Entry-Level Certified in Cybersecurity (CC) Credential Is Catching on Fast
I just got off the phone with Dr. Mike Chapple, an information security expert and my longtime colleague and co-author. He and I worked together on five editions of the smash hit CISSP Study Guide (now in its ninth edition) before I wandered off in another direction.
Mike is CISSP-certified and has been following the respected certification program managed by cybersecurity professional association (ISC)² since the early 2000s. He is heavily involved in the whole spectrum of cybersecurity certifications and training and a trusted provider of high-quality certification training.
During our conversation Mike informed me that his LinkedIn Certified in Cybersecurity (CC) online class is attracting surprisingly big sign-ups, and that he's a got a new book coming out soon which covers that same credential. I’ll provide an overview of the CC credential a bit later; first, let’s start with a discussion of entry-level cybersecurity certs.
Entry-Level Cybersecurity Certs are BIG Business
Estimates for the number of open cybersecurity jobs in the United States and globally are, respectively, 750,000 and 3.5 million in 2023, according to Cybercrime Magazine. That's a LOT of employment opportunity.
The only certain common denominator in addressing all of those open positions — which extend across the entire field of cybersecurity, at all levels of employment from entry-level to high-level, tightly-focused career niches such as forensics, security policy and governance, identity and authentication, and so forth — is that everybody has to start somewhere.
That means some kind of entry-level training and/or certification. With literally millions of individuals both expected and urgently needed to pass through this intake step and find work in the field, it’s no surprise that there are a whole lot of entry-level cybersecurity certifications out there.
Thus, for example, job posting site Indeed.com has a story titled "12 Important Cybersecurity Certifications for Beginners." And that’s not nearly all of the first-step credentials out there; there are at least another dozen more such offerings. If you want to throw in entry-level cybersecurity certificate programs at community colleges and universities, then you can probably find more than 100 unique offerings, all designed to get people started on the road to employment as a cybersecurity professional.
Here’s the list from Indeed. As you'll see, it's kind of "all over the place" in terms of its constituents and their coverage:
1) Certified Ethical Hacker (CEH)
2) Cisco Certified Network Associate (CCNA)
3) CompTIA A+
4) CompTIA Network+
5) CompTIA Security+
6) CompTIA PenTest+
7) SANS GIAC Information Security Fundamentals (GISF)
8) SANS GIAC Security Essentials (GSEC)
9) Associate of (ISC)²
10) (ISC)² SSCP
11) ISACA CSX Cybersecurity Fundamentals Certificate
12) Microsoft Technology Associate (MTA): Security Fundamentals
I’d argue that this is really a "Top 8" list because the first two, from where I sit, are not really cybersecurity certs. They do include significant security coverage, but they’re not security-focused, per se, as are the other items on that list.
Not only that, but the entire Microsoft Technology Associate certification tier was formally retired last year, and Associate of (ISC)² is not a standalone credential: It's a partnership designation that lets cybersecurity professionals who don't meet the work requirements for (ISC)² certs to take and pass (ISC)² exams and then build up their experience from there.
All that said, do you notice what’s missing? Yes, it’s the very topic of this screed, the newly inaugurated (as of last year) (ISC)² Certified in Cybersecurity (CC). Go figure! Indeed’s data is based on job postings, so it’s more backward- than forward-looking. I trust Dr. Chapple's market intelligence because he’s attuned to where the market is going, rather than where it’s been.
(ISC)² Certified in Cybersecurity (CC)
You see the logo for this newly minted credential at right: It's pretty understated and simple. Here is what's interesting about this cert. Notice what it says on the first screen of its home page (bold emphasis mine):
"As part of our commitment to help close the workforce gap, our new global initiative, One Million Certified in Cybersecurity, is offering free Certified in Cybersecurity (CC) Online Self-Paced Training and exams to the first million people entering the field for the first time."
The last time I checked, none of the items mentioned in the preceding quasi-Top-10 list were free, neither for training nor exams. Most professional certification programs do offer occasional freebies, but the CC goals are breathtaking and ambitious. (ISC)² obviously understands that there’s a huge and pressing need for cybersecurity talent, and they’re foregoing enormous potential revenue to get a foot in the door with that population.
(Don't skip over the qualifier in the paragraph cited above: CC training and exams are only free to the first million individuals who are entering the cybersecurity profession for the first time.)
Pretty amazing! I understand why Dr. Chapple’s LinkedIn course is so popular. I also understand why the uptake is pretty breathtaking, too. What a refreshing discovery. Do please recommend this those you know who might be considering a walk over to the rich, green fields of cybersecurity employment.
An Overview of CC
CC certification is tailored to IT professionals who are seeking to transition from another field into cybersecurity, as well as college students and recent graduates who are seeking entry into the workforce. There are tons of resources available on the home page (scroll down until you hit "Helpful CC Resources"). Many are free, some are fee-based.
Here’s a pie chart of how exam the coverage shakes out (from the download link on the home page to the "Ultimate Guide;" registration is required):
The "usual suspects" are nicely covered in this entry-level collection of domains and topics. There’s nothing controversial or questionable about this credential’s content and coverage. What makes it worth considering is that it will be free for its target audience for at least a year or more.
The key question is, "How long will it take to run a million candidates through the materials and the exam?" An (ISC)² press release dated April 12 notes that 15,000 individuals have already completed their CC training and become certified. Sounds like there's still plenty of opportunity for cybersecurity newcomers to get cost-free training and certification.
If you have to pay, the exam costs $50 and training packages run from $199 to $649. As entry-level cybersecurity stuff goes, this is still a bargain. Nifty!