Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

In an industry where certifications can make or break a job candidacy, which ones have security pros been going after in 2019?

Joan Goodchild, Contributing Writer, Contributing Writer

October 15, 2019

12 Min Read

Figure 1:
We know there are plenty of jobs out there for those interested in working in security. And there is also no shortage of security certifications for those who want to demonstrate to employers they have earned the education they need to succeed. But in a fast-moving and evolving field, which certifications are catching fire lately?
Part of the answer depends on the company that's hiring. According to Simone Petrella, CEO of cybersecurity training and education firm CyberVista, companies with emerging security programs may be more reliant on certifications than those with more mature programs. In those cases, CISSP and the Security+ are among the most popular general certifications. (More on those later.)
Specialized ones by industry, such as healthcare, are growing, however, as are requests for cloud certifications, Petrella adds. As time goes on, 'run-of-the-mill certs are probably less useful than the more specialized ones,' she says.
Now back to our original question of which certifications, specifically, are ones to consider. For that we reached out to popular issuers of certifications to find out. From training for entry-level newbies, to experienced veterans, to niche-industry knowledge, here are the certifications security professionals are seeking this year.
(Image: dlyastokiv via Adobe Stock)

We know there are plenty of jobs out there for those interested in working in security. And there is also no shortage of security certifications for those who want to demonstrate to employers they have earned the education they need to succeed. But in a fast-moving and evolving field, which certifications are catching fire lately?

Part of the answer depends on the company that's hiring. According to Simone Petrella, CEO of cybersecurity training and education firm CyberVista, companies with emerging security programs may be more reliant on certifications than those with more mature programs. In those cases, CISSP and the Security+ are among the most popular general certifications. (More on those later.)

Specialized ones by industry, such as healthcare, are growing, however, as are requests for cloud certifications, Petrella adds. As time goes on, "run-of-the-mill certs are probably less useful than the more specialized ones," she says.

Now back to our original question of which certifications, specifically, are ones to consider. For that we reached out to popular issuers of certifications to find out. From training for entry-level newbies, to experienced veterans, to niche-industry knowledge, here are the certifications security professionals are seeking this year.

(Image: dlyastokiv via Adobe Stock)

Figure 2:
NEW: Certified Internet of Things Security Practitioner (CIoTSP)
Issuer: CertNexus
For whom: For practitioners who are seeking to demonstrate a vendor-neutral, cross-industry skill set that will enable them to design, implement, operate, and/or manage a secure Internet of Things (IoT) ecosystem.
Potential roles: Network administrator, software development engineer, solution architect, platform engineer, database developer, IAM administrator/engineer.

NEW: Certified Internet of Things Security Practitioner (CIoTSP)

Issuer: CertNexus

For whom: For practitioners who are seeking to demonstrate a vendor-neutral, cross-industry skill set that will enable them to design, implement, operate, and/or manage a secure Internet of Things (IoT) ecosystem.

Potential roles: Network administrator, software development engineer, solution architect, platform engineer, database developer, IAM administrator/engineer.

Figure 3:
Cyber Secure Coder (CSC)
Issuer: CertNexus
Why it’s hot: As secure coding at the development level becomes the rallying cry — it was a huge focus at Black Hat this summer — Cyber Secure Coder (CSC) is having a bit of a renaissance, according to CertNexus.
'More organizations realize that agile and scrum iterative development approaches have prioritized speed to market with fewer development professionals well-versed in the approaches to develop code securely,' according to CertNexus spokesperson Jeff Felice.

Cyber Secure Coder (CSC)

Issuer: CertNexus

Why it’s hot: As secure coding at the development level becomes the rallying cry — it was a huge focus at Black Hat this summer — Cyber Secure Coder (CSC) is having a bit of a renaissance, according to CertNexus.

"More organizations realize that agile and scrum iterative development approaches have prioritized speed to market with fewer development professionals well-versed in the approaches to develop code securely," according to CertNexus spokesperson Jeff Felice.

Figure 4:
Certified Information Systems Security Practitioner (CISSP)
Issuer: (ISC)2
No. of new certs since Oct. 1, 2018: 12,527
Why it's hot: Was it ever not? Often considered a must for those aspiring to be CSOs and CISOs, it's one of the most well-known and obtained certifications for leaders in the field.

Certified Information Systems Security Practitioner (CISSP)

Issuer: (ISC)2

No. of new certs since Oct. 1, 2018: 12,527

Why it's hot: Was it ever not? Often considered a must for those aspiring to be CSOs and CISOs, it's one of the most well-known and obtained certifications for leaders in the field.

Figure 5:
The Certified Cloud Security Practitioner (CCSP)
Issuer: (ISC)2
No. of new certs since Oct. 1, 2018: 2,365
Why it's hot: In step with the rising use of cloud technologies, the CCSP has been increasing in popularity over the past few years, according to an (ISC)2 representative. Certification Magazine recently named the CCSP the 'Next Big Thing' top certification professionals would be pursuing this year.

The Certified Cloud Security Practitioner (CCSP)

Issuer: (ISC)2

No. of new certs since Oct. 1, 2018: 2,365

Why it's hot: In step with the rising use of cloud technologies, the CCSP has been increasing in popularity over the past few years, according to an (ISC)2 representative. Certification Magazine recently named the CCSP the "Next Big Thing" top certification professionals would be pursuing this year.

Figure 6:
The HealthCare Information Security and Privacy Practitioner (HCISPP)
Issuer: (ISC)2
No. of new certs since Oct. 1, 2018: 246
Why it's hot: ISC(2) representatives note that HCISPP is another certification that is rapidly gaining in popularity. That's due to the increase in healthcare privacy regulation, as well as highly targeted and damaging ransomware attacks on the industry — nearly 500 such attacks so far this year.

The HealthCare Information Security and Privacy Practitioner (HCISPP)

Issuer: (ISC)2

No. of new certs since Oct. 1, 2018: 246

Why it's hot: ISC(2) representatives note that HCISPP is another certification that is rapidly gaining in popularity. That's due to the increase in healthcare privacy regulation, as well as highly targeted and damaging ransomware attacks on the industry — nearly 500 such attacks so far this year.

Figure 7:
Certified Information Privacy Professional/Europe (CIPP/E)
Issuer: International Association of Privacy Professionals (IAPP)
Why it's hot: With the official May 2018 enforcement of General Data Protection Regulation (GDPR), the CIPP/E has become popular not just in Europe, but globally as well, according to IAPP spokesperson Doug Forman.
'CIPP/E is hot globally partly because so many countries do business with Europe and because the GDPR is a template for many newer data protection regulations being enacted around the world,' he says.

Certified Information Privacy Professional/Europe (CIPP/E)

Issuer: International Association of Privacy Professionals (IAPP)

Why it's hot: With the official May 2018 enforcement of General Data Protection Regulation (GDPR), the CIPP/E has become popular not just in Europe, but globally as well, according to IAPP spokesperson Doug Forman.

"CIPP/E is hot globally partly because so many countries do business with Europe and because the GDPR is a template for many newer data protection regulations being enacted around the world," he says.

Figure 8:
Certified Information Privacy Manager (CIPM)
Issuer: IAPP
Why it's hot: CIPM is now hot because it provides an overview of how privacy is managed in midsize to large companies, Forman says. CIPM provides a blueprint for those looking to build a privacy program, manage vendors and outsourcers, assess risk, and respond to data breaches.

Certified Information Privacy Manager (CIPM)

Issuer: IAPP

Why it's hot: CIPM is now hot because it provides an overview of how privacy is managed in midsize to large companies, Forman says. CIPM provides a blueprint for those looking to build a privacy program, manage vendors and outsourcers, assess risk, and respond to data breaches.

Figure 9:
CSX Cybersecurity Practitioner (CSX-P)
Issuer: ISACA
Why it's hot: With a rising recognition that incident response is critical to security strategy, the CSX-P tests a candidate's ability to identify, detect, respond to, and recover from a cybersecurity incident. With breach rates rising annually, CSX-P is popular because it proves that candidates not only have the theoretical knowledge to understand cybersecurity, but actually have the hands-on skills to allow them to begin contributing to an enterprise's security resilience on day one, says ISACA spokesperson Emily Van Camp.

CSX Cybersecurity Practitioner (CSX-P)

Issuer: ISACA

Why it's hot: With a rising recognition that incident response is critical to security strategy, the CSX-P tests a candidate's ability to identify, detect, respond to, and recover from a cybersecurity incident. With breach rates rising annually, CSX-P is popular because it proves that candidates not only have the theoretical knowledge to understand cybersecurity, but actually have the hands-on skills to allow them to begin contributing to an enterprise's security resilience on day one, says ISACA spokesperson Emily Van Camp.

Figure 10:
Certified Information Security Manager (CISM)
Issuer: ISACA
Why it's hot: The CISM is an experience-based certification for professionals seeking to affirm their expertise and ability to understand and articulate complex and challenging security management issues, Van Camp says. In an already hot job market for security pros, Van Camp notes ISACA figures show those with a CISM have demonstrated high earning potential and career advancement.

Certified Information Security Manager (CISM)

Issuer: ISACA

Why it's hot: The CISM is an experience-based certification for professionals seeking to affirm their expertise and ability to understand and articulate complex and challenging security management issues, Van Camp says. In an already hot job market for security pros, Van Camp notes ISACA figures show those with a CISM have demonstrated high earning potential and career advancement.

Figure 11:
CCNA Cyber Ops
Issuer: Cisco
Why it's hot: That hot job market in security is likely also in play here, and entry-level security pros are looking to this cert to get started. The CCNA Cyber Ops certification is billed as a first step in acquiring the knowledge and skills needed to work with a SOC team, and it can be a valuable part of beginning a career in the growing field of cybersecurity operations.

CCNA Cyber Ops

Issuer: Cisco

Why it's hot: That hot job market in security is likely also in play here, and entry-level security pros are looking to this cert to get started. The CCNA Cyber Ops certification is billed as a first step in acquiring the knowledge and skills needed to work with a SOC team, and it can be a valuable part of beginning a career in the growing field of cybersecurity operations.

Figure 12:
Security+
Issuer: CompTIA
Why it's hot: Also a beginner-level certification, Security+ is promoted as a certification that validates baseline skills needed to perform core security functions and pursue an IT security career.

Security+

Issuer: CompTIA

Why it's hot: Also a beginner-level certification, Security+ is promoted as a certification that validates baseline skills needed to perform core security functions and pursue an IT security career.

Figure 13:
Cybersecurity Analyst (CySA+)
Issuer: CompTIA
Why it's hot: A next-step certification, Cybersecurity Analyst (CySA+) certification validates intermediate-level skills, including risk analysis, threat detection, system configuration, and data analysis and interpretation.

Cybersecurity Analyst (CySA+)

Issuer: CompTIA

Why it's hot: A next-step certification, Cybersecurity Analyst (CySA+) certification validates intermediate-level skills, including risk analysis, threat detection, system configuration, and data analysis and interpretation.

Figure 14:
Certified Network Defender
Issuer: EC-Council
Why it's hot: With the network still the front line of the fight against invasion, this lab-intensive course aims to validate an understanding of areas like designing and implementing security policy, troubleshooting security software, performing risk assessment, and learning to detect and respond to threats.

Certified Network Defender

Issuer: EC-Council

Why it's hot: With the network still the front line of the fight against invasion, this lab-intensive course aims to validate an understanding of areas like designing and implementing security policy, troubleshooting security software, performing risk assessment, and learning to detect and respond to threats.

Figure 15:
Certified Ethical Hacker (CEH)
Issuer: EC-Council
Why it's hot: CEH is an older certification that has seen growth in recent years. Billed as a solid intermediate course for the experienced professional who is looking to go beyond demonstrating entry-level knowledge. CEH teaches the hacking skills necessary to successfully perform a penetration test, with knowledge about the techniques and tools used by cybercriminals.

Certified Ethical Hacker (CEH)

Issuer: EC-Council

Why it's hot: CEH is an older certification that has seen growth in recent years. Billed as a solid intermediate course for the experienced professional who is looking to go beyond demonstrating entry-level knowledge. CEH teaches the hacking skills necessary to successfully perform a penetration test, with knowledge about the techniques and tools used by cybercriminals.

Read more about:

2019

About the Author(s)

Joan Goodchild, Contributing Writer

Contributing Writer, Dark Reading

Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights