Nobody does IT security better than you and your InfoSec team. You developed a strategic plan that prevents most breaches, and for those that do slip by your perimeter defenses, you have a great tactical plan to identify and mitigate attacks as quickly as possible. You’re a real pro!
Yet, you still need to be able to prove your expertise—perhaps to customers, your boss, or a prospective employer. They want assurances that you really do know IT security, inside-and-out.
The best way to achieve this is with security certifications. Just like a college degree, when someone sees in writing that an independent organization or a technology vendor has vouched that you know your stuff, they are much more likely to turn to you to solve their IT security challenges.
So the key question becomes…which security certifications should you go for or add to your existing certification portfolio?
You don’t have enough time to keep your job and pass the tests for all the available certification programs. So it’s important to prioritize which certifications will have the greatest impact on your career.
To help you take on this challenge, here’s a rundown of top organizations and their security certifications for you to consider:
- CompTIA - Security+. CompTIA is a non-profit that issues professional certifications and is considered one of the IT industry's top trade associations. Security+ is a good place to start if you are new to IT security or don’t have any certifications. It provides core cybersecurity knowledge and focuses on practical ways to identify and mitigate security threats and vulnerabilities.
- GIAC - Security Essentials (GSEC). GIAC, which is a subsidiary of the SANS Institute, validates the skills of information security professionals in various disciplines. Security Essentials is another certification that is good for entry-level cybersecurity professionals. It covers hands-on roles for security tasks and takes students beyond simple terminology and concepts.
- EC Council - Certified Ethical Hacker (CEH) and Computer Hacking Forensic Investigator (CHFI). The EC-Council is a member-supported professional organization that certifies individuals in various information security skills. The CEH certification will teach you how to look for weaknesses and vulnerabilities in target systems—using the same tools as a hacker in a lawful manner. CHFI teaches how to identify an intruder’s footprints and gather the necessary evidence to prosecute threat actors.
- Offensive Security - Certified Professional (OSCP). OSCP is another ethical hacking certification and is offered by Offensive Security. The certification includes penetration testing courses and requires attacking live machines in a lab environment.
- ISACA - (CRISC). ISACA is a nonprofit, global association that engages in the development and use of globally-accepted, industry practices for information systems. CISM is a management certification that teaches international security best-practices and focuses on designing and assessing enterprise information security systems. CISA covers security audit control and assurance as well as assessing vulnerabilities, and reporting on compliance and institute controls. The CRISC course trains IT professionals in IT risk management and positions them to become strategic partners to the business.
- NIST - Cybersecurity Framework (NCSF). NIST is a federal agency in the U.S. Department of Commerce. The NCSF certification covers uniform standards that government agencies and businesses can adopt to guide their cybersecurity activities and risk management programs.
- (ISC)2 - Certified Cloud Security Professional (CCSP) and Certified Information Systems Security Professional (CISSP). (ISC)², a cybersecurity nonprofit association, provides CCSP to help you learn how to design, manage and secure data, applications and infrastructure in the cloud—using best practices, policies and procedures established by cybersecurity experts; CISSP covers how to design, implement and manage cybersecurity programs.
- ASIS - Certified Protection Professional (CPP). ASIS International is a global community of security practitioners. To pass CPP certification, candidates must demonstrate competency in seven key security domains—security principles and practices, business principles and practices, investigations, personnel security, physical security, information security and crisis management.
- Cisco - Certified Network Associate for Security (CCNA) and Certified Network Professional for Security (CCNP). Specifically for Cisco technology, the Associate certification focuses on skills to develop security infrastructures, recognize threats and vulnerabilities to networks, and mitigate security threats. The Professional certification presents security infrastructure as well as emerging and industry-specific security issues.
- IAPP - Certified Information Privacy Professional (CIPP). IAPP is a global information privacy community, and CIPP covers privacy/data protection best-practices and standards for geographic regions including the U.S., Canada, Europe and Asia. The program focuses on compliance and risk mitigation.
The certifications above that make the most sense for you will largely depend on your career interests as well as the needs of your customers or your employer. You may also be influenced by the certifications your team members hold.
The key is to find that balance between what is best for you and what is best for the organizations that rely on your expertise.
Careful Research Worth the Effort
Carefully reviewing your security certification options is well worth the effort. Earning one or more is sure to bolster your career, and as noted in CyberSecurity Ventures, “If you know cybersecurity, then you’ve got a job for life,” as said by Robert Herjavec, one of the sharks on ABC’s Shark Tank and CEO of Herjavec Group, a $300 million cybersecurity company.
It’s also a bullish job market for cybersecurity professionals. Security Boulevard cites a recent global survey by ESG that reveals 53% of organizations report a problematic shortage of cybersecurity skills.
That makes certifications in your back pocket worth a pot of gold!