Best CyberSecurity Courses and Certifications

There are numerous certifications related to best cybersecurity courses out there that you can choose from. Quality, prices, opportunities, conditions can vary, but in general, all of them are more or less tied to the same goal, cybersecurity. We most likely didn’t cover many of them, but we tried to get the most recognizable/popular/known ones here. We’ll try to update the list as time goes by.

Becoming a cyber ninja is a hard, lonely and difficult path, trying to improve yourself to perfection, hating your weaknesses, dominating your opponents and competition, dedicating your entire self to a single goal…

…okay, maybe we overstated, but it’s definitely not an easy thing to do.

We’re not counting the ones that are considering themselves cybersecurity masters simply by getting a CEH cert. Some of the gathered information below might not be up-to-date, so do check the formal links of course/certification providers. Some certs below might have more info than others, but in general we tried to gather at least some basic info on the subject.

Cybersecurity Courses and Cybersecurity Certifications

We’ll list some of the best cybersecurity courses and certifications (click to jump):

• OSCP – Offensive Security Certified Professional (Cert) *
• CEH – Certified Ethical Hacker
• OSWP – Offensive Security Wireless Professional
• OSCE – Offensive Security Certified Expert
• OSEE – Offensive Security Exploitation Expert *
• OSWE – Offensive Security Web Expert
• CISSP – Certified Information Security Professional
• CISM: Certified Information Security Manager
• CompTIA Security+
• GSEC: SANS GIAC Security Essentials
• CRISC – Certified in Risk and Information Systems Control
• CIPP – Certified Information Privacy Professional
• CISA – Certified Information Systems Auditor
• CCSP – Certified Cloud Security Professional
• CGEIT – Certified in the Governance of Enterprise IT
• CHFI – Computer Hacking Forensic Investigator
• CCNA – CISCO Certified Network Associate
• CCNP – CISCO Certified Network Professional
• CAP – Security Assessment and Authorization
• CSSLP – Secure Software Development
• HCISPP – Healthcare Security & Privacy
• SSCP – IT/ICT Security Administration

OSCP : Offensive Security Certified Professional

Probably the most recognized and respected certification for info security professionals. In general, lab is out to simulate a real-world situations, but based on some reviews, it’s still doesn’t mimic the real-world corporate environment (Man-in-the-middle, etc.).

You’ll need to demonstrate ability to research the network, identify vulnerabilities and execute attacks. Goal, exploit things and acquire administrative access. As a result, you’ll need to submit “penetration test report” with the notes, screenshots and any details you have related to your findings. Points are awarded on per host/server basis (depending on the difficulty). The main focus should be on the labs. The thing you might want to check are OSCP-like vulnerable VMs and/or Hack the box. The basic things you’ll need:

• Basic Linux usage Skills
• Some Programming Skills
• Reading/Understanding the flow of public exploits
• Hacker/Out of the box way of thinking
• Never give up attitude, Patience,…

It’s difficult, no doubt. You’ll receive access to a virtual network containing targets (55 machines, different difficulty levels) you’ll attack, training, video materials & lab conectivity. The links (pdf & video) expires after some time (2 days), so back it up right away. Go through both of them, additional points for submitting exercise documentation. There are 4 networks (Public, IT, Development, Admin). Initially you’ll receive access to Public network, you need to unlock the others by exploiting things, connecting to them via port forwarding/proxy chaining. Exploiting a machine is a bullet point process:

• Find open ports/services
• Enumerate
• Exploit
• Post exploitation enumeration
• Privilege escalation

There will be situation in which results/info you gathered on one machine can be used to solve another. You might get admin/root access to a machine by default, ultimately using that (gathered info) to get access to another one. Beware of the decoy vulnerabilities pushing you into the wrong direction. Difficult machines: pain, sufferance, humble and gh0st.

OSCP Exam

CEH : Certified Ethical Hacker

It’s a basic course, no doubt. It teaches you about the tools and vocabulary, but that’s all. Usually followed via courseware (couple of books, materials) including lab practices (videos, manual).

It includes:

CEH Exam

OSWP : Offensive Security Wireless Professional

Introduction to skills needed to audit and secure wireless devices. Some examples:

• WiFi Internals, Packets, Hardware/Drivers
• PCAP Exampels
• Aircrack-NG
• Sniffing Traffic, Packet injection, cracking the keys, finding hidden SSIDs, buypassing MAC filtering
• Attacks on WEP networks (open auth, shared key auth, no clients), interactive packet replay attacks, fragmentation attacks, KoreK ChopChop, etc.
• Password attacks: Dictionary/Rainbow table attacks, Cowpatty, Pyrit, Wordlists

Course is considered a bit outdated by some (materials not up-to-date, WEP focus, easy exam) but I think it’s ok, especially as a starting point/general introduction. Some theory segments might bore you and setting up lab can cause headaches (wifi card drivers issues). You’ll need:

• a solid understanding of TCP/IP and OSI Model
• Linux skills

Uppon enrolling, you’ll receive materials (Guides, Videos). For a practical segment you’ll need:

• BackTrack / Kali Instance
• Wireless card (capable of packet injection, e.g. AWUS036NHA)
• Access Point
• Victim’s device

The things that might help: Aircrack-ng-wiki , SecurityTube, nickjvturner,

OSWP Exam

Based on some experiences/review, not much challenging. Compromise a number of targets (3) and get the secret key. Graded in two parts:

• Successful recovery of the requested network keys / PSKs
• “Show your work” part, a report containing the keys and commands used to acquire them (template is provided)

OSCE : Offensive Security Certified Expert

Here, you’ll demonstrate an ability to research the network (info gathering), identify vulnerabilities nad execute attacks with the goal of compromising the systems to gain admin access. Points are awarded for each compromised host (based on difficulty and level of access). As usual, you’ll receive course details and materials:

• CTP manual
• Lab connectivity guide
• Lab Connectivity Pack,
• Videos
• Username/Password for the lab (VPN) / control panel

They’ll be available for 2-3 days. Download them. The Labs there differ from the PWK (OSCP), they’re there to help you duplicate PDF walkthroughs. Mentioned Topics:

• Web App (XSS, LFI,..)
• Backdoors ( PE File Modifications, Antivirus Bypass,..)
• Advanced Exploitation (ASLR and DEP Bypass, Egg Hunters In-Depth,..)
• Zero-Day (Vulnerabilities, fuzzing,..)
• Networking (GRE Tunneling, ..)

OSCE Exam

OSEE : Offensive Security Exploitation Expert

OSEE or AWE (Advanced Windows Exploitation) is relatively popular, only offered in person and getting booked quickly, so it’s somewhat hard to get a spot. As always with OffSec, it’s a “Try harder” type of course/cert.

Course lasts for 4 days, with classes spanning 0800 to 1700 and you’ll of course get course materials (book, USB carved Kali, etc.).

You’ll show an ability to research and develop exploits for the given targets through reverse engineering, assembly/disassembly, relying on their exploit experience while thinking laterally. It’s expected of you to provide a comprehensive report (notes, SS), basically all the details on your exploit approach. Mentioned topics:

• Egghunters
• Bypassing NX
• Custom Shellcode
• Venetian Shellcode
• Kernel Driver Exploitation
• 64-bit Kernel Driver Exploitation
• Heap Spraying

You’ll need to know your way around:

Windbg, Immunity debugger, IDA, Assembly, x86&x64, Scripting (python/JS), Programming (C/C++)

Module 1:

• Case study: CVE-2015-3104
• Bypass the DEP/ASLR via Flash Heap Overflow through FireFox in Windows 10 32-bit in module 1
• Returned Oriented Programming (ROP) Exploitation technique to bypass the DEP (ROP chains)
• Bypass ASLR with DEP (leaking a pointer to NPSWF dll)
• Deep Heap Spray technique to place our ROP Gadgets and shellcode (spray ByteArray objects, nullifying the ByteArray’s)
• Destore the execution flow from our exploitation
• Sandbox Escape from Flash Sandbox to w00t the target machine
• Defeat the Windows Defender Exploit Guard (WDEG), Disarm or Bypass

Module 2:

• Case study: CVE-2017-8601
• CFG/ACG Bypass and Sandbox Escape via Microsoft Edge Type (64-bit arch)
• Defeat or bypass more WDEG features such as Control Flow Guard (CFG) and Arbitrary Code Guard
• AppContainer Sandbox and Code Integrity Guard (CIG)

Module 3:

• Case study: CVE-2015-5736
• 64-bit Kernel Driver Exploitation, fundamental theory on structures and drivers
• Token Stealing Payload to escalate privileges in Windows systems
• Trigger the vulnerable code in the IOCTL, Memory Paging and Structures, calculate the PML4 Self-reference Entry, get the PTE address from a given virtual address
• Exploit the vulnerability with ROP based attack
• How to bypass SMEP protection

Notes/Help:

• Rootkit’s tutorials
• Fimilarize yourself with IDA Pro, WinDBG
• Go through course material, solve all the exercises and the extramile challenges
• Practice with HackSysExtremeVulnerableDriver(HEVD)
• Go through exploits:
  • Avast! 4.7 – ‘aavmker4.sys’ Local Privilege Escalation
  • Microsoft Windows XP/2003 – ‘afd.sys’ Local Privilege Escalation (MS11-080)
  • Microsoft Windows 8.0/8.1 (x64) – ‘TrackPopupMenu’ Local Privilege Escalation (MS14-058)
• Open Security Training (Assembly, Exploitation, and Reversing material)
• A Guide to Kernel Exploitation
• Windows System Programming (4th Edition)
• Windows via C/C++
• Windows Internals Part 1
• Windows Internals Part 2
• Advanced Windows Debugging
• The IDA Pro Book
• Reversing: Secrets of Reverse Engineering

OSEE Exam

OSWE : Offensive Security Web Expert

This is relatively new course on offensive security. With OSWE you’ll demonstrate the art of exploiting front-facing web apps. Pre-requisite course is “Advanced Web Attacks and Exploitation (AWAE). So, everything related to web app security and pentesting should be covered. Practicle understanding of vulnerability assessment and hacking process.

You’ll need:

• some faimiliarity with Linux
• familiarity with web application attack vectors, theory and practice
• ability to write simple python/Persl/PHP/Bash scripts, powershell
• web proxies, Burp suite, etc.

OSWE Exam

CISSP : Certified Information Systems Security Professional (BANK)

For security practitioners, managers and executives. With it, you should be able to define the architecture, design and a management of the security of your organization (Access Control Systems, Security, etc).

• Domain 1: Security and Risk Management (15%)
• Domain 2: Asset Security (10%)
• Domain 3: Security Architecture and Engineering (13%)
• Domain 4: Communication and Network Security (14%)
• Domain 5: Identity and Access Management (13%)
• Domain 6: Security Assessment and Testing (12%)
• Domain 7: Security Operations (13%)
• Domain 8: Software Development Security (10%)

CISSP Exam

CISM: Certified Information Security Manager

Offered by ISACA association, intended for information security managers or IT consultans. To qualify for the exam, you have to have 5 years of verified experience in the infosec field (within 10 years period). It covers:

• Information security management
• Information risk management and compliance
• Information security program development and management
• Information security incident management

ISACA recommends the following steps:

• Step 1: Register for the Exam »
• Step 2: Prepare for the Exam »
• Step 3: Take the Exam »
• Step 4: Apply for Certification »
• Step 5: Maintain a Certification »

Rough cost estimate:

• $ 10.00 – ISACA membership (online to save $20 – membership saves $$ on the review materials)
• $500.00 – Exam registration fee ($450 if registering early)
• $ 45.00 Annual Maint Fee (also must accrue 120 CPEs within 3 years)
• $185.00 – CISM Review Questions Answers & Explanations Database 12 month Subscription (non members $225)
• $105.00 – CISM Review Manual 15th Edition ($135 for non-members)

Total, it’s about $845.00 to do a self-study program. There’s mention of $995 if you want to take the class or $795 if you want to take the online review course. You should also add $45 for the CISM Review Questions, Answers & Explanations Database – 6 Month Extension

CISM Exam

CompTIA Security+

There are no prerequisites, but there’s a recommendation to acquire CompTIA Network+ and have at least couple of years of IT administration (with a security focus). It establishes the core knowledge required of any cybersecurity role, incorporating practices in hands-on troubleshooting to ensure security professionals have practical security problem-solving skills. It covers network security concepts, threats and vulnerabilities, access control, identity management, cryptography, etc. Relation:

• Network Security (21%)
• Compliance and operational security (18%)
• Threats and vulnerabilities (21%)
• Application, Data, and Host Security (16%)
• Access control and identity management (13%)
• Cryptography (11%)

As for the price, I guess it depends on where you take it.

CompTIA Exam

GSEC: GIAC Security Essentials

For the security professionals that want to demonstrate that they’re qualified for IT systems hands-on roles. It’s a “good foundation cert”.

S***, this is going to make you into jedi. Joking aside, most of these points are introductory, candidates learning fundamental theory, understanding the overall idea, functionalities, concepts.

GSEC Exam

CRISC: Certified in Risk and Information Systems Control

Also ISACA, intended for business and information security professionals who specialize in the end to end risk managament process (risk identification, assessment, evaluation and remediation). Domains:

• Domain 1 – Risk Identification, Assessment & Evaluation – 31%
• Domain 2 – Risk Response – 17%
• Domain 3 – Risk Monitoring – 17%
• Domain 4 – Information Systems Control Design & Implementation (17%)
• Domain 5 – IS Control Monitoring & Maintenance (18%)

The requirements are identical to that of the CISA which is 120 CPE (Continuing Professional Education) hrs every three year cycle with an annual minimum of 20.

CRISC Exam

CIPP – Certified Information Privacy Professional

You’ll get some mix of Privacy fundamentals + Legal system + Laws + Data protection. This is not our cup of tea, but we can understand the appeal and why would one like to get it. Non proffit organization (IAAP) is accredited by the ANSI, the formality, probably ideal for corporate environments.

• CIPP/US (United States)
  • Introduction to the U.S. Privacy Environment
  • Limits on Private-sector Collection and Use of Data
  • Government and Court Access to Private-sector Information
  • Workplace Privacy
  • State Privacy Laws
• CIPP/C (Canada)
  • Canadian Privacy Fundamentals
  • The Canadian Government and Legal System
  • Enforcement Agencies and Powers
  • Canadian Privacy Laws and Practices in the Private Sector
  • Canadian Privacy Laws and Practices in the Public Sector
• CIPP/E (Europe)
  • Introduction to European Data Protection
  • European Regulatory Institutions
  • Legislative Framework
  • Compliance with European Data Protection Law and Regulation
  • International Data Transfers
• CIPP/A (Asia)
  • Fundamental Privacy Principles
  • Singapore Privacy Laws and Practices
  • Hong Kong Privacy Laws and Practices
  • India Privacy Law and Practices
  • Common Themes Among Principle Frameworks
• CIPP/G (US Government) – Terminated

You can find some formal advices on their website that should help you prepare and study.

CIPP Exam

CISA – Certified Information Systems Auditor

Provides a basic knowledge of core IT auditing and governance.

• Domain 1— Process of Auditing Information Systems
• Domain 2— Governance and Management of IT
• Domain 3— Information Systems Acquisition, Development and Implementation
• Domain 4— Information Systems Operations, Maintenance and Service Management
• Domain 5— Protection of Information Assets

Apparently there’s no prerequisites to taking an exam, but there is one when submitting a CISA application for Certification. A minimum of 5 years of professional information systems auditing, control or security work experience is required. Subsitution of such experience (to a maximum of 3 years) can be obtained:

• A maximum of 1 year of information systems experience OR 1 year of non-IS auditing experience can be substituted for 1 year of experience.
• 60 to 120 completed university semester credit hours (the equivalent of an 2-year or 4-year degree) not limited by the 10-year preceding restriction, can be substituted for 1 or 2 years, respectively, of experience.
• A bachelor’s or master’s degree from a university that enforces the ISACA-sponsored Model Curricula can be substituted for 1 year of experience. To view a list of these schools, please visit www.isaca.org/modeluniversities. This option cannot be used if 3 years of experience substitution and educational waiver have already been claimed.
• A master’s degree in information security or information technology from an accredited university can be substituted for 1 year of experience.

Maintenance fees and a minimum of 20 contact hours of CPE are required annually. In addition, a minimum of 120 contact hours is required during a fixed 3-year period.

You must do complete it within 10 years of applying for the certification or within 5 years of successfully passing the CISA exam.

CISA Exam

CCSP – Certified Cloud Security Professional

One of “most advanced” security certs available today. Awarded to studens which have attained technical and knowledge to design, manage and secure data, applications and infrastructure in the cloud.

Similar to CISA, candidates must have a minimum of 5 years cumulative paid work experience in IT (35hrs/week), of which 3 years must be in information security and 1 year in one of the 6 domains (of the CCSP CBK):

• Domain 1. Cloud Concepts, Architecture and Design
• Domain 2. Cloud Data Security
• Domain 3. Cloud Platform & Infrastructure Security
• Domain 4. Cloud Application Security
• Domain 5. Cloud Security Operations
• Domain 6. Legal, Risk and Compliance

1040 hours of part-time = 6 months of full time experience
2080 hours of part-time = 12 months of full time experience

Preparation time for the exam varies but rough estimate is 300 hours. One of the “funny” / “amuzing” things is a background check ISC conducts. In order to reach highest ethical and professional heights, candidates must satisfy:

• You have never been convicted of a felony or a crime based on dishonesty. This does not, however, include traffic offenses that are prosecuted in juvenile court.
• You have never been involved in or publicly identified with criminal hackers or hacking
• You have never been disciplined by a certification body or had your certification revoked
• You have never been known by any other names, aliases or pseudonyms. This does not include name changes due to marriage or adoption

CCSP Exam

CGEIT – Certified in the Governance of Enterprise IT

Another ISACA Certificate validating the candidate’s experience, knowledge and credibility. Intended for professionals serving in management, advisory or assurance roles. Domains:

• Domain 1 – Framework for the Governance of Enterprise IT
• Domain 2 – Strategic Management
• Domain 3 – Benefits Realization
• Domain 4 – Risk Optimization
• Domain 5 – Resource Optimization

CGEIT Exam

CHFI – Computer Hacking Forensic Investigator

Interesting cert, related to detecting hacking attacks and extracting evidence for crime reports, doing audits to prevent future attacks. It validates candidate’s skill to identify intruder’s footprints, gathering the necessary evidence to prosecute the perpetrator.

CHFI Exam

CCNA – CISCO Certified Network Associate

As mentioned on the CISCO’s website, CCNA should prepare you for associate-level job roles in IT technologies. No prerequisites, but it would be great if you have one or more year of experience implementing/administering CISCO solutions, knowledge of basic IP addressing and good understanding of network fundamentals.

• Network fundamentals
• Network access
• IP connectivity
• IP services
• Security fundamentals
• Automation and programmability

CCNA Exam

CCNP – CISCO Certified Network Professional

Network/Support/Systems engineer or technician, this routing and switching cert validates the ability to plan, implement, verify and troubleshooot local and wide-area enterprise networks, including security, voice, wireless and video solutions.

Not sure we get it but there are a number of certs within CCNP:

• CCNP Routing and Switching
• CCNP Collaboration
• CCNP Wireless
• CCNP Data Center
• CCNP Service Provider
• CCNP Security
• CCNP Cloud
• CCDP
• CCNP Enterprise
• Cisco Certified DevNet Professional

CCNP Exam

CAP – Security Assessment and Authorization

Another ISC2 cert, showing anyone that you have technical skills and knolwedge to authorize and maintain information systems. Inteded for anyone using RMF (Risk Management Framework) like Governments, Military, Civilian roles, private sector organizaitons, etc.

• Domain 1. Information Security Risk Management Program
• Domain 2. Categorization of Information Systems (IS)
• Domain 3. Selection of Security Controls
• Domain 4. Implementation of Security Controls
• Domain 5. Assessment of Security Controls
• Domain 6. Authorization of Information Systems (IS)
• Domain 7. Continuous Monitoring

Candidates must have a minimum of 2 years of cumulative work experience in 1 or more of 7 domains (CAP CBK). Don’t forget the ISC background check.

CAP Exam

CSSLP – Secure Software Development

Another cert from ISC, ideal for software developers and security professionals responsible for applying best practices in software design/implementation/deployment (Soft. Architect/Engineer/Developer, Quality assurance tester, penetration tester, project manager, etc).

• Domain 1. Secure Software Concepts
• Domain 2. Secure Software Requirements
• Domain 3. Secure Software Design
• Domain 4. Secure Software Implementation/Programming
• Domain 5. Secure Software Testing
• Domain 6. Secure Lifecycle Management
• Domain 7. Software Deployment, Operations, and Maintenance
• Domain 8. Supply Chain and Software Acquisition

CSSLP Exam

HCISPP – Healthcare Security & Privacy

Straightforward, ideal for information security professional in charged with guarding protected health information (Compliance officer, Medical Supervisor, Health Information manager, etc).

• Domain 1. Healthcare Industry
• Domain 2. Information Governance in Healthcare
• Domain 3. Information Technologies in Healthcare
• Domain 4. Regulatory and Standards Environment
• Domain 5. Privacy and Security in Healthcare
• Domain 6. Risk Management and Risk Assessment
• Domain 7. Third-Party Risk Management

HCISPP Exam

SSCP – IT/ICT Security Administration

For IT administrators, manager, directors for hands-on operational security. System admin, security analyst, system engineer, DB admin, etc.

• Domain 1. Access Controls
• Domain 2. Security Operations and Administration
• Domain 3. Risk Identification, Monitoring and Analysis
• Domain 4. Incident Response and Recovery
• Domain 5. Cryptography
• Domain 6. Network and Communications Security
• Domain 7. Systems and Application Security

SSCP Exam

Cybersecurity certification – Useful tools and sources

Additional link

The Wargames , PentesterAcademy, VulnHub, FuzzySecurity, DVWA, Mutillidae, Web Goat, check some tutorials (web, youtube) for some general info on ssh, enumeration, reconnaisence, port-scanning, web app testing, cracking/reverse engineering, etc. mix it up a bit. Get to know metasploit (post-exploitation modules), check free courses: SecurityTube and Metasploit-unleashed.

Check Buffer Overflow concept: Intro, Assembly, SecurityTube BufferOverflow, Exploit Research, FuzzySecurity Windows Exploitation, Corelan ExploitWriting,

It will most certainly come useful at some point.

Conclusion

They all have their advantages and disadvantages. Some of them have focused on a practical knowledge (labs, simulations, etc) while others offer/force theoretical approach. What to choose for yourself depends on your direction, desires, capabilities.. If you want to be “considered” as a hard-core elite get something with practical approach, heavy s*** where you have to think outside of the box, challenging things, etc.

If you just want to get some job in the IT/Cybersecurity industry, you can get some “Theoretical” certification, learning the questions, just enough so you can prove to your employers that you know what you’re talking about. There’s no right or wrong here, follow your heart…

# Scrum, COBIT, ITIL, TOGAF, PMP (Project Management Professional)