You know cyber security certifications are important to a career of patching vulnerabilities and securing networks. But the world of certifications is often a confusing one. What answers do you need?
Cyber security remains one of the hottest sectors of the tech industry, with corporate bosses and boards of directors concerned that the next breach or attack could mean the end of their company. Given that demand, cyber security experts with the right mix of skills and experience can see their careers skyrocket, whether it’s a sought-after promotion or a pay boost—provided they have the right cyber security certifications and cyber security training.
What kind of job market is available for technologists with the right cyber security certificates and skills? The International Information System Security Certification Consortium, (ISC)², finds that, while there are currently about 2.8 million security professionals working worldwide, another 4 million trained professionals are needed to close the security “skills gap.” That’s an increase of 145 percent.
And it’s not just a matter of hiring dedicated cyber security professionals. Many technology jobs will increasingly involve cyber security skills. Check out this chart generated from data compiled by Burning Glass, which collects and analyzes millions of job postings from across the country:
While the market is ripe for security professionals, experience still matters. Having the right cyber security certificate can not only put cyber security-minded technologists on the right path, but also open up the door to a better position or higher salary.
“Cyber security certifications are the most popular worldwide because hackers are becoming more sophisticated in their attacks,” stated the 2019 IT Skills and Salary Report published by Global Knowledge, an IT training firm. “These are the critical skills needed in every organization.”
The question, then, for those either looking to get into cyber security or expand their current security knowledge base is: Where to begin?
Does Cyber Security Have an ‘Official’ Certification?
While security remains a hot topic, experts tell Dice that there is no one single cyber security certification that acts as a standard for the entire industry.
Industry insiders believe that whether to gain a cyber security certificate truly depends on what a security professional’s end-goal is. Do they want to enter the manager track and eventually become a CISO? Or does a candidate want to specialize in a particular field, such as containers or Kubernetes, said Leo Pate, an application security consultant at nVisium, a Virginia-based application security provider.
“It depends on what you’re trying to learn and where you are going to work,” Pate said. “Not all certifications are created equal, so make sure the one you are spending time, money, and energy into obtaining is ‘worth’ it.”
How Many Cyber Security Certifications Are There?
When it comes to cyber security certifications, there is no centralized “list” of commonly accepted certs. Here are some of the more common ones:
Many organizations offer multiple security certificates depending on what skill set a candidate is looking to become an expert in.
For instance, (ISC)², which is a non-profit training and education organization, offers a number of cyber security certifications for its membership, including Certified Information Systems Security Professional (CISSP), Information Systems Security Architecture Professional (CISSP-ISSAP), Information Systems Security Engineering Professional (CISSP-ISSEP), Information Systems Security Management Professional (CISSP-ISSMP) and others.
Other training organizations, such as the SANS Institute, CompTIA and the Information Systems Audit and Control Association (ISACA), offer numerous other certifications for their members and security pros looking to expand their knowledge base. A number of the biggest tech companies, such as Microsoft, Red Hat, Oracle and Cisco, offer their own cyber security certificates, as well.
And while there are even more cyber security certificates, the purpose of attaining one or more of these is to allow security professionals to better market themselves to recruiters and potential bosses, said Andre Barrutia, director of talent acquisition at Coalfire, a cyber security advisory services firm.
“The benefits of certifications make the individual more marketable,” Barrutia told Dice. “Recruiters often leverage keyword certifications in passive candidate search. Additionally, clients prefer to see individuals with a strong list of certification credentials.”
What Are the Best Cyber Security Certifications?
While the value of the cyber security certificates are in the eye of the beholder (i.e., the company doing the hiring), many agree that the CISSP certificate offered by (ISC)² is typically well-regarded by other security professionals, recruiters and employers.
If starting out or looking to break into security, industry insiders point to CompTIA’s Security+ or the Global Information Assurance Certification (GIAC) Information Security Fundamentals (GISF) as places to start. For those already in the profession and looking for a way to move up by getting more cyber security certificates, the Information Systems Audit and Control Association (ISACA) Certified Information Security Manager (CISM) certification is a worthwhile pursuit.
Other cyber security certificates that are also part of the wider conversation include Certified Ethical Hacker (CEH),Offensive Security Certified Professional (OSCP), Certified Information Security Auditor (CISA), GIAC Certified Incident Handler (GCIH), Certificate of Cloud Security Knowledge (CCSK), Qualified Security Assessor (QSA), Offensive Security Certified Expert (OSCE) and Offensive Security Wireless Professional (OSWP) among others.
What Cyber Security Certifications Do Employers Search For?
Much of what employers search for when it comes to cyber security certificates is determined by the security needs of the company or firm. For instance, if the enterprise needs penetration testers, recruiters might be on the look for cyber security certifications such as the GIAC Certified Penetration Tester (GPEN) or the GIAC Certified Intrusion Analyst (GCIA).
And while CISSP is needed for management positions moving up the corporate ladder, Pate adds that other companies, especially those with a digital transformation agenda, might explore outside the more established areas.
“If you’re looking to be an expert in something like Kubernetes, then CISSP won’t help and you should look at more specific certifications, like the Cloud Native Computing Foundation,” Pate said.
Which Cyber Security Certifications Are in Demand?
What cyber security certificates are in demand can vary depending on region. In the Global Knowledge salary survey, researchers note that the most popular cyber security certification in North America is CISSP, while ISACA’s CISAcertificate is in demand in other global regions.
In addition, the Global Knowledge survey notes that many security professions can get salary bumps or position themselves for promotion when they cross-certify with different cyber security certificates. In the case of ISACA certifications, Global Knowledge reports that security professionals see a pay increase when these cyber security certificates are combined with AWS-certified professionals.
Other ISACA cyber security certifications also work with CompTIA, Cisco and Microsoft, resulting in a pay increase, according to the report: “Cyber security certifications traditionally pay well, but ISACA certifications in general are highly sought in the industry and are typically associated with some of the highest-paying IT salaries.”
Check out all of Dice’s cyber security resources:
Make the most of your cyber security salary.
Land your dream job by knowing how to answer the most prominent cyber security interview questions.