By: Shelby Welty
November 25, 2020
What Certifications Do I Need For Cybersecurity
By: Shelby Welty
November 25, 2020
Cybersecurity vacancies continue to outpace qualified applicants as companies look to shore up network, application, and infrastructure defense. While companies are willing to "reskill" internal staff and look beyond traditional four-year degrees to find best-fit candidates, evolving compliance and regulatory expectations mean they're also on the hook to be choosy about who they hire.
What's the result? Interest and ability in cybersecurity aren't enough to jumpstart a career — aspiring professionals also need certifications that demonstrate a commitment to understanding key concepts and an ability to handle information security challenges at scale.
But which cybersecurity certifications are worthwhile? Which qualifications will help someone to get noticed, get the interview, and ultimately get the job?
The Current Cyber Security Landscape
Despite the increasing need for effective cybersecurity at scale, companies are struggling to fill open positions. According to recent survey data, the problem is pervasive: 72 percent of security professionals said that skills gaps exist on their teams. In comparison, 65 percent of managers say these gaps negatively impact overall team effectiveness.
Challenges with skills validation also exist — to quickly onboard talent, 40 percent of organizations say they rarely or never assess new IT pros' skills. While in practice, this can help fill open positions urgently, it also introduces critical risk: If the staff doesn't have the right qualifications for the job and infosec breaches occur, companies could find themselves facing compliance audits and potential fines. Due diligence demands cybersecurity staff to be competent, certified, and capable of handling whatever challenges emerge.
As a result, prospective cybersecurity professionals must invest time and effort into earning essential qualifications. Even if recruiters and managers don't always follow-up with skills verification, the right certifications protect both enterprises and employees if security issues arise.
The Cyber Security Trifecta
So which certifications come first? Where are the time and money best spent to increase marketability and enhance a large skill set?
An excellent starting point is with the cybersecurity trifecta: CompTIA Security+, CCNA, and then CEH. Let's break down each in more detail.
Often considered the gold standard of entry-level security qualifications, this certification is one of the most recognized and well-respected globally. Prospective security professionals will develop skills in six key areas:
- Threats, attacks, and vulnerabilities
- Security technology and tools
- Infosec architecture and design
- Identity and access management
- Risk management
- Cryptography and KPIs
Earning the CompTIA Security+ designation requires completing a 90-minute, 90-question exam that includes multiple-choice, drag-and-drop, and performance-based questions.
Cisco Certified Network Associate (CCNA)
While Microsoft and Google have made inroads into end-user apps and services, Cisco remains the provider of choice for many enterprise networks. CCNA training and certification demonstrates that IT professionals have the skills required to manage the physical, data link, network, and transport layer of Cisco-based networks, along with the critical connections that link them to third-party tools and technologies.
As a result, this certification is essential for IT security professionals. A comprehensive understanding of network architecture and actions streamlines identifying potential vulnerabilities, securing weak points, and creating comprehensive cybersecurity frameworks.
Certified Ethical Hacker (CEH)
This intermediate-level certification is now sought after by many organizations to help transparency into a network, software, and service functionality. As malicious actors become bolder and more sophisticated in their attack methods, organizations must find and fix security issues before being exploited and compromised. This requires the assistance of "white hat" hackers — security professionals with the skills necessary to break corporate systems but the ethical fortitude to use this knowledge for good. CEH certification showcases your ability to the footprint and scan key systems, hack current operations, and conduct social engineering attacks at scale, in turn helping companies identify aspects of employee training and access that require improvement.
While it's possible to challenge the exams of all three certifications without any additional training, cybersecurity professionals are often best-served by in-depth, online education courses to help bolster specific knowledge and skillsets before tackling qualification tests. Even if these courses simply act as a refresher to infosec knowledge, they're worth the additional effort if they increase the likelihood of success.
Jumpstarting Your Cyber Security Career
The salaries for many cybersecurity positions are now pushing north of $100,000 per year as companies look to shore up key skills and safeguard critical data. But getting in on the ground floor of a stable security position means jumpstarting an infosec career with the right qualifications.
To get a foot in the door, it is a good strategy to start with the trifecta. Gain the basic knowledge needed with CompTIA Security+, expand expertise with CCNA, then develop in-demand security skills with CEH.