The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

IT Security Certifications: Which Ones Matter?

Chew on this as your daily digestible for National Cyber Security Awareness Month (NCSAM): Is the cybersecurity certification you're after one that will truly benefit your career?

Finger of destiny selecting securityIn a fascinating story for NetworkWorld, Senior Principal Analyst for the Enterprise Strategy Group Jon Oltsik distills the results of a recent annual research report titled The State of Cyber Security Professional Careers.


Oltsik is also credited as the author of that report, and works for one of its two sponsors. The other sponsor is the ISSA (aka the Information Systems Security Association, a professional association for cybersecurity professionals to which I myself belong).


The two groups surveyed 437 ISSA member information security professionals in mid-2016. The data gathered led Olstik and other to draw some interesting conclusions about that population that can be projected onto the wider body of cybersecurity professionals worldwide.


I’ll summarize some high points here, but the report is worth grabbing and reading from stem to stern, especially if you work (or are thinking about working) in the infosec region within the wider IT realm.


The bar chart seen below indicates the leading responses to the question: “Which cybersecurity certifications do you hold?” The responses indicate that, at least among ISSA membership (11,000 strong or thereabouts, according to Leslie Kesselring, the ISSA’s PR representative), there is only a very small number of credentials that really register on their overall radar.


Four certs to be precise, ranked as follows by the percentage of survey respondents who hold them: CISSP (56 percent), Security+ (19 percent), CISM (17 percent), and CISA (16 percent).


Ed T Figure 1 10 14 2016

Source: The Truth About Cybersecurity Certifications, NetworkWorld, Jon Oltsik, Oct. 12, 2016.


As somebody who’s tracked the infosec certification landscape closely for more than a decade (with a set of certification surveys for dating back to 2003 to prove it), I was surprised to see such a small number. I was also surprised to see that the SANS GIAC (Global Information Assurance Certification) program failed to register with this audience at a level comparable to the other items already mentioned.


I’m reaching out to Mr. Oltsik of the ESG to see if he can open up his data for me to peer into a bit more closely — I'd like to see what else showed up in the replies of survey respondents. If I learn anything interesting, I’ll follow up on it here.


At this point, I only know that none of the hundreds of other infosec certs available in the marketplace registered close to the 16 percent cited for the ISACA’s Certified Information Systems Auditor (CISA) credential.