These are my personal notes. Read them at your own risks!
I'm not responsible for potential wrong assumptions, ideas, philosophies and practices.
Q: Which cert should I take? -
A: Focus on most recognized certs first. If less known ones supports your learning goal, you can take them too.
Q: Should I keep renewing certs? -
A: Depending on job sectors you're working now or will be working in future.
Q: Should I take all certs? -
A: If you enjoy taking them all, it's your personal choice but never take them just to show off.
Q: Should I invest in expensive cert like SANS?
A: Whether a thing is worth depends on how you value it or how it is beneficial to your professional/personal hobby projects.
Offensive Security Experienced Penetration Tester (OSEP)
ELearnSecurity Penetration Tester Xtreme (eCPTx)
Pentester Academy Certified Red Teaming Expert (CRT Expert)
Pentester Academy Certified Red Teaming Professional (CRT Pro)
Pentester Academy Certified Enterprise Security Specialist (PACES)
CREST Certified Simulated Attack Specialist (CCSAS)
CREST Certified Simulated Attack Manager (CCSAM)
ZeroPointSecurity - Certified Red Team Ops - https://www.zeropointsecurity.co.uk/
Mossé Cyber Security Institute - Certified Red Teamer
Certified Red Team Operations Professional (CRTOP) - https://www.iacertification.org/crtop_certified_red_team_operations_professional.html
GIAC Cloud Penetration Tester (GCPN) - https://www.sans.org/cyber-security-courses/cloud-penetration-testing/
Pentester Academy Container Security Professional (PACOSP)
Pentester Academy Cloud Security Professional (PACSP)
Microsoft Certified: Azure Security Engineer Associate
AWS Certified Security - Specialty
Certified DevSecOps Professional - https://www.practical-devsecops.com
Certified DevSecOps Expert - https://www.practical-devsecops.com
DevSecOps Foundation (DSOF) - https://www.practical-devsecops.com
Certified DevSecOps Architect - https://www.practical-devsecops.com
Certified DevSecOps Leader - https://www.practical-devsecops.com
Alibaba Cloud Certified Professional - Security
Alibaba Cloud Certified Associate - Security
DevOps certifications - https://devopsinstitute.com/
Certified Kubernetes Security Specialist (CKS) - https://www.cncf.io/certification/cks/
Certified Blockchain Security Professional - https://blockchaintrainingalliance.com/products/cbsp
Offensive Security Certified Professional (OSCP) - latest revision: 2020
CREST Certified Infrastructure Tester (CCT - Infra)
CREST Registered Penetration Tester (CRT)
EC-Council Licensed Penetration Tester (LPT-Master)
ELearnSecurity Certified Professional Penetration Tester (eCPT)
GIAC Penetration Tester (GPEN)
Mile2 Certified Penetration Testing Consultant (CPTC)
Mile2 Certified Penetration Testing Engineer (CPTE)
Mossé Cyber Security Institute - Certified Penetration Tester
CREST Wireless Specialist
Offensive Security Wireless Professional (OSWP)
SANS GIAC Assessing and Auditing Wireless Networks (GAWN)
Pentester Academy WiFi Security Professional (PAWSP)
CREST Certified Web Application Tester (CCT - App)
GIAC Web Application Penetration Tester (GWAPT)
Offensive Security Web Expert (OSWE)
ELearnSecurity Web application Penetration Tester eXtreme (eWPTX)
ELearnSecurity Web application Penetration Tester (eWPT)
ELearnSecurity Mobile Application Penetration Tester (eMAPT)
GIAC Mobile Device Security Analyst (GMOB)
ELearnSecurity Certified eXploit Developer (eCXD)
GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
GIAC Python Coder (GPYC)
Offensive Security Exploit Developer (OSED)
Offensive Security Exploitation Expert (OSEE)
CREST Certified Malware Reverse Engineer
SANS GIAC Reverse Engineering Malware (GREM)
ELearnSecurity Certified Reverse Engineer
Certified Data Privacy Solutions Engineer by ISACA
SECO Data Protection Officer - https://www.seco-institute.org/certifications/certified-data-proctection-officer-cdpo/
EC-Council Certified Application Security Engineer (CASE) Java/.Net
EC-Council Certified Blockchain Professional (CBP)
EC-Council Certified Encryption Specialist (ECES)
ELearnSecurity Web Defense Professional
ISC2 - Certified Secure Software Lifecycle Professional
ISC2 .Net: Secure Software Practitioner
ISC2 Architect: Secure Software Practitioner
ISC2 iOS: Secure Software Practitioner (swift + ios)
ISC2 Java: Secure Software Practitioner
Mile2 Certified Secure Web Application Engineer
SANS GIAC Certified Web Application Defender (GWEB)
SANS GIAC Secure Software Programmer- .NET (GSSP-.NET)
SANS GIAC Secure Software Programmer-Java (GSSP-JAVA)
CREST Certified Technical Security Architect
CREST Registered Technical Security Architect
GIAC Defensible Security Architecture (GDSA)
CREST Certified Threat Intelligence Manager
CREST Registered Threat Intelligence Analyst
EC-Council Certified Threat Intelligence Analyst (C|TIA)
GIAC Cyber Threat Intelligence (GCTI)
ELearnSecurity Threat Hunting Professional
Mossé Cyber Security Institute - Certified Threat Hunter
CompTIA (CASP) Advanced Security Practitioner
CompTIA Cybersecurity Analyst+ (CSA+)
CREST Certified Intrusion Manager
EC-Council Advanced Network Defense
ELearnSecurity Network Defense Professional
GIAC Defending Advanced Threats (GDAT)
ISCA CSX Practitioner
Mossé Cyber Security Institute - Certified Blue Teamer
Mossé Cyber Security Institute - Certified Security Engineer
SANS Certified Intrusion Analyst
SANS Certified Perimeter Protection Analyst
SANS Certified UNIX Security Administrator
SANS Certified Windows Security Administrator
SANS GCCC (Critical Controls)
SANS GIAC Certified Enterprise Defender
ACE: AccessData Certified Examiner
Certified Computer Examiner (CCE)
CFCE: Certified Forensic Computer Examiner
EC-Council CHFI: Computer Hacking Forensic Investigator
EnCe: EnCase Certified Examiner
GIAC Advanced Smartphone Forensics (GASF)
GIAC Certified Forensic Analyst (GCFA)
GIAC Certified Forensic Examiner (GCFE)
GIAC Network Forensic Analyst (GNFA)
GIAC Reverse Engineering Malware (GREM)
CREST Certified Host Intrusion Analyst
CREST Certified Incident Manager
CREST Certified Network Intrusion Analyst
CREST Practitioner Intrusion Analyst
CREST Registered Intrusion Analyst
CyberSec First Responder: Threat Detection and Response
EC-Council CERTIFIED SOC ANALYST (CSA)
ELearnSecurity Certified Incident Responder
GIAC Continuous Monitoring Certification (GMON)
SANS Certified Detection Analyst
SANS GIAC Certified Incident Handler
SANS GIAC Critical Infrastructure Protection
SANS GIAC Global Industrial Cyber Security Professional
SANS GIAC Response and Industrial Defense
CSA Certificate of Cloud Security Knowledge (CCSK)
EC-Council - C|CISO (Chief Information Security Officer)
GIAC Information Security Professional (GISP)
ISC2 Certified Cloud Security Professional (CCSP)
ISC2 Certified Information Systems Security Professional (CISSP)
ISC2 Healthcare Security Certification (HCISPP)
ISC2 Information Systems Security Architecture Professional (CISSP-ISSAP)
ISC2 Information Systems Security Engineering Professional (CISSP-ISSEP)
ISC2 Information Systems Security Management Professional (CISSP-ISSMP)
Mile2 Certified Cloud Security Officer (CSO)
Mile2 Certified Information Systems Security Officer (CISSO)
Mile2 Certified Security Leadership Officer (CSLO)
SANS GIAC Certified Project Manager (GCPM)
SANS GIAC Security Leadership (GSLC) - MGT512
SANS GIAC Strategic Planning, Policy, and Leadership (GSTRT) MGT514
ISACA Certified in Risk and Information Systems Control (CRISC)
ISACA Certified in the Governance of Enterprise IT (CGEIT)
ISACA Certified Information Security Manager (CISM)
ISACA Certified Information Systems Auditor (CISA)
SANS GIAC Legal Law of Data Security & Investigations (GLEG)
AWS Certified Security - Specialty
Cisco Security Certification (CyberOPS, Security Tracks)
EC-Council
ELearnSecurity
International Society of Forensic Computer Examiners, also known as ISFCE
ISACA
ISC2
Mile2
Mossé Cyber Security Institute
Offensive Security
Pentester Academy
Professional Certified Investigator (PCI)
SANS / GIAC