Security Certifications Roadmap¶
Overview¶
This guide maps the security certification landscape across all major domains — from entry-level to expert — with career path guidance, exam details, cost, and recommendations based on role and specialization.
Certification Decision Framework¶
flowchart TD
A[Career Goal?] --> B[Security Analyst/SOC]
A --> C[Penetration Tester/Red Team]
A --> D[Digital Forensics/IR]
A --> E[Cloud Security]
A --> F[Security Management/CISO]
A --> G[DevSecOps/AppSec]
B --> B1[CompTIA Security+\nCySA+\nGCIH / GCIH]
C --> C1[CompTIA PenTest+\nOSCP\nGPEN/GXPN]
D --> D1[GCFE / GCFA\nEnCE\nCCFP]
E --> E1[AWS Security Specialty\nAZ-500\nCCSP]
F --> F1[CISSP\nCISM\nCRISC]
G --> G1[CSSLP\nGWEB\nAPSEC certifications]Entry Level¶
CompTIA Security+¶
Code: SY0-701 (2024 update) Level: Entry Prerequisites: None required (A+ or Network+ recommended) Cost: ~$392 (US) Format: 90 questions, 90 minutes, multiple choice + performance-based Passing Score: 750/900
Domains: - General Security Concepts (12%) - Threats, Vulnerabilities, and Mitigations (22%) - Security Architecture (18%) - Security Operations (28%) - Security Program Management and Oversight (20%)
Ideal For: First security certification; required for DoD 8570 baseline IAT Level II Validity: 3 years (CE credits or retake) Study Resources: CompTIA study guide, Jason Dion Udemy course, Professor Messer (free)
CompTIA CySA+ (Cybersecurity Analyst)¶
Code: CS0-003 Level: Intermediate Prerequisites: Security+ or 4 years experience recommended Cost: ~$392 Format: 85 questions, 165 minutes Domains: Security Operations, Vulnerability Management, Incident Response, Reporting
Ideal For: SOC analysts, threat hunters, security operations roles
(ISC)² SSCP — Systems Security Certified Practitioner¶
Level: Entry-Intermediate Prerequisites: 1 year experience in one of 7 domains Cost: $249 exam + $125/year membership Domains: Access Controls, Cryptography, Risk Identification, Network/Communications Security, Systems/Application Security, Incident Response, Cloud Security
Intermediate¶
GIAC GPEN — GIAC Penetration Tester¶
Provider: GIAC/SANS Level: Intermediate Associated Training: SEC560: Enterprise Penetration Testing Cost: $949 exam ($7,000+ with SANS training) Format: 82 questions, 3 hours, open book Passing Score: 74%
Covers: Pen test planning/recon, exploitation, post-exploitation, password attacks, web app pen testing
GIAC GCIH — GIAC Certified Incident Handler¶
Provider: GIAC/SANS Level: Intermediate Associated Training: SEC504: Hacker Tools, Techniques, and Incident Handling Cost: $949 + training Format: 106 questions, 4 hours, open book
Covers: Incident handling, scanning/exploitation, incident response fundamentals, covering tracks
GIAC GWAPT — Web Application Penetration Tester¶
Provider: GIAC/SANS Associated Training: SEC542: Web App Penetration Testing Level: Intermediate
Certified Ethical Hacker (CEH)¶
Provider: EC-Council Level: Intermediate Cost: $950-$1,500 depending on pathway Format: 125 questions, 4 hours Note: Broad vendor-neutral coverage; less hands-on than OSCP; recognized by DoD 8570
CompTIA PenTest+¶
Code: PT0-002 Level: Intermediate Cost: ~$392 Format: 85 questions + performance-based, 165 minutes Covers: Planning, information gathering, attacks, reporting
Advanced — Penetration Testing¶
Offensive Security OSCP — Offensive Security Certified Professional¶
Provider: OffSec Level: Advanced Cost: $1,499 (includes 90 days lab access + one exam attempt) Format: 24-hour hands-on exam (compromise 3 machines in isolated network + report) Passing: 70/100 points
Why It's Different: Hands-on proof-of-skills — you must exploit real machines in a timed exam. No multiple choice. The gold standard in offensive security.
Prerequisites: Basic networking, Linux, Windows, scripting Study: PWK course (included), HTB, TryHackMe, IPPSEC YouTube
Offensive Security OSEP — Experienced Penetration Tester¶
Level: Expert Cost: $1,499 Focus: Evasion techniques, advanced Active Directory attacks, custom tooling
Offensive Security OSWE — Web Expert¶
Level: Expert Focus: White box web application penetration testing, source code review, advanced exploitation
GIAC GXPN — Exploit Researcher and Advanced Penetration Tester¶
Level: Expert Associated Training: SEC660 Focus: Network attacks, stack overflows, shellcoding, kernel-level exploits
Certified Red Team Professional (CRTP)¶
Provider: Pentester Academy Level: Intermediate-Advanced Cost: ~$249 (30 days lab) Focus: Active Directory attacks — excellent for red team AD skills Why: Most cost-effective AD attack training available
Certified Red Team Expert (CRTE)¶
Provider: Pentester Academy Level: Advanced Focus: Advanced AD attacks — forest attacks, Azure AD, ADCS
Advanced — Defensive/SOC¶
GIAC GCFE — GIAC Certified Forensic Examiner¶
Level: Intermediate-Advanced Focus: Windows forensics, artifact analysis, evidence preservation
GIAC GCFA — GIAC Certified Forensic Analyst¶
Level: Advanced Focus: Advanced DFIR, malware analysis, threat hunting, memory forensics
GIAC GNFA — Network Forensic Analyst¶
Level: Advanced Focus: Network traffic analysis, packet forensics, protocol analysis
GIAC GREM — Reverse Engineering Malware¶
Level: Expert Associated Training: FOR610 (SANS) Focus: Static/dynamic malware analysis, disassembly, behavioral analysis
GIAC GCTI — Cyber Threat Intelligence¶
Level: Intermediate-Advanced Focus: Intelligence collection, analysis, sharing, strategic/tactical/operational intel
Expert Level¶
GIAC GXPN — Exploit Researcher and Advanced Penetration Tester¶
See above.
Offensive Security OSED — Windows Exploit Developer¶
Level: Expert Focus: Windows exploit development: SEH overwrites, ROP chains, heap exploitation
(ISC)² CISSP — Certified Information Systems Security Professional¶
Level: Expert (management-focused) Prerequisites: 5 years experience in 2+ of 8 domains Cost: $699 + $125/year membership Format: CAT exam, 100-150 questions (adaptive), 3 hours Passing Score: 700/1000
Domains: Security and Risk Management, Asset Security, Security Architecture, Communication/Network Security, IAM, Security Assessment/Testing, Security Operations, Software Development Security
Why: The standard for security managers and CISOs; globally recognized; required for many senior positions
CISM — Certified Information Security Manager¶
Provider: ISACA Level: Advanced/Management Prerequisites: 5 years InfoSec management experience Cost: $575 (ISACA member) / $760 (non-member) Focus: Information security governance, program development, management
Why: CISO-track certification; complementary to CISSP (more management-focused)
CRISC — Certified in Risk and Information Systems Control¶
Provider: ISACA Level: Advanced/Management Focus: Risk identification, assessment, response, monitoring
CCSP — Certified Cloud Security Professional¶
Provider: (ISC)² Level: Advanced Focus: Cloud security architecture, data security, platform security, compliance Ideal For: Cloud security architects, cloud-focused security engineers
Cloud Platform Certifications¶
| Certification | Provider | Level | Focus |
|---|---|---|---|
| AWS Security Specialty | AWS | Advanced | AWS security architecture + operations |
| AWS Solutions Architect Professional | AWS | Advanced | Architecture foundation for security |
| AZ-500: Azure Security Technologies | Microsoft | Intermediate | Azure security services |
| SC-200: Security Operations Analyst | Microsoft | Intermediate | Microsoft Sentinel + Defender |
| Google Professional Cloud Security Engineer | Intermediate | GCP security | |
| CCSP | (ISC)² | Advanced | Vendor-neutral cloud security |
Specialized Certifications¶
OT/ICS¶
| Certification | Provider | Focus |
|---|---|---|
| GICSP — Global ICS Security Professional | GIAC | ICS/SCADA security |
| GRID — Response and Industrial Defense | GIAC | OT incident response |
| CSSA — Certified SCADA Security Architect | IACRB | OT architecture |
Healthcare¶
| Certification | Provider | Focus |
|---|---|---|
| HCISPP | (ISC)² | Healthcare information security |
| CHPS — Certified in Healthcare Privacy | AHIMA | Healthcare privacy compliance |
Forensics¶
| Certification | Provider | Focus |
|---|---|---|
| EnCE | OpenText (EnCase) | EnCase forensics platform |
| CCE | ISFCE | Vendor-neutral computer forensics |
| CFCE | IACIS | Law enforcement focused |
| CHFI | EC-Council | Broad forensics overview |
Career Path Recommendations¶
SOC Analyst Path¶
Entry: CompTIA Security+ → CySA+
Intermediate: GCIH → GCIA (Intrusion Analyst)
Advanced: GCFA → GCTI → CISSP
Specialization: GREM (malware) or GNFA (network)
Penetration Tester Path¶
Entry: Security+ → CEH (or skip to OSCP prep)
Core: OSCP (mandatory) → CRTP (AD focus)
Advanced: OSEP → GXPN → OSED
Specialization: OSWE (web) or OSWP (wireless)
DFIR Path¶
Entry: Security+ → GCFE
Core: GCFA → GNFA
Advanced: GREM → GCFE/GCFA combination
Management: CISSP or GCIH
Cloud Security Path¶
Foundation: AWS/Azure/GCP associate cert
Security: AWS Security Specialty or AZ-500
Advanced: CCSP
Management: CISSP
CISO/Management Path¶
Technical: CISSP (5 years experience required)
Risk: CRISC → CISM
Governance: CISM → board-level communication training
Business: MBA or executive education programs
Study Resources¶
Free/Low Cost¶
- Professor Messer — CompTIA training (free videos)
- TryHackMe — Hands-on labs (free tier)
- HackTheBox — CTF-style challenges (free tier)
- SANS Cyber Aces — Free foundational course
- Cybrary — Free and paid courses
- MITRE ATT&CK training (free)
- CISA free cybersecurity resources
Premium¶
- SANS Institute — World-class training; $7,000+ per course
- Offensive Security — OSCP, OSEP, OSWE
- Pentester Academy — AD, red team, malware
- Udemy — High quality at low cost; Jason Dion, Heath Adams
- Pluralsight — Enterprise subscription