Companies and governments desperately need cybersecurity talent. Every day, new threats emerge, and there are only so many cybersecurity experts with the skills and experience necessary to recognize and shut down vulnerabilities. That means lots of job opportunities out there—but do you need actual cybersecurity certifications in order to land a position?

To answer that question, we spoke to several experts in the cybersecurity realm. Given all the specializations within cybersecurity, it’s also a question of which cybersecurity certifications (if any) you should aim for.

What are the best cybersecurity certifications?

“Networking engineering skills are the foundation that all cyber professionals need first,” says Jacob Hess, Air Force veteran and founder of NGT Academy. “Specialized programs that upskill quickly while still offering not only the certifications and standards of the industry, but also additional hands-on skill sets and protocols are necessary to accommodate this workforce transition.”

Steve Tcherchian, Chief Product Officer at XYPRO, adds: “Certifications provide a level of credibility to your resume, as well as reinforce and refresh your qualifications that you are staying current with industry trends. I always recommend the Certified Information Systems Security Professional Cert (CISSP). For years, this has been the dominating certification in the cybersecurity industry. It is still a top tier certification, and I would recommend anyone serious about a career in cybersecurity.”

There are also a few “starter” certifications for those cybersecurity experts without as much experience in the industry. “I am often asked, ‘Where do I start?’” Tcherchian continued. “CompTIA’s Security+ is a good foundational certification that establishes the basics. Certified Ethical Hacker (CEH) is another one I encourage folks with a few years of experience to target.”

Cybersecurity author and researcher Dr. Magda Chelly tells Dice: “There are many great cybersecurity certifications that a job seeker can obtain, but one of the best technical certification for ethical hacking is the Offensive Security Certified Professional (OSCP) certification. This certification proves that an individual has the skills and knowledge necessary to identify, assess, and mitigate security technical vulnerabilities in an organization’s environment. However, there are other certifications for different paths in cybersecurity.”

Digital forensics is another avenue for cybersecurity professionals to pursue when it comes to certification. Some of the most popular certifications include the CFCE (Certified Forensic Computer Examiner certification), which proves your skills in digital forensics examinations.

“To obtain CFCE certification, an individual must pass a rigorous examination that covers topics such as computer architecture, operating systems, file systems, digital evidence acquisition and analysis, and legal principles,” Chelly says. “In addition, CFCE certified professionals must adhere to a code of ethics and maintain their skills by participating in continuing education programs.”

Do I need a cybersecurity certification to get a job?

According to a recent analysis by Cyber Seek, a job-tracking database developed by the Department of Commerce and CompTIA, there are more than 597,000 open cybersecurity positions across the U.S. (with 38,600 open across federal, state and local government agencies). That’s an extreme level of demand; if you can demonstrate you have the cybersecurity skills, chances are good you can land a suitable job.

However, certifications can still help you stand out in a crowded field of applicants, and/or apply for jobs where certifications are listed as a requirement. “It’s important to understand the landscape of cybersecurity,” Chelly adds. “Although there are numerous entry points into the field, recent studies have highlighted a skills gap in many of the most important positions. One important note: although certain certifications may make you more attractive to potential employers, it’s critical to remember that they do not present an assurance or a MUST to have to be hired in cybersecurity.”

If you decide to go down the certification road, make sure to start off with “foundational” ones. “CompTIA’s Network+, Security+ are great beginner certifications that I started with,” Tcherchian says. “This is just as important for your own self validation as it is to start providing credibility in the industry.”

Which cybersecurity certifications are in the highest demand?

Chelly tells Dice: “There are a variety of different cybersecurity certifications available, but some of the most popular include the Certified Information Systems Security Professional (CISSP) certification, Offensive Security Certified Professional (OSCP) certification, and CompTIA Security+ certification. Each of these certifications requires passing an exam and has different eligibility requirements.”

Hess notes the quickly changing threat landscape cybersecurity pros face makes certifications vital for many industries:

“The need for cybersecurity professionals grows exponentially each year, making it hard to close the lagging skills gap. To bridge the gap, we must provide future talent a pathway for IT, network engineering and cyber security training and skill development to meet the demands of a population participating in a massive digital transformation, and those pathways can’t take four years or hundreds of thousands of dollars. EdTech learning platforms are ideal for those who may not have the time or finances for the traditional route.  

“Employers want employees to have the right skills, soft, technical and who can hit the ground running vs. lack of hands-on experience. We’re also seeing the demand for IT certifications and hands-on training outweighing the degree credentials even more. Where the degree is becoming less important over time.”

How do I get a cybersecurity certification?

Hess adds: “You don't need a four-year college degree. Advanced degrees aren’t valued equally in all industries. In IT, hiring managers no longer put much emphasis on college degrees; instead, they’re looking for valuable skills and certifications that prove they have some knowledge in a particular area.”

For many technologists, a combination of experience, online classes, and internships can help you land a job and/or put you in a great position to earn a certification. “When I took the CISSP exam, no level of study or ‘bootcamp’ could have prepared me for the questions that were asked,” Tcherchian says. “If I didn’t come into the exam with the experiences I had over my career, I would not have passed it.”

Chelly agrees that experience is critical when you’re pursuing cybersecurity certifications. “In order to get a cybersecurity certification, you will need to work in the field of cybersecurity for several years and acquire the necessary experience. Alternatively, you can also take an exam to demonstrate your skills and knowledge in the area. This works mostly for the technical certifications, like OSCP. For ISC2 certifications, most require at least one year of experience in the field.”

How much do these certifications cost?

“There is no definitive answer,” Chelly says. “It depends on the certification and the provider. Generally, most cybersecurity certifications cost between $200 and $2,000. The SANS Institute's Global Information Assurance Certification (GIAC) program starts at $5,999. Ultimately, it's up to you to decide which program is right for you and your budget.”

Tcherchian reminds us there are always hidden costs associated with any course. “Factor in study materials, subscriptions to practice test sites, and even your time and sacrifices you will need to make. It’s very similar to studying for a university course. Even the most basic of certifications can cost nearly $1,000 once you factor all these in.”

---

Related Cybersecurity Jobs Resources:

Cybersecurity Training Courses

Cybersecurity Engineer Interview Questions

Cybersecurity Engineer Salary

Cybersecurity Analyst Interview Questions