Top Certs for Security Workers with U.S. Clearances

Working in and around certain parts of the U.S. defense and intelligence communities, even in a non-military role, often requires IT professionals to hold and maintain security clearances. There's a large community of individuals who hold such clearances. How large?

According to ClearanceJobs.com, a website focused on such workers, as of October 2020, 2.9 million individuals held active security clearances. Also, as of October 2020, another 1.3 million individuals were considered "eligible," meaning that they hold a clearance but aren't actually using it.

The same website reports on a survey of 45,000 clearance holding professionals in a June 9 story titled "Top 10 IT Certifications Held by Cleared Professionals." It's an interesting mash-up of familiar names and credentials, including everything from entry-level credentials to seriously high-grade, rarefied stuff across a wide range of technologies and specialties, including cybersecurity.

ClearanceJobs' Top 10 List

Unsurprisingly, CompTIA Security+ came in as the most commonly-held cert among the surveyed population. Equally unsurprisingly, the CISSP shows up as the highest-paying cert, with average  compensation for holders at $143,000 and up. Here's how things shook out:

1) CompTIA Security+

2) Six Sigma

3) Project Management Institute Project Management Professional (PMI PMP)

4) CompTIA Network+

5) Information Technology Infrastructure Library (ITIL)

6) Certified Information Systems Security Professional (CISSP)

7) Cisco Certified Network Associate (CCNA)

8) ScrumMaster

9) Amazon Web Services (AWS)

10) Microsoft Certified Solutions Expert (MSCE)

What Does This 'Top' List Really Tell Us?

Interestingly, items 2 (Six Sigma), 5 (ITIL), and 8 (ScrumMaster) are really full-blown certification programs, with multiple credentials arranged in typical cert-ladder fashion from entry-level on up. Thus, it's hard to tell which of the various certs in those programs really feature in clearance holders' cert portfolios.

That said, it's interesting that development management (which is what Six Sigma and ScrumMaster most directly address) and IT process management (ITIL) are apparently high on the list of "certs of interest" in this population.

To me that speaks well of "security by design" and DevSecOps within the clearance-holding community and the contracting firms and government branches and agencies it services. Overall, I take this as a positive. I see it as a proactive move to integrate security across the lifecycle on the development side, and to embed it within a formal IT process approach on the IT management side.

The Amazon Web Services (AWS) certification program is another collection of credentials that runs the gamut from associate to professional/engineer-level credentials. Given that AWS continues to be the market-leading cloud platform (despite Microsoft Azure recently having gained major inroads with the Department of Defense) I'm not surprised to see it show up here.

Again, though, it's hard to zero in on which of its many program elements might be most germane, based simply on survey reporting here. I have no trouble imagining that those AWS certs with a security bent are most likely to figure in here somewhere.

CCNA also comes in a variety of flavors, including security, which I think is most likely to figure into the population's workaday responsibilities. I'm also astonished to see that MCSE — which has been defunct since 2018 — still figures into the survey results meaningfully. Ditto for the absence of explicit Azure mentions in those results as well.

To me, this speaks more about time in service/time on the job for those who hold active security clearances right now than it does to "what makes sense to pursue, cert-wise" for such people in the future, whether in the near term or looking further out. MCSE is now purely backward-looking, and is not something to which would-be IT pros who hold security clearances should (or even can) aspire.

Bottom Line for Clearance Holding IT Pros

Anybody who holds a security clearance and works in IT already knows at least something about the cybersecurity landscape. While the ClearanceJobs survey provides interesting insights into the characteristics of that population, I think it's a little too inexact to be a good planning tool.

The appearance of the MCSE also shows that it documents what the population has done in the past, and does not directly address what they're working on planning for right now, certification-wise. As I've written about in other stories here at GoCertify

The DoD Approved 8570 Baseline Certifications are most likely to appeal to those looking for cybersecurity (and IT) work in the military, government, and intelligence communities, and surrounding contracting companies. 'Nuff said, but an interesting set of results nevertheless.