You know cybersecurity certifications are important to a career of patching vulnerabilities and securing networks. But the world of certifications is often a confusing one. What answers do you need?
Cybersecurity remains one of the hottest sectors of the tech industry, with corporate bosses and boards of directors concerned that the next breach or attack could mean the end of their company. Given that demand, cybersecurity experts with the right mix of skills and experience can see their careers skyrocket, whether it’s a sought-after promotion or a pay boost—provided they have the right cybersecurity certifications.
What kind of job market is available for technologists with the right cybersecurity certificates and skills? The International Information System Security Certification Consortium, (ISC)², finds that, while there are currently about 2.8 million security professionals working worldwide, another 4 million trained professionals are needed to close the security “skills gap.” That’s an increase of 145 percent.
And it’s not just a matter of hiring dedicated cybersecurity professionals. Many technology jobs will increasingly involve cybersecurity skills. Check out this chart generated from data compiled by Burning Glass, which collects and analyzes millions of job postings from across the country:
While the market is ripe for security professionals, experience still matters. Having the right cybersecurity certificate can not only put cybersecurity-minded technologists on the right path, but also open up the door to a better position or higher salary.
“Cybersecurity certifications are the most popular worldwide because hackers are becoming more sophisticated in their attacks,” stated the 2019 IT Skills and Salary Report published by Global Knowledge, an IT training firm. “These are the critical skills needed in every organization.”
The question, then, for those either looking to get into cybersecurity or expand their current security knowledge base is: Where to begin?
Does Cybersecurity Have an ‘Official’ Certification?
While security remains a hot topic, experts tell Dice that there is no one single cybersecurity certification that acts as a standard for the entire industry.
Industry insiders believe that whether to gain a cybersecurity certificate truly depends on what a security professional’s end-goal is. Do they want to enter the manager track and eventually become a CISO? Or does a candidate want to specialize in a particular field, such as containers or Kubernetes, said Leo Pate, an application security consultant at nVisium, a Virginia-based application security provider.
“It depends on what you’re trying to learn and where you are going to work,” Pate said. “Not all certifications are created equal, so make sure the one you are spending time, money, and energy into obtaining is ‘worth’ it.”
How Many Cybersecurity Certifications Are There?
When it comes to cybersecurity certifications, there is no centralized “list” of commonly accepted certs. Here are some of the more common ones:
Many organizations offer multiple security certificates depending on what skill set a candidate is looking to become an expert in.
For instance, (ISC)², which is a non-profit training and education organization, offers a number of cybersecurity certifications for its membership, including Certified Information Systems Security Professional (CISSP), Information Systems Security Architecture Professional (CISSP-ISSAP), Information Systems Security Engineering Professional (CISSP-ISSEP), Information Systems Security Management Professional (CISSP-ISSMP) and others.
Other training organizations, such as the SANS Institute, CompTIA and the Information Systems Audit and Control Association (ISACA), offer numerous other certifications for their members and security pros looking to expand their knowledge base. A number of the biggest tech companies, such as Microsoft, Red Hat, Oracle and Cisco, offer their own cybersecurity certificates, as well.
And while there are even more cybersecurity certificates, the purpose of attaining one or more of these is to allow security professionals to better market themselves to recruiters and potential bosses, said Andre Barrutia, director of talent acquisition at Coalfire, a cybersecurity advisory services firm.
“The benefits of certifications make the individual more marketable,” Barrutia told Dice. “Recruiters often leverage keyword certifications in passive candidate search. Additionally, clients prefer to see individuals with a strong list of certification credentials.”
What Are the Best Cybersecurity Certifications?
While the value of the cybersecurity certificates are in the eye of the beholder (i.e., the company doing the hiring), many agree that the CISSP certificate offered by (ISC)² is typically well-regarded by other security professionals, recruiters and employers.
If starting out or looking to break into security, industry insiders point to CompTIA’s Security+ or the Global Information Assurance Certification (GIAC) Information Security Fundamentals (GISF) as places to start. For those already in the profession and looking for a way to move up by getting more cybersecurity certificates, the Information Systems Audit and Control Association (ISACA) Certified Information Security Manager (CISM) certification is a worthwhile pursuit.
Other cybersecurity certificates that are also part of the wider conversation include Certified Ethical Hacker (CEH),Offensive Security Certified Professional (OSCP), Certified Information Security Auditor (CISA), GIAC Certified Incident Handler (GCIH), Certificate of Cloud Security Knowledge (CCSK), Qualified Security Assessor (QSA), Offensive Security Certified Expert (OSCE) and Offensive Security Wireless Professional (OSWP) among others.
What Cybersecurity Certifications Do Employers Search For?
Much of what employers search for when it comes to cybersecurity certificates is determined by the security needs of the company or firm. For instance, if the enterprise needs penetration testers, recruiters might be on the look for cybersecurity certifications such as the GIAC Certified Penetration Tester (GPEN) or the GIAC Certified Intrusion Analyst (GCIA).
And while CISSP is needed for management positions moving up the corporate ladder, Pate adds that other companies, especially those with a digital transformation agenda, might explore outside the more established areas.
“If you’re looking to be an expert in something like Kubernetes, then CISSP won’t help and you should look at more specific certifications, like the Cloud Native Computing Foundation,” Pate said.
Which Cybersecurity Certifications Are in Demand?
What cybersecurity certificates are in demand can vary depending on region. In the Global Knowledge salary survey, researchers note that the most popular cybersecurity certification in North America is CISSP, while ISACA’s CISAcertificate is in demand in other global regions.
In addition, the Global Knowledge survey notes that many security professions can get salary bumps or position themselves for promotion when they cross-certify with different cybersecurity certificates. In the case of ISACA certifications, Global Knowledge reports that security professionals see a pay increase when these cybersecurity certificates are combined with AWS-certified professionals.
Other ISACA cybersecurity certifications also work with CompTIA, Cisco and Microsoft, resulting in a pay increase, according to the report: “Cybersecurity certifications traditionally pay well, but ISACA certifications in general are highly sought in the industry and are typically associated with some of the highest-paying IT salaries.”