As a Cyber Security Professional, you are well and truly in demand. With a shortfall of over 14,000 cyber professionals estimated for 2022, organisations are understaffed and vulnerable. The skills gap is making matters worse: the 2022 DCMS report found that 51% of businesses in the UK have a basic cyber security skills gap.
You can capitalise on this with the cyber security skills and experience you already have. However, if you want to make yourself even more employable, and ensure your career progresses in the direction and at the rate you desire, certifications could make all the difference. You’ll often be required to hold certain certifications if your organisation has a Service Level Agreement (SLA) with large business or public sector clients.
Let’s look at the most valuable ones, and figure out which ones suit you and your career goals…
Entry/Associate-Level
Systems Security Certified Practitioner (SSCP)
The SSCP is a certification from (ISC)² and is ideal for hands-on, operational IT Administrators, Managers, Directors and Network Security professionals. This certification is a great prerequisite for the more advanced CISSP (see below). Fulfils the DoD 8570 compliance directive.
Ideal for Database Administrators, Network Security Engineers, Security Administrators, Security Analysts/Consultants/Specialists, Systems Administrators, Systems Engineers and Systems/Network Analysts.
Eligibility criteria: Pass the examination, and have at least one year of cumulative, paid work experience in one or more of the seven domains of the SSCP Common Body of Knowledge (CBK). This experience may be waived for those with a degree in a cyber security program.
Cisco Certified Network Associate (CCNA)
The CCNA certification from Cisco is for entry-level professionals looking to validate their skills in Cisco security, including networking fundamentals, IP services, security fundamentals, automation and programmability. The CCNA Security certification was replaced with the new, consolidated CCNA in 2020. In the DCMS report, the CCNA and more advanced Cisco Certified Network Professional Security (CCNP) certifications are in high demand, with 21% of UK job postings listing these as a requirement.
This certification will help you get job roles such as Entry-Level Network Security Engineer, Information Security Analyst/Engineer, Help Desk Technician, Network Administrator and Network Support Technician.
Eligibility criteria: Pass the CCNA exam. There are no formal prerequisites, but Cisco recommend one or more years’ experience in implementing and administering Cisco solutions.
GIAC Security Essentials (GSEC)
GSEC is an entry-level certification from GIAC (Global Information Assurance Certification), aimed at those looking to move from more general information systems and networking roles into security roles. It will validate your knowledge in active defense, access control, password management, cryptography, network architecture, incident handling and response, Linux security, security policy and risk management, web communication security, cloud security and Windows security.
Ideal for security professionals, Security Managers, Operations personnel, IT Engineers and Supervisors, Security Administrators, Forensic Analysts, Penetration Testers and Auditors.
Eligibility criteria: Pass the examination. Having a background in information systems and networking, practical work experience and degree-level courses are recommended.
CompTIA Security+
Security+ is a great certification if you are early in your cyber security career, and want to validate your core skills and knowledge. Focuses on hands-on practical skills, and is a great follow-on from the CompTIA Network+ certification. This certification is particularly valued in the US and also fulfils the DoD 8750 compliance directive.
Well suited for those who want to enter roles such as Security Administrator, Helpdesk Manager/Analyst, Security Engineer/Analyst, IT Auditor, Network/Cloud Engineer, DevOps/Software Engineer, IT Project Manager and Systems Administrator.
Eligibility criteria: Pass the Security+ exam, plus two years’ experience in IT Administration with a security focus.
Mid/Senior Level
Certified in Risk and Information Systems Control (CRISC)
ISACA’s CRISC certification is ideal for mid-career professionals looking to validate their experience in risk management. The certification covers four domains: governance, IT risk assessment, risk response and reporting, and information technology and security.
Ideal for those looking for roles as Security Directors/Managers/Consultants, Compliance, Risk, Privacy Directors/Managers, IT Audit Directors/Managers/Consultants and Compliance, Risk and Control staff.
Eligibility Criteria: Pass the CRISC examination and have a minimum of three years’ cumulative work experience in at least two of the four CRISC domains (one of which must be in either Domain 1 or 2).
Certified Information Security Manager (CISM)
The CISM certification from ISACA is globally esteemed. This certification is for those with technical expertise looking to move into more senior, managerial roles. You’ll validate your experience in information security governance, information security risk management, information security program and incident management.
The CISM certification will help with employability for positions such as Information System Security Officer, Information/Privacy Risk Consultant and Information Security Manager, among others (including executive level).
Eligibility Criteria: Pass the CISM exam, and have at least five years’ experience in InfoSec management, with experience waivers of two years (max) available in certain circumstances.
Certified Information Systems Auditor (CISA)
CISA is another certification held in high-esteem globally, from ISACA. This is for any mid-career professional who audits, controls, monitors and assesses their organisation’s information technology and business systems. You’ll be tested on five domains: information systems and auditing process, governance and management of IT, information systems acquisition, development and implementation, information systems operations and business resilience, and protection of information assets.
Some common roles for a CISA holder are Internal Auditor, Public Accounting Auditor, InfoSec Analyst, IT Audit Manager, IT Project Manager, IT Security Officer, Network Operation Security Engineer, IT Consultant, IT Risk and Assurance Manager, Privacy Officer and CIO.
Eligibility Criteria: Five or more years’ experience in IS/IT audit, control, assurance, or security. Experience waivers available for a maximum of three years, depending on circumstances.
Certified Information Systems Security Professional (CISSP)
The CISSP is another sought-after, and globally recognised, certification from (ISC)², and meets the DoD 8570 compliance directive. This is for experienced security professionals who want to validate their skills in designing, implementing and managing cybersecurity programs of an excellent standard, and show they can create and maintain an organisation’s overall security posture. It is ideal for those who are in, or want to move into, leadership roles. It is the most commonly requested certification by UK employers.
It’s good to have, and might be a requirement, for job roles such as CIO, CISO, Director of Security, IT Director/Manager, Network Architect, Security Analyst, Security Architect, Security Auditor, Security Consultant, Security Manager and Security Systems Engineer.
Eligibility criteria: Pass the examination, plus a minimum of five years’ cumulative, paid experience in two or more of the eight domains of the CISSP Common Body of Knowledge.
CompTIA Advanced Security Practitioner (CASP+)
The CASP+ certification is for advanced security professionals who want to validate their technical expertise, without a focus on management. It covers both security architecture and engineering, offering Security Architects and Senior Security Engineers the chance to show how they can implement solutions within the frameworks Security Managers set out. Meets the ISO 17024 standards and the DoD 8140/8570-M requirements.
Ideal for Security Architects, SOC Managers, Senior Security Engineers and Security Analysts.
Eligibility criteria: Pass the CASP+ examination. CompTIA recommends a minimum of ten years’ general hands-on IT experience, with at least five years of broad, hands-on security experience.
Specialisms
Certified Ethical Hacker (CEH)
The EC-Council’s CEH certification is a globally recognised qualification for white-hat hackers. You’ll gain a hands-on understanding of ethical hacking phases, various attack vectors, and preventative countermeasures, with a hacking challenge at the end of each module. Particularly important if your organisation has a SLA, as white-hat hackers need to be seen to be trusted.
Ideal for InfoSec Analysts/Adminstrators/Managers/Specialists/Professionals/Officers, Information Assurance (IA) Security Officers, Information Systems Security Engineers/Managers, InfoSec/IT Auditors, Risk/Threat/Vulnerability Analysts, System Adminstrators and Network Adminstrators/Engineers.
Eligibility Criteria: Completion of an official EC-Council training, or at least two years’ work experience in the InfoSec domain, then pass the examination.
Certified Hacking Forensic Investigator (CHFI)
The CHFI is another certification from EC-Council, focusing on digital forensics and evidence analysis, designed for professionals involved in information system security, computer forensics, and incident response.
It is ideal for Police and other law enforcement personnel, Defense and Security personnel, e-Business Security professionals, Legal professionals, Banking, Insurance, and other professionals, Government agencies, IT Managers and Digital Forensics Service Providers. Common job roles for CHFI accredited professionals include (but are not limited to): Forensic Computer Analyst, Disaster Recovery Expert, Cryptographer, Information Technology Auditor, Cyber Crime Investigator, Malware Analyst and Security Consultant.
Eligibility Criteria: completion of an official EC-Council training, or at least two years’ work experience in Information Security, then pass the examination.
Certified Cloud Security Professional (CCSP)
(ISC)²’s CCSP certification is for IT and InfoSec professionals looking to prove their understanding of cyber security and securing critical assets in the cloud. Great for validating your expertise and technical skills in cloud application and infrastructure design and management.
A good certification if you’re looking for Enterprise Architect, Security Administrator/Architect/Consultant/Engineer/Manager and Systems Architect/Engineer roles.
Eligibility criteria: You must pass the exam, and have at least five years’ work experience in IT, with three of those years in InfoSec, and at least one year in one or more of the six domains of the CCSP Common Body of Knowledge.
Certificate of Cloud Security Knowledge (CCSK)
CSA’s CCSK certification is more knowledge-based, compared to the practice-based CCSP. It is for cyber security professionals looking for a vendor-neutral understanding of cloud security, paving the way for you to earn more specialised cloud credentials.
Ideal for those wanting to move into roles such as Cyber Security Analyst, Security Engineer, Security Architect, Enterprise Architect, Security Administrator, Compliance Manager, Security Consultant, Systems Engineer and CISO.
Eligibility criteria: complete the examination, no prior work experience recommendations.
So, there are many options available when it comes to security certifications, and adding some letters after your name could be the difference between you and the other candidates being considered for your next role. If you’d like some more career/certification advice, or to hear about the opportunities available to you, get in touch today.
