Certification Path for Cyber Security Professionals
As cyber-attacks continue to escalate in frequency and sophistication, businesses are prioritizing acquiring talent who can help protect their digital data and infrastructure. Only those with the latest and greatest skills will succeed in a high-stakes field where protocols change at the speed of attackers’ imagination. Certifications are the best way to prove the value and relevance of your cyber-security skill set to prospective employers.
With dozens of globally-recognized certifications, mapping a cybersecurity learning plan can be overwhelming. This post will outline an ideal vendor-neutral certification track for IT security professionals.
Why vendor-neutral? Vendor-neutral certifications demonstrate expertise that can be applied across multiple technologies instead of vendor-specific certifications, which validate skills in a particular product line, such as Cisco network devices. Once you have the job (or have it in your sights) and know which technologies the company uses, it’s time to pursue vendor-specific certifications.
Here is a rock-solid certification path for general cybersecurity professionals:
Entry-Level
CompTIA’s Security+ is an ideal starting point for your cyber security certification path. Security+ certification covers theory and practical applications in a range of hot security topics, including network attacks and countermeasures, application security, risk management, compliance, and operational security. Government agencies, such as the U.S. Department of Defense (DoD), use Security+ as a benchmark for entry-level talent, opening the door to a range of opportunity-rich jobs in the public sector. Enterprises (such as IBM) and leading certifying bodies (like EC-Council) also use Security+ as a prerequisite in their training and certification tracks.
Top Entry-Level Security Certification Alternatives:
(ISC)² Systems Security Certified Practitioner (SSCP)
GIAC Security Essentials Certification (GSEC)
Prometric Cyber Security Essentials
Intermediate
EC-Council’s C|EH certification curricula teach network security specialists to think like malicious hackers. By using the tools and techniques of attackers, certified ethical hackers can proficiently identify system vulnerabilities and implement the appropriate safeguards and countermeasures. While the C|EH is ostensibly focused on penetration testing, its usefulness and marketability transcend this niche, making it an ideal mid-level credential for all infosec specialists.
GIAC Security Essentials Certification (GSEC)
By concentrating on today’s leading business technologies, GSEC certification demonstrates the skills and expertise needed to protect the modern enterprise. GSEC-certified professionals can secure popular operating systems, such as Microsoft Windows and Linux/Unix, and widely used enterprise technologies, including wireless networks, virtual machines, and e-commerce websites.
Top Intermediate Security Certification Alternatives:
(ISC)² Certified Authorization Professional (CAP)
GIAC Information Security Professional (GISP)
CWNP Certified Wireless Security Professional (CWSP)
Advanced
The Certified Information Systems Security Professional (CISSP) certification from (ISC)² is the preeminent expert-level IT security credential. Certified Information Systems Security Professionals possess a deep knowledge of real-world tactics in ten of today’s vital cyber security domains, including network security, risk management, software development security, business continuity and disaster recovery, policy creation, regulatory compliance, and operations security. Candidates for this certificate must have (and be able to document) 5+ years of experience in two or more of the 10 CISSP security domains to sit for the exam.
ISACA Certified Information Security Manager (CISM)
ISACA’s CISM certification demonstrates mastery of four skills vital to cyber security management, including information security governance, risk management, security program creation, and incidence response. While the CISM doesn’t cover as many security domains or individual tactics as the CISSP, the critical advantage of CISM is its focus on how information security fits into the larger picture, i.e., the relationship between security programs and broader business goals. The CISM’s unique focus on global security strategy and management makes it an ideal certification for those seeking a position in IT security leadership, such as CSO, Information Security VP, or Manager.
Top Alternative Security Certs at the Advanced Level:
CompTIA Advanced Security Practitioner (CASP)
The usefulness and marketability of these five credentials make for an ideal certification track in the general cybersecurity field. As you begin to certify and enter the workforce, you will likely discover which IT security domains best fit your passions and career goals; at this point, there is a wide range of vendor-specific and niche security certificates you may want to pursue.
If you have any insight about how these or other cyber security certifications worked (or didn’t work) for your career or questions about your cyber security learning plan, don’t hesitate to contact us.