Whether you’re eager to get into the cybersecurity industry — or you’re already working in cybersecurity and considering moving horizontally — the question of which certifications you should have, or whether you need them at all, is likely to be on your mind.
The recent Gallup Global Digital Skills Study — which was sponsored by AWS and surveyed over 100 million job postings, 30,000 workers and 9000 employers in 19 countries — shed a considerable amount of light on the subject, with certifications found to be a clear way of standing out from the pack when applying for jobs.
Overall, the study found, candidates with technology certifications were more likely to be hired than individuals without one: having a technology certification made it 38 percent more likely that a candidate would be hired, compared to a similarly-qualified candidate without that certification.
Advertisement
To order your copy, send a WhatsApp message to +1 317 665 2180
Interestingly, the study also found that — despite the chronic problems created by the cybersecurity industry’s ongoing skills gap — employers have an even stronger preference for candidates with bachelor’s degrees related to the field.
“There’s a global shift in mindset about certification and training being an acceptable substitute for a university degree,” said Gallup’s Rohit Kar, who noted that a growing number of employers “are open to the idea of choosing employees based on their certification or training that they got outside of the university degree.”
The recent State of Cybersecurity 2022 report from ISACA — whose Certified Information Security Manager (CISM) certification is widely held and valued — corroborated these findings, with 88 percent of respondents saying that a job applicant’s credentials are important and just 66 percent saying that having a university degree is important.
Evaluating the certification premium
If, like most people, you can’t quit your job to pursue an entire college degree before pushing into the cybersecurity market, spending weeks or months to acquire a formal certification is a more realistic option — and will likely pay off better in the long term by giving you a foothold in today’s job market.
Workers with advanced digital skills are earning an average 65 percent premium compared to those without digital skills — interestingly, the disparity was higher in middle-income countries — and as an aggregate, Gallup extrapolated their overall economic contribution to be worth more than $18 trillion in additional annual GDP for the global economy.
Having just one certification, then, can help you qualify for jobs that pay better, but there are signs that this premium increases with each additional certification you attain: roles requiring 10 or more digital skills, Gallup found, pay 40 percent higher than similar jobs in the same market that don’t require digital skills.
Workers seem to have recognized this fact, with 99 percent of Indian respondents saying they intended to obtain at least one digital skill — and targeting an average of 22 different skills they wanted to attain.
This was well ahead of the U.S., where 72 percent of respondents wanted to attain an average of 9 skills each, and bottom-ranked Japan, where just 52 percent of workers want to attain an average of just four new skills each.
If your head is spinning at the thought of undertaking so many certifications, take heart: attaining even a few qualifications will help you in your job search — and it will probably help you enjoy your job more, too.
Digitally skilled workers like their jobs more, too, with 72 percent of advanced digital workers rating their job satisfaction as an 8 — compared to 48 percent of workers with less advanced digital skills.
Skillsoft found similar benefits in its own IT Skills and Salary Report 2022, in which 56 percent of respondents said certification had improved the quality of their work, 41 percent said they are more engaged with their work, and 36 percent said they are faster at doing their job.
Attaining certifications also had a direct impact on respondents’ career trajectories, with certifications credited with leading to a raise (19 percent), helping get a new job (18 percent), decreasing errors in their work (17 percent), and getting a promotion (16 percent).
But which certifications are the best?
Deciding which certifications are best for your career path can be fraught, and there is no one answer about which is the “best” approach to take, since the market offers a wide range of certifications and many overlap in ways that mean there are many paths you can take towards your dream job.
Udemy’s latest quarterly Workplace Learning Skills Index observed a similar trend at a regional level. Likely reflecting the IT market’s strong presence in managed security services in that country, for example, Indian workers are the world’s most enthusiastic about studying security topics, with Security Information and Event Management (SIEM) training surging by 461 percent quarter-on-quarter.
By comparison, CompTIA Network+ certifications are the most popular topics being studied in Australia (215 percent) and France (164 percent), where many cybersecurity and IT careers begin with introductory jobs in network operations centers (NOCs) and security operations centers (SOCs) (interestingly, ChatGPT, whose value to cybersecurity professionals is becoming clearer every day, was far and away the most popular topic in the U.S.).
Depending on which area you want to pursue, there may be numerous choices of certification. A wealth of penetration-testing certification options, for example, means there are many ways to gain and demonstrate your knowledge — including OffSec Offensive Security Certified Professional (OSCP), CREST Registered Penetration Tester (CRT), EC-Council Certified Ethical Hacker (CEH), OffSec Certified Professional (OCSP), and TCM Security Practical Network Penetration Tester (PNPT).
Your choice of certification will ultimately depend on time, cost, relevance, and many other factors. That said, here are a dozen cybersecurity certifications that are sure to give you a leg up in your next job application:
- CompTIA Security+: Pitched as “the first security certification a candidate should earn,” this certification has helped more than 2.3 million recipients demonstrate problem-solving in security domains such as evaluating a company’s security posture; monitoring and securing hybrid environments across cloud, mobile, and IoT; meeting governance, risk, and compliance obligations; and analyzing and responding to security events.
- Certified in Cybersecurity (CC): Designed as an entry-level certification to demonstrate basic cybersecurity competency, (ISC)2’s online training and certification program is designed for people hoping to break into the cybersecurity industry.
- Certified in Risk and Information Systems Control (CRISC): ISACA’s risk management certification uses Agile methodologies to help candidates improve business resilience.
- Certified Information Security Manager (CISM): This ISACA certification focuses on evaluating corporate risks, implementing effective governance, and proactively responding to incidents.
- Certified Ethical Hacker (CEH): One of a range of security certifications offered by the EC-Council — the others address areas such as penetration testing (CPENT), forensic investigations (CHFI), network defense (CND), cloud security (CCSE), DevSecOps (CDE) and more — CEH provides a critical skills base for the important function of penetration testing.
- Certified Cloud Security Professional (CCSP): The world’s rush toward digital transformation in recent years has pushed cloud security to the top of many companies’ skills wish lists. CCSP is a well-recognized way to demonstrate competency in this in-demand area.
- If you are targeting a career in organizations using specific cloud platforms, certifications such as Microsoft Certified Azure Security Engineer Associate, Google Professional Cloud Security Engineer (PCSE), and the AWS Certified Security – Specialty exam can be invaluable to demonstrate that you have the domain-specific knowledge to secure these critical parts of the enterprise.
- Certified Information Systems Security Professional (CISSP): (ISC)2’s widely recognized security certification evaluates security professionals’ experience and knowledge across a range of security practices and principles.
- Certified Information Privacy Professional (CIPP): This IAPP certification teaches and recognizes specialization in essential privacy practices, with four regional concentrations ensuring that skills are relevant to local laws and requirements no matter where you live and work.
- CREST Practitioner Threat Intelligence Analyst (CPTIA): CREST’s family of certifications recognizes skills in penetration testing, threat intelligence, and incident response — three core cybersecurity disciplines — and CPTIA is a strong way of demonstrating your competence in gathering and utilizing actionable security data.
- Certified Information Systems Auditor (CISA): ISACA’s widely recognized certification evaluates competencies in auditing, controlling, monitoring, and assessing an organization’s IT and business systems.
- Cisco Certified Network Professional Security (CCNP): A far-reaching qualification with broad scope that spans enterprise infrastructure, virtualization, assurance, security, automation, and specialist skills.
Whatever certification you pursue next, do your research first. Is it well recognized? Does it demonstrate knowledge in areas that are in particularly high demand? Is it part of a broader framework of skills and certifications that will help you steadily expand your knowledge — and your career? Choose wisely now and your certification will be paying dividends for years to come.
Source: Cybercrime Magazine