Cybersecurity certifications are very often required for employment in cybersecurity jobs. Certifications benefit employers by identifying prospective employees with specific skill sets, and certifications help prospective employees stand out when applying for a job in the desirable and competitive cybersecurity job market.Industry certifications are vendor-neutral (vendor certifications are for a vendor’s specific products) and provide industry-recognized evidence
of having a specific skill or specific experience in a particular subject
area. Certifications generally are administered by independent accrediting organizations such as the Computing Technology Industry Association (CompTIA), Global Information Assurance Certification (GIAC), the International Information Systems Security Certification Consortium, Inc. [(ISC)²], the Information Systems Audit and Control Association (now known solely as ISACA) and the EC Council.There are cybersecurity certifications for a range of subjects (including network defense, ethical hacking
, and forensics
) at the basic (entry level), intermediate and expert levels.
- Entry level certifications provide knowledge of subjects such as industry principles and best practices, important tools, and the latest technologies.
- The intermediate and expert certifications are based on the premise that an employee already has extensive job experience and a thorough grasp of cybersecurity subject matter.
It is important to know that, regardless of the subject or level, industry-recognized cybersecurity certifications are valid across jobs and organizations and are independent of a specific vendor’s products. Credentialing usually consists of training and a final exam. Renewing credentials generally must be done periodically after receiving additional education and passing a current exam. The Importance and Value of Certification in the Cybersecurity Industry
As the nation’s – and the world’s – computer infrastructure systems and data systems come under increasing threats of cyberterrorism, there will continue to be a growing need for skilled and knowledgeable cybersecurity professionals. Experience and education in the field of cybersecurity are important considerations when an employer evaluates a potential employee, but employers also need documentation that verifies and quantifies a potential employee’s skills and knowledge. They look for certification.According to a recent CompTIA survey:
- 72 percent of employers prefer certifications for certain job roles
- 65 percent of employers use IT certifications to differentiate between equally qualified candidates
- 60 percent of organizations often use IT certifications to confirm a candidate's subject matter knowledge or expertise
- 66 percent of employers consider IT certifications to be very valuable
In its “Job Market Intelligence: Cybersecurity Jobs, 2015” report, burningglass.com found that cybersecurity positions are more likely to require certifications than other IT jobs. More specifically, 35 percent of cybersecurity jobs nationwide require an industry certification compared to 23 percent of IT jobs overall.In the Baltimore-Washington market these figures have been found to be considerably higher, most likely because of:
- The area’s deep involvement in government contracting
- The presence of the defense industry
- Advanced work in cybersecurity being carried out
- The high number of educational and other institutions in the area that offer certification training and accreditation.
As an illustration of employers’ desire for certification, in 2014 there were nearly 50,000 postings for workers with a CISSP certification
(the primary credential in cybersecurity – see Section III below). That amounts to three-quarters of all the people who hold that certification in the United States.A definite indication of the value of certification can be found in the pay for cybersecurity positions. While it is impossible to determine with complete certainty how much of the pay for a specific position is dictated by the employee’s certification status, actual and comparative salaries can be determined - and it's clear that employees with certifications are at the top of the pay scale.Using data from the nationwide 2015 IT Skills and Salary Survey, John Hales of Global Knowledge found that five of the top-paying certifications across all IT areas were in the field of cybersecurity. Salaries for these five certifications are given below. The figures shown are averages based on nationwide figures; variations in the data were attributable to respondents' work location, years of experience and company type. Numbers like these serve to prove the value of certifications and their importance in the field of cybersecurity.$119,227: Certified in Risk and Information Systems Control (CRISC) certification$118,348: Certified Information Security Manager (CISM
)$110,603: Certified Information Systems Security Professional (CISSP)$106,181: Certified Information Systems Auditor (CISA
)$95,155: Certified Ethical Hacker (CEH) The Most Desired Cybersecurity Industry Certifications
The cybersecurity industry abounds with certifications, all of which are not equally useful or desirable. A recent survey by Semper Secure (a Commonwealth of Virginia private-public partnership formed to support the growth of the Commonwealth’s cybersecurity industry) found that 85 percent of respondents, who were cybersecurity professionals, hold a professional certification. The most popular credentials in rank are:
- Certified Information Systems Security Professional (CISSP)
- Cisco Certified Network Professional Security (CCNP Security) certification (a vendor certification)
- Certified Ethical Hacker (CEH) certification.
There are many resources, surveys, and opinions on what are the best and/or most useful cybersecurity industry certifications. Except for the fact that CISSP (with its three concentrations of Architecture (CISSP-ISSAP), Engineering (CISSP-ISSEP) and Management (CISSP-ISSMP)) generally heads all lists, the rankings vary widely. SANS Global Information Assurance Certification Security Essentials Certification (GSEC)
generally is ranked second and appears be rapidly catching up to CISSP. Other well-known and well-regarded certifications often mentioned by employers and cybersecurity consultants include Certified Information Systems Auditor (CISA)
, Certified Information Security Manager (CISM)
, CompTIA Security+
, and CompTIA Advanced Security Practitioner (CASP)
.Additional certifications that may be of interest to those in the cybersecurity industry include Certified Cyber Forensics Professional (CCFP), Systems Security Certified Practitioner (SSCP)
, Certified Secure Software Lifecycle Professional (CSSLP), Certified Cloud Security Professional (CCSP), and Health Care Information Security and Privacy Practitioner (HCISPP)
. Obtaining an Cybersecurity Industry Certification
Cybersecurity certification is necessary for security professionals seeking to develop their expertise, add to their credentials, broaden their skills and improve their job prospects. Cybersecurity professionals are, as a rule, highly educated; but a degree will only get you so far in this field. An IT security certification from a reputable third-party organization will almost certainly be required at some point to get the job you want.Navigating the security certification landscape with its great number of available certifications can be a time-consuming experience. To simplify this experience, industry gurus suggest beginning your certification journey with a broad, level-entry security certification.The following basic level certifications provide knowledge of computer security theory, operations, and practices and policies: Systems Security Certified Practitioner (SSCP)
certification, which will prepare you for the more-advanced CISSP, and CompTIA Security
, a well-regarded entry-level certification.After the basic certifications, it's time to pursue an advanced, senior-level certification. Most of these require three or more years of relevant, on-the-job experience. Many also require submitting papers or research results, passing exams, and taking specific classes. Three of the most highly sought-after advanced certifications are CISSP, SANS GSEC
, and the Qualified Information Security Professional Certification
. These generally require a significant commitment in terms of time and money, but they are required to an increasing degree by government agencies and cybersecurity industry heavy hitters.The follow organizations (and private training firms and some universities) provide Cybersecurity Certifications:
Of special interest to employees in the Baltimore-Washington area is the fact that the Federal Virtual Training Environment (FedVTE)
offers free courses for government employees and veterans to prepare for certifications.When you embark on obtaining certification, make sure that you thoroughly understand the qualifications and prerequisites required for the certification you are pursuing, the time commitment required for the study and hands-on work to be done during the certification process, the cost of the certification program, and how often re-certification must take place and how much re-certification will cost. That said, there's a lot to be gained from the certification process:
- Tested and verifiable proof of proficiency in your field.
- Higher salary and promotion potential.
- Entry into one of the largest communities of recognized information security professionals in the world.
- Access to unparalleled global resources, peer networking, mentoring, and a wealth of ongoing information security opportunities
Be sure to update your Cybrary profiles and resumes with a complete list of your certifications and skills. Then, see what companies are posting on the site
or head over to Cybrary's Job Board
to take the next step in your career.