Cyber Security Certifications and Skills: What Employers Want

What certifications and skills are needed for a career in cyber security? That’s a pressing question, especially as employers continue to hunger for technologists who can secure their systems; landing one of these positions can lead to a lucrative and long-running career.

First, the highlights: according to Burning Glass, which collects and analyzes millions of job postings from across the country, cyber security and information-security engineers and analysts are primed to enjoy 28.5 percent growth in jobs over the next decade. The median salary is $95,721, drifting up to $107,000 for those with more than nine years of experience—although as we all know, having the right skills and certifications can send that dollar amount much higher.

Key Cyber Security Certifications

As part of its job-postings analysis, Burning Glass counts how often employers ask for particular cyber security certifications. In what should hopefully come as no surprise, companies want their cyber security warriors certified in a variety of ways. Here are the certifications that popped up most frequently within the past year:

Many of these credentials come into play if you’re seeking a role in which you architect a company’s cyber security infrastructure. For example, CISSP, a vendor-neutral and advanced-level credential offered by the ISC2 (International Information Systems Security Certification Consortium), demands knowledge of everything from security and risk management to software development security. It’s meant for those professionals who want to show that they can develop and guide security standards and procedures throughout an organization. 

Then you have the Certified Information Security Manager certification (CISM), administered by the Information Systems Audit and Control Association – ISACA, which is likewise meant for those responsible for developing organization-wide security practices.

Another popular one, CompTIA Security+, is approved by the United States Department of Defense and is compliant with the standard for ISO-17024.

This list from Burning Glass doesn’t touch on some other popular certifications out there, including Certified Ethical Hacker (CEH) or Sans GIAC Security Essentials (GSEC), although other lists (including a recent one from research firm CyberSeek) tout them as certifications to have. Companies have very specific wants when it comes to certifications—and it’s a good bet they’ll want at least some of the ones listed above.

Key Cyber Security Skills

For those interested in a career in cyber security, there are a lot of benefits, including a strong sense of mission (you have to defend an organization and its customers against all sorts of insidious stuff), multiple learning opportunities (seriously, you’ll never stop learning), and the possibility of high salary and great perks.

In order to break into a career, though, you’ll need the right skills. Fortunately, Burning Glass breaks down the tiers of skills that one needs to excel within various professions. These include: 

Distinguishing skills (advanced skills called for occasionally) that truly differentiate candidates applying for various roles. As you might expect, there’s a lot of education and training necessary to master these.

Defining skills are the skills needed for day-to-day tasks in many roles.

Necessary skills are the lowest barrier to entry; they are also skills that are often found in other professions, providing a springboard for people to launch into a data-science career. 

What jumps out at us? In order to break into the cyber security industry, you’ll need a basket of “tactical” skills such as Python and Linux, along with an awareness of how software development works. Pretty straightforward! As you progress in your career, though, you’ll need to gain a better awareness of how a company’s cyber security strategy aligns with broader regulations and standards—hence the need for truly distinguished cyber security warriors to know everything about the Federal Information Security Management Act, for instance.

That might seem like an intimidating career arc, but spread out over enough years, you have plenty of time to learn the necessary skills and take the right cyber security training courses (especially if you’re a younger Millennial just starting out).

In addition to these skills, it’s also worth familiarizing yourself with tools such as Snort, Wireshark, and others. These tools allow cyber security experts to troubleshoot networks and detect attacks.

The cyber security landscape isn’t going to calm down anytime soon; despite years of high-profile breaches, it’s virtually assured that other companies will find their databases hacked and cracked. According to ISACA’s State of Cyber Security 2019 Report, 69 percent of organizations have understaffed cyber security teams. This cyber security labor shortage creates a prime opportunity for technologists who dream of keeping others safe.

2 Responses to “Cyber Security Certifications and Skills: What Employers Want”

  1. So, you can’t break into this “in demand” field unless you already have an impressive management resume, including project management experience.

    I wish I’d known that before I took out those loans for worthless certs. I’m sure they’ll find an Indian to do their cybersecurity instead.

  2. I agree with the previous comment. You also can’t break into the Cyber Security field unless you have “relative experience”. Even ‘entry-level’ positions I see posted want so many years of ‘relative experience’. The private does not wish to train anyone up and neither does the public sector (unless you have a military background). There are many IT professionals out there that can easily make the transition to Cyber Security but they don’t have ‘relative experience’. Help Desk support has very little to do with true Cyber Security and pays little. No experienced IT professional is going to go that route. As far as I am concerned, all of these companies looking for Cyber Security professionals can go #*&$_ themselves. I went back to Software Engineering.