We know there are plenty of jobs out there for those interested in working in security. And there is also no shortage of security certifications for those who want to demonstrate to employers they have earned the education they need to succeed. But in a fast-moving and evolving field, which certifications are catching fire lately?
Part of the answer depends on the company that's hiring. According to Simone Petrella, CEO of cybersecurity training and education firm CyberVista, companies with emerging security programs may be more reliant on certifications than those with more mature programs. In those cases, CISSP and the Security+ are among the most popular general certifications. (More on those later.)
Specialized ones by industry, such as healthcare, are growing, however, as are requests for cloud certifications, Petrella adds. As time goes on, "run-of-the-mill certs are probably less useful than the more specialized ones," she says.
Now back to our original question of which certifications, specifically, are ones to consider. For that we reached out to popular issuers of certifications to find out. From training for entry-level newbies, to experienced veterans, to niche-industry knowledge, here are the certifications security professionals are seeking this year.
(Image: dlyastokiv via Adobe Stock)
For whom: For practitioners who are seeking to demonstrate a vendor-neutral, cross-industry skill set that will enable them to design, implement, operate, and/or manage a secure Internet of Things (IoT) ecosystem.
Potential roles: Network administrator, software development engineer, solution architect, platform engineer, database developer, IAM administrator/engineer.
Why it’s hot: As secure coding at the development level becomes the rallying cry — it was a huge focus at Black Hat this summer — Cyber Secure Coder (CSC) is having a bit of a renaissance, according to CertNexus.
"More organizations realize that agile and scrum iterative development approaches have prioritized speed to market with fewer development professionals well-versed in the approaches to develop code securely," according to CertNexus spokesperson Jeff Felice.
No. of new certs since Oct. 1, 2018: 12,527
Why it's hot: Was it ever not? Often considered a must for those aspiring to be CSOs and CISOs, it's one of the most well-known and obtained certifications for leaders in the field.
No. of new certs since Oct. 1, 2018: 2,365
Why it's hot: In step with the rising use of cloud technologies, the CCSP has been increasing in popularity over the past few years, according to an (ISC)2 representative. Certification Magazine recently named the CCSP the "Next Big Thing" top certification professionals would be pursuing this year.
No. of new certs since Oct. 1, 2018: 246
Why it's hot: ISC(2) representatives note that HCISPP is another certification that is rapidly gaining in popularity. That's due to the increase in healthcare privacy regulation, as well as highly targeted and damaging ransomware attacks on the industry — nearly 500 such attacks so far this year.
Issuer: International Association of Privacy Professionals (IAPP)
Why it's hot: With the official May 2018 enforcement of General Data Protection Regulation (GDPR), the CIPP/E has become popular not just in Europe, but globally as well, according to IAPP spokesperson Doug Forman.
"CIPP/E is hot globally partly because so many countries do business with Europe and because the GDPR is a template for many newer data protection regulations being enacted around the world," he says.
Why it's hot: CIPM is now hot because it provides an overview of how privacy is managed in midsize to large companies, Forman says. CIPM provides a blueprint for those looking to build a privacy program, manage vendors and outsourcers, assess risk, and respond to data breaches.
Why it's hot: With a rising recognition that incident response is critical to security strategy, the CSX-P tests a candidate's ability to identify, detect, respond to, and recover from a cybersecurity incident. With breach rates rising annually, CSX-P is popular because it proves that candidates not only have the theoretical knowledge to understand cybersecurity, but actually have the hands-on skills to allow them to begin contributing to an enterprise's security resilience on day one, says ISACA spokesperson Emily Van Camp.
Why it's hot: The CISM is an experience-based certification for professionals seeking to affirm their expertise and ability to understand and articulate complex and challenging security management issues, Van Camp says. In an already hot job market for security pros, Van Camp notes ISACA figures show those with a CISM have demonstrated high earning potential and career advancement.
Why it's hot: That hot job market in security is likely also in play here, and entry-level security pros are looking to this cert to get started. The CCNA Cyber Ops certification is billed as a first step in acquiring the knowledge and skills needed to work with a SOC team, and it can be a valuable part of beginning a career in the growing field of cybersecurity operations.
Why it's hot: Also a beginner-level certification, Security+ is promoted as a certification that validates baseline skills needed to perform core security functions and pursue an IT security career.
Why it's hot: A next-step certification, Cybersecurity Analyst (CySA+) certification validates intermediate-level skills, including risk analysis, threat detection, system configuration, and data analysis and interpretation.
Why it's hot: With the network still the front line of the fight against invasion, this lab-intensive course aims to validate an understanding of areas like designing and implementing security policy, troubleshooting security software, performing risk assessment, and learning to detect and respond to threats.
Why it's hot: CEH is an older certification that has seen growth in recent years. Billed as a solid intermediate course for the experienced professional who is looking to go beyond demonstrating entry-level knowledge. CEH teaches the hacking skills necessary to successfully perform a penetration test, with knowledge about the techniques and tools used by cybercriminals.Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online. View Full Bio