With change a continuing, IT professionals trying to enhance their careers can profit from the newest insights into employers’ wants. Knowledge from Foote Companions on the talents and certification most in demand immediately could present useful signposts.
Analyzing greater than 640 certifications as a part of its 2Q 2025 “IT Expertise Demand and Pay Traits Report,” Foote Companions calculated probably the most invaluable IT safety certifications to pursue proper now primarily based on two dimensions. The primary, the common pay premium, measures the distinction in pay between IT professionals with a specific credential and people with out it. The second, market worth improve, measures the rise in pay positive factors over the previous six months.
Collectively, common pay premium and market worth improve may give cybersecurity professionals a place to begin in deciding which certification to pursue for extra pay. Aside from contemplating their total skilled targets, safety professionals ought to take into account every certification’s coaching and examination prices, whether or not vendor-specific or vendor-neutral, and the lateral or vertical function alternatives it might open.
Offensive Safety Licensed Professional (OSCE)
OffSec’s Offensive Safety Licensed Professional consists of three programs: Superior Internet Assaults and Exploitation, Superior Evasion Methods and Breaching Defenses, and Home windows Person Mode Exploit Improvement. The format for every course examination is identical: Candidates have 48 hours to compromise a given goal utilizing varied methods. No formal conditions exist for any of the three programs, although OffSec makes particular data and talent suggestions for every. Candidates who full the three programs and earn the OSCE additionally get a problem coin symbolizing their experience in offensive safety.
Coaching and examination charges: OffSec bundles every course with a certification examination for US$1,649, so the entire value for OSCE is US$4,947.
Common pay premium: 12%
Market worth improve: 9.1%
Offensive Safety Licensed Skilled (OSCP)
To earn the Offsec Licensed Skilled certification, candidates should full the affiliated course, PEN-200: Penetration Testing with Kali Linux, and go the following examination. The course covers 10 modules, together with info gathering, vulnerability scanning, client-side assaults, and fixing exploits. Certificates holders can have proven mastery of penetration testing methodologies ultimate for brand new roles, reminiscent of an moral hacker, incident responder, or menace hunter. The OSCP+ examination is fully hands-on, and test-takers should compromise methods inside a lab atmosphere.
OffSec doesn’t implement any conditions however recommends candidates be accustomed to TCP/IP networking, scripting in Bash and Python, and Linux and Home windows, which they will be taught by its Community Penetration Testing Necessities Studying Path.
Coaching and examination charges: OffSec bundles the course and examination for US$1649 and as a one-year subscription that additionally features a lab atmosphere for US$2079 yearly.
Common pay premium: 11%
Market worth improve: 22.2%
OffSec Skilled Penetration Tester (OSEP)
The OffSec Skilled Penetration Tester is good for penetration testers and moral hackers who want extra superior methods to acquire Home windows credentials. Throughout 20 modules, the certification introduces these professionals to new methods in phishing, antivirus evasion, privilege escalation, and “dwelling off the land.” Throughout the two-day proctored examination, professionals should connect with a lab atmosphere through a VPN and compromise a number of machines inside a community by a number of doable assault paths. To go, professionals should obtain the target acknowledged throughout the management panel or rating at least 100 factors — 10 factors are awarded for each flag present in a neighborhood.txt or proof.txt file. Professionals who earn their OSEP can even get hold of their OSCE³ Certification to display their mastery of offensive safety. They might additionally must go the exams for WEB-300: Superior Internet Assaults and Exploitation and EXP-301: Home windows Person Mode Exploit Improvement, after which the OSCE³ is routinely awarded.
Whereas there aren’t any formal conditions for OSEP, OffSec recommends candidates take the PEN-200: Penetration Testing with Kali Linux or have a robust basis in working methods, networking, and scripting.
Coaching and examination charges: US$1,749, course plus examination
Common pay premium: 11%
Market worth improve: 22.2%
Certificates of Cloud Safety Information (CCSK)
As a certificates and never a certification — an vital distinction — the Cloud Safety Alliance (CSA) positions its Certificates of Cloud Safety Information as the inspiration for future credentials and upskilling within the sector. From this attitude, the CCSK is useful for cybersecurity analysts, compliance managers, safety engineers, architects, and directors. This vendor-neutral certificates covers subjects in cloud incident response, software safety, knowledge encryption, and extra. CCSK affords quite a lot of coaching modalities, together with an examination prep equipment, instructor-led lessons provided just about and in individual, and a web-based self-paced choice. Candidates should rating not less than 80% on the examination, randomly pulling 60 multiple-choice questions from a check financial institution. A new model of this certificates can be provided starting July 2024.
Coaching charges: Costs range primarily based on modality. A course bundles the examination for US$795, and on-line, instructor-led coaching begins at €1160.
Examination charges: The examination prices US$599, although reductions are out there for company members, and US navy veterans can take it at no cost.
Common pay premium: 11%
Market worth improve: 22.2%
EC-Council Licensed Chief Data Safety Officer (C|CISO)
EC-Council has a Licensed Chief Data Safety Officer certification (C|CISO). The title of the certification could also be deceptive: It isn’t designed just for CISOs or those that aspire to that place. The C|CISO supplies state that this system is good for over two dozen professionals, starting from CEOs and managing administrators to supply managers and safety auditors. Regardless of this breadth, candidates should nonetheless have 5 years of expertise in every of the C|CISO domains, which embrace governance and threat administration, info safety core competencies, and extra. This expertise can overlap, and candidates can substitute some requisite expertise with different credentials or superior levels. The 2-and-a-half-hour examination contains 150 questions throughout three ranges: data, software, and evaluation. The certificates is legitimate for 3 years, and candidates should keep it by persevering with training necessities and a US$100 annual payment.
Coaching charges: EC-Council affords quite a lot of coaching modalities, together with on-demand, stay in-person or on-line, and group choices. The caveat is that candidates are invited first to inquire to acquire the value or a quote.
Examination charges: US$100 software payment
Common pay premium: 11%
Market worth improve: 10%
CyberSecurity Forensic Analyst (CSFA)
Administered by the CyberSecurity Institute, the CyberSecurity Forensic Analyst Certification teaches professionals easy methods to conduct a forensic examination of a pc or digital machine, together with CDs, DVDs, USBs, and cellphones, and talk their evaluation to stakeholders. The three-day examination is held on-site at Edmonds Faculty in Lynnwood, Wash., and consists of fifty multiple-choice questions and a hands-on state of affairs. Candidates are given a tough drive and, in some instances, extra media and should produce an affidavit, declaration, or different response relying on the state of affairs. To earn a CSFA, the skilled should rating 85% throughout the 2 sections, with the sensible state of affairs carrying 70% of the grade weight, and the written rating the opposite 30%. Professionals who go are prominently displayed on a public database of CyberSecurity Institute alongside greater than 100 CyberSecurity forensic analysts. The final examination was held in August 2024; professionals ought to comply with CyberSecurity’s web site for bulletins of the following date.
Whereas there aren’t any formal conditions, CyberSecurity Institute recommends expertise within the administrative facet of digital forensics, reminiscent of writing the verbiage for subpoenas and motions. Candidates should additionally go an FBI legal background test, a course of that may take as much as three months.
Coaching charges: Edmonds Faculty hosts an instructor-led CSFA research group over Zoom upfront of the examination. Professionals all for becoming a member of are inspired to contact cyberdefense@edmonds.edu for extra info.
Examination charges: US$750 — waived for Edmonds Faculty college students
Common pay premium: 10%
Market worth improve: 11.1%
GIAC Licensed Intrusion Analyst (GCIA)
GIAC affords a Licensed Intrusion Analyst Certification that focuses on site visitors evaluation, community and host monitoring, and intrusion detection by Snort and Zeek. GCIA is good for system and safety analysts, community engineers and directors, safety managers, and different professionals concerned in intrusion detection. To earn a GCIA, professionals should rating a 67% on a 106-question, 4-hour examination. The examination checks data in additional than 15 areas, together with software protocols, fragmentation, packet engineering, TCP protocol, and Wireshark fundamentals. To resume, GCIA holders should take 36 persevering with training credit over the 4 years that the certification is energetic, or retake and go the certification examination. There aren’t any official conditions for the GCIA, however the affiliated preparatory course recommends that candidates have working data of community monitoring and menace looking.
Coaching charges: GIAC affords self-paced, digital, and in-person coaching in main cities worldwide, beginning at US$8,780. A observe check can be out there for US$399.
Examination charges: US$999 for the primary try, and US$899 for retakes
Common pay premium: 10%
Market worth improve: 11.1%
Offensive Safety Protection Analyst (OSDA)
The course that culminates within the OSDA is Foundational Safety Operations and Defensive Evaluation, which teaches candidates to defend networks and methods in opposition to cyber threats. Particular modules embrace assault methodology, Home windows client- and server-side assaults, Linux assaults, community detections, and antivirus alerts and evasion. Incomes the OSDA could open job alternatives as a menace hunter, incident responder, or defensive-focused safety engineer. Throughout the examination, college students have 24 hours to determine and reply to threats in a lab atmosphere and a further 24 hours to submit an incident response report. Whereas there aren’t any formal conditions to OSDA, OffSec recommends data of TCP/IP networking, Home windows and Linux, and normal cybersecurity ideas.
Coaching and examination charges: US$1,749, course plus examination
Common pay premium: 10%
Market worth improve: 11.1%
Offensive Safety Exploitation Professional (OSEE)
OffSec’s Offensive Safety Exploitation Professional is a vendor-specific certification, specializing in superior Home windows exploitation. As a penetration testing course, the fabric dives deep into subjects reminiscent of superior heap manipulations and disarming WDEG mitigations. Certificates holders can determine problematic code in Home windows working methods and develop exploits. For the sensible examination, candidates should full a complete penetration check of software program and create an exploit inside a lab atmosphere — all inside 72 hours. To qualify, you will need to have expertise debugging, creating Home windows exploits, and utilizing the next applied sciences: WinDBG, x86_64, IDA Professional, and primary C/C++ programming. OffSec recommends finishing its 300-level certifications earlier than OSEE, which it calls its hardest course.
Coaching and examination charges: OffSec affords solely instructor-led, in-person coaching. Enterprises ought to inquire for extra info.
Common pay premium: 10%
Market worth improve: 11.1%
