Cybersecurity certification roadmap
A working map of 74 cybersecurity certifications across 14 career tracks — what they cost, what they pay, who's hiring, and how they slot into a real CISO career path.
Why a certification roadmap matters
Cybersecurity is one of the few fields where certifications materially gate role access. The DoD 8570 mandate makes Security+ a prerequisite for most government IT positions; CISSP is the de-facto signal for senior management hires; OSCP is the credibility check for offensive-security roles. The right certification stack at the right career stage is the difference between getting hired and getting screened out.
How the categories map to career tracks
Foundational certifications (Security+, CC, eJPT) are entry points for career changers and IT-to-security transitions. Defensive Security and Offensive Security are the two operational tracks — SOC analyst → senior IR → architect on the defensive side, junior pentester → senior red-teamer → researcher on the offensive side. Management & Governance (CISSP, CISM, CRISC, CGRC) is where most CISO-track careers consolidate. Cloud Security is now a near-required specialization given how cloud-native most enterprises have become. AI & ML Security is the newest track, with a small but rapidly-growing set of credentials. Forensics, Compliance, DevSecOps, Architecture, and the Specialized tracks (ICS/OT, mobile, threat intel) cover the deeper specializations that emerge mid-career.
Browse by career track
- Foundational Certifications Entry-level certifications for professionals new to cybersecurity or IT. These provide fundamental knowledge i… 5 certs
- AI & Machine Learning Security Emerging certifications focused on securing AI systems, defending against AI-driven threats, and implementing … 4 certs
- Management & Governance Advanced certifications for security leaders, managers, and governance professionals. These focus on strategic… 7 certs
- Offensive Security Certifications for penetration testers, ethical hackers, and red team professionals. These focus on attack tec… 8 certs
- Defensive Security Certifications for security defenders, incident responders, and threat hunters. These focus on detecting, anal… 8 certs
- Cloud Security Certifications for cloud security professionals, cloud architects, and cloud security engineers. These focus o… 5 certs
- Digital Forensics & Incident Response Certifications for digital forensics professionals, incident responders, and investigators. These focus on evi… 6 certs
- Compliance & Privacy Certifications for compliance officers, privacy professionals, and auditors. These focus on regulatory complia… 6 certs
- Vendor-Specific Certifications from major technology vendors including Cisco, Palo Alto Networks, Fortinet, Check Point, and o… 8 certs
- Blockchain & Crypto Security Certifications for blockchain security professionals, crypto security specialists, and Web3 security engineers… 3 certs
- DevSecOps & Secure Development Certifications for DevSecOps professionals, secure developers, and application security engineers. These focus… 3 certs
- Quantum & Post-Quantum Security Emerging certifications for quantum security professionals. These focus on quantum computing threats, post-qua… 2 certs
- Security Architecture & Design Certifications for security architects and designers. These focus on designing secure systems, security archit… 4 certs
- Specialized Security Domains Certifications for specialized security domains including IoT security, industrial control systems, threat int… 5 certs
How to use this map
Identify which 2–3 categories match your target career direction. Within each, sort by level (entry → intermediate → advanced) to plan a multi-year sequence rather than a single one-off cert. The cost and study-time fields are realistic — entry-level certs are typically $200–400 and 2–4 months; advanced practical certs (OSCP, CISSP) run $700–800 and 6+ months. Plan accordingly.
Inside CISO Game
The same 70+ certifications are browseable inside the in-game Education panel with a 7-step quiz that scores your fit across the catalog and surfaces your top-5 matches with reasons. Use it while playing — running a 5-year scenario gives you concrete context for which kinds of expertise actually move which kinds of programs.