Certification Guide

Security

Updated: 09.12.2022
Table of Contents

How to Succeed in Security 3

Palo Alto Certifications 12
Offensive Security Certifications 19
(ISC)2 Certifications 26
Check Point Certifications 34
CompTIA Security Certifications 39
Cisco Security Certifications 58

Security • 2
 How to Succeed
in Security
The security career field has boomed recently with demand high and investment pouring
into the sector. Gartner predicts that security spending will increase to $170.4 billion
in 2022 as companies move beyond simple prevention to advanced offensive security
methods. Inevitably, a portion of the money will go to fill the acute shortage of qualified
security professionals. Independent research suggests 1.8 million cybersecurity positions
will go unfilled worldwide in 2022. Meanwhile, cyber threats are showing no signs of
slowing.

The numbers are staggering, but the massive shortage of qualified professionals is not
necessarily due to lack of interest or investment. Quite simply, it just takes longer to train
cybersecurity professionals. It’s been said there’s no such thing as an entry-level security
professional. When someone enters the cybersecurity field, it’s typically on the back of five
to seven years of experience, and there’s a reason for that.

Security • 3
Security professionals need to know everything — networking, systems administration,
and even programming. To prevent a breach, security professionals need to know every
attack vector — technological and social, new and old. To combat breaches, pen testers
need to think like a hacker. To clean up after a breach, forensic analysts need to know
where to find clues about the cause and how to patch the holes. If that seems daunting,
don’t worry. Security professionals aren’t made overnight. Instead, they’re developed
throughout a career in IT.

Looking at the most difficult security exams, like the OSCP or CISSP, the depth and
breadth of required knowledge is intimidating. These are specialized exams for specialized
roles that attract experienced security professionals. Most security professionals
specialize in one area of IT, and then specialize in security. Security professionals need to
know everything, but not immediately.

A Look at Security Career Progression

Long before an IT professional heads down a specialization path like analysis, pen testing,
or risk management, they acquire basic security skills throughout the normal course
of their career. The easiest way to get into IT security isn’t necessarily with security
certifications (though it helps). Instead, the best way to start down the security path is
with basic certifications like CompTIA Network+, Cisco CCNA, or even a Microsoft MCSA.
More important than security knowledge are fundamental network and system skills.

With those foundational skills acquired, it’s time to specialize — and there are
certifications specific to each stage of a career. A look at the requirements for one
foundational security certification, shows where IT professionals looking to get into
security can start.

Security • 4
Entry-level: Security fundamentals

There’s only one true foundational security certification — CompTIA Security+. As it

should be, this exam is basic at best and very broad. Here are the exam objectives:

• 1.0 Threats, Attacks, and Vulnerabilities - 21%

• 2.0 Technologies and Tools - 22%
• 3.0 Architecture and Design - 15%
• 4.0 Identity and Access Management - 16%
• 5.0 Risk Management - 14%
• 6.0 Cryptography and PKI - 12%

Note that nearly half the exam — the first two domains — simply validates terms and tools.
The exam then offers a broad introduction to the other aspects of security. As with all
certifications, its difficulty is relative to the experience level of the test taker. For someone
just getting into IT, Security+ introduces a whole new vocabulary and reinforces that
information through scenario-based test questions. In this way, it’s a perfect starting point
for anyone interested in getting into security. However, the serious security stuff starts
appearing throughout many certifications that aren’t necessarily security-specific.

Advanced Basics: 2 to 3 years

Security is baked into most IT certifications. Most people think they need advanced
or expert security certifications to specialize, but security topics are covered in the
most entry-level networking and systems administration certifications. For instance,
networking professionals should expect about 11 percent of questions on the CCNA to be
about infrastructure security. Cloud professionals can expect nearly a quarter of the AWS

Security • 5
Certified Solutions Architect - Associate exam to be security-related.
Security is everyone’s job, and IT professionals will get plenty of dedicated security
experience — even as generalists in a support role or early-career network or systems
administrators. Many decide to specialize from this initial exposure to security
responsibilities. When that time comes, it’s time to get certified.

Security Specialization: 3 to 7 years

At this point, most security professionals have already assumed many of the
responsibilities they’ll need to build a great security resume. That also means it’s time
to get certified.

Security certifications are either offered by security appliance vendors like Palo Alto or
Cisco, or professional organizations dedicated to security like (ISC)2. In either case, these
certifications are specialized and often require at least five years of experience. AWS offers
the AWS Certified Security - Specialty certification, which requires five years of IT security
experience and at least two years securing AWS workloads. Similarly, Cisco has a security
track, which right now starts at the CCNA level, but will soon be a professional (or mid-
career) certification. The next steps are highly individualized. Security is a huge career
field with many potential career paths.

Security • 6
IT Security Career Paths

Security jobs are often a continuation of the skills acquired throughout a career. For
instance, network administrators may become analysts or pen testers. Developers may
become security engineers. Systems administrators may turn to application or systems
security. Again, that’s because security professionals are often specialists in one career
field and also security. Here are some common security career paths.

Cybersecurity Analyst

By most accounts, analysts do pretty boring work. Analysts do two things: discover and
detect cyberattacks. What discovering threats means is dependent on the requirements
of the company, but it most often means digging into log files to find threats and then
implementing security policies to prevent attacks based on their signatures. Security
policies can be implemented through a security appliance or software, or through custom-
built automation.

IT professionals looking to become cybersecurity analysts need a well-rounded set

of technical skills because they rely on their experience to know what to look for.
Cybersecurity analysts are technicians, which means they need qualified technical skills
like Windows administration, desktop support, networking, and probably proficiency with
at least one programming language. Analysts may spend days auditing SSL certificates
or combing through logs. It’s monotonous but important work that’s performed on the
frontline of an attack.

Security certifications: CompTIA CySA+, CCNA CyberOps

Typical background: Systems administrator, network administration

Security • 7
Security Engineer

Engineers play a different role than analysts. While analysts identify security issues and
detect attacks, engineers set up defenses and prevent disruption to services in the event
of an attack. Most often, engineers implement the security measures that come down
from the security architect (or similar security manager). It may be building reporting and
logging features, or implementing security hardware. As is the case with most security
positions, no two security engineer jobs are the same, but most engineers should have a
wide set of skills like networking, Active Directory, server technologies, firewalls, light pen
testing, and scripting.

Security certifications: AWS Security, CCNP Security

Typical background: Systems administrator, network administration, software engineer

Security Architect

Architect roles will have different responsibilities depending on the company. Some
architects are still deeply hands-on with the technology, acting more like senior engineers.
Other architects operate more as managers. As managers, architects evaluate security
solutions, sell their benefits to top management, and then work with engineers to
implement the solutions. Whether they are still hands-on or managerial, architects are
senior technicians with plenty of time in the trenches as an engineer.

Security certifications: CCIE Security, CISSP

Typical background: Systems administrator, network administration, software engineer

Security • 8
Penetration Tester

With all the recent high-profile breaches, pen testing has grown in popularity. Networking,
systems administration, Linux, and scripting feature strongly in the OSCP exam tasks,
which is a good proxy for the skills required in the field. Pen testers often rely on previous
experience to look for vulnerabilities. For instance, a pen tester may draw on their
experience hardening servers in a previous role as a systems administrator to know where
to look for misconfigurations. For that reason, the best pen testers didn’t start out as pen
testers. They started out as generalists or networking professionals.

Security certifications: CompTIA PenTest+, OSCP

Typical background: Systems administrator, network administration, software engineer,
security analyst

Security Executive

In 2019, while most companies struggled to find qualified technical cybersecurity

professionals, few security executive positions went unfilled. That may be due to the
sheer quantity of technical professionals demanded by the market. In any case, security
executives are managers and communicators who look at systems from the perspective
of security. Many C-level and managerial security professionals work their way up from
technical positions. Certifications like the CISSP validate the considerable technical
experience typically required for these positions.

Security certifications: CISSP

Typical background: Software engineer, security engineer, security architect

Security • 9
Other Security Job Roles

The job titles listed here are broad, and represent the most common ones an aspiring
security professional will find and pursue. As security professionals progress, they’ll find
the other subsets of information and cybersecurity roles that exist and determine whether
they’re a good fit.

Specialists. Anyone who has even glanced at a job site knows there are plenty of
specialized positions out there. There are security professionals who specialize in cloud,
mobile, IoT, or the dozens of other specialist analyst or engineer positions. Some of these
specialized roles have certifications associated with them — many do not. Specialists rely
on their own experience and research to enter and remain current in their narrow well of
expertise.

Incident handlers. There’s an entire subset of security jobs that show up only in the event
of a major security event, like incident handlers, forensics, and other Computer Security
Incident Response Team (CSIRT) members. These are exciting jobs that may be dedicated
staff, or activate in the event of an incident. Security professionals in this subfield often
work for a government agency or cybersecurity firm. Otherwise, CSIRT members will have
a primary role as an engineer or analyst except when something happens.

Cybersecurity researchers. There’s also the growing field of malware analysts and
security researchers who reverse engineer malware, trace threats back to their origins,
and set honeypots. They may work at a large company, but most often they’ll be employed
by a nonprofit, cybersecurity firm, or a government agency.

Compliance and governance. Compliance is thankless work, but also essential for
companies beholden to a particular framework for certification. These job titles often
refer to policy, governance, or compliance. This subset of security professionals enforce
compliance standards with the NIST, DISA, ITIL, or PCI framework.

Security • 10
Using this Certification Guide

Despite the demand for security professionals, security is a difficult career field to break
into. That’s because it’s difficult to gain security experience if companies won’t hire
someone without security experience. Most people in this field must start assuming
security responsibilities in their day-to-day roles before specializing. With that experience
and certification, anyone can build the resume they need to land their first security job.

In this certification guide, we’ve listed every certification for the top networking vendors
— Cisco, Palo Alto, (ISC)2, Check Point, Offensive Security, and CompTIA. A notable
exception is GIAC certifications, which will be in a future version of this certification guide.

Each chapter is ordered from foundational to specialized expert. Choose your path based
on your career goals, experience level, and stated prerequisites.

© CBT Nuggets | Updated 09.12.2022

 Palo Alto
Certifications

Palo Alto Networks is recognized around the world as a leading provider of cybersecurity
products. Palo Alto Networks certification validates an IT professional’s knowledge and
skills in security management using Palo Alto products. It is a valuable credential for those
seeking advancement in the field of IT security. The aim of the Palo Alto certification path
is to give IT professionals the opportunity to demonstrate the skills required to secure
systems and networks.

Palo Alto certification exams include four categories of certification, designed to help IT
professionals gain experience in their security niche of choice. The four categories are:

• Cloud Security
• Cybersecurity Fundamentals
• Network Security
• Security Operations
Palo Alto Network Palo Alto Networks Certified
Certifications Cybersecurity Associate (PCCSA)

Palo Alto certification currently includes the PCCSA, The Palo Alto Networks Certified Cybersecurity
PCNSA, and PCNSE exams. According to Palo Alto, Associate certification is designed for IT professionals
the focus is on the critical skills required to develop who are just beginning in the field of cybersecurity.
infrastructure, mitigate threats, and prevent successful The PCCSA is the lowest level in the Palo Alto Networks
cyberattacks. Certified professionals will have an certification path, and validates knowledge in these
understanding of how to use Palo Alto hardware and areas:
software to protect IT assets from attack.
•  Cybersecurity Landscape
Palo Alto offers seven professional certifications •  Cyberthreats and the Cyberattack Lifecycle
available for demonstrating network security skills: •  Cyberattack Techniques and Types
•  Wireless Threats and Advanced Threats
• Palo Alto Networks Certified Cybersecurity •  Cloud Security and Data Center Security
Associate (PCCSA) •  Network Security Technology
• Palo Alto Networks Certified Network Security •  Packet Encapsulation and Lifecycle
Administrator (PCNSA) •  Malware Analysis
• Palo Alto Networks Prisma Certified Cloud
Security Engineer (PCCSE) Required exam: Earning the PCSSA certification
• Palo Alto Networks Certified Cybersecurity Entry- requires passing one exam — the Palo Alto Networks
level Technician (PCCET) Certified Cybersecurity Associate exam.
• Palo Alto Networks Certified Network Security Prerequisites: None.
Engineer (PCNSE) Recommended experience: Palo Alto Networks
• Palo Alto Networks Certified Detection and recommends a basic understanding of networking
Remediation Analyst (PCDRA) and cybersecurity and up-to-date knowledge on cyber
• Palo Alto Networks Certified Security Automation threats prior to attempting this certification exam.
Engineer (PCSAE)

Palo Alto Networks • 13

Palo Alto Networks Certified Network Palo Alto Networks Certified Cloud
Security Administrator (PCNSA) Security Engineer (PCCSE)

The Palo Alto Networks Certified Network Security The Palo Alto Prisma Certified Cloud Security Engineer
Administrator (PCNSA) is designed for IT professionals (PCCSE) certification is designed for cloud security
who are just beginning in the field of cybersecurity. The specialists who are interested in furthering their
PCNSA covers a wide range of security administration technical understanding of the Palo Alto Networks
topics such as: Prisma Cloud. The Palo Alto Networks Certified Cloud
Security Engineer (PCCSE) certification validates the
• Cybersecurity Landscape knowledge, skills, and abilities required to onboard,
• Cyberthreats and the Cyberattack Lifecycle deploy and administer all aspects of Prisma Cloud.
• Cyberattack Techniques and Types The PCCSE certification validates a candidate’s
• Wireless Threats and Advanced Threats understanding of these security administration tasks:
• Cloud Security and Data Center Security
• Network Security Technology • Install and Upgrade
• Packet Encapsulation and Lifecycle • Visibility, Security, Compliance, and Data
• Malware Analysis Security
• Cloud Workload Protection Platform
Required exam: Earning the Palo Alto Networks • Web Application and API Security (WAAS)
Certified Network Security Administrator (PCNSA) • Dev SecOps Security (Shift Left)
certification requires passing one exam — the Palo Alto • Prisma Cloud Administration
Networks Certified Network Security Administrator
(PCNSA) exam. Required exam: Earning the PCCSE certification
Prerequisites: None. The PCCSE and PCNSE are not requires passing one exam — the Palto Alto Prisma
specified as prerequisites for the PCNSA, but they are Certified Cloud Security Engineer (PCCSE) exam.
recommended. Prerequisites: None.
Recommended experience: Palo Alto Networks Recommended experience: Palo Alto recommends
recommends advanced knowledge of network advanced knowledge of networking and cybersecurity
administration topics, as well as considerable working and considerable experience deploying Palo Alto
knowledge of the Palo Alto Network technology Networks Prisma prior to attempting this certification
portfolio. exam.

Palo Alto Networks • 14

Palo Alto Networks Certified Palo Alto Networks Certified Network
Cybersecurity Entry-level Technician Security Engineer (PCNSE)
(PCCET)
The Palo Alto Networks Certified Network Security
The Palo Alto Networks Certified Cybersecurity Entry- Engineer (PCNSE) certification is designed for IT
level Technician (PCCET) certification is designed to professionals with considerable experience and
provide an introductory examination of cybersecurity expertise in Palo Alto Networks technologies.
fundamentals. This cybersecurity fundamentals exam The PCNSE certification validates a candidate’s
is aligned with the National Institute of Standards understanding of these security administration tasks:
and Technology/National Initiative for Cybersecurity
Education (NIST/NICE) workforce framework, •  Security Management Concepts
ensuring that those who take and pass this exam are •  Deployment and Configuration of Palo Alto
aligned with cutting-edge cybersecurity policy and Hardware and Software
fundamental knowledge. The topics covered are as •  Management and Operation
follows: of Security Platforms
•  Troubleshooting of Network Security Issues
• Fundamentals of Cybersecurity
• The Connected Globe Required exam: Earning the PCNSE certification
• Cloud Technologies requires passing one exam — the Certified Network
• Elements of Security Operations Security Engineer exam.
Prerequisites: None. The PCCSA and PCNSA are not
Required exam: Earning the Palo Alto Networks specified as prerequisites for the PCNSE, but they
Certified Cybersecurity Entry-level Technician (PCCET) are recommended.
certification requires passing one exam — the Palo Recommended experience: Palo Alto Networks
Alto Networks Certified Cybersecurity Entry-level recommends advanced knowledge of networking
Technician (PCCET) certification exam. and cybersecurity and extensive experience
Prerequisites: None. designing, deploying, configuring, maintaining and
Recommended experience: Palo Alto recommends troubleshooting the vast majority of Palo Alto Networks
introductory knowledge of networking and Operating Platform implementations.
cybersecurity concepts. Real-world experience with
Palo Alto Networks technology is a plus.

Palo Alto Networks • 15

Palo Alto Networks Certified Detection configuring, maintaining and troubleshooting the vast
and Remediation Analyst (PCDRA) majority of Palo Alto Networks Operating Platform
implementations.
The Palo Alto Networks Certified Detection and
Remediation Analyst (PCDRA) certification is designed Palo Alto Networks Certified Security
for IT professionals with considerable experience and Automation Engineer (PCSAE)
expertise in Palo Alto Networks technologies who are
looking to further their IT careers in threat detection The Palo Alto Networks Certified Security Automation
and remediation techniques. The PCDRA certification Engineer (PCSAE) certification is designed for IT
validates a candidate’s understanding of these security professionals with considerable experience and expertise
administration tasks: in Palo Alto Networks technologies — as well as a
foundational understanding in security automation
• Threats and Attacks techniques. The PCSAE certification validates a candidate’s
• Prevention and Detection understanding of these security administration tasks:
• Investigation
• Remediation • Playbook Development
• Threat Hunting • Incident Types, Indicator Types, Layouts, and Fields
• Reporting • Automations and Integrations and Related Concepts
• Architecture • Solution Architecture
• Content Updates and Content Management
Required exam: Earning the Palo Alto Networks Certified • UI Workflow, Dashboards, and Reports
Detection and Remediation Analyst (PCDRA) certification
requires passing one exam — the Palo Alto Networks Required exam: Earning the PCSAE certification requires
Certified Detection and Remediation Analyst (PCDRA) passing one exam — the Palo Alto Networks Certified
exam. Security Automation Engineer (PCSAE) exam.
Prerequisites: None. However, it’s recommended that Prerequisites: None. However, it’s recommended that you
you earn PCNSA certification before taking the PCNSE earn PCNSA certification before taking the PCSAE exam.
exam. Recommended experience: Palo Alto Networks
Recommended experience: Palo Alto Networks recommends advanced knowledge of incidence types,
recommends advanced knowledge of networking, and indication factors, layouts and fields, as well as a strong
threat detection and remediation. Further, candidates understanding of foundational concepts, techniques and
should have extensive experience designing, deploying, technologies within security automation.

Palo Alto Networks • 16

How Much Does It Cost to Get (in USD):
Palo Alto Certified?
• Network Security Engineer: $110,000
Palo Alto Networks certification exams are proctored • Network Engineer: $71,899
by the testing company Pearson VUE. The cost of • Network Architect: $122,607
these exams is significantly less than many other IT • Security Consultant, (Computing / Networking /
certifications we’ve discussed. The certification system Information Technology): $102,750
has a simple pricing scheme. The PCCSA costs $100, the • Senior Security Consultant: $147,395
PCNSA costs $140, and the PCNSE costs $160. • Security Engineer: $87,500
• Sr. Network Engineer: $115,000

Palo Alto Recertification Palo Alto Networks certifications may be among the
and Renewal easier certifications to get for those trying to break into
the information security field. And the price is very low
Palo Alto Networks certifications expire after two years compared to other certifications. Of course, many people
(24 months). But you can keep your certifications up-to- seek certifications because they are already
date by renewing the exam every two years. To recertify working on a certain product.
with the PCNSA, you can take either the PCNSA or PCNSE
again. Please note that the PCNSE can only be recertified Your decision to pursue Palo Alto certification may
by retaking the PCNSE exam. depend on whether you believe that you will be working
on Palo Alto Networks certifications in your career as
an IT professional. Considering the earnings potential
Palo Alto Certification Salary and opportunities for Palo Alto Networks certified IT
and Career Information professionals, it’s well worth considering.
According to Payscale, IT professionals with a Palo Alto
Networks Certified Network Security Engineer (PCNSE)
certification can expect to earn around $93,000 (USD) per
year. No figures are available on Payscale for the PCCSA
or PCNSA. Those with PCCSA or PCNSA might expect to
make a bit less than with the PCNSE, but a lot depends on
the level of experience.

Payscale lists the following average salaries for the PCNSE

Palo Alto Networks • 17

Palo Alto Networks
Certification Training

As of September 2022, CBT Nuggets offers a wide array

of Palo Alto Nuggets courses geared toward Palo Alto
Networks. Check out CBT Nuggets Palo Alto Networks
course here.
Please note that we constantly update our training
library, so check regularly for new Palo Alto training. In
addition to quality, entertaining video training created by
expert-level trainers, CBT Nuggets provides everything
a learner needs to study for IT certification exams,
including virtual labs, supplemental files, practice exams,
and access to a robust Learner Community.

CBT Nuggets training provides learners with custom

virtual labs or supplemental files to learn technical
concepts alongside the video training. Virtual labs were
designed by experts to help learners gain hands-on
experience in a sandbox environment. Supplemental
files include practice commands, configuration files, and
network diagrams — everything a learner needs to study
for a certification exam.

CBT Nuggets learners should also take advantage of the

CyberVista® IT training practice exams included with a
subscription to CBT Nuggets. Practice exams can either be
taken timed or untimed and provide a good baseline for
learners to test their knowledge. Additionally, CyberVista®
IT training practice exams evaluate a learner’s strengths
and weaknesses, so they know where to focus their
attention while studying.

© 2020 CBT Nuggets. Version 1.0.

 Offensive Security
Certifications
Network security is one of the most important aspects of information technology.
That’s because there are so many bad guys who don’t mind infiltrating and pilfering
vulnerable networks if they can. Security certifications like Offensive Security, which
focuses on penetration testing, arose in response to the growing worldwide threats to IT
infrastructure and the demand for professionals who can defend against them.

The internet consensus is that Offensive Security certifications are among the most
difficult and highly respected in the business. These professional certifications will
improve your IT security resume and show prospective employers that you know
something about combating security threats — and that you can do something about it.
Where to Start with distribution. That is to say, everything on it — the Linux
Offensive Security kernel, the utilities, the applications — is available
Certifications on the open-source market. For instance, Nmap is a
piece of software that scans ports, and Wireshark is a
The Offensive Security certification path is not network packet analyzer.
necessarily tiered. You could take each one individually
as long as you complete the required course first, Categories of tools listed on the Kali website include:
and none of the certifications has another exam as a
prerequisite. That said, you might consider the OSCP •  Information Gathering
the “entry-level” exam, and the OSEE as the most •  Vulnerability Analysis
advanced. Kali Linux certification is another good •  Wireless Attacks
option for those who want to brush up on their Linux •  Web Applications
skills and learn the particulars of the Kali distribution. •  Stress Testing
•  Forensics Tools
•  Sniffing & Spoofing
•  Password Attacks
What is Kali Linux?
It’s just that Kali Linux is a curated distribution that
Most Offensive Security certifications recommend includes a certain set of software tools for white-hat
knowledge of Kali Linux. Kali Linux is a Debian-based hackers. (Now, whether these can be used for nefarious
distribution of the Linux operating system that is purposes is not the subject of this article.)
focused on penetration testing and ethical hacking.
The distribution was developed by founder Matt Kali Linux is an integral part of the Offensive Security
Aharoni and two of his colleagues, and first released certification training and testing program. Candidates
in March 2013. It includes hundreds of tools that an will need to be thoroughly familiar with it for the
IT professional performing penetration testing might grueling exam sessions. So, it may be a good idea to
need. There is nothing special about the Kali Linux play around with it before starting the training.

Offensive Security • 20
Offensive Security PENETRATION TESTING

Certifications Offensive Security Certified

Professional (OSCP)
The Offensive Security certification program includes
five hands-on tests that require candidates to show The Offensive Security Certified Professional (OSCP)
they can handle real-world problems. The Offensive certification is designed for network security
Security Certified Professional (OSCP) certification professionals who want to demonstrate how well they
covers general security issues and is usually the entry deal with network security vulnerabilities. The OSCP
exam for test-takers. Two exams approach security certification validates a candidate’s ability to execute
from different angles: cracking the perimeter and these methods and attacks:
Windows exploitation. The two others deal with
specific areas, web attacks, and wireless security. •  Use multiple operating systems and services to
gather and enumerate targets
Offensive Security offers five certifications: •  Write basic scripts and tools to aid in pentesting
•  Analyze, correct, modify, cross-compile and port
•  Offensive Security Certified Professional (OSCP) exploit code
•  Offensive Security Certified Expert (OSCE) •  Conduct remote and client-side attacks
•  Offensive Security Web Expert (OSWE) •  Exploit XSS, SQL injection, and other web
•  Offensive Security Wireless Professional (OSWP) application vulnerabilities
•  Offensive Security Exploitation Expert (OSEE) •  Deploy tunneling techniques to bypass firewalls

Required exam: Earning the OSCP requires passing one

exam — the 24-hour, proctored OSCP exam.
Prerequisite: Prior to attempting this certification,
Offensive Security requires taking the Penetration
Testing with Kali Linux (PwK) course, which is included
in the OSCP course bundle.
Recommended experience: Offensive Security
recommends reasonable Linux skills, familiarity with
Bash scripting, basic Perl or Python skills, and a solid
understanding of TCP/IP and networking prior to
attempting this exam.

Offensive Security • 21
PENETRATION TESTING PENETRATION TESTING

Offensive Security Certified Offensive Security Web Expert (OSWE)

Expert (OSCE)
The Offensive Security Web Expert (OSWE) certification
The Offensive Security Certified Expert (OSCE) is designed for network security professionals who
certification is designed for network security want to demonstrate proficiency in auditing of web
professionals who want to demonstrate how well application code for vulnerabilities, and it is meant
they can deal with network security vulnerabilities, to test a candidate’s ability to recognize and thwart
including some of the most troublesome exploits. While various web application exploits. This is the newest
the OSCP focuses on pentesting, the OSCE takes an in- exam in the Offensive Security portfolio.
depth look at many of the specific exploits that hackers
use to infiltrate systems. These include buffer overflows The OSWE certification validates a candidate’s ability to
and the types of issues covered in the OWASP Top Ten execute these methods and attacks:
list. The OSCE certification validates a candidate’s
ability to execute these methods and attacks: •  Web application code auditing
•  Audit code to find vulnerabilities
•  Intelligent fuzz-testing •  Develop exploits for vulnerable
•  Analyze, correct, modify, and port exploit code web applications
•  Craft binaries to evade antivirus software •  Analyze public exploit code
•  Bypass sanitization filters
Required exam: Earning the OSCE certification requires
passing one exam — the 48-hour, proctored Required exam: Earning the OSWE requires passing
OSCE exam. one exam — the OSWE exam.
Prerequisite: Prior to attempting this certification, Prerequisite: Prior to attempting this certification,
Offensive Security requires taking the Cracking the Offensive Security requires taking the Advanced Web
Perimeter (CTP) course, which is included in the OSCE Attacks and Exploitation (AWAE) course, which is
course bundle. included in the OSWE course bundle.
Recommended experience: Offensive Security Recommended experience: Offensive Security
recommends reasonable Linux skills, familiarity with recommends an understanding of web applications,
Bash scripting, basic Perl or Python skills, and a solid reasonable Linux skills, familiarity with Bash scripting,
understanding of TCP/IP and networking prior to basic Perl or Python skills, and a solid understanding of
attempting this exam. TCP/IP and networking prior to attempting this exam.

Offensive Security • 22
PENETRATION TESTING PENETRATION TESTING

Offensive Security Wireless Offensive Security Exploitation

Professional (OSWP) Expert (OSEE)

The Offensive Security Wireless Professional The Offensive Security Exploitation Expert (OSEE)
certification is designed for network security certification is designed for network security
professionals who want to demonstrate their ability professionals who want to demonstrate their ability
to audit 802.11 wireless networks and identify to research and create exploits through reverse
vulnerabilities. Candidates should also be able to engineering, assembly, and disassembly. The OSEE
simulate attacks themselves. The OSWP certification certification validates a candidate’s ability to execute
validates a candidate’s ability to execute these these methods and attacks:
methods and attacks:
•  Develop sophisticated exploits
•  Wireless information gathering •  Create custom shellcode
•  Circumvention of wireless network •  Evade DEP and ASLR protections
access restrictions •  Perform precision heap sprays
•  Cracking WEP, WPA, and WPA2 implementations •   Kernel Pool Exploitation
•  Man-in-the-Middle attacks •  NX/ASLR Bypass

Required exam: Earning the OSWP certification Required exam: Earning the OSEE requires passing one
requires passing one exam — the 4-hour, proctored exam — the 72-hour OSEE exam.
OSWP exam. Prerequisite: Prior to attempting this certification,
Prerequisite: Prior to attempting this certification, Offensive Security requires taking the live, hands-
Offensive Security requires taking the Offensive on Advanced Windows Exploitation (AWE) course,
Security Wireless Attacks (WiFu) course, which is which is administered every year at the Black Hat USA
included in the OSWP course bundle. conference in Las Vegas.
Recommended experience: Offensive Security Recommended experience: Offensive Security
recommends a good understanding of 802.11 wireless recommends an expert-level understanding of
networking, reasonable Linux skills, familiarity with Windows, Linux, Bash scripting, basic Perl or Python
Bash scripting, basic Perl or Python skills, and a solid skills, and a full understanding of TCP/IP and
understanding of TCP/IP and networking prior to networking prior to attempting this exam.
attempting this exam.

Offensive Security • 23
How Much Does It Cost Penetration Tester Salary and
to Get Certified? Career Information

Offensive Security certification cost is all wrapped up The average OSCP salary according to Payscale is
in packages. Training and testing are purchased as one $91,000. They list the following roles and salaries for
unit. It’s not possible to take a course at an external OSCP-certified IT professionals (in USD):
provider, or sit for the test at an external testing
company. Offensive Security certification exam cost is •  Penetration Tester: $90,262
$800 for OSCP, $1,200 for OSCE, $1,400 for OSWE, and •  Security Engineer: $97,151
$450 for OSWP. •  Security Consultant: $79,456
•  Information Security Analyst: $74,950
•  Cyber Security Engineer: $97,727
•  Information Security Engineer: $98,870
Offensive Security •  Senior Security Consultant: $107,351
Recertification and Renewal
For an average penetration testing salary, Indeed puts
Offensive Security does not address this directly the figure at $116,272. The earnings potential and job
on their website, but the consensus from reputable opportunities for a penetration tester in general, and
sources on the internet is that their certifications do an Offensive Security-certified individual in particular,
not expire and do not need renewal. Part of the reason both look pretty good.
may be that the course and exam focus on methods
and strategies in security mitigation rather than Doing shift work in IT helpdesk or NOC jobs can be
specific technologies, which may change annually. grueling enough. But from what these marathon exams
look like, the penetration testing profession must be
pretty demanding. You may be expected to get “wired
in” and stay with an issue until you figure it out. What
about sleep, you ask? Sleep’s for babies they say —
obviously not for dedicated penetration testers.

Offensive Security • 24
Offensive Security Training

Every Offensive Security exams requires a strong

foundation in networking, security, and Kali LInux. CBT
Nuggets trainer Keith Barker has created the following
Kali Linux and
security training:

• CompTIA Security+
•  Penetration Testing Training with
Kali Linux Tools

All CBT Nuggets training either provides learners with

custom virtual labs and supplemental files to learn
technical concepts alongside the video training. Virtual
labs were designed by experts to help learners gain
hands-on experience in a sandbox environment.

CBT Nuggets learners should also take advantage of

the CyberVista® IT Training Practice Exams included
with a subscription to CBT Nuggets. Practice exams can
either be taken timed or untimed, and provide a good
baseline for learners to test their knowledge.

Additionally, CyberVista® IT Training Practice Exams

evaluate a learner’s strengths and weaknesses, so they
know where to focus their attention while studying.
Being successful taking certification exams requires
quality instruction, hands-on experience, and practice
with the exam itself.

© CBT Nuggets | Updated 09.12.2022

 (ISC)²
Certifications
Cybersecurity is one of the highest priority issues facing enterprises today. Organizations
face threats from all angles — data breaches, IoT device vulnerabilities, mobile malware,
and more. What’s more, there’s a widening shortage of cybersecurity professionals.

(ISC)² is a not-for-profit organization focused on cybersecurity training and professional

certification. (ISC)² certification programs are arguably the most comprehensive set of
cybersecurity certifications in the industry. Here’s the full list of (ISC)2 certifications:

•  (ISC)² CISSP - Certified Information Systems Security Professional

•  (ISC)² SSCP - Systems Security Certified Practitioner
•  (ISC)² CCSP - Certified Cloud Security Professional
•  (ISC)² CAP - Certified Authorization Professional
•  (ISC)² CSSLP - Certified Secure Software Lifecycle Professional
•  (ISC)² HCISSP - HealthCare Information Security and Privacy Practitioner
•  (ISC)² CISSP Concentrations
•   Architecture: CISSP-ISSAP
•   Engineering: CISSP-ISSEP
•   Management: CISSP-ISSMP
(ISC)² Certification Process Associate of (ISC)²
Designation
(ISC)² certifications are recognized worldwide as
symbols of excellence in IT security. (ISC)² CISSP Work experience requirements for (ISC)² certifications
and (ISC)² CCSP certifications in particular are highly are extensive and are policed rigorously. The
prized by employers and IT professionals alike. (ISC)² requirements are set high — five (5) years for the CISSP
certifications provide employers with proof that and CCSP, four (4) years for the CSSLP, and two (2)
potential employees have the cybersecurity skills and years for CAP and HCISSP — in order to ensure the most
expertise needed to protect their enterprise systems, experienced candidates for (ISC)² certification.
networks, and information.
Recognizing the “chicken and the egg” nature of work
(ISC)² has a rigorous multi-step process for candidates experience, (ISC)² created the Associate of (ISC)²
to achieve certification: desigation. Through the Associate of (ISC)² program,
candidates can take any (ISC)² certification exam
• Satisfy designated work experience without the required work experience.
• Take and pass a certification exam
• Complete the (ISC)² endorsement process Upon passing the exam, the person is eligible to
• Agree to support the (ISC)² Code of Ethics become an Associate of (ISC)², as they work to gain the
• Pay initial (ISC)² Annual Maintenance Fee (AMF)* work experience required to become fully certified.
Employers recognize that the Associate of (ISC)² has
*Members only pay a single AMF regardless of how value and are consequently open to employment
many certifications they earn. candidates who have earned this designation.

The (ISC)² certification path has an on-ramp for

professionals who don’t have the work experience
prerequisite to becoming certified. Through the
Associate of (ISC)² program, candidates can take any
(ISC)² certification exam without the required
work experience.

(ISC)2 • 27
(ISC)² Certifications (ISC)2 CERTIFICATION

(ISC)² Certified Information Systems

(ISC)² has a broad portfolio of security certifications Security Professional (CISSP)
that are aligned with the (ISC)² Common Body of
Knowledge (CBK) — a compendium of cybersecurity The (ISC)² Certified Information Systems Security
domain topics, which is updated annually to reflect the Professional (CISSP) is one of the most valued
latest in IT security knowledge and practices. certifications available to IT security professionals. The
(ISC)² CISSP validates a candidate’s knowledge in eight
(ISC)² offers six certifications: security domains:

• Certified Information Systems Security •  Security and Risk Management

Professional (CISSP) •  Asset Security
• Systems Security Certified Practitioner (SSCP) •  Security Architecture and Engineering
• Certified Cloud Security Professional (CCSP) •  Communication and Network Security
• Certified Authorization Professional (CAP) •  Identity and Access Management (IAM)
• Certified Secure Software Lifecycle •  Security Assessment and Testing
Professional (CSSLP) •  Security Operations
• HealthCare Information Security and Privacy •  Software Development Security
Practitioner (HCISSP)
Required exam: Earning the (ISC)² CISSP certification
An important aspect of (ISC)² certification is that in requires passing one exam — the CISSP exam.
addition to passing the required examination(s), there Prerequisites: Candidates who pass the CISSP exam,
is an absolute requirement that individuals have but do not have the required work experience, will
prescribed years of relevant paid work experience in become an Associate of (ISC)².
domain(s) in the Common Body of Knowledge (CBK). Required experience: Candidates must have a
minimum of five (5) years cumulative paid work
experience. Candidates may satisfy one year of the
required experience with a four-year college degree or
equivalent credential.

The (ISC)² CISSP meets the requirements of U.S.

Department of Defense (DoD) Directive 8570.1.

(ISC)2 • 28
(ISC)2 CERTIFICATION (ISC)2 CERTIFICATION

(ISC)² Systems Security Certified (ISC)² Certified Cloud Security

Practitioner (SSCP) Professional (CCSP)

The (ISC)² Systems Security Certified Practitioner The (ISC)² Certified Cloud Security Professional
(SSCP) is designed for IT administrators, managers, (CCSP) is reported to be the industry’s leading cloud
directors and network security professionals who have security certification. The certification is designed for
hands-on operational responsibility for security of IT and security leaders who are responsible for cloud
their organization’s data, systems, and networks. The security architecture, design, operations, and
(ISC)² SSCP validates a candidate’s knowledge in seven service orchestration. The (ISC)² CCSP validates a
security domains: candidate’s knowledge in six security domains:

•  Access Controls • Architectural Concepts and

•  Security Operations and Administration Design Requirements
•  Risk Identification, Monitoring and Analysis • Cloud Data Security
•  Incident Response and Recovery • Cloud Platform and
•  Cryptography Infrastructure Security
•  Network and Communications Security • Cloud Application Security
•  Systems and Application Security • Operations
• Legal and Compliance
Required exam: Earning the (ISC)² SSCP certification
requires passing one exam — the SSCP exam. Required exam: Earning the (ISC)² CCSP certification
Prerequisites: Candidates who pass the SSCP exam, requires passing one exam — the CCSP exam.
but do not have the required work experience will Prerequisites: Candidates who pass the CCSP exam,
become an Associate of (ISC)². They then have two but do not have the required work experience, will
(2) years in which to gain the one year of required become an Associate of (ISC)².
experience and be awarded the SSCP certification. Required experience: Candidates must have a
Required experience: Candidates must have a minimum of five (5) years cumulative work experience.
minimum of one (1) year cumulative work experience. The (ISC)² CISSP credential can be substituted for
Candidates who hold an accredited degree from the entire CCSP work experience requirement.
a cybersecurity program may be deemed to have The Cloud Security Alliance’s Certificate of Cloud
satisfied their one year work experience requirement. Security Knowledge (CCSK) can be substituted for the
requirement for one year of experience.
(ISC)2 • 29
(ISC)2 CERTIFICATION

(ISC)² Certified Authorization (ISC)2 CERTIFICATION

Professional (CAP) (ISC)² Certified Secure Software

Lifecycle Professional (CSSLP)
The (ISC)² Certified Authorization Professional (CAP)
is designed for IT security and information assurance The (ISC)² Certified Secure Software Lifecycle
practitioners in U.S. military, government contractors, Professional (CSSLP) is designed for software
as well as state and local government. The (ISC)² CAP development and security professionals who are
validates a candidate’s knowledge in seven responsible for applying best practices to each phase
security domains: of the SDLC. The (ISC)² CSSLP validates a candidate’s
knowledge in eight security domains:
•  Information Security Risk Management Program
•  Categorization of Information Systems (IS) •  Secure Software Concepts
•  Selection of Security Controls •  Secure Software Requirements
•  Implementation of Security Controls •  Secure Software Design
•  Assessment of Security Controls •  Secure Software Implementation/Programming
•  Authorization of Information Systems (IS) •  Secure Software Testing
•  Continuous Monitoring •  Secure Lifecycle Management
• Deployment, Operations, and Maintenance
Required exam: Earning the (ISC)² CAP certification •  Supply Chain and Software Acquisition
requires passing one exam — the CAP exam.
Prerequisites: Candidates who pass the CAP exam, but Required exam: Earning the (ISC)² CSSLP certification
do not have the required work experience will become requires passing one exam — the CSSLP exam.
Associates of (ISC)². They then have three (3) years in Prerequisites: Candidates who pass the CSSLP exam,
which to gain the two (2) years required experience and but do not have the required work experience will
be awarded the CAP certification. become an Associate of (ISC)².
Required experience: Candidates must have a Required experience: Candidates must have a
minimum of two (2) years cumulative work experience minimum of four (4) years cumulative paid full-time
in one or more of the seven domains of the (ISC)² CAP Software Development Lifecycle work experience
Common Body of Knowledge (CBK). inone or more of the eight domains of the (ISC)² CSSLP
Common Body of Knowledge (CBK).

(ISC)2 • 30
(ISC)2 CERTIFICATION

(ISC)² HealthCare Information

Security and Privacy Practitioner
(HCISSP)

The (ISC)² HealthCare Information Security and Privacy

Practitioner (HCISPP) is designed for information
security and health management professionals who
are responsible for guarding patients’ protected
health information (PHI). The (ISC)² HCISPP validates a
candidate’s knowledge in seven security domains:

• Healthcare Industry
• Information Governance in Healthcare
• Information Technologies in Healthcare
• Regulatory and Standards Environment
• Privacy and Security in Healthcare
• Risk Management and Risk Assessment
• Third-Party Risk Management

Required exam: Earning the (ISC)² HCISPP certification

requires passing one exam — the HCISPP exam.
Prerequisites: Candidates who pass the HCISPP exam,
but do not have the required work experience will
become an Associate of (ISC)². They then have three (3)
years to gain the two (2) years of required experience
and be awarded the HCISPP certification.
Required experience: Candidates must have a
minimum of two (2) years cumulative paid work
experience with at least one of those years in the
healthcare industry.
How Much Does It Cost to Get

(ISC)2 • 31
(ISC)² Certified? and are required to earn and submit 15 CPE credits
each year — plus pay their $50 AMF.
Your cost to be (ISC)² certified includes the (ISC)²
certification exam cost, plus your $125 (ISC)² annual Renewal of the CISSP certification requires a total of
maintenance fee (AMF) for the three (3) years that the 120 CPE credits over the three-year certification cycle,
credential is valid. For example, in the Americas, the with a recommended 40 credits per year. For holders
CISSP certification cost would be a total of $1074 — of one or more of the CISSP concentration credentials
$699 for the exam plus $375 in AMFs. — CISSP-ISSAP, CISSP-ISSEP, or CISSP-ISSMP — 20 CPE
credits in the CISSP three-year cycle must be directly
(ISC)² exam prices are normally $599 in the Americas, related to each concentration held.
with the CISSP exam costing $699 and the SSCP
exam costing $249. Beyond the exam, you’ll also For more information on CPE credits required
need to budget for the costs involved in continuing to recertify and renew each (ISC)² certification,
professional education (CPE) credits needed to keep download the (ISC)² Continuing Professional
the certification valid. Education Handbook.

(ISC)² Recertification and

Renewal (ISC)² Certification Salary
and Career Information
(ISC)² certifications are valid for three years and may
be renewed by earning and submitting continuing There’s never been a bad time to be in security, but
professional education (CPE) credits for each year with the shortage of cybersecurity professionals, now is
of the three-year certification cycle. For each (ISC)² a particularly good time to earn (ISC)² certification.
certification, there is a minimum number of CPE credits
— with a suggested minimum number per year — (ISC)² certifications are highly regarded credentials
required before the certification expires. Remember of for IT security professionals and this is reflected in
course that holders must also be current with paying (ISC)² certification salary expected. In Certification
their annual maintenance fee (AMF). Magazine’s last survey of certification salaries, eight
(ISC)² certifications made the top 30 average salaries.
Associates of (ISC)² are on a one-year certification cycle The three CISSP Concentrations — CISSP-ISSEP,
CISSP-ISSAP, and CISSP-ISSMP — came in third, sixth

(ISC)2 • 32
and seventh, respectively. The (ISC)² Certified Secure
Software Lifecycle Professional (CSSLP) came in fourth. Good luck to you as you start on your (ISC)²
Also in the Top 30 were the Certified Information certification path. CBT Nuggets has video training that
Systems Security Professional (CISSP), the Certified supports the (ISC)² certification programs for the (ISC)²
Cloud Security Professional (CCSP), the HealthCare CISSP, as well as the (ISC)² System Security Certified
Information Security and Privacy Practitioner (HCISSP), Practitioner (SSCP).
and the Certified Authorization Professional (CAP).
Our training does change occasionally, so be sure
A review of the certification data collected by PayScale, to check CBT Nuggets for new or updated (ISC)²
shows that even the Associate of (ISC)² credential is certification training that’s relevant to your
of value, with an average salary of $65,000. Moving personal goals.
along the (ISC)² certification path, an average salary of
$74,000 is reported for holders of the System Security
Certified Practitioner (SSCP) certification.

The premier (ISC)² Certified Information Systems

Security Professional (CISSP) certification commands
a $109,000 average salary, while the CISSP
Concentrations have yearly salaries of $155,000 for
management professionals (CISSP-ISSMP), $129,000
for security architects (CISSP-ISSAP), and $142,000 for
security engineers (CISSP-ISSEP).

Government organizations and contractors are popular

employers, which is not surprising given that Associate
of (ISC)², SSCP, CISSP, the CISSP Concentrations (CISSP-
ISSAP, CISSP-ISSEP, CISSP-ISSMP), and CSSLP are all
DOD 8570-approved baseline certifications.

(ISC)² Certification Training

© CBT Nuggets | Updated 09.12.2022

 Check Point
Certification Guide
Check Point is recognized around the world as a leading provider of hardware and
software security products. Check Point security certification validates an IT professional’s
knowledge and skills in security management using Check Point products. It is a valuable
credential for those seeking advancement in the field of IT security.

The Check Point certification path includes four certifictions at three levels of certification
that are designed to take learners’ skill sets from beginner to expert:

•  Check Point Certified Security Administrator R80 (CCSA R80)

•  Check Point Certified Security Expert R80 (CCSE R80)
•  Check Point Certified Master R80 (CCSE R80)
•  Check Point Managed Security Expert R77 (CCSME R77)
Check Point Certifications CHECK POINT ADMINISTRATOR

Check Point Certified Security

The Check Point certification system is currently Administrator R80 (CCSA R80)
in transition from R77 to R80. Levels for R80 include
CCSA, CCSE, and CCMSE. There may be some confusion The Check Point Certified Security Administrator
between the Checkpoint and Pearson Vue websites, (CCSA) R80 certification is designed for IT professionals
but those wishing to pursue Check Point certifications with a basic understanding of Check Point
going forward should focus on the new R80 exams. implementations. The CCSA is the lowest level on the
Check Point certification path, and it deals with various
Check Point offers four certifications: security administration tasks on Check Point hardware
and software. The CCSA R80 certification validates a
•  Check Point Certified Security Administrator R80 candidate’s understanding of these Check Point topics
(CCSA R80) and skills:
•  Check Point Certified Security Expert R80
(CCSE R80) •  Check Point Technology Overview
•  Check Point Certified Master R80 (CCSE R80) •  Security Policy Management
•  Check Point Managed Security Expert R77 •  Traffic Monitoring
(CCSME R77) •  Network Address Translations
•  Basic Concepts of VPN
•  Managing User Access
•  Working with ClusterXL
•  Administrator Task Implementation

Required exam: Earning the CCSA R80 certification

requires passing one exam — CCSA R80 (156-215.80).
Prerequisites: None.
Recommended experience: Check Point recommends
6 to 12 months of hands-on experience with Check
Point products, and a good understanding of
networking and TCP/IP before attempting this exam.

Check Point • 35
CHECK POINT EXPERT CHECK POINT MASTER

Check Point Certified Security Check Point Certified Master R80

Expert R80 (CCSE R80) (CCSM R80)

The CCSE R80 certification is designed for IT The CCSM R80 certification is designed for IT
professionals who know their way around Windows professionals who have developed the highest skills in
and UNIX servers, and know how to build, test and the management and implementation of Check Point
troubleshoot numerous deployment scenarios. products and technologies. Candidates should know
The CCSE R80 certification validates a candidate’s how to approach common deployment scenarios and
understanding of these Check Point topics and skills: how to apply common troubleshooting practices.
The CCSM R80 certification validates a candidate’s
•  Check Point Technology Overview understanding of these Check Point topics and skills:
•  Deployment Platforms and Security Policies
•  Monitoring Traffic and Connections •  Policy Changes to Security Implementations
•  Network Address Translations •  UGI Client Connectivity
•  User Management and Authentication •  Secure Internal Communications
•  Using SmartUpdate •  VPN Tunnel Interfaces
•  Implementing Identity Awareness •  IPv6 Deployment
•  Configuring VPN Tunnels •  Check Point Commands
•  Resolving Security Administration Issues •  Open Shortest Path First (OSPF)
•  Network Address Translation (NAT)
Required exam: Earning the CCSE R80 certification •  ClusterXL Debug File
requires passing one exam — CCSE R80 (156-315.80).
Prerequisites: Prior to attempting this certification, Required exam: Earning the CCSM R80 certification
candidates must earn the CCSA R80 certification. requires passing one exam — CCSM R80 (156-115.80).
Candidates who have already earned the CCSA R77 Prerequisites: Prior to attempting this certification,
must still earn the CCSA R80 certification. candidates must earn either the CCSE R77 or
Recommended experience: Check Point recommends CCSE R80 certification.
candidates have extensive hands-on experience with Recommended experience: Check Point recommends
Check Point products, strong networking, Windows, candidates have extensive hands-on experience with
and UNIX server management skills, and a good Check Point products, and advanced networking,
understanding of security certificate management. server management, and security skills.

Check Point • 36
CHECK POINT EXPERT How Much Does It Cost to Get
Check Point Managed Security Expert Check Point Certified?
R77 (CCMSE R77)
Check Point certification exam cost depends on the
The CCMSE R77 certification is designed for exam taken and your location. In the U.S., the cost for
experienced IT professionals who are interested in the CCSA and CCSE exams is $250 each, and the CCSM
multi-domain security management. Candidates exam costs $350 according to the Check Point website.
will need to be able to handle different deployment All Check Point exams are multiple choice, contain as
scenarios and implementation tasks. The CCMSE R77 many as 90 questions, and have a 90-minute time limit.
certification validates a candidate’s understanding of
these Check Point topics and skills:

•  Multi-domain Security Management Installation Check Point Recertification

and Configuration and Renewal
•  Common Deployment Scenarios
•  Traffic Inspection Process Check Point certifications expire after only two (2)
•  Configuration of Domain Management Server years. Certifications, like security, must be kept
(DMS) High Availability current to be truly effective, which is why we strongly
•  Configuration and Implementation of encourage you to constantly refresh and keep your
Global Policy certification current.
•  Common Troubleshooting Practices
Because the exams are updated so frequently, be
Required exam: Earning the CCMSE R77 certification prepared to retake exams when a new version comes
requires passing one exam — Multi-Domain Security out. For instance, currently there is a transition
Management with VSX (156-820.77). from R77 to R80. It is up to the individual learner to
Prerequisites: Prior to attempting this certification, monitor the changes and updates to the Check Point
candidates must earn the CCSE 75, CCSE R77, or CCSE certification system.
R80 certification.
Recommended experience: Check Point recommends
candidates have extensive hands-on experience with
Check Point products, and advanced networking,
server management, and security skills.

Check Point • 37
 exams, including virtual labs, supplemental files,
Check Point Certification practice exams, and access to a robust Learner
Salary and Careers Community.

According to Payscale, IT professionals with a All CBT Nuggets training provides learners with custom
Check Point Certified Security Administrator (CCSA) virtual labs or supplemental files to learn technical
certification can expect to earn around $89,000 per concepts alongside the video training. Virtual labs were
year. A Check Point CCSE makes an average of $103,000 designed by experts to help learners gain hands-on
per year. Similar figures are not available for CCSM, but experience in a sandbox environment.
one might expect it to be even higher.
NuggetLab supplemental files include practice
CBTNuggets considers the CCSA as one of the easier commands, configuration files, and network diagrams
certifications to get for those trying to break into the — everything a learner needs to study for a certification
information security field. And CCSA certification cost exam. CBT Nuggets learners should also take advantage
is reasonable compared to other certifications. Taking of the CyberVista® IT training practice exams included
into account the earnings potential for Check Point with a subscription to CBT Nuggets. Practice exams
certified IT professional, it’s well worth considering. can either be taken timed or untimed, and provide
a good baseline for learners to test their knowledge.
Additionally, CyberVista® IT training practice exams
evaluate a learner’s strengths and weaknesses, so they
Check Point Certification know where to focus their attention while studying.
Training

CBT Nuggets currently offers an array of Check Point

certification training. You can see a list of all of the
Check Point training offered by CBT Nuggets here.

Please note that CBT Nuggets constantly updates its

training content library, meaning learners should check
regularly for new Check Point training.

In addition to quality, entertaining video training

created by expert-level trainers, CBT Nuggets provides
everything a learner needs to study for IT certification
© CBT Nuggets | Updated 09.12.2022
CompTIA Certification Guide

CompTIA is a non-profit organization with membership comprising more than 200 leading
IT companies and 2,000 member companies.

As an IT industry trade organization, a CompTIA goal is to help ensure that there is a

strong pool of IT professionals with the skills required to drive the adoption and use of
information technologies in enterprises worldwide. CompTIA is the leading provider of
vendor-neutral training and certification programs for those IT professionals, having
issued more than two million certificates to date.

CompTIA certificate programs have been established for IT support, networking, security,
open-source (Linux) development, and cloud. In addition to technical certifications,
additional professional CompTIA certificate programs are available for business
professionals, non-IT staff, and technical trainers.

This guide contains a comprehensive introduction to the various CompTIA certificate

programs, recommended CompTIA certification paths, the costs associated with
CompTIA certificate programs, and insights into job opportunities related to the CompTIA
certification list.

• What is CompTIA Certification?

• CompTIA Core Certifications
• CompTIA Infrastructure Certifications
• CompTIA Cybersecurity Certifications
• Additional Professional CompTIA Certifications
• CompTIA Stackable Certifications
• How Much Does CompTIA Certification cost?
• CompTIA Recertification and Renewal
• CompTIA Certification Salary and Career Information
• How Do I Get a Copy of My CompTIA Certification?
• CompTIA Certification Training

We’ll also describe how CompTIA certifications — and in particular CompTIA Stackable
Certifications — play a key role in IT career development.

CompTIA • 40
What is CompTIA CompTIA Core Certifications
Certification?
CompTIA Core Certifications are for beginners and
Unlike vendor certifications, CompTIA certifications are entry-level IT professionals. There are four CompTIA
vendor-neutral certifications, which means they can be Core Certifications:
applied universally, regardless of vendor. For example,
someone with CompTIA Network+ certification can • CompTIA IT Fundamentals+
apply their knowledge and skills to Cisco or Juniper • CompTIA A+
networking technologies — at a basic level. • CompTIA Network+
• CompTIA Security+
The CompTIA certification program encompasses certs
in five categories: CompTIA A+, CompTIA Network+, and CompTIA
Security+ are all DoD 8570.01-M
• CORE -approved certifications.
• INFRASTRUCTURE

• DATA & ANALYTICS

• CYBERSECURITY

• PROFESSIONAL

In their CompTIA Certification Roadmap, CompTIA sees

the technical certification categories as a progression
— as IT professionals build on their skills from Core to
Infrastructure and then to Cybersecurity.
A number of the certs on the CompTIA Certification
list are U.S. Department of Defense-approved baseline
certifications (DoD 8570.01-M). This can provide
certified professionals with job opportunities in the
Federal government sector.

CompTIA • 41
COMPTIA CORE COMPTIA CORE

CompTIA IT Fundamentals+ CompTIA A+

CompTIA IT Fundamentals+ is designed for individuals The CompTIA A+ certification is designed for people
who want to begin exploring a career in IT. It’s also who want to build a career in IT technical support and
a good option for business, sales, and marketing operations. The A+ certification validates a candidate’s
professionals who work closely with systems and ability to:
information technology.
• Identify, use, and connect hardware components
The IT Fundamentals+ certification validates a • Install and support Windows OS
candidate’s understanding of these topics: • Troubleshoot PC and mobile device issues
• Explain types of networks and connections
• Computing • Troubleshoot device and network issues
• IT infrastructure • Identify and protect against
• Software development security vulnerabilities
• Database use • Install & configure laptops and other
mobile devices
Required exam: Earning the CompTIA IT • Understand Mac OS, Linux, and mobile OS
Fundamentals+ certification requires passing one exam
— CompTIA IT Fundamentals+ (FC0-U61). Required exams: Earning the CompTIA A+ certification
Prerequisites: None. requires passing two exams — CompTIA A+ 220-1001
Recommended experience: CompTIA recommends this and CompTIA A+ 220-1002.
exam for advanced end users or individuals thinking Prerequisites: None.
about entering the IT field. That means you should feel Recommended experience: While there are no specific
comfortable using computer systems and networks. prerequisites for the exams, CompTIA recommends that
candidates have 9 to 12 months hands-on experience
with various mobile, desktop, and networking tasks.

CompTIA • 42
COMPTIA CORE COMPTIA CORE

CompTIA Network+ CompTIA Security+

The CompTIA Network+ certification is designed for The CompTIA Security+ certification validates
IT professionals with entry-level experience. Network+ the baseline cybersecurity skills required of IT
is a common stepping stone for those looking to administrators and security professionals. The
move into network administration. Given that almost Security+ certification validates the candidate’s
everything is networked, networking experience is a ability to:
valuable asset for any IT professional. The Network+
certification validates the candidate’s ability to: • Detect various types of threats, attacks
and vulnerability
• Implement networking concepts • Install, configure, and deploy network
• Determine the appropriate cabling, device security components
and storage technologies • Implement a secure network architecture
• Use best practices to manage a network • Install, configure, and manage identity
• Summarize physical security, and common wired and access services
and wireless attacks • Implement risk management procedures to
• Explain the network mitigate business impact
troubleshooting methodology • Install and configure wireless security settings
and implement public key infrastructure
Required exam: Earning the CompTIA Network+
certification requires passing one exam — CompTIA Required exam: Earning the CompTIA Security+
Network+ (N10-008). certification requires passing one exam — CompTIA
Prerequisites: None. Security+ (SY0-601).
Recommended experience: While there are no specific Prerequisites: None.
prerequisites for the exam, CompTIA recommends that Recommended experience: There are no specific
candidates have obtained CompTIA A+ certification and prerequisites for the exam, although CompTIA
at least 9 to 12 months of networking experience. recommends that candidates have obtained CompTIA
Network+ certification and two years of experience in
IT administration with a security focus.

CompTIA • 43
CompTIA Infrastructure COMPTIA INFRASTRUCTURE

Certifications CompTIA Cloud+

The next level of the CompTIA certification program The CompTIA Cloud+ certification validates that a
consists of the CompTIA Infrastructure Certifications. certified professional has the expertise needed for
As the name suggests, these certs are related to key a cloud data center job. Typical job titles that may
infrastructure technologies such as cloud computing, require CompTIA Cloud+ certification include sysadmin,
open source operating systems, and servers. There are network administrator, cloud engineer, systems or
three certs at this level: network engineer, and data center manager. The
Cloud+ certification validates the candidate’s ability to:
• CompTIA Cloud+
• CompTIA Linux+ • Analyze system requirements to successfully
• CompTIA Server+ execute workload migrations to the cloud
• Determine proper allocation of cloud resources
• Apply appropriate technologies and processes
• Implement appropriate security controls
given requirements
• Troubleshoot capacity, automation, connectivity
and security issues related to
cloud implementations

Required exam: Earning the CompTIA Cloud+

certification requires passing one exam — CompTIA
Cloud+ (CV0-003).
Prerequisites: None.
Recommended experience: While there are no specific
prerequisites for the exam, CompTIA recommends that
candidates have at least 2 to 3 years of experience in
systems administration.

CompTIA • 44
COMPTIA INFRASTRUCTURE COMPTIA INFRASTRUCTURE

CompTIA Linux+ CompTIA Server+

The CompTIA Linux+ certification is designed for IT The CompTIA Server+ certification is designed for IT
professionals with hands-on experience configuring, professionals with hands-on experience administering,
monitoring, and supporting servers running major troubleshooting, and securing those servers regardless
Linux distributions. The Linux+ certification validates of type or location. Server+ is the only vendor-neutral
the candidate’s ability to: certification covering the major
server platforms. The Server+ certification validates the
• Configure Linux kernel modules, network candidate’s ability to:
parameters, storage, cloud, and
virtualization technologies • Configure and support server components
• Manage software and services • Manage and maintain servers
• Manage permissions and authentication, • Support storage devices technologies, including
firewalls, and file management capacity and growth planning
• Troubleshoot user, app, and hardware issues • Apply physical and network data
• Use Linux automation & scripting security techniques
• Configure systems for network connectivity
Required exams: Earning the CompTIA Linux+ • Understand disaster recovery and implement
certification requires passing one exam — CompTIA backup techniques
Linux+ (XK0-005). • Diagnose and resolve system hardware, software,
Prerequisites: None. connectivity, storage, and security issues
Recommended experience: While there are no specific
prerequisites for the exam, CompTIA recommends that Required exam: Earning the CompTIA Server+
candidates have CompTIA A+ and CompTIA Network+ certification requires passing one exam — CompTIA
certifications, as well as 12 months of experience in Server+ (SK0-005).
Linux administration. Prerequisites: None.
Recommended experience: While there are no specific
prerequisites for the exam, CompTIA recommends that
candidates have obtained CompTIA A+ certification and
have 18 to 24 months of IT experience.

CompTIA • 45
CompTIA Data & Analytics
Certifications Required Exam: Earning the CompTIA Data+
certification requires passing one exam – CompTIA
CompTIA Data and Analytics certifications are a new Data+ (DA-001).
addition to CompTIA’s technical certification path. As Prerequisites: None.
the importance for data analytics grows, more job roles Recommended experience: CompTIA recommends 18–
are required to set context and better communicate 24 months of experience in a report/business analyst
vital business intelligence. Collecting, analyzing, and job role, exposure to databases and analytical tools, a
reporting on data can drive priorities and lead business basic understanding of statistics, and data visualization
decision-making. There is currently one certification experience.
available for data and analytics:
CompTIA Cybersecurity
• CompTIA Data+ Certifications

CompTIA Cybersecurity certifications make up the

COMPTIA PROFESSIONAL fourth step of the CompTIA technical certification path.
CompTIA Data+ These certifications are for advanced and expert-level
professionals. There are three certs at this tier:
The CompTIA Data+ is designed for early-career data
analytics professionals tasked with developing and • CompTIA Cybersecurity Analyst (CySA+)
promoting data-driven business decision-making. • CompTIA PenTest+
• CompTIA Advanced Security Practitioner (CASP+)
The Data+ certification validates the candidates ability
to: CompTIA CySA+ and CASP+ are both DoD
8570.01-M-approved certifications.
• Mine data
• Manipulate data
• Visualize and report data
• Apply basic statistical methods
• Analyze complex datasets while adhering to
governance and quality standards throughout
the entire data life cycle

CompTIA • 46
COMPTIA CYBERSECURITY COMPTIA CYBERSECURITY

CompTIA CySA+ CompTIA PenTest+

The Cybersecurity Analyst (CySA+) certification is The CompTIA PenTest+ certification is designed
designed for cybersecurity professionals who use for intermediate-level cybersecurity professionals
an analytics-based approach to identify and combat who are tasked with penetration testing to manage
malware and advanced persistent threats (APTs). As vulnerabilities on a network. The PenTest+ certification
hackers continue to evade traditional signature-based validates the candidate’s ability to:
solutions such as firewalls, the IT security industry is
moving toward an analytics-based approach. • Plan a comprehensive compliance-based
The CySA+ certification validates the candidate’s vulnerability assessment
ability to: • Perform a vulnerability scan and
analyze results
• Implement a vulnerability management process • Exploit network, wireless, application, and
• Perform data analysis and interpret the results to RF-based vulnerabilities, summarize physical
identify vulnerabilities, threats and risks security attacks, and perform post-
to an organization exploitation techniques
• Configure and use threat-detection tools • Conduct information gathering exercises with
• Secure and protect applications and systems various penetration testing tools
within an organization • Utilize report-writing and handling best practices

Required exam: Earning the CompTIA CySA+ Required exam: Earning the CompTIA PenTest+
certification requires passing one exam — CompTIA certification requires passing one exam — CompTIA
CySA+ (CS0-002). PenTest+ (PT0-002).
Prerequisites: None. Prerequisites: None.
Recommended experience: While not required in order Recommended experience: While not required in
to take the CompTIA CySA+, CompTIA recommends order to take the CompTIA PenTest+ exam, CompTIA
that candidates either have a CompTIA Network+ or recommends that candidates have CompTIA Network+
Security+ certification, or at least three years of hands- or Security+ certification, and at least three years of
on experience in information security. hands-on information security or related experience.

CompTIA • 47
CYBERSECURITY CERTIFICATION Prerequisites: None.
CompTIA CASP+ Recommended experience: CompTIA recommends
that candidates have at least 10 years of IT
The CompTIA CASP+ certification is designed for administration experience, including at least five years
expert cybersecurity professionals who implement of hands-on technical security experience.
security solutions. While cybersecurity managers
identify the cybersecurity policies and frameworks Professional CompTIA
that need to be implemented, cybersecurity technical Certifications
practitioners implement solutions within those policies
and frameworks. The CASP+ certification validates the In addition to technical certifications, CompTIA offers
candidate’s ability to: certifications for non-technical professionals. The three
professional certifications in the CompTIA certification
• Analyze security risks and frameworks that come path are:
along with specific industry threats
• Integrate network and security components and • CompTIA Project+
implement security controls • CompTIA CTT+
• Implement incident response and • CompTIA Cloud Essentials
recovery procedures
• Integrate hosts, storage, networks and
applications into a secure enterprise architecture
• Apply research methods to determine industry
trends and their impacts to the enterprise

Required exam: Earning the CompTIA CASP+

certification requires passing one exam — CompTIA
CASP+ (CAS-004).

CompTIA • 48
COMPTIA PROFESSIONAL COMPTIA PROFESSIONAL

CompTIA Project+ CompTIA CTT+

The CompTIA Project+ certification is designed for The CompTIA Certified Technical Trainer (CTT+)
IT and project management professionals who need certification is designed for technical instructors.
to manage smaller, less complex projects as part of Education is an essential element in the successful roll-
their other job duties. There’s a need for business out and ongoing operation of any IT initiative. Effective
professionals — within and outside of IT — who have training requires teachers who can use appropriate
the basic skills and knowledge to successfully manage tools and techniques in physical and virtual
small- to medium-sized projects. learning environments.

The Project+ certification validates the candidate’s Required exam: In order to become CompTIA CTT+
ability to: certified, candidates must pass two exams — one
written and one performance-based:
• Manage the project life cycle • CTT+ Essentials (TK0-201) Exam, plus
• Ensure appropriate communication • CTT+ Classroom Performance
• Manage resources and stakeholders Based Exam (TK0-202), or
• Maintain project documentation • CTT+ Virtual Classroom Performance
Based Exam (TK0-203)
Required exam: Earning the CompTIA Project+ As part of the TK0-202 and TK0-203 exams, candidates
certification requires passing one exam — CompTIA must submit a video recording of their classroom
Project+ (PK0-005). training sessions for evaluation.
Prerequisites: None. Recommended experience: CompTIA recommends
Recommended experience: CompTIA recommends that candidates have at least 6 to 12 months of
that candidates have at least 12 months of cumulative training experience.
project management experience or
equivalent education.

CompTIA • 49
COMPTIA PROFESSIONAL CompTIA Stackable
CompTIA Cloud Essentials Certifications

The CompTIA Cloud Essentials+ certification is CompTIA recognizes that IT pros build their technical
designed to provide business professionals and proficiencies incrementally, gaining experience as they
non-IT staff an understanding of cloud computing become established IT professionals.
fundamentals and the work involved to move to and
govern the cloud. The Cloud Essentials+ exam validates As they progress in their careers, IT professionals can
the candidate’s ability to: acquire multiple CompTIA certifications that combine
to represent expertise in specific functional areas.
• Understand cloud principles and can aptly CompTIA has formalized this “bundling of certs” as
identify cloud networking concepts and storage CompTIA Stackable Certifications. They have taken
techniques, and understand cloud design aspects specific job functions and identified the stacks of
• Comprehend the financial aspects of engaging a certifications that are most relevant to each job.
cloud provider, as well as the business aspects of
managing vendor relations in cloud adoptions The job functions are concentrated in one of two
• Are able to explain aspects of operating within CompTIA certification pathways — Infrastructure and
the cloud, such as data management, availability, Cybersecurity — depending on the career direction an
and monitoring IT pro wants to take.
• Understand risk management concepts related to
cloud services and identify the importance and The job functions for the CompTIA Stackable
impacts of compliance in the cloud Certifications are further categorized by the expected
experience level of the job — specialist, professional,
Required exam: Earning the CompTIA Cloud or expert:
Essentials+ certification requires passing one exam —
CompTIA Cloud Essentials (CLO-002). • Specialist: Early-career IT professionals with 0–2
Prerequisites: None. years of experience
Recommended experience: CompTIA recommends • Professional: Mid-level IT professionals with 2–5
that candidates for the CompTIA Cloud Essentials exam years of experience
have at least 6 to 12 months of exposure to • Expert: Established IT professionals with 5+ years
cloud technologies. of experience

CompTIA • 50
Stackable Infrastructure COMPTIA STACKABLE SPECIALIST

Certifications CompTIA Systems Support

Specialist (CSSS)
The CompTIA Infrastructure Career Pathway is for IT
professionals who want to work with organizations’ The CompTIA Systems Support Specialist stackable
system and network infrastructures — servers, certification is designed for support specialists who
networks, data centers, cloud services, etc. There support help desk operations and assist customers
are five job functions that are represented by sets of with issues related to hardware, software,
CompTIA stackable certifications. and networks.

• CompTIA IT Operations Specialist (CIOS) Required exams: To earn the CSSS stackable
• CompTIA Systems Support Specialist (CSSS) certification, you must earn both CompTIA A+ and
• CompTIA Cloud Admin Professional (CCAP) Linux+ certifications.
• CompTIA Network Infrastructure
Professional (CNIP)
• CompTIA Linux Network Professional (CLNP) COMPTIA STACKABLE PROFESSIONAL

CompTIA Cloud Admin

Professional (CCAP)
COMPTIA STACKABLE SPECIALIST

CompTIA IT Operations The CompTIA Cloud Admin Professional stackable

Specialist (CIOS) certification is designed for IT professionals who
regularly work with cloud service implementation
The CompTIA IT Operations Specialist stackable and maintenance.
certification is designed for IT operations specialists
who regularly create and respond to tickets, maintain Required exams: To earn the CCAP stackable
systems, and resolve customer issues. certification, you must earn both CompTIA Network+
and Cloud+ certifications.
Required exams: To earn the CIOS stackable
certification, you must pass both CompTIA A+ and
Network+ certifications. COMPTIA STACKABLE PROFESSIONAL

CompTIA Network Infrastructure

Professional (CNIP)

CompTIA • 51
 CompTIA Cybersecurity
The CompTIA Network Infrastructure Professional Career Pathway
stackable certification is designed for networking
professionals who design and implement The CompTIA Cybersecurity Career Pathway is aimed
infrastructure projects. at IT professionals who choose to specialize in the
field of cybersecurity. There are seven sets of CompTIA
Required exams: To earn the CNIP stackable stackable certifications for cybersecurity.
certification, you must pass both CompTIA Network+
and Server+. • CompTIA Secure Infrastructure Specialist (CSIS)
• CompTIA Secure Cloud Professional (CSCP)
• CompTIA Security Analytics Professional (CSAP)
• CompTIA Network Vulnerability Assessment
COMPTIA STACKABLE PROFESSIONAL Professional (CNVP)
CompTIA Linux Network • CompTIA Network Security Professional (CNSP)
Professional (CLNP) • CompTIA Security Analytics Expert (CSAE)
• CompTIA Security Infrastructure Expert (CSIE)
The CompTIA Linux Network Professional stackable
certification is designed for IT professionals that
regularly support and monitor systems that operate COMPTIA STACKABLE SPECIALIST

on Linux. CompTIA Secure Infrastructure

Specialist (CSIS)
Required exams: To earn the CLNP stackable
certification, you must earn both CompTIA Network+ The CompTIA Secure Infrastructure Specialist stackable
and Linux+ certifications. certification is designed for security professionals who
primarily support hardware and software systems.

Required exams: To earn the CSIS stackable

certification, you must earn CompTIA A+, Network+ and
Security+ certifications.

CompTIA • 52
COMPTIA STACKABLE PROFESSIONAL COMPTIA STACKABLE PROFESSIONAL

CompTIA Secure Cloud CompTIA Network Vulnerability

Professional (CSCP) Assessment Professional (CNVP)

The CompTIA Secure Cloud Professional stackable The CompTIA Network Vulnerability Assessment
certification is designed for security professionals that Professional stackable certification validates that
primarily work with cloud applications and services. security professionals can scan applications and
systems for vulnerabilities.
Required exams: To earn the CSCP stackable
certification, you must pass CompTIA Security+ and Required exams: To earn the CNVP stackable
Cloud+ certifications. certification, you must earn the CompTIA Security+ and
PenTest+ certifications.

COMPTIA STACKABLE PROFESSIONAL

CompTIA Security Analytics COMPTIA STACKABLE PROFESSIONAL

Professional (CSAP) CompTIA Network Security

Professional (CNSP)
The CompTIA Security Analytics Professional stackable
certification validates that security professionals can The CompTIA Network Security Professional stackable
monitor for security events and enact measures to certification validates that security professionals can
protect their network and systems. monitor networks for threats and vulnerabilities, as
well as actively respond to those threats.
Required exams: To earn the CSAP stackable
certification, you must earn the CompTIA Security+ and Required exams: To earn the CNSP stackable
CySA+ certifications. certification, you must pass CompTIA Security+,
PenTest+, and CySA+ certifications.

CompTIA • 53
COMPTIA STACKABLE EXPERT Getting Your CompTIA
CompTIA Security Analytics Stackable Certifications
Expert (CSAE)
When you complete the set of CompTIA certifications
The CompTIA Security Analytics Expert stackable that represent a particular CompTIA Stackable
certification validates that security professionals can Certification, you will be automatically granted the
research and find vulnerabilities through data — and relevant stackable certification(s). These will be found
then engineer solutions. in the Stackable Certifications tab on your CompTIA
certification account. You’ll be able to download
Required exams: To earn the CSAE stackable the stackable certification logo for your personal
certification, you must earn CompTIA Security+, CySA+, professional use.
and CASP certifications.
Stackable certifications require active continuing
education (CE) certifications. Good-for-life certification
COMPTIA STACKABLE EXPERT holders may earn these stackable certifications by re-
CompTIA Security Infrastructure certifying and validating that their skills are up to date.
Expert (CSIE)

The CompTIA Security Infrastructure Expert stackable How Much Does CompTIA
certification validates that security professionals Certification Cost?
can lead and manage every element of security
infrastructure for large, complex organizations. CompTIA certification exams range in cost between
$219 and $349, depending on the exam. For CompTIA
Required exams: To earn the CSIE stackable A+, you must pass two exams for a total cost of
certification, you must earn CompTIA Security+, CySA+, $438. For CompTIA Security+, the single CompTIA
PenTest+, and CASP certifications. certification exam costs $339. The cost for the CompTIA
Network+ exam is $319.

CompTIA • 54
How Do I Get a Copy of My You can simply recertify by paying for, and taking,
CompTIA Certification? the most recent version of the relevant CompTIA
certification exam(s). Here are some of the other ways
What happens if you need verification of your CompTIA to renew a CompTIA certification:
certification(s) for a job application, for your resume, or
to submit to a potential client? Through your CompTIA • Complete a CompTIA CertMaster CE course.
certification account (login here if you have one) CertMaster CE e-learning courses are available for
CompTIA provides two ways to provide proof of A+, Network+, and Security+. When you complete
your certs: the course, you’ll automatically earn Continuing
Education Units (CEU) for the exam in your
• Download a PDF Certificate: You can download a CompTIA certification account. CertMaster CE
PDF certificate that contains a URL and verification e-learning courses cost between $129 and $199.
code that can be used to authenticate • Earn a higher-level CompTIA certification. If you
your certification. earn or renew a qualifying higher-level CompTIA
• Create a Transcript: You can create a customized certification, your existing CompTIA certifications
certification transcript which will be sent by email are renewed.
to a designated recipient. • Earn a non-CompTIA IT industry certification.
If you earn or renew a qualifying non-CompTIA
IT industry certification, you’ll earn Continuing
CompTIA Recertification Education Units (CEU) that can apply toward the
and Renewal renewal requirements for your existing CompTIA
certification. For example, earning a Cisco CCNA
CompTIA certifications earned since 2011 are valid for Security cert gives you the 50 CEUs you need for
three years from the date of original certification. They CompTIA Security+ certification renewal.
must be renewed before their expiration date. CompTIA • Earn other CEUs. You can earn CEUs to apply
recertification and renewal comes under the auspices to recertification through a number of different
of the CompTIA Continuing Education (CE) program. avenues. These include taking training and higher
You must be enrolled in that program to renew education, participating in IT Industry activities,
a certification. publishing articles or white papers, or even
submitting relevant work experience.
There are a number of ways to renew a certification.

CompTIA • 55
Is a CompTIA Certification a • CompTIA Advanced Security
Lifetime Certification? Practitioner (CASP+): $86,000

As of January 1, 2011, CompTIA ended lifetime CompTIA certification will be just one indicator of the
certifications. CompTIA certifications earned since that value that you bring to the table. Other factors will play
date are valid for three years only and are then subject a big part in how much a job will pay. For example,
to renewal and recertification as described above. although the average salary for CompTIA A+ is $59,000,
CompTIA A+, CompTIA Network+ or CompTIA Security+ PayScale reports salaries up to $91,000 for A+ certified
certifications earned before 2011 are considered good- professionals in Washington D.C.
for-life (GFL) and do not expire. Note that GFL certs are
not valid for CompTIA stackable certifications. If you Not surprisingly, given CompTIA’s inclusion in the
want to bring your certification current, you’ll need to US Department of Defense (DoD) baseline
pass the current version of the exam. You’ll then have certifications, the US military and Federal Government
two certs: your GFL certification and the new CE one. contractors are popular employers for CompTIA
certification holders.

CompTIA Certification Salary

and Career Information

PayScale reports the following average salaries

(USD) for employees holding particular
CompTIA certifications:

• CompTIA A+ salary: $59,000

• CompTIA Server+: $63,000
• CompTIA Network+: $64,000
• CompTIA Project+: $67,000
• CompTIA Linux+: $70,000
• CompTIA Security+: $73,000
• CompTIA CTT+: $74,000
• CompTIA Cloud+: $76,000

CompTIA • 56
CompTIA Certification Training

CBT Nuggets offers a variety of training that maps to

CompTIA certification exams, ranging from A+
to Cloud+.

• Core Series
• CompTIA Network+ (N10-008)
• CompTIA Security+ (SY0-601)
• CompTIA A+ 220-1001
• CompTIA A+ 220-1002
• Infrastructure Series
• CompTIA Cloud+ (CV0-003)
• LPI Linux LPIC-1 101 and CompTIA Linux+
• Cybersecurity Series
• CompTIA CySA+ (CS0-002)
• Additional Professional Series
• CompTIA Project+ (PK0-005)
• CompTIA Cloud Essentials (CLO-002)

Our training changes from time-to-time as we support the

CompTIA certification roadmap. So be sure to check CBT
Nuggets CompTIA training for new and updated training
relevant to your personal CompTIA certification goals.

© CBT Nuggets | Updated 09.12.2022

 Cisco
Security Certifications
Security is one of the most sought after skills you can have in IT right now — and there are
plenty of security certifications you could pursue. Network administrators or engineers
working in a Cisco shop will find a good match between these Cisco security certifications
and their existing networking skills. Many threats may be in the application layer, but
defense starts at the network layer.
New Cisco Security security features are active
Certifications •  Understanding benefits of various Cisco
security products
Over the past couple of years, Cisco has made a lot
of changes to its certification paths. Previously, the Required exams: The core exam for the CCNP Security
CCNA had specialty tracks such as the CCNA CyberOps. certification is Implementing and Operating Cisco
However, in 2020 Cisco discontinued this approach and Security Core Technologies (300-701 SCOR). Candidates
reduced the CCNA specialty tracks down to a single can then choose one of seven concentration exams:
CCNA course that covers the basics of IT fundamentals. •  Securing Networks with Cisco Firepower Next
Those who wish to specialize in security should now Generation Firewall (300-710 SNCF)
focus on the following Cisco certifications: •  Securing Networks with Cisco Firepower Next-
Generation IPS (300-710 SNCF)
• CCNP Security •  Implementing and Configuring Cisco Identity
• CCIE Security Services Engine (300-715 SISE)
•  Securing Email with Cisco Email Security
CISCO PROFESSIONAL (NEW) Appliance (300-720 SESA)
Cisco Certified Network Professional - •  Securing the Web with Cisco Web Security
Security (CCNP Security) Appliance (300-725 SWSA)
•  Implementing Secure Solutions with Virtual
The CCNP Security certification is designed to Private Networks (300-730 SVPN)
test a security professional’s ability to secure an •  Implementing Automation for Cisco Security
organization’s physical infrastructure, cloud services, Solutions (300-735 SAUTO)
endpoints, and network access. The CCNP - Security Prerequisites: None.
core exam validates a candidate’s understanding of Recommended experience: While Cisco certifications
security topics, including: no longer have formal prerequisites, Cisco recommends
that candidates who attempt this professional-level
•  Identifying common security vulnerabilities exam have three to five years experience implementing
against on-prem and cloud environments security solutions.
•  Implementing appropriate access policies
•  Configuring cloud logging and
monitoring methods
•  Ensuring email, internet gateway, and web

Cisco • 59
CISCO EXPERT (NEW)

Cisco Certified Internetwork Expert - Current Cisco Security

Security (CCIE Security) Certifications

The CCIE Security certification is designed for With Cisco certifications everything starts with
IT professionals who secure all aspects of an networking. These Cisco security certifications start
organization’s wired and wireless networks and cloud at the associate-level, which validates everything a
services. Candidates should expect to demonstrate an networking professional will learn about networking
expert level of competency in these topics during their and security in their first year. These certifications then
8-hour hands-on lab: progress to the professional and finally expert levels,
which provide a good path forward for anyone who
•  Perimeter Security and Intrusion Prevention wants to create a career securing networks.
•  Secure Connectivity and Segmentation
•  Infrastructure Security Cisco offers three security exams:
•  Identity Management, Information Exchange,
and Access Control •  CCNA CyberOps
•  Advanced Threat Protection and •  CCNP Security
Content Security •  CCIE Security

Required exams: The written exam for the CCIE

Security certification is Implementing and Operating
Cisco Security Core Technologies (SCOR 300-701). CCIE
candidates must then travel to a Cisco facility to take
the CCIE Security v6.0 lab exam.
Prerequisites: None.
Recommended experience: While expert-level Cisco
certifications don’t have formal prerequisites, Cisco
recommends that candidates attempting CCIE exams
have five to seven years experience securing enterprise
networks and systems.

Cisco • 60
CISCO ASSOCIATE (CURRENT) Cisco networking gear is everywhere. Its routers,
Cisco Certified Network Associate - switches, and even phones are found in most office
CyberOps (CCNA CyberOps) environments. For IT professionals who specialize
in network administration, it’s more likely than not
The CCNA CyberOps certification is designed for entry- that you’ll work in a Cisco environment at some
level cybersecurity professionals. CCNA CyberOps is point. That’s why Cisco certifications are so popular
an approved certification under the DoD 8570.01-M and highly valued. Cisco certifications validate
framework in the CSSP Analyst and CCSP Incident the knowledge and skills IT professionals need to
Responder categories. The CCNA CyberOps certification be successful in managing and maintaining Cisco
validates a candidate’s understanding of security technologies.
topics, including:

•  Understanding and implementing access

control modes
•  Knowing the security impact of common
cryptography methods
•  Identifying common attack vectors and
security vulnerabilities
•  Mapping data types to compliance frameworks
•  Analyzing data from security events

Required exams: CCNA - CyberOps has two required

exams — Understanding Cisco Cybersecurity
Fundamentals (210-250 SECFND) and Implementing
Cisco Cybersecurity Operations (210-255 SECOPS).
Prerequisites: None.
Recommended experience: While Cisco certifications
no longer have formal prerequisites, Cisco
recommends that candidates attempting the two CCNA
- CyberOps exams have at least one year of experience
in a security role.

Cisco • 61
CISCO PROFESSIONAL (CURRENT) CISCO EXPERT (CURRENT)

Cisco Certified Network Professional - Cisco Certified Internetwork Expert -

Security (CCNP Security) Security (CCIE Security)

The CCNP Security certification is designed for The CCIE Security certification is designed for
networking engineers who deploy, support and IT professionals who secure all aspects of an
troubleshoot firewalls, VPNS, and IDS/IPS solutions. organization’s wired and wireless networks and cloud
The CCNP Security certification validates a candidate’s services. Candidates should expect to demonstrate an
understanding of security topics, including: expert level of competency in these topics during their
8-hour hands-on lab:
•  Content Security
•  Network Threat Defense •  Perimeter Security and Intrusion Prevention
•  Cisco FirePOWER Next-Generation IPS (NGIPS) •  Secure Connectivity and Segmentation
•  Security Architectures •  Infrastructure Security
•  Troubleshooting, Monitoring, and Reporting •  Identity Management, Information Exchange,
and Access Control
Required exams: Earning the CCNP Security requires •  Advanced Threat Protection and Content
passing four exams: Security
•  Implementing Cisco Secure Access Solutions (300-
208 SISAS) Required exams: The written exam for the CCIE
•  Implementing Cisco Edge Network Security Security certification is 400-251 CCIE Security. CCIE
Solutions (300-206 SENSS) candidates must then travel to a Cisco facility to take
•  Implementing Cisco Secure Mobility Solutions the CCIE Security lab exam.
(300-209 SIMOS) Prerequisites: None.
•  Implementing Cisco Threat Control Solutions (300- Recommended experience: While expert-level Cisco
210 SITCS) certifications don’t have formal prerequisites, Cisco
Prerequisites: Prior to attempting this certification, recommends that candidates attempting CCIE exams
candidates must earn the CCNA Security, or any CCIE. have five to seven years experience securing enterprise
Recommended experience: Cisco recommends that networks and systems.
candidates attempting this professional-level exam
have at least three years of experience in an IT role.

© CBT Nuggets | Updated 09.12.2022