If you’re considering a new career in IT security or looking to move up the job ladder, your prospects are bright.
As noted by CompTIA, IT security analysts earn an $81K median annual wage, and a 28% increase in open IT positions is expected by 2026. The organization also reports that 96% of managers use certifications as criteria during recruitment. That should make certifications a high priority in your career strategy. Even if you are not currently looking for a new job in security, getting certified in advance is the smart move. You never know when a new opportunity might present itself.
But which certification is best for you? Much depends on where you’re at in your career lifecycle.
In this article, we give you a rundown of the top programs to consider. These include programs geared towards those who are new to the security realm as well as seasoned professionals looking to move up to the manager or senior executive levels of their IT organizations. We even give you a snapshot of a certification program that teaches you how to think like a hacker.
For Security Professionals Just Starting Out
Two organizations that have strong industry reputations for certifying IT pros seeking their first security certification are CompTIA and (ISC)². If you’re not certain what type of security job you are looking for or which industry you want to work in, CompTIA Security+ could be a good fit. The certification gives you the core knowledge for any cybersecurity role and provides a springboard to intermediate jobs.
The certification will validate you have the baseline skills to perform core security functions, and by passing the certifications test, you can demonstrate you have the knowledge to install and configure systems to secure applications, networks, and devices; perform threat analysis and respond with appropriate mitigation techniques; participate in risk mitigation activities; and operate with an awareness of applicable policies, laws, and regulations.
The Systems Security Certified Practitioner (SSCP) certification offered by (ISC)² (aka Information System Security Certification Consortium) is ideal for IT professionals responsible for the operational aspects of security their organization’s digital assets. You can get certified in cybersecurity strategy and implementation, but for those that have narrowed their job hunt somewhat, you can also choose to focus on more narrow security aspects such as the cloud, software development, assessments, and healthcare security.
When You’re Looking for a Promotion
After earning a CompTIA Security+ or SSCP certification and getting a few years of experience in a security role, perhaps you’re looking to move up to a management position. That’s where the Certified Information Security Manager (CISM) certification comes in handy.
Offered by ISACA (Information Systems Audit and Control Association), passing the program tells prospective employers you have gained expertise in information security governance, program development and management, incident management, and risk management. Complement this with some basic people management skills, and you’ll be ready to take the next step!
As you keep advancing your career, you will next likely want to turn to another certification offered by (ISC)2. The Certified Information Systems Security Professional (CISSP) program targets those seeking a senior executive position such as CIO, CISO or Director of IT Security. Earning CISSP demonstrates you know how to design, implement and manage best-in-class cybersecurity programs. Certification also gives you an (ISC)² membership, which provides access to various educational resources and security tools as well as and peer networking opportunities. The on-going education you receive could be just as valuable as the certification.
A View from the Other Side of Security
An alternative approach to learning how to protect digital assets is to study how cybercriminals attempt to breach IT infrastructures. If you know what the bad guys are up to, you can build a stronger security posture for your employer.
That’s what you can do by signing up for the Certified Ethical Hacker Program. The program takes you through systematic attempts to inspect network infrastructures (with the consent of the network owners) to find security vulnerabilities that a hacker could exploit. The course helps you assess the security posture of organizations by identifying vulnerabilities in the network and system infrastructure to determine if unauthorized access is possible.
This certification is likely best used in conjunction with the certifications discussed above. It tells prospective employers you know how to look at cybersecurity from both sides. An employer will appreciate this view but also want to make sure you know what to do to protect the inside of the organization.
Certification Training Resources
A key aspect of all of these certifications is that they are technology vendor-neutral. That means you will have the basic know-how to apply general security best-practices in any environment your career path takes you to.
Each of the organizations that offer these certifications also provides training and other educational resources to help you pass their exams. If you’re looking to earn more than one certification, it may make sense to take classes with an independent instructor organization that delivers training in all of the certifications. For suggestions, check out this article from Tripwire. In addition to certification training, these organizations offer a wide range of training programs that will help you develop deep expertise in all areas of IT security.
Since you want to be sure you select a solid organization to invest your time in so the certification you earn truly pays dividends, it’s a good idea to talk with your colleagues about their certification and training experiences. And if you’re looking to move up within your IT organization, check too with your manager to see if they can offer a recommendation. Your company might even have a program to fund your efforts!
Greg Mooney
Greg is a technologist and data geek with over 10 years in tech. He has worked in a variety of industries as an IT manager and software tester. Greg is an avid writer on everything IT related, from cyber security to troubleshooting.