According to Cyber Risk Analytics‘ “2019 Midyear Quick View Data Breach Report,” the first half of 2019 saw more than 3,800 publicly disclosed breaches with more than 4.1 billion records exposed. This figure represents a 54% increase over reported breaches and a 52% increase in the number of compromised records compared with the same time frame in 2018. More than 60% of the reported breaches were the result of human error, highlighting an ever-increasing need for cybersecurity education, as well as highly skilled and trained cybersecurity professionals.
According to a Cyber Seek report, the number of cybersecurity job openings in the U.S. stands at almost 313,735, with nearly 716,000 cybersecurity professionals employed in today’s workforce. Projections continue to be robust further out: CSO expects that number to hit 500,000 by 2021, with more than 3 million cybersecurity jobs open worldwide that same year.
When evaluating prospective InfoSec candidates, employers frequently look to certification as an important measure of excellence and commitment to quality. We examined five InfoSec certifications we consider to be leaders in the field of information security today:
This year’s list includes entry-level credentials, such as Security+, as well as more advanced certifications, such as the CEH, CISSP, CISM and CISA. We also offer some additional certification options in the last section that cover choices outside our top five, because the field of information security is both wide and varied, with many other options. According to Cyber Seek, more employers are seeking CISA, CISM and CISSP certification holders than there are credential holders which makes these credentials a welcome addition to any certification portfolio.
Absent from our list of the top five is the SANS GIAC Security Essentials (GSEC). The GSEC is still a very worthy credential, but the job board numbers for the CISA were so solid that it merited a spot in the top five.
Security-related job roles cover a lot of ground, such as information security specialist, security analyst, network security administrator, system administrator (with security as a responsibility) and security engineer, as well as specialized roles like malware engineer, intrusion analyst and penetration tester.
Average salaries for information security specialists and security engineers – two of the most common job roles – vary depending on the source. For example, Simply Hired reports $30,263 for specialist positions, whereas Glassdoor’s national average is almost $68,000. For security engineers, Simply Hired reports almost $95,000, while Glassdoor’s average is more than $131,000, with salaries on the high end reported at $144,000.
If you’re serious about advancing your career in the IT field and are interested in specializing in security, certification is a great choice. It’s an effective way to validate your skills and show a current or prospective employer that you’re qualified and properly trained.
Before examining the details of the top five InfoSec certifications, check results from our informal job board survey. It reports the number of job posts nationwide in which our featured certs were mentioned on a given day. This should give you an idea of the relative popularity of each certification.
Job board search results (in alphabetical order, by cybersecurity certification)
Beyond the top 5: More cybersecurity certifications
In addition to these must-have credentials, there are many other certifications available to fit the career needs of any IT professional interested in information security.
While it didn’t make the top five this year, the SANS GIAC Security Essentials (GSEC) remains an excellent entry-level credential for IT professionals seeking to demonstrate that they understand information security terminology and concepts but also possess skills and technical expertise necessary to occupy “hands-on” security roles.
If you find incident response and investigation intriguing, check out the Logical Operations CyberSec First Responder (CFR) certification. This ANSI-accredited and U.S. DoDD-8570 compliant credential recognizes security professionals who can design secure IT environments, perform threat analysis, and respond appropriately and effectively to cyberattacks. Logical Operations offers other certifications, including the Master Mobile Application Developer (MMAD), Certified Virtualization Professional (CVP), Certified Cyber Secure Coder and CloudMASTER.
There are many other certifications to explore or keep your eye on. The associate-level Cisco CCNA Cyber Ops certification is aimed at those who work as analysts in security operations centers (SOCs) in large companies and organizations. Candidates who qualify through the Cisco’s global scholarship program may receive free training, mentoring and testing to help them achieve the CCNA Cyber Ops certification. The CompTIA Cybersecurity Analyst (CySA+), which launched in 2017, is a vendor-neutral certification designed for professionals with three to four years of security and behavioral analytics experience.
The Identity Management Institute (IMI) offers several credentials for identity and access management, data protection, identity protection, identity governance, and more. The IAPP, which focuses on privacy, has a small but growing number of certifications as well.
The SECO-Institute, in cooperation with the Security Academy Netherlands and EXIN, is behind the Cyber Security & Governance Certification Program, an up-and-coming European option that may be headed for the U.S. in the next year or two.
Finally, it may be worth your time to browse the Chartered Institute of Information Security accreditations, which are the U.K. equivalent of the U.S. DoDD 8570 certifications and the corresponding 8140 framework.