Even though IT teams will face budget cuts due to the economic downturn, it’s a safe bet that security professionals will still be in high demand. The coronavirus lockdown has only increased the need for a strong cybersecurity defense.
If you are worried about your job or want to take on a new role, it’s a good time to boost your credentials with a certification. Adding a few initials at the end of your name can help you get an interview and potentially increase your salary over time.
In 2019, IDC surveyed about 1,000 IT professionals and found that people with certifications got promoted more often than their colleagues without them. CompTia sponsored the study, which also looked at the impact of certifications on the amount of influence an IT pro has within his or her company.
Certifications do help job candidates stand out of the crowd of applicants. Joseph Pierini, US head of testing, cybersecurity information security resilience at BSI, said certifications are a solid demonstration of the ability to set a goal and commit to studying for the cert, which often requires nights and weekends.
“This tells me that this candidate was willing to make a commitment, invest their own time, and work hard for something they were passionate about,” he said
Pierini said people who are new to industry can gain some credibility by participating in bug bounties and capture the flag events.
“Publishing tools and techniques on GitHub can also give me a peek into what their future deliverables might look like,” he said.
Here is a look at 13 certification programs, starting with courses that are best for beginners and moving on to certifications designed for more experienced professionals.
CompTIA Security+
This program assesses baseline cybersecurity skills and emphasizes hands-on practical skills, including junior IT auditor/penetration tester job, systems admin, network admin and security admin. This course also meets the requirements of the Department of Defense Directive 8570.1.
SANS GIAC Security Essentials – GSEC This entry-level program focuses on the prevention of attacks and detection of adversaries, networking concepts, defense in depth, and secure communications. It is foundational for Windows and Linux Security and has a bootcamp-style training course.
Offensive Security Certified Professional – OSCP
This is an ethical hacking credential and is good for people who are new to OffSec and penetration testing. Professionals with this certification will be able to spot vulnerabilities in security systems and perform controlled attacks.
Certified Ethical Hacker – CEH
This program trains people how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and skills as a bad actor but in a legitimate manner to assess the security of a particular system.
Certified Information Systems Auditor – CISM
This program is good for entry-level to mid-career security professionals. This certification can improve the ability to use a risk-based approach to planning, executing, and reporting on audits.
Certified in Risk and Information Systems Control – CRISC
This program prepares IT professionals for enterprise risk management responsibilities. It is a good fit for mid-career professionals.
Certified Information Privacy Professionals/US – CIPP/US
This certification is an industry benchmark. Individuals with this credential have shown a strong understanding of US privacy laws and regulations, including workplace privacy, state privacy laws, and limits on private-sector collection and use of data.
Certified Information Security Manager – CISM
This program is a good choice for professionals who want to move from being a team member to a team leader. The certification can make it easier to work with internal and external stakeholders, colleagues, and regulators.
Certified Information Systems Security Professional – CISSP
This program is best for experienced security experts, managers, and executives who want to prove their knowledge across multiple security practices and principles. The CISSP also meets the US Department of Defense Directive 8570, the certification required for all government employees who conduct information assurance functions.
Computer Hacking Forensics Investigator – CHFI
This course focuses on investigation techniques used by police, government, and corporations to gather the necessary evidence to prosecute in the court of law.
Cisco Certified Network Associate Security – CCNA
Earning this certification requires passing two exams—one that covers core security technologies and one in your concentration area of choice. The course, Implementing and Operating Cisco Security Core Technologies, helps candidates prepare for the exam.
Cisco Certified Network Professional Security – CCNP
This program tests a professional’s knowledge of implementing and managing core security technologies, including network security, cloud security, content security, endpoint protection and detection, secure network access, visibility, and enforcements.
Certified Cloud Security Professional – CSSP
This program focuses on advanced technical skills and knowledge to design, manage, and secure data, applications and infrastructure in the cloud using best practices, policies and procedures.
HackerRank is also developing certification programs to evaluate a developer’s technical proficiency. These assessments include timed questions benchmarked against specific technical skills and are available to registered users of the site.
Vivek Ravisankar, HackerRank CEO and co-founder, said each skill is individually defined based on the market needs identified by customers that use HackerRank’s product for assessing developers. Currently, the assessments are available for US users only. HackerRank expects to make the certifications available to everyone on the platform within the next three months.