Combing Through Yet Another 'Top Cybersecurity Certs' Article
Over the past decade and more, I've chewed through countless top certification recitals from sources across the computing industry. I tend to regard such lists with a combination of trepidation and intense curiosity. Above all, I'm always fishing for something new, something interesting, something out of the ordinary.
On all those fronts, Michael Novinson's September 23 article from Computer Reseller News (CRN) does not disappoint, though the title did leave me a little mystified: The 11 Hottest Cybersecurity Certifications in 2020. Try as I might, I could only count 10 items in his story, of which one is not even a certification, per se.
The SANS Cyber Workforce Academy, currently available in Maryland and California, is a workforce preparation program. It's built around elements of the SANS Institute's Global Information Assurance Certification program, aka GIAC, but is not itself a standalone certification.
What's on the Top Certs List?
Here's what I found amidst the slides of Mr. Novison's oeuvre, much of which will come as no surprise whatsoever. Before we get to that, however, a little background. In working through his list, Novison cites Zane Schweer, director of global communications at Global Knowledge (in the process of being acquired by SkillSoft).
Schweer speaks specifically to the value of "beefing up on cutting-edge technology" by learning "things directly from the manufacturer," particularly in the areas of "public cloud security, administering and engineering firewalls, and identity and access management." I concur, but did find some surprises in the particular vendors who came in for specific mention (more on that later in the "Some Surprises" section that follows).
Here's the list:
1. Certified Information Systems Security Practitioner (CISSP) from (ISC)2
2. AWS Certified Security - Specialty from AWS
3. Certified Cloud Security Professional (CCSP) from (ISC)2
4. Certified Information Security Manager (CISM) from ISACA
5. Forescout eyeSegment Specialist (FSeSS) from Forescout
7. Systems Security Certified Practitioner (SSCP) from (ISC)2
8. Certified Ethical Hacker (CEH) from EC-Council
9. SANS Cyber Workforce Academy (A fast track workforce upskilling program built around SANS GIAC certifications)
Item 6 actually combines two certs, so I count a total of 10 items here, including the whole SANS program (60-plus credentials at last count) as item number 10. Again, I'm not sure how Mr. Novison came up with the 11 in his title, but then I may have missed something. It's probably not all that important anyhow.
Some Surprises Spur Additional Questions
The only real surprises to be found on this list are in items 5 and 6. I agree with Mr. Novison's general observation, courtesy of Global Knowledge, that vendor specific skills are of particular interest for specific cloud platforms, and for special purpose systems and devices like those used in firewalls, identity and access management.
I didn't get a clear sense of how he landed on Forescout Eyesegment or Palo Alto Networks for the latter areas (firewalls, identity and access management) though I do agree these are worthwhile technical areas for IT professionals to develop skills and knowledge in.
I would simply observe that many major security and networking vendors, including Cisco, Juniper, SonicWall, Fortinet, and Check Point, also offer interesting, relevant and perhaps equally valuable training and certification on their platforms and hardware.
I would also observe that the various Google Cloud Platform and Microsoft Azure certs are on par with those from AWS, among numerous others, for cloud-oriented skillsets and knowledge bases, including security stuff.
In general, I think vendor-specific certs are a fine way for IT professionals to acquire and develop valuable skill sets and knowledge. They will often settle on specifics, though, that are either dictated by where they work now (what vendors the employer has chosen to buy from) or where they'd like to work in the future (ditto for some nascent employer-employee relationships).
Otherwise, I'm not inclined to quibble too much with the selections put forward in the CRN list. As usual, I would have liked to know more about the criteria used to make these selections, the kind of population surveyed or analyzed to provide the underlying data, and so forth and so on.
What really surprised me was the term OT (operational technology) as an alternative to IT (information technology). This came up on page 6 of the CRN story, where the Forescout eyeSegment Specialist is introduced under the heading of "OT Security Certifications." I learned something new and potentially valuable from this terminology, and the concepts behind it.