Why you can trust ZDNET : ZDNET independently tests and researches products to bring you our best recommendations and advice. When you buy through our links, we may earn a commission. Our process

'ZDNET Recommends': What exactly does it mean?

ZDNET's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.

When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNET nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.

ZDNET's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.


The 7 best cybersecurity certifications: Become a security expert

What is the best cybersecurity certification? Cybrary is our top choice because it's an excellent online resource for free and paid video-based courses in cybersecurity. Cybersecurity certifications can help you stand out in a fast-growing industry.
Written by Charlie Osborne, Contributing Writer on
Close-up of a person wearing glasses leaning toward a computer screen. Lines of code reflect on the glasses.
Getty Images

The best cybersecurity certifications cover the right fundamental skills at the right price. Finding a good fit for the specific role you're applying for can be challenging, so we'll help you find the right choice.

We wanted you to get the most bang for your buck, so we compiled exhaustive research. We considered cost, prerequisites, course material, difficulty, and more to select our top picks. Below, we listed your best options to get you started and to help you stand out when you apply for a role in this lucrative field.

Cybrary is an excellent online resource for video-based courses in cybersecurity, suiting a range of skill levels and existing qualifications. 

You can enroll in courses that explain the fundamentals of particular career paths, whether as a system administrator or as a network engineer — and if you can ignore the cheesy thumbnails used to tout some of the courses, the actual content is valuable. The courses also come with an estimated time to completion and difficulty rating. 

You might want to explore some of these courses as introductory prep for other formal qualifications, such as the EC-Council's Certified Ethical Hacking (CEH) and CISSP. Virtual labs for tools including Wireshark and practice tests for qualifications including CompTIA Security+, CISM, and others are also available. 

However, it should be noted that the resources on offer, such as for the CEH, are not official courseware or lab sessions.

Also of note is that Coursera offers suggested "paths" toward professional qualifications in line with industry standards, such as those managed by NIST. Courses can also be completed at your own pace, and some do result in formal qualifications after you pass.

Some courses are free, while others require an enrollment or test fee. 


  • Excellent online resource for video-based courses in cybersecurity
  • Learn the fundamentals of a career as a system administrator or a network engineer
  • Some courses are free


  • Some courses require an enrollment or test fee

It might not be as exciting as learning about penetration tools, Cobalt Strike beacons, or password crackers, but a thorough understanding of networks is necessary for today's cybersecurity defenders. 

To get started, you should consider the CompTIA Network+ course, which teaches learners how to build a network from the ground up and how to identify different kinds of network topology and configurations. 

A solid foundation in networking protocols and standards can help you identify and understand network-based intrusions, propagation, and malware, including ransomware, operating on target networks.

You can take Security+, a baseline qualification in security concepts and roles, risk analysis, hands-on troubleshooting, and more from this entry-level course. The Security+ exam has had a recent refresh to SY0-601.


  • Learn how to build a network from the ground up 
  • Learn how to identify different kinds of network topology and configurations
  • The Security+ exam has had a recent refresh to SY0-601


  • N/A

The SANS Institute is a respected provider of professional cybersecurity courses, and SEC401 is described as a "bootcamp" for those with some existing knowledge of IT, networking, and security. 

While certainly not a cheap undertaking, the in-depth course covers security metrics, audits, risk assessments, network protection, incident detection and response, and more. 

SANS says the course "will provide the essential information security skills and techniques you need to protect and secure your critical information and technology assets, whether on-premise or in the cloud."

As a course for working professionals, SANS offers flexibility through on-demand, online, or in-person training.  You can complete the course virtually or in-person over six days.


  • Flexibility through on-demand, online, or in-person
  • In-depth course covers security metrics, audits, risk assessments, more
  • Learn essential information and security skills and techniques


  • Certainly not a cheap

Offensive Security's Penetration Testing with Kali Linux (PEN-200) is the organization's foundation course in using the Kali Linux OS for ethical hacking. 

The vendor's focus is on offense and hands-on learning rather than lectures, tickboxes, and completely academic study. Offensive Security encourages critical thinking and problem-solving with its "Try Harder" slogan. After all, if you can learn to think like an attacker, you can better protect systems against them. 

You will need a solid understanding of networking principles, and some understanding of Windows, Linux, and Bash/Python will help. 

Successfully completing the course will give you the OSCP certification — as long as you can handle the 24-hour exam. The vendor has recently added the course as an option on a subscription basis for busy individuals who need the flexibility to learn at their own pace. 


  • Learn to think like an attacker
  • Focus is on offense and hands-on learning


  • You will need a solid understanding of networking principles
  • Some understanding of Windows, Linux, and Bash/Python will help
  • 24-hour exam
  • Relatively expensive

CISSP, offered by the International Information System Security Certification Consortium, is one of the most well-known professional cybersecurity qualifications worldwide. 

The course covers the design and implementation of cybersecurity programs, including engineering, security architectures, risk management, identity and access management, and software security, among other topics. 

CISSP can be taken in the classroom and led by instructors in real-time, but you will need years of experience in the field as a prerequisite. Online training is possible, but costs vary. 


  • One of the most well-known professional cybersecurity qualifications
  • Can be taken in the classroom and led by instructors in real-time


  • You will need years of experience in the field as a prerequisite
  • Costs vary

ISACA Certified Information Security Manager (CISM) certification is focused on four areas: information security governance, risk management, infosec program creation and management, and security incident management. 

Therefore, this qualification isn't suitable as a foundation course but rather could be valuable to move up the management chain in an enterprise security role. To become certified, you need to both pass the exam and have acceptable work experience. Still, afterwards, ISACA says the average salary of a CISM-certified individual can reach $118,000 (although there is an annual maintenance fee). 

If you're interested in this course, it should be noted that the old syllabus was retired in June 2022 to make way for an updated exam. 


  • Valuable to move up the management chain in an enterprise security role
  • Newly updated exam


  • Isn't suitable as a foundation course 
  • Certification requires you to pass the exam and have acceptable work experience

Global Information Assurance Certification (GIAC) is an institution that offers an array of IT and cybersecurity qualifications. 

GIAC's offerings include topics such as security administration, management, legal, auditing, cyberforensics, and software security. Depending on your areas of interest, you can follow roadmaps with suggested courses to broaden your knowledge and skill set. 

GIAC is an affiliate of the SANS Institute, and some courses, such as GIAC Security Essentials, correspond to training offered by its partner organization. 

Prices vary for different certifications.


  • Offers an array of IT and cybersecurity qualifications
  • Learn security administration, management, legal, auditing, cyberforensics, etc
  • An affiliate of the SANS Institute


  • Prices vary for different certifications

What is the best cybersecurity certification?

Cybrary is our top choice for cybersecurity courses, but one size doesn't fit all

Choosing a course should depend on your knowledge level and current skill set. Rather than jump right in with an advanced qualification, you may need to spend time learning the basics with a CompTIA, or you may already have enough industry experience to tackle one of the more advanced courses on our list. 

How did we select these cybersecurity certifications?

While compiling our recommendations, we covered a range starting from entry-level and broad courses designed to give you foundational knowledge in IT — from the hardware to networks and how systems communicate — to more advanced technical certifications valued by employers. 

Should you pay for a course?

If you're unsure, check out free courses on Cybrary, YouTube tutorial videos, and Hack The Box before you sign up for a qualification. We especially recommend these options for those who are not completely sure they want a career in cybersecurity.

Is it really important to learn about networking and PCs first?

Yes. If you don't understand the fundamentals, this will lead to a flawed understanding of cybersecurity concepts. You should take the time to build yourself a foundation in IT knowledge first rather than go straight into playing with pen testing software. 

However, it's also important to have fun with it, and there are plenty of legal online hubs for learning about cybersecurity — without landing yourself in hot water. 

Do you have to be certified?

There is a range of options out there: being self-taught, apprenticeships, degrees, and professional qualifications. If you're serious about a career in cybersecurity and want to eventually move up the ladder, qualifications can give you a good start, just as in many other fields. 

Will a cybersecurity certification get you employed?

A certification alone is likely not enough to get you a job. The average recruiter for a cybersecurity career looks for candidates with at least a bachelor's in computer science degree

It's not uncommon for your competition to have a computer science master's. A graduate-level education is a great way to further your knowledge in vital skills like digital forensics, ethics, biometry, cryptography, and more. Before you invest in a cybersecurity certification, we suggest that you secure the proper education first. 

Since the right credentials are key to employment, we did all the research for you and compiled your best schools and programs for cybersecurity, plus a list of the best online cybersecurity degrees.

However, the right certification is a great way to supplement your resume to stand out amongst the competition if you already have your degree.

What is the average salary in cybersecurity?

A typical salary for a cybersecurity professional ranges from $70,000-$120,000, according to the U.S. Bureau of Labor Statistics (BLS). The median wage was $102,600 as of May 2022. 

As a bonus, according to the BLS, cybersecurity jobs are projected to grow 33% from 2020 to 2030. This positive job outlook not only towers over the average occupation, but it also creates substantial job security. 

So, becoming certified may help you be successful in the future.

Are there alternative certifications worth considering?

In addition to cybersecurity, becoming a certified ethical hacker can be a rewarding career. In our review of the best ethical hacking certifications, we chose EC-Council CEH as our top choice because it is globally recognized, among other things.

Editorial standards