top of page
  • Whatsapp
  • Linkedin
Diverse team of hiring managers and recruiters discussing cybersecurity talent strategies in a modern office setting with a large screen displaying network diagrams.

Cyber Security at a Glance

While most cybersecurity professionals have at least a Bachelor’s degree in Computer Science, many companies prefer candidates who also have a certification to validate knowledge of best practices. There are hundreds of certifications available, from general to vendor-specific, entry-level to advanced. Below is a summary of the key certifications and general expected requirements...

Certified Information Systems Security Professional (CISSP)

     - Minimum of 5 years of full-time, paid work experience in at least two of the eight domains of the (ISC)² CISSP Common Body of Knowledge (CBK).

 

     - If you have a 4-year college degree or an approved credential, one year of experience can be waived.

 

Certified Ethical Hacker (CEH)

     - Two years of work experience in the Information Security domain.

     - Alternatively, candidates without the required experience can take the EC-Council official training to become eligible for the exam.

 

CompTIA Security+

     - No formal experience required, but CompTIA recommends two years of experience in IT administration with a focus on security.

 

     - Basic knowledge of networking (like CompTIA Network+ certification) is also helpful.

 

Certified Information Security Manager (CISM)

     - Minimum of 5 years of work experience in information security management.

     - At least three years of management experience in at least three of the CISM domains (information security governance, risk management, program development, incident management).

 

     - Certain certifications or a degree can substitute for some experience.

 

Certified Information Systems Auditor (CISA)

     - Minimum of 5 years of work experience in information systems auditing, control, or security.

 

     - Waivers for up to three years of experience are possible if you have a degree or hold certain certifications.

 

Certified Cloud Security Professional (CCSP)

     - Minimum of 5 years of cumulative, paid work experience in IT, of which at least 3 years must be in information security, and 1 year must be in one or more of the six domains of the CCSP CBK.

 

     - A CISSP credential can substitute the entire CCSP experience requirement.

 

CompTIA Cybersecurity Analyst (CySA+)

     - No mandatory experience required, but CompTIA recommends 3-4 years of hands-on experience in IT security or a related role.

 

     - Familiarity with Security+, Network+, or equivalent knowledge is beneficial.

 

Certified in Risk and Information Systems Control (CRISC)

 

     - Minimum of 3 years of work experience in at least two of the four domains of CRISC (risk identification, risk response, risk monitoring, and information systems control).

     - No experience waivers are available for this certification.

 

Offensive Security Certified Professional (OSCP)

 

     - No formal experience required, but candidates should have a strong understanding of networking, Linux, scripting, and a solid foundation in cybersecurity concepts.

 

     - Hands-on experience in penetration testing or ethical hacking is highly beneficial.

 

GIAC Security Essentials (GSEC)

     - No formal experience is required, making GSEC a good entry-level certification.

     - It is recommended for professionals with basic knowledge of networking and security fundamentals or those already working in an IT role looking to transition to security.

 

Certified Information Privacy Professional (CIPP)

     - No formal experience required, but having a background in legal, regulatory, or compliance work is helpful, especially for professionals focusing on privacy laws and regulations.

 

CompTIA Advanced Security Practitioner (CASP+)

     - No formal experience required, but CompTIA recommends at least 10 years of experience in IT administration, including 5 years of hands-on technical security experience.

 

GIAC Certified Incident Handler (GCIH)

     - No formal work experience required, but it’s recommended for professionals with a strong understanding of networking and security concepts.

 

     - Prior hands-on experience in incident handling or cybersecurity operations is beneficial.

 

Certified in Governance, Risk and Compliance (CGRC, formerly CAP)

     - Minimum of 2 years of cumulative work experience in one or more of the CGRC domains, such as risk management, compliance, or information security governance.

 

Cisco Certified CyberOps Associate

     - No mandatory work experience, making it ideal for those new to cybersecurity.

     - Basic understanding of networking concepts is recommended.

Graduates Holding Diplomas
Image by Li Yang
Colleagues at Work
Computer Chip

Send us a message
 and we’ll get back to you shortly.

The CyberSec Recruitment Solutions Logo. A Shield icon, made with an 'S' for security and incorporating a lock to emphasise impenetrable security.
info@cybersecrec.co.uk
  • Whatsapp
  • LinkedIn

 © 2025 Copyright CyberSec Recruitment Solutions Ltd

Registration Number: 16011363

All Rights Reserved
 

bottom of page