Which Certificate is Right For You?

Certifications are a great way to increase your knowledge, demonstrate you are a serious InfoSec professional & pad your LinkedIn profile to open opportunities for recruiters or potential employers.

There will always be a debate among your colleagues on which are the best certifications to boost your career, which certifications hold the most value, and some that are just checkboxes for HR.

Charting your Path

Picking the right certifications for you heavily depends on which career path you want to go down. I generally stick to SANS and their model for Information Security careers;

  • Path 1: Monitoring, Detection & Cyber Defense Operations
  • Path 2: Penetration Testing
  • Path 3: Incident Response, Forensics, & Threat Hunting
Path 3: Incident Response, Forensics, & Threat Hunting from SANS

However, SANS is not the only certification body and there are other ‘paths’. The image below is a compilation of certifications contributed in an open source project for individuals plotting their certification track. As you will see, there are many vendors offering certifications (sorted by their (ISC)2 domain) and you must plan accordingly to efficiently achieve your career path goals.

Cybersecurity certifications mapped to (ISC)2 security domains.

The next sections lists some of the most popular certification bodies in cybersecurity.


SANS is private company that specializes in information security and cybersecurity training. They are the premier information security training vendors on the market, and usually go for 7,000 USD per course.


SANS training prepares the candidate student for the certification exams for GIAC, which develops and administers premier, professional information security certifications. These certifications are highly regarded in the industry and are held by experts in their respective fields.

Read this for more information on writing GIAC exams.




Offensive Security





Amazon Web Services

Google Cloud Certifications



Additional Reading