By: Cybrary Staff
February 4, 2022
How to ensure certifications meet job requirements
By: Cybrary Staff
February 4, 2022
There are now dozens of widely recognized certifications aligning with a myriad of job areas in cybersecurity and information technology (IT), from regulatory compliance to networking. Although none of these certifications are legally mandated, that does not mean they are not important. In fact, professional certifications have come to play a vital role in the constantly evolving threat landscape, where rapid change and the increasing burden on risk management have made them all but compulsory for certain jobs.
The challenge is ensuring that employee certifications comply with job requirements, and that is made all the more difficult due to the diverse abundance of options. There are certifications specific to certain job roles, while others focus on individual vendors or technology platforms. Some certifications have been around for many years and have come to set the standard in their industries, while others are newer, yet potentially more relevant in fast-moving job roles.
Addressing the following questions will help employers (and individual professionals) determine which certifications comply with specific job requirements:
#1. Which domain area does the job cover?
Information technology, itself a sub-discipline of computing, covers a lot of ground, hence the broad range of certifications in the field. In fact, the discipline is so vast that it cannot possibly be covered by a single academic degree or certification, which is why it is important to hone in on the specific domain.
While there is no universal standard defining all the various subdomains of cybersecurity and IT, most job roles fall into one or more of the following areas: information security, networking, infrastructure and services, management and strategy, data and storage, software development, and web and mobile. These are further divided into specific focus areas. For example, information security covers everything from ethical hacking to incident handling. Since there is a lot of crossover with other areas of information technology, information security is the broadest domain of all.
To ensure that employee certifications comply with job requirements, it is vital that businesses first have a clear definition of the job in question.
#2. What level of expertise does the job require?
Most certification issuers offer clear role-based certification paths, with certifications spanning three or more expertise levels. While these levels vary somewhat depending on the certificate issuing authority, they broadly fall into the following categories:
- Beginner-level certifications cover the fundamentals of their respective domains and are usually the starting point for those seeking a career in cybersecurity or IT.
- Intermediate- or associate-level certifications generally require at least two years of experience in their respective domains and cover more specific focus areas.
- Advanced- or expert-level certifications typically align with highly technical roles, such as systems architect, or leadership/executive roles like chief information security officer (CISO).
Employees who are serious about starting a career in cybersecurity rarely stop at earning an entry-level certification, which is why businesses should consider sponsoring training programs. This will also make hiring less experienced candidates, who might only have entry-level certifications, significantly more viable. It should also make it much easier to address the ongoing skills gap.
#3. Which platforms will the employee be working with?
Many certifications are issued by industry-leading vendors themselves. For example, Microsoft, Amazon, Google, and Cisco, all offer certification paths of their own. Being some of the world’s largest technology service providers, the certifications they offer can be enormously valuable in particular use cases. For example, any business that uses the Microsoft Azure range of cloud products and services will almost certainly want Azure-specific expertise on its team.
That being said, businesses should be wary of eschewing certifications provided by vendors that they do not use themselves. After all, major cloud platforms like Azure, AWS, and Google Cloud, have a lot in common, and implementing, managing, and securing solutions are similar across the board. Similarly, Cisco might be one of the world’s biggest providers of networking solutions, but that does not mean a more generalist networking certification has no value to an organization that exclusively uses Cisco’s solutions.
How to determine certification requirements
For businesses, understanding which professional certifications are the best match for each job role is vital – from the initial hiring stage to employee training and development thereafter. It may be tempting to hire new candidates who have all the relevant certifications for a given job role, but that will likely only result in having a permanently unfilled placement – a common problem in this field, where there remains a widespread shortage of vital skills. To overcome this, employers should establish a realistic baseline to evaluate new candidates while prioritizing training and development thereafter.
When determining the certification requirements for a given job role, a good starting point is to explore the various career paths in cybersecurity and IT. While individuals can use these to structure their own training and development strategies, organizations can also use them to identify the most appropriate certifications for their various job roles.