Six Hot Cybersecurity Certifications for 2020
According to a recent CompTIA report, companies are beginning to consider cybersecurity a core business function and not just a part of IT. With increasing adoption of cloud computing and a surge in the number of connected devices, the cyber threat landscape is evolving fast, making it ever more challenging for businesses to address emerging threats.
Many organizations are grappling with a cybersecurity skills shortage. Cybersecurity Ventures predicts that the number of vacant cybersecurity jobs will go up to 3.5 million by 2021. This is the right time for professionals with an interest in this field, experience, and the right aptitude to develop relevant skills.
Certifications validate knowledge of current security technologies and roles. They are especially helpful for IT professionals with some related experience looking to move to a career in cybersecurity, or for information security specialists aspiring to advance their careers.
It's necessary to first understand the wide range of roles available within cybersecurity, such as technical, managerial, marketing, sales, and training, in order to select the most suitable role and certification. Listed below are six certifications that are currently most sought after by employers. Some of these credentials require years of experience.
CompTIA Security+
CompTIA's Security+ credential is still the most reliable entry-level cybersecurity certification. Security+ demonstrates solid technical expertise and baseline information security skills. The exam tests the candidate's ability to perform a wide range of cybersecurity tasks, including responding to security incidents.
Security+ is valued for its broad-based coverage of cybersecurity fundamentals, emphasis on practical skills, and U.S. Department of Defense (DoD) 8570 compliance. This credential is suitable for networking professionals who are keen on moving to a career in cybersecurity.
Candidates for the exam are expected to have hands-on knowledge of threat management, identity and access management, cryptography, risk management, technologies and solutions, and architecture and design.
Though there are no prerequisites for this credential, CompTIA recommends their Network+ certification and at least 2 years of professional experience in network administration with a security emphasis. To earn this credential, you need to pass the 90-minute, 90-question SY-501 exam with a passing score of 750 on a scale of 100-900.
Exam prep options include instructor-led training, video training, eLearning, study guides, exam objectives, sample questions, and virtual labs from CompTIA. Quite a few companies also offer training for the Security+ exam.
Security+ is valid for 3 years. You can renew it by earning 50 or more Continuing Education Units (CEUs) in 3 years, or complete CertMaster CE, or earn higher certifications before your credential expires. To learn more, click here.
Certified Information Systems Security Professional (CISSP)
The CISSP is an advanced credential designed for experienced information security professionals. This much sought-after certification is offered by International Information Systems Security Certification Consortium (ISC)2.
The CISSP validates the ability to design, execute, and manage a comprehensive and advanced cybersecurity program for an organization. CISSP holders are trained to work as Chief Information Security Officers, Information Security Directors or Managers, Security Systems Engineers, Security Architects, Security Consultants, and Security Officers in US Government departments.
The CISSP exam covers eight security domains, which include security and risk management, asset security, security architecture and engineering, communication and network security, identity and access management, security assessment and testing, security operations, and software development security. Like Security+, CISSP is U.S. DoD 8570 compliant.
To achieve the CISSP certification, you need to pass the requisite exam and have a minimum of five years of cumulative, professional experience in at least two of the eight domains of the (ISC)2 CISSP Common Body of Knowledge (CBK).
A four-year college degree or an approved credential can substitute for one year of work experience. Those who don't have the required experience can still pass the exam and qualify as an Associate of (ISC)2. Candidates who pass the exam and have the necessary experience must also complete the endorsement process, agree to abide by the (ISC)2 Code of Ethics, and pay the annual maintenance fee.
Exam prep options include instructor-led as well as self-paced training from (ISC)2 and their Official Training Providers. (ISC)2 also offers self-study materials, such as study guides, textbooks, and practice tests. To learn more, click here.
Certified Information Security Auditor (CISA)
ISACA's internationally popular CISA credential is currently the most respected certification for IT professionals looking to specialize in information systems audit, control, and security.
CISA demonstrates expertise in vulnerability assessment, compliance reporting, acquisition, development, deployment, and operation of information systems, systems and data protection, and systems audit, management, and governance. More and more employers are seeking CISA-certified professionals in order to secure and maintain availability of information assets.
A candidate is required to pass one exam, have at least five years of demonstrable full-time work experience as specified in the CISA job practice areas, submit an application and pay the non-refundable fee, and agree to ISACA's Code of Professional Ethics, Continuing Professional Education (CPE) policy, and Information Systems Auditing Standards. Experience substitutions up to a maximum of 3 years are possible for candidates with specific university degrees or experience.
To maintain this certification over the three-year validity period, a candidate must earn and report 120 or more CPE hours, with at least 20 CPE hours earned per year and pay the annual maintenance fee. ISACA offers both self-paced and instructor led exam preparation options. A free CISA self-assessment exam is also available. Several vendors also offer training for the exam. To learn more, click here.
Certified Information Security Manager (CISM)
Also managed by ISACA, CISM is an advanced certification designed for experienced security professionals aspiring to move from technical roles to enterprise security management responsibilities. CISM is currently one of the more in-demand security certifications. It validates advanced knowledge and skills in information security program development and management, risk management, governance, and management of security incidents.
To achieve this certification, a candidate needs to pass one four-hour exam, have a minimum of five years full-time verifiable work experience in information systems audit, security, or control as specified in the CISM job practice domains, complete the application process, pay the application fee, commit to continue professional education, and adhere to the ISACA Code of Professional Ethics.
A maximum of two years of the work experience requirement may be waived if the candidate has specific certifications, education, or professional experience. Exam prep options include ISACA's instructor-led training, self-paced study options, such as the online review course, Official CISM Review Manual, other study guides, interactive sample exams, and the exam prep community, and the free CISM self-assessment exam.
The CISM is valid for three years. To maintain this credential, the holder must earn 120 CPE credits over the three-year period, with a minimum of 20 credits per year, and pay the annual maintenance fee. To learn more, click here.
Certified Ethical Hacker (CEH)
Managed by the International Council of E-Commerce Consultants (EC-Council), Certified Ethical Hacker is a respected credential for information security professionals aspiring to work as ethical hackers and progress toward becoming penetration testers. This certification is designed to enable candidates to develop a comprehensive understanding of the basics of ethical hacking.
CEH demonstrates knowledge of advanced technologies and tools used by malicious hackers and a thorough understanding of their approach to hacking. The exam tests the candidate's ability to scan, test, exploit, and secure systems. A candidate for the exam should be skilled in the five phases of ethical hacking, which include reconnaissance, gaining access, enumeration, maintaining access, and covering one's tracks.
To earn the CEH credential, candidates must pass a 4-hour, 125-question multiple-choice exam. The EC-Council stipulates specific eligibility criteria for the exam:
Under Option 1, a candidate needs to complete an official EC-Council training program through one of the authorized routes. A candidate who completes the same does not need to go through the application process for the exam.
Under Option 2, candidates who do not complete official training must have at least two years professional experience in an information security role and must be able to provide proof during the application process.
Self-study options, including courses, practice exams, books, and video training, are available from EC-Council and third parties for those who don't opt for EC-Council official training. These candidates are also required to pay a $100 application fee. They can buy an exam voucher only after their application has been approved.
The CEH certification is valid for three years, during which period a credential holder must earn 120 continuing education credits, on a per annum basis and register credits earned each calendar year by Feb. 1 of the following year. This is necessary to maintain the certification. To learn more, click here.
Certified in Risk and Information Systems Control (CRISC)
ISACA's CRISC credential is designed for mid-level IT professionals looking to advance their knowledge and skills in enterprise-level IT risk management and control. Several organizations have suffered loss of business and reputation because of data breaches. As a result, more and more enterprises are hiring experienced professionals who have the ability to identify and manage IT risk and implement and administer effective controls.
CRISC validates the ability to address everyday cyber threats using the right technologies and tools to assess, administer, and mitigate enterprise IT risk. The exam tests a candidate's expertise in IT risk identification and assessment, response and mitigation, and monitoring and reporting risk and control.
To achieve the CRISC certification, you need to pass one exam, submit an application and pay the fee, have at least three years of verifiable full-time cumulative experience in risk management and control, specifically in two or more CRISC domains, and comply with ISACA's Code of Professional Ethics and CPE program.
ISACA has self-paced and instructor-led exam prep solutions, which include a question and answer database, the Official CRISC Review Manual, other books, an online review course, and virtual and live instruction. Candidates can also use ISACA's free CRISC Self-Assessment Exam.
A candidate must obtain 120 or more CPE credits over the three-year certification tenure, with 20 or more credits earned per annum, and pay the annual maintenance fee in order to maintain this certification. To learn more, click here.
More Options
Other certifications worth considering, depending on your interests, career goals, and industry needs, include SANS GIAC Security Essentials (GSEC), Offensive Security Certified Professional (OSCP), Cisco Certified CyberOps Associate (CCCA), the ANSI/ISO-accredited Certified Information Privacy Professional/US (CIPP/US), and Cisco Certified Network Professional (CCNP) Security.
The prospects for skilled cybersecurity professionals currently look promising. Attractive pay, increasing number of jobs, and ample opportunity for career advancement make cybersecurity a good career choice.