Pump up your skills: Top cybersecurity certifications to bulk up your career

pump-up-cybersecurity-career-certifcationsA host of new cyber threats (software supply chain security, for one) and burgeoning technologies (AI, anyone?) have increased the risks from cyber attacks faced by organizations — and fired up the creation of professional certifications to foster the skills needed to meet those challenges. But which skills are in the most demand?

The right certifications can be a boon to security professionals looking to fatten their paychecks — or move on to greener pastures. A CSO Online report based on numbers gathered by Foote Partners homed in on the 12 hottest IT security certifications corral average pay premiums (APP) ranging from 10% to 15% and average market premiums (AMP) from 10% to 43%.

A sampling of the top demand areas for certifications highlights some clear trends: Certified Cloud Security Professional (ISC2-CCSP), Certified Data Privacy Solutions Engineer, Global Information Assurance Certification (GIAC), and GIAC Certified Incident Handler.

Choosing the right certifications is key if you want to bulk up your cybersecurity skills to break into or advance your career. Here's what top experts say are are the best certifications to go after today.

Highest risk equals higher reward

Tim Freestone, chief strategy officer for the secure content communications firm Kiteworks, said, "People are focusing on anything to do with the cloud. Certifications around AI and compliance certifications are also big. Data privacy is something that is driving a lot of interest, too."

Deidre Diamond, founder and CEO of CyberSN, a cybersecurity recruiting and career resources firm, said cloud security architecture and identity access management (IAM) are hot areas.

"As more companies adopt and accelerate zero trust principles to architectures, identity access and sound foundational architectures are critical components to zero trust principles and ongoing sustainable cyber resilience."
—Deidre Diamond

However, traditional certifications still dominate the cybersecurity job landscape for both professionals and employers, Diamond said. "We are seeing more companies seeking certifications in specific cloud platforms, specifically the Google Cloud Platform Architect and AWS Certified Security certifications."

A framework for cyber job seekers

One of the largest growth areas in IT security now is the use and implementation of the NIST Cybersecurity Framework (NICE) and the concept of cyber resilience. Jason Dion, chief product officer for the cybersecurity certifications company Akylade, said the shift from traditional perimeter security to cyber resilience was driving demand.

"With information assurance and cybersecurity, we are focused on protecting everything from every kind of threat,” explained, but with cyber resilience, we are implementing techniques to prioritize our risks and our limited resources by focusing on how we can continue to operate our business when an eventual cyber attack occurs.”
—Jason Dion

Derek Fisher, executive director of product security at JPMorgan Chase & Co, wrote in a recent post on LinkedIn that the NICE framework was key to defining modern roles focused on cyber resilience.

“The benefit of the NICE framework is that it provides a set of work roles that can be used to guide new entrants to security, or those looking to make a change in the field.”
—Derek Fisher

The NICE framework is composed of a cascading set of categories, roles, and tasks that define how work is accomplished in cybersecurity by a practitioner. “This can be extremely useful for those who are looking to fill roles on their teams and build out meaningful job descriptions,” Fisher noted. “We have a problem in our space where job descriptions rarely match the expectations of the actual role. NICE can help.”

Putting certifications to work: A hurdle for many

Despite the rewards some certifications can bestow on a cybersecurity professional, many balk at obtaining them, said Alyson Laderman, CEO of Akylade. “One key reason IT security professionals may procrastinate on upgrading their certification portfolio is the perception that certain certifications may not directly impact their daily responsibilities,” she said.

“Once they have secured a position, many professionals may feel that the practical skills they use every day aren’t always reflected in the continuing education requirements of their certifications. If maintaining or upgrading these certifications isn't mandated by their organization, the motivation to invest time and resources into additional certifications diminishes.”
—Alyson Laderman

Some professionals may question the relevance of certifications that focus more on theory or broad concepts rather than specialized, job-specific skills, Laderman said. And most security pros are already maxed out.

“In a fast-paced industry like cybersecurity, professionals are often more focused on hands-on problem-solving and real-time threat mitigation than on re-certifying or pursuing new credentials that they don't feel provide immediate value, especially when in relation to the time and financial costs.”
—Alyson Laderman

Certifications serve as a benchmark

Certifications can serve as a critical benchmark for keeping knowledge current and demonstrating a commitment to lifelong learning. They also give professionals the ability to remain competitive in an evolving job market, as organizations increasingly look for candidates who can prove they have an up-to-date, broad understanding of cybersecurity principles, Laderman said.

“While upgrading one’s certification portfolio may not always feel urgent, the long-term career benefits can outweigh the immediate inconvenience — as long as certifications are focused on practical, hands-on type skills."
—Alyson Laderman

Time can be another barrier to adding to a security pro’s certification portfolio, said CyberSN's Diamond. She said many employers support continuous learning through training budgets and overlook the time to prepare, complete, and remain current.

"Having the dedicated uninterrupted time for certification completion is one of the most mentioned areas of improvement we hear from cyber professionals.”
—Deidre Diamond

Kiteworks' Freestone said it all boiled down to the fact that there are more threats and fewer security people to address them.

“So the stress is incredibly high and there isn't time to keep up with the demands of the business and run after all of these certifications.”
—Tim Freestone

Cost and ROI remain key

Cost can also be a deterrent to seeking a certification. Akylade's Dion said most certifications providers seem to be raising their prices higher without changing the quality or content over the years. “Many certification companies operate on a for-profit basis, and even those that are not-for-profit are operating much like a for-profit business. This has caused prices to continually rise higher and higher to increase their profitability without the underlying cost of delivering these certifications rising at the same rate,” Dion said.

“Having trained over two million students to pass their IT and cybersecurity certifications as a corporate trainer, I can tell you that when the student has to pay for the certifications and they reach into the $500, $1000, or higher levels, the number of candidates willing to take a certification decreases due to the cost. Additionally, there are so many certifications on the market that many candidates simply procrastinate because they are afraid they will select the wrong certification when selecting one, so they opt to select none and procrastinate instead."
—Jason Dion

There's sort of a giant alphabet soup out there right now, which is watering down the importance of all of these certifications, Freestone said. On LinkedIn, for example, profiles of security engineers or security architects typically  have between five and 10 certifications lister after their name.

Freestone recommends that cybersecurity pros choose wisely and weigh the time committed to obtaining a certification with the career value of it.

"Stay on top of not only the trends of today, but what's happening in the next five to 10 years. Choose certifications that will relate to that five to 10 year paradigm. You want to get ahead of the curve. You don't want to be reacting to the curve, so pay attention to what analyst firms like Gartner and Forrester are predicting."
—Tim Freestone

Article Link: Pump up your skills: Top cybersecurity certifications to bulk up your career