One of the things not lacking in the information security community is the dozens of cybersecurity industry certifications that are available to burnish your qualifications. These include vendor-driven certifications from leading security companies like Cisco and Microsoft, courses that will lead towards certifications from SANS, and many others. In this post, I will guide you through this maze.
What has motivated me to write this post was a recent survey by the Information Security Careers Network. They polled their LinkedIn community of over 90,000 members about which of the 50 leading cybersecurity industry certifications and courses are the most useful for their careers. The results have been compiled into a definitive top ten list of the most desired cybersecurity certifications for 2021. The network began as a LinkedIn group, but it has since branched out with a series of free webinars on various security topics and discounts to many online classes.
What's interesting to me is the difference that real-world experience makes. Of course, this makes getting your first cybersecurity job a challenge. Evidence of this is how university degrees aren’t as valuable, coming in at ninth on the top ten list. But of course, that may be overkill if you just want to specialize in cybersecurity.
So called “sandwich courses”, in which classroom instruction is combined with internships or other practical experience, were given higher marks. The blog announcing the results says, “don't expect to walk straight into senior security professional roles without building up years of in-role experience.” So here are the top two contenders:
CISSP: The World's Premier Cybersecurity Certification
The ISC2 Certified Information Systems Security Professional (CISSP) remains the security certification in the greatest demand according to those surveyed, with 72% saying this certification was the most popular by employers. It requires five years of information security experience or four years' experience with a cybersecurity degree, in addition to passing a three-hour exam which will cost about $700.
The topics included on the exam include:
- Security and risk management
- Asset security
- Security architecture and engineering
- Communication and network security
- Identity and access management
- Security assessment and testing
- Security operations
- Software development security
There are dozens of information security vendors who provide CISSP preparation classes in both self-study and online format. Typically, these classes are extensive and expensive. The one that I'd likely recommend is taught by SANS.
Penetration Testing Training with Kali Linux
Next up is the Penetration Testing with Kali Linux class. It costs $1000 and was ranked second by respondents who noted it provides strong relevance to real-world security issues. This is the sole source for the class and its certification, and if you like their teaching style they have plenty of other certifications to keep you busy.
How to pick the right path
Before you dive into picking a training regimen, ask yourself these kinds of questions:
- Are my programming language skills rusty?
- Do I need hands-on experience with specific products or online services?
- What are the most important industry credentials that will complement my job experience?
- Am I light on business management or more technical skills?
- Do I want to improve my soft skills, such as critical thinking, problem solving and creativity?
Next, calculate the cost-benefit of the training. I asked Ed Tittel, an Austin-based consultant, book author and expert on training and certifications about a very simple metric that he uses. “A certification that costs tens of thousands of dollars to earn had better also improve its holders’ income potential by at least one-third of those costs in yearly compensation increases,” said Tittel.
Why one-third? Tittel assumes that the typical lifetime of any certification is just three years, so he wants to see a payback over that period. “Otherwise, the cost-benefit argues strongly against shelling out the cash for somewhat less salary gain,” he says.
If you want another opinion, take a look at GoCertify, which has an online evaluation tool that asks a series of questions such as what subject area you are interested in and whether you need to renew your certification or obtain a new one. They will recommend a course of action, and they also offer a handy cost calculator on their site to tally up the various fees.
Recommended education providers
If this discussion has whetted your appetite to learn more, you may want to do more than just work towards a particular certification and take the time to go back to college. A good place to start your research is this list from The Times Higher Educational guide. They provide the top universities offering computer science degrees. But if you are focused on getting one of these potential certifications, your next step should be choosing one of the numerous education providers to get your preparation in advance of taking the various exams. I asked Tittel whom he would recommend. Here are his favorites:
- PluralSight offers several dozen different cybersecurity-related courses, including preparation for the COMPTIA Security+ certificate (which involves six different courses that span 18 instruction hours). Pluralsight comes highly recommended by Tittel and has an interesting pricing model that uses monthly subscriptions for $29. This means if you have the available time and want to take an intensive deep dive, you can get a great deal of education for a bargain. You will need to upgrade to the premium plan (for $449 per year) if you want access to the practice exams, though. There are free trials available for those who just want to look around.
- LinkedIn Learning is another favorite of Tittel’s. There are more than a hundred different cybersecurity courses, taught by a variety of instructors. Roughly half of these relate to penetration testing and ethical hacking. You can get your first month for free, and then pay $20 a month if you sign up for a full year. Note, though, that many of these course aren’t geared towards a particular degree.
- If you have more time than money, you might want to consider YouTube for instructional videos, but Tittel warns that you should be choosy about what you consume.
Additional educational vendors
Another place is to research many of the big educational online vendors that offer great certification preparation materials. Some are for free, while others will require fees. These include:
- Coursera, which offers two certification tracks, the Arizona State University MasterTrack and IBM’s Cybersecurity Analyst. If you are interested in these two certifications, they start at specific times (the next ASU program begins March 8th, for example) and the fees are about what you would pay for a physical college (ASU’s is $4500.) But your money will purchase you a solid credential that is recognized by many and could count towards credits for a university degree, if that is important to you.
- Udemy has 500 courses related to cybersecurity. Most will cost less than $20 to take, although there are some free offerings. The quality varies by instructor, so you will need to spend some time researching what will be most suitable to your own learning style. However, most of these courses aren’t geared towards a certification.
- Class Central is a great place to start to investigate online college classes on a wide variety of topics, not just in cybersecurity. (It has more than 300 such cyber-related classes.) These online classes are free and start at specific dates, just like their physical counterparts. Each class has a short intro video explaining what else you will be doing.
Good luck on your educational journey!