When it comes to IT certifications most would agree that the “Big-3” essentials are CompTIA A+
, CompTIA Network+
, and CompTIA Security+
. From there, a few specialized certs along the lines of Cisco CCNA, Linux and Microsoft certifications as well as a few other vendor and technology-specific certifications, are a good bet for adding the next layer to your certs portfolio. A solid collection of technology certifications in combination with hands-on experience is a good recipe for making you more attractive to employers. This same general approach also applies to building the foundation of a successful cybersecurity career. But it would seem that things are somewhat more complex and not as straightforward for cybersecurity professionals and cybersecurity certifications as revealed by a recent survey conducted by the Enterprise Strategy Group (ESG).ESG and the Information Systems Security Association (ISSA) conducted a primary research project in mid-2016 where they surveyed 437 information security professionals. The goal was to capture their thoughts on the state of the cybersecurity profession with a focus on skills development. Survey subjects were asked for their opinions on job satisfaction, training opportunities and career advancement, and their reasons for getting into the field. Their responses were enlightening and portray a highly lucrative field that is also beset with many frustrations. You can read a summary of the survey on the ESG website
.For the purposes of this post, we’re going to focus on what the respondents shared regarding which cybersecurity certifications they felt packed the most punch. It should be pointed out that many respondents claimed that one of the major challenges facing them was keeping up with rapid advances in the field of cybersecurity. They claimed that the training they received on the job was often inadequate and employers failed to make career development and training a priority. When it came to cybersecurity certifications, the conclusion drawn from the survey was that they’re a mixed bag.The cybersecurity certification that over half (56%) of the respondents had obtained and felt was valuable for landing a job was a Certified Information Systems Security Professional (
. Coming in a distant second was the CompTIA Security+ cert with 19% of respondents in possession of it followed by CISM (Certified Information Security Manager
) at 17%, CISA (Certified Information Security Auditor
) at 16%. CISM and CISSP were regarded as the most valuable when it comes to landing a job and developing job knowledge. The general takeaway from this portion of the survey is that cybersecurity certifications should not be the primary means for skills development.It’s interesting to note that ESG and ISSA recommend that cybersecurity professionals invest more time in career development and in addition to obtaining certs they look to other sources of training as well as gaining and sharing knowledge with industry peers.
The problem is, these certifications are not available or affordable to everyone, everywhere. Therefore, Cybrary has released micro-skills based certifications. Each test is created by the Cybrary Education committee and is a thorough deep dive into the most critical skills in the field.
They further point out that understanding the business aspects of the industry in which your employer operates is something to establish early in one’s cybersecurity career. Threats to business assets don’t occur in a vacuum and understanding how and why attackers target a particular industry vertical will make you a stronger cybersecurity practitioner. Areas cited requiring work between cybersecurity staff and the rest of the organization are internal relationships, particularly with IT and the prioritization of tasks, and CISOs
not getting sufficient face time in the boardroom. The former seems ironic considering that many cybersecurity professionals got their start in IT, but it also underscores the importance of obtaining a solid grounding in the fundamentals of IT. Demonstrating a firm grasp of IT and networking essentials will confer credibility on you and earn you the respect of your peers in IT.The silver lining in all this is that the demand for cybersecurity professionals only continues to grow along with the salaries organizations are willing to pay for qualified professionals. A typical salary for an experienced cybersecurity expert is around $140,000 per year. Challenges exist on both sides of the hiring table with pressure on employers to provide better career development advice and more training opportunities.Those currently working in the field of cybersecurity must first make certain that they have defined a career path for themselves and then work to advance along it by continually developing their skills and experience. Cybersecurity certifications definitely have their place, but shouldn’t be viewed like acquiring trophies simply to brag about and show off. They also shouldn’t be solely evaluated on how much more they can potentially earn you in additional salary. A well-considered career development path that is an intelligent balance of cybersecurity certifications, additional training, and real world experience should place you in a good position to reaping all of the awards this exciting career area has to offer. Cybrary.it offers 100% free training in a wide range of cybersecurity certifications, and now offers Micro-certifications based on specific skill sets needed in top industry jobs. To find out more about these areas, check out the course catalog
and skills certifications