An Overview of Cybersecurity Certifications in Australia

As the privacy industry matures, we’re seeing more privacy and security jobs seeking professionals who have cybersecurity certifications.  

In this post, we provide an overview of some of the most recognised cybersecurity certifications in Australia, including information about prerequisites and where they can take your career.  

Cybersecurity Certifications in Australia 

Certified Information Systems Security Professional (CISSP) 

Offered by (ISC)², the CISSP certification is perhaps the most recognized cybersecurity certification. IT focuses on various aspects of information security, including risk management, cryptography, security operations, and more. The CISSP certification is broadly considered to be quite technical (more technical than the CISM for example) but it aimed at security managers. 

Specifically, the course covers:  

  • Security and risk management.  
  • Asset security.  
  • Security architecture and engineering.  
  • Communication and network security.  
  • Identity and access management.  
  • Security assessment and testing.  
  • Security operations.  
  • Software development and security.  

Typical CISSP Candidates are professionals with at least 5 years of information security experience, including:  

  • Chief Information Security Officer 
  • Chief Information Officer 
  • Director of Security 
  • IT Director/Manager 
  • Security Systems Engineer 
  • Security Analyst 
  • Security Manager 
  • Security Auditor 
  • Security Architect 
  • Security Consultant 
  • Network Architect.  

To gain the certification you must pass the exam (which is challenging), sign up to the code of ethics and complete an application form that includes detail of your experience to demonstrate how you meet the practical experience requirement.  More information about the practical experience requirements can be found here. 

Certified Information Security Manager (CISM) 

Offered by ISACA, the CISM certification is designed for professionals in IT governance and management, focusing on security strategy, risk management, incident management, and program development. Typically, CISM-test-takers are required to have five or more years of experience in information security management before taking the exam. Though, experience waivers may be provided for up to two years.  

The CISM is considered to be a fairly practical cyber security course, with ISACA’s website outlining that 70% of CISM-certified professionals experienced on-the-job improvement (and 42% reported a pay boost).  

It is geared towards security professionals who design and manage organisational information security programs and includes a focus on linking that program to the broader business goals. As a result, it tends to be favoured by IT professionals looking to make the move to management.  

The CISM body of knowledge is based on four domains: 

  • Information Security Governance 
  • Information Security Risk Management 
  • Information Security Program 
  • Incident Management. 

Certified Information Systems Auditor (CISA)  

Also provided by ISACA, the CISA certification validates expertise in auditing, controlling, and assessing information systems. It focuses on auditing processes, governance, and information system protection. Typically, CISA-test-takers have five or more years of experience in information security management before taking the exam. Though, experience waivers may be provided for up to three years. 

Specifically, the CISA exam covers the following domains: 

  • Information system auditing process. 
  • Governance and management of IT. 
  • Information system acquisition, development, and implementation.  
  • Information systems operation and business resilience.  
  • Protection of information assets.  

The CISA certification is beneficial for security professionals looking to advance in the following areas:  

  • Information Systems.  
  • IT Compliance.  
  • IT Governance  
  • IT Risk and Assurance.  
  • IT Consulting.  
  • IT Security.  
  • Project management in IT.  

More information about the certification is available here. 

CompTIA Security+ 

This vendor-neutral certification from CompTIA covers foundational knowledge of network security, compliance, operational security, threats, and vulnerabilities. It serves as a starting point for many professionals entering the information security field into entry-level roles.  

It is a good starting point for individuals looking to start working in: 

  • Business analysis.  
  • Cybersecurity management.  
  • Software development.  
  • Systems administration. 
  • MSP personnel. 
  • Security consulting.  

There are no mandatory prerequisites for the CompTIA Security+ certification, but CompTIA recommends completing their Network+ certification and getting two years of IT administration experience under your belt before taking the exam.  

GIAC Security Essentials Certification (GSEC) 

Offered by the Global Information Assurance Certification (GIAC) program, the GSEC certification covers fundamental security knowledge. This cybersecurity certification is vendor-neutral and provides a basic overview of the key concepts required to work in an entry-level cybersecurity position.  

The GSEC certification covers (amongst other things):  

  • Access control and password management.  
  • Cryptography.  
  • AWS and Microsoft Cloud fundamentals. 
  • Basic network security.  
  • Incident management and response.  
  • Linux fundamentals.  
  • Web communication security.  
  • Windows automation, auditing, forensics, security infrastructure, and services.  

There are no mandatory prerequisites, however, the GIAC recommends some background in networking and information systems.  

Offensive Security Certified Professional (OSCP)  

The OSCP certification, offered by Offensive Security, is highly regarded in the field of penetration testing. It requires candidates to pass a hands-on exam by exploiting various systems and providing comprehensive reports. It is considered to be more technically difficult to obtain than other penetration testing certifications.  

To take the OSCP, you must have a solid understanding of TCP/IP networking, alongside reasonable experience and understanding of Windows and Linux administration and Bash and/or Python scripting. 

Certified Ethical Hacker (CEH)  

Provided by the International Council of E-Commerce Consultants (EC-Council), the CEH certification validates skills in identifying vulnerabilities and weaknesses in computer systems through ethical hacking techniques. It is for industry professionals looking to work in penetration testing.  

The EC-Council recommends gaining at least two years experience working as an IT professional before taking the CEH certification exam. However, in lieu of experience, budding security professionals can choose to take the EC-Council’s free Cyber Security Essentials Training.  

The CEH certification requires test takers to demonstrate the following knowledge: 

  • Vulnerability assessment.  
  • Gaining access.  
  • Perimeter and web app exploitation.  
  • Mobile, IoT, OT exploitation.  

Cybersecurity Training with Privacy 108 

Privacy 108 can offer training for your team in some of the most popular privacy and cybersecurity certifications.  Contact us for more information. 

  • We collect and handle all personal information in accordance with our Privacy Policy.

  • This field is for validation purposes and should be left unchanged.

Privacy, security and training. Jodie is one of Australia’s leading privacy and security experts and the Founder of Privacy 108 Consulting.