Six Hot Cybersecurity Certifications for 2022

The pandemic has caused a marked increase in remote working and online activity. Bad actors have been quick to seize the opportunity, resulting in a surge in cyber exploits. In 2021, the online community weathered an unprecedented increase in ransomware attacks. This is projected to accelerate in 2022.

Information security risk management is more important than ever for organizations today. With the widening cybersecurity skills gap, enterprises are faced with the challenge of finding information security professionals capable of protecting their critical systems and classified data.

Career prospects for highly skilled IS technicians, specialists, and managers are good and expected to get better. The U.S. Bureau of Labor Statistics expects employment opportunities for information security analysts to grow by 33 percent from 2020 to 2030, which is higher than the average for all occupations.

For professionals working in information security, this is an opportune time to develop the skills and knowledge required to move on to managerial or higher specialist roles. The situation is also encouraging for IT professionals looking to begin careers in cybersecurity.

Certification can help

Cybersecurity certifications demonstrate mastery of skills and best practices required for different roles in cybersecurity. They serve two distinct functions:

Entry-level credentials, such as CompTIA Security+ and GSEC, equip IT workers with the ability to use tools and technologies to perform basic security tasks. Intermediate- and advanced-level certifications enable experienced security professionals to demonstrate specialist expertise or enterprise risk management skills.

According to Cybersecurity Guide, 59 percent of positions in cybersecurity need at least one cybersecurity certification. Global Knowledge lists five cybersecurity certifications in their list of 15 Top-Paying Certifications for 2021.

There are numerous cybersecurity credentials available. It's important to choose the right certification. Factors to consider include aptitude, IT experience, career goals, and demand for specific skills or roles. Let's take a look at six that are particularly impactful:

CompTIA Security+

CompTIA Security+ is a vendor-neutral foundational security certification that covers core technical skills in cybersecurity. This is the first security credential that many IT professionals earn when embarking on a career in information security. It serves as a solid foundation for advancing to intermediate security roles.

CompTIA Security+ is widely recognized and respected by employers in many countries. It validates hands-on skills in assessing and managing risk, enterprise network security, incident response, securing hybrid/cloud operations, forensics, and implementing appropriate security controls.

CompTIA Security+ is approved by the US DoD for 8140/8570.01-M requirements and is ISO 17024 compliant. Many defense department job roles and some organizations require the CompTIA Security+ certification.

To earn the CompTIA Security credential, you need to pass one 90-minute, 90-question exam (SY0-601) with a passing score of 750 on a scale of 100-900. The exam covers hardware attacks, threats, and vulnerabilities, security architecture and design, network, hardware, and software troubleshooting, operations security, and incident response.

CompTIA recommends the Network+ certification and at least 2 years of experience in IT infrastructure administration with an emphasis on security. Exam prep and other certification details are available online.

Certified Information Security Manager (CISM)

For experienced professionals seeking a credential that demonstrates the ability to manage information security risk for an enterprise, develop efficient IS policies, and enable an organization to align their IS program with business needs and goals, CISM is worth considering.

ISACA's Certified Information Security Manager (CISM) certification is designed for experienced information security professionals that are looking to move on to IS management roles. CISM validates knowledge and skills in information systems, operations and data governance, enterprise infosec program development and management, risk management, and management of information security incidents.

CISM is one of the security certifications listed in Global Knowledge's list of 15 Top-Paying Certifications for 2021.

To earn the CISM credential, you need to pass the CISM exam, commit to the Code of Professional Ethics, adhere to the Continuing Professional Education (CPE) Policy, and have at least 5 years of professional experience in information security management as specified in the CISM job practice areas.

This experience must be acquired within the specified period. Candidates can obtain waivers and substitutions of a maximum of 2 years of the experience component if they fulfil specified conditions. The current exam is available until May 31, 2022. ISACA will roll out the new exam on June 1, 2022. Additional information is available online.

GIAC Security Essentials (GSEC)

The GIAC Security Essentials (GSEC) certification is an entry-level security credential suitable for IT professionals with some experience in IT systems or networking and looking to begin careers in information security. GSEC is managed by the Global Information Assurance Certification, an organization founded with the aim of validating the knowledge and skills of information security professionals.

GSEC demonstrates hands-on skills in systems security functions and knowledge of information security fundamentals over and above basic terminology and concepts.  The GSEC exam covers access control and password management, active defense and defense in depth, cryptography, network security, vulnerability scanning, penetration testing, incident response, Linux security, security policy, Windows security, security of web communication, virtualization and cloud operations, and endpoint security.

To earn the GSEC certification, you need to pass one performance-based exam with a passing score of 73 percent. The specified time limit is 4-5 hours. Additional information is available online.

Certified Information Systems Security Professional (CISSP)

The CISSP certification offered by (ISC)² is one of the most sought-after security credentials. It features in Global Knowledge's list of 15 Top-Paying Certifications for 2021. The CISSP fulfils the requirements of the U.S. Department of Defense (DoD) Directive 8570.1

CISSP is not for beginners. It is designed for experienced security professionals, including managers and executives. CISSP demonstrates advanced knowledge and skills in effective cybersecurity program design, implementation, and management.

The CISSP exam covers security and risk management, asset security, security architecture and engineering, communication and network security, identity and access management (IAM), security assessment and testing, security operations, and software development security.

To achieve the CISSP certification, you need to pass the CISSP exam, have a minimum of five years of cumulative, paid professional experience in at least two of the eight domains of the (ISC)² CISSP Common Body of Knowledge (CBK), complete the endorsement process, commit to the (ISC)² Code of Ethics, and pay the annual maintenance fees.

Additional information is available online.

Certified in Risk and Information Systems Control (CRISC)

The Certified in Risk and Information Systems Control (CRISC) credential from ISACA is suitable for experienced professionals working in IT risk management or looking for a role in IS audit or risk. The CRISC exam has been updated to include current knowledge and work practices in managing enterprise IT risk.

CRISC validates the ability to develop a precise, agile program for IT risk management, employing best practices in the identification, analysis, appraisal, prioritization, and response to information security risks. The exam covers governance, risk assessment, risk response and reporting, and IT and security.

CRISC is one of the security certifications on Global Knowledge's list of 15 Top-Paying Certifications for 2021, and recently placed No. 1 on the Salary Survey 75 list compiled by Certification Magazine.

To earn the CRISC certification, you need to pass the CRISC exam, have relevant full-time professional experience as specified in the CRISC exam content outline, and submit the CRISC certification application and the processing fee.

To maintain the certification, you need to earn at least 20 CPE hours per annum, and a minimum of 120 CPE hours over a three-year period, pay the annual maintenance fee, and adhere to ISACA's Code of Professional Ethics.

Additional information is available online.

Certified Ethical Hacker (CEH) v11

EC-Council offers a number of specialist certifications of which the Certified Ethical Hacker (CEH) v11 credential is the most recognized. CEH v11 validates hands-on knowledge of the latest proprietary hacking tools, methodologies, and techniques in use.

CEH v11 covers emerging attack vectors, modern exploit technologies, practical hacking questions, modern real-world incidents and current cyberattack detection, protection, and analyses trends, malware analysis, and social engineering practices.

Also, CEH might suit security professionals looking for federal jobs in this area. It covers Protect and Defend (PR) and Analyze (AN) and Securely Provision (SP), which are specialties under the NICE 2.0 framework.

EC-Council requires candidates for the CEH to complete the CEH training course offered by EC-Council. Individuals who don't wish to take the course must have two years of professional experience in information security and an academic background in the same, pay a non-refundable eligibility fee, and submit an eligibility form. All candidates for the certification need to pass the four-hour, 125-question, multiple-choice exam.

Additional information is available online.