    IMO the GXPN and OSCE should be below the GSE.
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA | Pentest+ 
    2022: GMON | GDAT
    2023: GREM  | GSE | GCFA

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops SANS Grad Cert: Incident Response
Sign In or Register to comment.