Earn college credits for your cybersecurity related certifications!
The following certifications can be used for 3 elective credit hours each, up to 6 hours of undergraduate elective credits, or 3 hours of graduate elective credits, for Cybersecurity majors.
Restrictions
- Certifications that overlap in content (such as CEH, GPEN, and GWAPT) may only be applied toward a maximum of three credit hours, even if multiple related certifications are earned.
- To be eligible for credit, a certification must have been earned within the past four (4) years or remain currently valid. If the certification is older than four (4) years, students must upload documentation of renewal or other proof that the certification is still active.
Refer to the Cybersecurity Certification Student Roadmap for additional information.
Cybersecurity Certification Student Roadmap
Pursuing professional certifications can be a way to build credibility, validate technical skills, and open doors to cybersecurity careers. At the same time, students should recognize that certifications are also big business. The organizations that create and market them profit not only from exam fees but also from associated training programs. As you advance in your career, remember that while certifications can be valuable, they are not the only measure of competence. Employers who require specific certifications should be willing to invest in their workforce by covering the cost of exams and training, ensuring that certifications serve both the individual and the organization.
Suggested Path
- Beginner (Year 12): Network+, Security+/GSEC
- Intermediate (Year 23): CySA+, GCIH, GPYC
- Advanced (Year 34): GREM, GCFE, and/or Red Team (CEH/GPEN/GWAPT/OSCP) OR Blue Team (CISA/CRISC/CCSP)
- Early Career (03 years): OSCP/CCSP or expand into multiple tracks
- Leadership (35+ years): CISM, CISSP
CompTIA Security+ (or GIAC GSEC)
Description: Entry-level security certification validating core skills in threats, risk, cryptography, identity, and compliance.
Career Relevance: Provides a strong foundation for all cybersecurity career paths (operations, analysis, management, auditing).
Links:
- CompTIA Security+:
- GIAC Security Essentials (GSEC):
CompTIA Network+
Description: Covers core networking concepts including protocols, routing, switching, wireless, troubleshooting, and basic security.
Career Relevance: Networking is the foundation of cybersecurity; understanding how systems connect is critical before moving into security analysis or penetration testing.
Link:
CompTIA CySA+
Description: Focuses on detecting, analyzing, and responding to cybersecurity threats using behavioral analytics.
Career Relevance: Fits well for students entering SOC (Security Operations Center) roles or incident analysis positions.
Link:
GCIH GIAC Certified Incident Handler
Description: Validates skills for detecting, responding to, and resolving security incidents.
Career Relevance: Hands-on credential for aspiring incident responders and SOC analysts.
Link:
GIAC Python Coder (GPYC)
Description: Demonstrates ability to write and analyze Python scripts for automation, data analysis, and security tasks.
Career Relevance: Coding ability increasingly separates top-tier analysts and penetration testers from peers; great for students with programming interest.
Link:
Offensive Security Track (Red Team)
CEH Certified Ethical Hacker (or GIAC GPEN / GIAC GWAPT)
Description: Teaches penetration testing tools and hacker tactics. GPEN emphasizes structured penetration testing, while GWAPT specializes in web application testing.
Career Relevance: Ideal for aspiring penetration testers, vulnerability assessors, and red team members.
Links:
- CEH:
- GPEN:
- GWAPT:
OSCP Offensive Security Certified Professional
Description: One of the most respected hands-on penetration testing certifications; requires exploiting real systems in a timed exam.
Career Relevance: Demonstrates deep, practical offensive security skills; highly valued by employers.
Link:
Defensive / Risk & Audit Track (Blue Team & Governance)
CISA Certified Information Systems Auditor
Description: Focuses on auditing IT systems, compliance, and governance.
Career Relevance: Ideal for students interested in IT audit, risk assessment, or governance roles.
Link:
CRISC Certified in Risk and Information Systems Control
Description: Concentrates on enterprise risk management and IT controls.
Career Relevance: Strong choice for students targeting governance, risk, and compliance (GRC) careers
Link:
CCSP Certified Cloud Security Professional
Description: Covers cloud security architecture, design, and operations across providers.
Career Relevance: Cloud is central to modern IT; this credential is in high demand for securing cloud environments.
Link:
GREM GIAC Reverse Engineering Malware
Description: Validates ability to dissect malicious code, reverse-engineer malware, and analyze exploits.
Career Relevance: Ideal for students interested in malware research, threat intelligence, and advanced SOC/IR roles. Highly technical, suited for those with programming and low-level OS knowledge.
Link:
GCFE GIAC Certified Forensic Examiner
Description: Focuses on digital forensics, including evidence acquisition, Windows system forensics, and investigative techniques.
Career Relevance: Perfect for students pursuing careers in digital forensics, law enforcement, or incident response investigations.
Link:
CISM Certified Information Security Manager
Description: Focuses on managing enterprise security programs, risk, and governance.
Career Relevance: Prepares students for future leadership roles; highly respected for security managers.
Link:
CISSP Certified Information Systems Security Professional
Description: Comprehensive certification covering eight domains of security (e.g., architecture, asset security, software development, risk).
Career Relevance: Globally recognized as the gold standard for experienced security professionals; essential for senior or leadership positions.
Link:
| Certification | Description | Organization | Link |
|---|---|---|---|
| CCSP Certified Cloud Security Professional | Covers cloud security architecture, design, operations, compliance, and risk management. |
(梆釦唬)簡 |
|
| CEH Certified Ethical Hacker (or GPEN, or GWAPT) | Validates knowledge of hacking tools and techniques to identify vulnerabilities. |
EC-Council |
|
| CISA Certified Information Systems Auditor | Emphasizes auditing, control, and assurance for information systems. |
ISACA |
|
| CISM Certified Information Security Manager | Focuses on information security governance, risk management, program development, and incident management. |
ISACA |
|
| CISSP Certified Information Systems Security Professional | The gold standard for experienced security professionals overseeing broad security programs. |
(梆釦唬)簡 |
|
| CompTIA Network+ | Although NOT a security cert, networks are foundational to cybersecurty. Practitioners can't secure what they don't understand. |
|
|
| CRISC Certified in Risk and Information Systems Control | Centers on enterprise-level IT risk management and control. |
ISACA |
|
| CySA+ Cybersecurity Analyst+ | Middle-level cert for threat detection, analysis, interpretation, and response using behavioral analytics. |
CompTIA |
|
| GCFE - GIAC Certified Forensic Examiner | Validates knowledge of computer forensic analysis, with an emphasis on core skills required to collect and analyze data. |
GIAC / SANS |
|
| GCIH - GIAC Certified Incident Handler | Tailored for those handling computer security incidents by understanding common attack techniques and responding efficiently. |
GIAC / SANS |
|
| GIAC Python Coder (GPYC) | Secure coding and scripting |
GIAC / SANS |
|
| GPEN - GIAC Penetration Testing (or CEH or GWAPT) | For professionals conducting comprehensive penetration testing and ethical hacking. |
GIAC / SANS |
|
| GREM - GIAC Reverse Engineering Malware Certification | designed for technologists who protect the organization from malicious code |
GIAC / SANS |
|
| GSEC - GIAC Security Essentials (or Security+) | A comprehensive entry point for security professionals covering networking concepts, principles of network security, internet security technologies, secure communications, Windows security, and Linux security |
GIAC / SANS |
|
| GWAPT - GIAC Web Application Penetration Tester (or CEH or GPEN) | Validates an individuals ability to assess web applications for security vulnerabilities, exploit common weaknesses, and apply penetration testing methodologies to strengthen web application defenses. |
GIAC / SANS |
|
| OSCP Offensive Security Certified Professional | Hands-on, technical penetration testing certification requiring practical lab work. |
Offensive Security |
|
| Security+ (or GSEC) | Entry-level cybersecurity credential covering foundational principles. |
CompTIA |