If you’re thinking of entering or advancing your career in the cybersecurity field, then smart move — because your skills will continue to be very much in demand. The U.S. Bureau of Labor Statistics estimates that the rate of growth for cybersecurity (and other information security) jobs will surge 37% between 2012-2022. To put this in perspective, the average growth rate for all occupations is 5%. And a survey by ESG revealed that, for a third consecutive year, a shortage of cybersecurity skills is the number one root cause of rising security incidents with serious consequences.
With this in mind, here are 7 popular cybersecurity certifications that are currently available (listed in alphabetical order):
Certified in Risk and Information System Control (CRISC)
Bestowed by ISACA, CRISC certification equips and prepares information security professionals with at least three years of experience in risk management for a variety of challenges related to IT and enterprise risk management, covering areas such as: identifying risks; assessing risks; responding to and mitigating risks; and controlling, monitoring and reporting risks. Learn more about CRISC certification here.
Certified Cloud Security Professional (CCSP)
Bestowed by (ISC)², CCSP certification validates an experienced information security professional’s advanced knowledge and technical skills related to designing, managing and securing apps, data and infrastructure in the cloud. It also covers key and emerging governance, privacy and security issues. Learn more about CCSP certification here.
Certified Information Security Manager (CISM)
Bestowed by ISACA, CISM certification focuses on the dynamic relationship between information security practices and strategies, and the overall business goals and objectives of an organization. It validates knowledge in areas such as regulatory issues, information security governance, risk management, disaster recovery, and cost-benefit analysis of risk mitigation. Learn more about CISM certification here.
Certified Information Systems Auditor (CISA)
Bestowed by ISACA, CISA certification is widely considered the global standard for information security professionals who have advanced knowledge regarding IS audit, control and security, and the proven ability to assess vulnerabilities, report on compliance, and establish control across an enterprise. Learn more about CISA certification here.
Certified Information Systems Security Professional (CISSP)
Bestowed by (ISC)², CISSP certification is suitable for experienced security specialists, managers and executives who want to validate their knowledge and competence across a wide range of security principles and practices, including the ability to design, implement and manage a best-in-class cybersecurity program. Learn more about CISSP certification here.
Note: additional CISSP concentration certifications are available for experienced professionals, including: Certified Information Systems Security Professional – Information Security System Management Professional (CISSP-ISSMP), Certified Information Systems Security Professional – Information Systems Security Architecture Professional (CISSP-ISSAP), and Certified Information Systems Security Professional – Information Systems Security Engineering Professional (CISSP-ISSEP). More information on all three CISSP concentrations is available here.
Certified in the Governance of IT Enterprise (CGEIT)
Bestowed by ISACA, CGEIT certification is designed for seasoned professionals who have experience in five domains related to the governance of enterprise IT: establishing frameworks, strategic management, realizing benefits, optimizing risk (including a comprehensive understanding of appropriate legal and compliance regulations), and optimizing resources. Learn more about CGEIT certification here.
CompTIA Security+ is a vendor-neutral certification that validates the foundational skills required to carry out (with additional training and experience) core security functions related to network infrastructure, access control, system security, organizational security, assessments and audits, and cryptography. This is a good certification option for individuals who are seeking to enter the cybersecurity field, or who want to augment their existing IT knowledge with a basic, essential understanding of security-related concepts and fundamentals. Learn more about CompTIA Security+ certification here.
What’s Your Advice?
The cybersecurity certification options above are some of the most popular available. But are they necessarily the best? That kind of list does not exist, because there is considerable debate in the information security/IT community about the value and importance of different certifications.
And so, what’s your advice? Have you found that obtaining certifications (possibly one or some of those listed above) has helped you in your career? Were they worth the time and money? Are you currently preparing to obtain a certification — if so, which one(s)? Please share your experience and insights, and maybe your warnings as well.