Getting certified can help you get ahead in your security career
One of the things not lacking in the information security community is the dozens of cybersecurity industry certifications that are available to burnish your qualifications. These include vendor-driven certifications from leading security companies like Cisco and Microsoft, courses that will lead towards certifications from SANS, and many others. In this post, I will guide you through this maze.
What has motivated me to write this post was a recent survey by the Information Security Careers Network. They polled their LinkedIn community of over 90,000 members about which of the 50 leading cybersecurity industry certifications and courses are the most useful for their careers. The results have been compiled into a definitive top ten list of the most desired cybersecurity certifications for 2021. The network began as a LinkedIn group, but it has since branched out with a series of free webinars on various security topics and discounts to many online classes.
What's interesting to me is the difference that real-world experience makes. Of course, this makes getting your first cybersecurity job a challenge. Evidence of this is how university degrees aren’t as valuable, coming in at ninth on the top ten list. But of course, that may be overkill if you just want to specialize in cybersecurity.
So called “sandwich courses”, in which classroom instruction is combined with internships or other practical experience, were given higher marks. The blog announcing the results says, “don't expect to walk straight into senior security professional roles without building up years of in-role experience.” So here are the top two contenders:
CISSP: The World's Premier Cybersecurity Certification
The ISC2 Certified Information Systems Security Professional (CISSP) remains the security certification in the greatest demand according to those surveyed, with 72% saying this certification was the most popular by employers. It requires five years of information security experience or four years' experience with a cybersecurity degree, in addition to passing a three-hour exam which will cost about $700.
The topics included on the exam include:
There are dozens of information security vendors who provide CISSP preparation classes in both self-study and online format. Typically, these classes are extensive and expensive. The one that I'd likely recommend is taught by SANS.
Penetration Testing Training with Kali Linux
Next up is the Penetration Testing with Kali Linux class. It costs $1000 and was ranked second by respondents who noted it provides strong relevance to real-world security issues. This is the sole source for the class and its certification, and if you like their teaching style they have plenty of other certifications to keep you busy.
How to pick the right path
Before you dive into picking a training regimen, ask yourself these kinds of questions:
Next, calculate the cost-benefit of the training. I asked Ed Tittel, an Austin-based consultant, book author and expert on training and certifications about a very simple metric that he uses. “A certification that costs tens of thousands of dollars to earn had better also improve its holders’ income potential by at least one-third of those costs in yearly compensation increases,” said Tittel.
Why one-third? Tittel assumes that the typical lifetime of any certification is just three years, so he wants to see a payback over that period. “Otherwise, the cost-benefit argues strongly against shelling out the cash for somewhat less salary gain,” he says.
If you want another opinion, take a look at GoCertify, which has an online evaluation tool that asks a series of questions such as what subject area you are interested in and whether you need to renew your certification or obtain a new one. They will recommend a course of action, and they also offer a handy cost calculator on their site to tally up the various fees.
Recommended education providers
If this discussion has whetted your appetite to learn more, you may want to do more than just work towards a particular certification and take the time to go back to college. A good place to start your research is this list from The Times Higher Educational guide. They provide the top universities offering computer science degrees. But if you are focused on getting one of these potential certifications, your next step should be choosing one of the numerous education providers to get your preparation in advance of taking the various exams. I asked Tittel whom he would recommend. Here are his favorites:
Additional educational vendors
Another place is to research many of the big educational online vendors that offer great certification preparation materials. Some are for free, while others will require fees. These include:
Good luck on your educational journey!