A 'Definitive' Top 10 List of Security Certs for 2021

If you've been reading my work here at GoCertify for any length of time, then you know I like to jump on and critique various elements from the continuous stream of "Top 10 Certification" stories on the Internet. My old friend and former editor David Strom interviewed me in connection with one such piece for a blog post he wrote for Avast recently.

I liked the resulting article so much that I requested permission to use its lead-in graphic (below) for this story, too, and even volunteered to write a security certification-oriented item in exchange for its use. The source of the original ranking is from blog posts at the U.K. website UK Cyber Security News and the post under my lens is titled "The Top Cybersecurity Certifications in 2021."

The material therein is derived from a survey conducted inside the LinkedIn Information Security Careers Network (ISCN) — which claims nearly 94,000 members — and is based in turn on that organization's results in the form of a story headlined "What are the best cybersecurity certifications in 2021?"

Wow! That's a LOT of Antecedents

The reason I'm telling you all of this background is because this information comes to me from an interesting collection of unusually reliable and trustworthy sources, with just a little evidence of "axes to grind" here and there. To wit: ISCN gets small amounts of credit for people who sign up for training on some of the "top 10" certs through its website and LinkedIn presence.

Even so, the LinkedIn security community is quite vocal about training and certification, and I am firmly convinced that their take on what's hot is both evidence-based and more-or-less entirely on the up-and-up.

Enough Jibber-Jabber: Here's the Top 10 List

FWIW, this list essentially reflects my own understanding and appreciation of the cybersecurity certification landscape. I agree with all the items that appear herein, though I might quibble about one or two of the relative rankings. Here it is, presented David Letterman style, counting from 10 down to 1:

10) SANS Penetration Testing (PenTest) Courses — The whole SANS GIAC program has a very high and long-standing reputation for hands-on, reality-based certifications taught by a team of world-class industry experts with impeccable credentials. Their offerings are cost-ish, but worth the money and the time they take to earn.

9) University Degree — Surprisingly, the LinkedIn Survey included a "university degree specific to cyber security" amidst its list elements, with the observation that "having a formal degree from a recognized university certainly looks good on a resume."

Sadly the survey goes onto recommend top computer science programs. I'm more inclined to point people toward the NSA's National Centers of Academic Excellence (CAE) as a more focused and productive source for cybersecurity programs worth considering.

8) Certified Cloud Security Professional (CCSP) — This is one of two credentials from the highly-regarded (ISC)² certification program to appear on this list, and focuses on grooming mid-career cybersecurity pros (at least one year of cloud security experience, at least three years of cybersecurity experience) to deal with information security, IT architecture, governance, web and cloud security engineering, and risk and compliance topics, among others. IMO, it's one of the best cloud security certs around.

7) CompTIA Security+ — A standard entry to such lists, this is probably the most common stepping-stone that gets aspiring and entry-level IT professionals onto the cybersecurity trail. It's a key element of CompTIA "Holy Trinity" of A+, Network+, and Security+.

6) Certified Chief Information Security Officer (C|CISO) — This credential, from the EC-Council is one of the few cybersecurity credentials that aims to train aspiring cybersecurity higher-level managers and executives. If you're looking to develop the skills and knowledge needed to oversee, formulate, and maintain an organization's security, compliance and governance policies, procedures and strategies, then look no further. For those who want to manage security functions within mid-sized to large organizations, this is a good cert to earn.

5) Cisco Certified Network Professional (CCNP) — This is a somewhat surprising entry on a security certification list. Without a reasonably deep and broad understanding of modern networks and networking functions, both physical and virtual, however, cybersecurity professionals are not fully equipped to do their jobs. FWIW, Cisco does have a pretty deep security curriculum with security certs to match, including a CCNP Security certification (to which this list might actually be referring).

4) Certified Ethical Hacker (C|EH) — Here we have another EC-Council credential, this one aimed at teaching cybersecurity pros how to think and act like hackers, as well as use the same tools and information the bad guys use for malefic purposes to help companies and organizations anticipate and fend off attacks. A full 25 percent of the survey respondents rated this cert as No. 1 under the heading "most in-demand by employers."

3) Certified Information Security Manager (CISM) — This is the other security management cert in this list. It comes from ISACA, a long-standing industry organization that focuses across a broad range of security, audit, and governance topics with an eye to putting technology to the best possible business uses.

The CISM teaches candidates how to manage and orchestrate security functions, processes, tools and technologies within an organization. It is an ideal stepping-stone for cybersecurity professionals who want to start climbing the management ladder within this area of expertise.

2) Offensive Security Penetration Testing with Kali Linux (OSCE-PWK) — Completely overhauled in 2020, this course prepares individuals for the Offensive Security Certified Professional (OSCP) exam. It's unusual for a "company-owned" credential (based on training from a specific organization, with a certification to match) to show up in a list like this, especially in the number two slot.

All of the others discussed, except SANS, come from industry associations and trade groups. That said, everything I see, read, and hear about this program is highly complimentary and positive. Pricing for courses and exams is not punitive (I've seen much worse in the cybersecurity word in general, and in computer forensics as well).

1) Certified Information Security Systems Professional (CISSP) — What else did you expect to see here? CISSP has been a nonpareil security cert for more than two decades now, and an evergreen career-enhancing credential to earn. It continues top-of-mind for cybersecurity pros because, as the ISCN report says, CISSP has high relevance to real-world problems and issues, strong earning potential, and steady demand from employers.

There you have it. A top-notch Top 10 cybersecurity cert list from which even I learned a thing or two. It's also one whose contents are data-based, drawn from a large group of active industry professionals. This might be the time to check one or two of these out for yourself, don't you think?