A Rock Solid Cybersecurity Certifications 'Best' List

Over the years, I've gnawed repeatedly on a bone I like to pick with various publications: their opaque methods for assembling various "Best of," "Hottest," "Top 10," etc., lists of certification picks.

For a good current example of such a story that raised my hackles see this TechGenix item: The 10 Most Coveted IT Certifications — Revealed! That said, however, quibbling and questioning this or that writer's motives, methods, and data sources is not my goal today.

Instead, I want to share my pleasant surprise and complete agreement with a top 10 list from CRN magazine (which used to be Computer Reseller News, back before acronym-only self-identification became all the rage). It's a slideshow-style article with one of those suspiciously juicy headlines: The 10 Most Valuable Cybersecurity Certifications to Get in 2019.

The source for its data is a good one: the Global Knowledge 2018 IT Skills and Salary Survey. I have contributed feed and copy to several prior iterations of GK's IT Skills and Salary Report and can attest to its bona fides. My only real beef with the GK survey is that it's built around the Global Knowledge customer base, and doesn't necessarily reflect the IT industry in its entirety. It's a limitation I can live with.

Getting back to the CRN list, here are their picks, in order of appearance, with my comments in parentheses:

1) CompTIA Security+ (The cornerstone security offering from CompTIA, Security+ remains one of the leading, if not the first-place entry-level/foundational cybersecurity credential.)

2) CCNA Security (This ia a good networking security base-level, though not foundational, credential for those who work with Cisco networking platforms and systems.)

3) CISA (Administered by ISACA, this is one of the few auditing-related IT certifications. It has a strong security component, but is not wholly security-focused.)

4) CCNP Security (This is a good networking security mid-range cert for those who work with Cisco networking platforms and systems.)

5) Certified Ethical Hacker (CEH, from EC-Council, is a leading proactive/anti-hacking credential. It does cost a pretty penny.)

6) CISM (Administered by ISACA, this is one of the few cybersecurity certs that focused on managing a cybersecurity organization or operation.)

7) Computer Hacking Forensic Investigator (CHFI is another EC-Council credential. This one focuses on the practices of forensic investigation and evidence gathering as they relate specifically to cybercrime.)

8) CRISC (Administered by ISACA, this credential concentrates on assigning and managing risk to guide and choose system controls for security and loss prevention/mitigation.)

9) CISSP (The brightest light in the certification constellation of cybersecurity professional association (ISC)² has been an evergreen presence in "best of" lists since the early 2000s. Many still regard this as the nonpareil cybersecurity cert.)

10) Certified Information Privacy Professional (Administered by privacy professionals association IAPP, CIPP concentrates on governance and compliance issues related to information privacy.)

These items are ranked in reverse order of average salary, as measured by the Global Knowledge survey — No. 1 Security+ has the lowest average annual salary among survey respondents, in other words. Thus, my only real quibble is that certain rare but extremely valuable cybersecurity certs don't appear in this list.

For example, consider that Cisco has a CCIE Security as well as the two items that appear in the foregoing list. Wanna bet that it pays more than either of those?

Even more valuable is the equally rare SANS GIAC Security Expert (GSE) certification which includes 5 specific prerequisite certification categories, from which candidates must earn one or more certifications, along with special "merit badges" ("golds," in GIAC parlance) in several categories.

By all reckoning, it takes at least three years to earn a GSEC (most candidates take longer than that) and costs at least $25,000 (most candidates spend more than that). Wanna bet it, too, pays better than the top-level certs in the GK survey? I do!

With all that said, this is a useful and informative list. Check out the original, and ponder it at your leisure, especially if you're interested in a cybersecurity career — or already pursuing one.