Security certifications aren't mandatory for all industry experts, but they can make a difference in applying for new roles. (ISC)² CEO David Shearer says they're a "must-have" when looking at candidates on paper.
"Statistically, someone who goes through the formal [certification] process tends to be a candidate with more educational experience," he says, and certifications give professionals the "deep dive" expertise they need to drive their careers.
There are definitely people who learn from experience and fall outside the rule, however. "There are always exceptions; people who don't have certifications who are fantastic at what they do," Shearer notes.
But a certification gives you broader knowledge, he says. "You need to think broad and you need to think deep," he says of building security expertise.
This depth is what separates security certificates from certifications, which "have a different bar you have to go through compared with a certificate," he says, citing a report from the Institute for Credentialing Excellence. Certificates typically don't evaluate experiential performance. "There's a lot more rigor that goes into a credential as opposed to a certificate."
While the distinction doesn't necessarily mean certificates are bad, it's simply something to bear in mind because they are designed to evaluate different things and therefore have a different structure.
It's important for businesses to recognize the difference between certificates and certification programs, says Shearer. People commonly use "certificate" and "certification" as synonymous terms.
Businesses who want professionals to demonstrate established knowledge or skills should focus on certification programs, which aim to validate competency through a structured assessment system. Certificate programs provide instruction so participants acquire skills in a specific area. While certification content is typically broad in scope; certificate content is much narrower.
Here's a look at some of the key certifications for security experts today. Do you have any of these certifications? Thinking about them? Feel free to share your thoughts and keep the conversation going in the comments.
Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio