Five Top Cybersecurity Roles and the Certs to Get You There

Stealing money over the internet

The cost to businesses and governments of cybercrime will quadruple over the coming years, with damage to businesses set to hit $6 trillion by 2021. As the incidence of these attacks continues to explode, so too does the demand for skilled cybersecurity professionals.


With a predicted cybersecurity hiring shortfall of 1.5 million, however, organizations are now desperate to recruit and train qualified IT security employees.


Certifications are a great way of skilling-up yourself, or your team. Not only that, but a massive 86 percent of HR managers use IT certifications as screening or hiring criteria during recruitment.


So, whether you're aiming to get into these exciting roles, or simply work more securely within them, these are the certs you should focus on achieving in 2017.


1) Penetration Tester/Ethical Hacker

Average salary: $50,000 to $130,000 (PayScale)


Penetration testers — also called ethical hackers — probe and exploit security vulnerabilities in web-based apps, networks and systems. Unlike their dark-web lurking counterparts, however, these "white hat" hackers work to benefit businesses by reporting flaws identified through simulated attacks on their systems. Organizations are then able to hastily fix any vulnerabilities discovered.


EC-Council's Certified Ethical Hacker (CEH) is perhaps the most popular certification for penetration testers. Achieving the CEH provides you with in-depth knowledge of cyber security threats and a valuable introduction to ethical hacking.


CEH-certified professionals should then consider following EC-Council's pathway by achieving the Certified Security Analyst (ECSA). This certification builds on knowledge gained from CEH training and certification and solidifies your knowledge of penetration testing. Seasoned professionals are then advised to cap off their expert penetration testing knowledge with the EC-Council Licensed Penetration Tester (Master) exam.


The CEH will also prepare you to undertake EC-Council's Computer Hacking Investigator Certification, teaching you how to investigate cyber crime within a legal framework.


2) Security Architect (Cloud Specialist)

Average salary: $50,000 to $130,000 (PayScale)


Gartner predicts that, by 2018, 25 percent of corporate data traffic will flow directly from mobile devices to the cloud, bypassing enterprise security controls. Organisations now realise the dire need for better cloud security, driving a market that is expected to reach a massive $7.5 billion by 2019.


In response to the widespread adoption of cloud computing, a plethora of cloud security certifications have been introduced into the marketplace. The most intriguing credential on the market is (ISC)2's Certified Cloud Security Professional (CCSP).


This certification is backed by two leading global nonprofits focused on cloud information security: Cloud Security Alliance, and (ISC)2 themselves. Achieve the CCSP and you'll prove your in-depth knowledge of cybersecurity, information and software management, and cloud computing. The CCSP will build your knowledge of cloud app, platform, data and infrastructure security. There's also a heavy focus on compliance and legality, including audit processes and privacy issues.


This certification is particularly relevant for professionals in security architect roles who want to gain a deeper knowledge of cloud security. If your day-to-day role involves managing and securing cloud environments, or purchased cloud services, then CCSP is ideal for you. The CCSP is designed for experienced information security professionals with at least five years of professional experience, including at least one year in a cloud-specific role.


3) Chief Information Security Officer (CISO)

Average salary: $101,000 to $210,000 (PayScale)


Working on security in the server room

High-profile hacks and security breaches have revealed the destructive effect of cybercrime to organisations globally. As a result, CISOs have evolved from a relatively narrow security focus to become executive C-suite contributors who actively participate in strategic planning and risk assessment. With a technical mind and business awareness, CISOs are now businesses enablers at the bleeding edge of security.


"The role of CISO continues to evolve in that the expectation now is that the CISO not only be security savvy but also technically adept and business aware," says security expert Becky Pinkard of Digital Shadows.


The CISO role is typically the most senior information security position at a given organization, and relevant certifications are equally high-level. It's an incredibly hard job and CISOs will face the blame for any and all cyber security incidents.


Prepare yourself for the demanding CISO role with (ISC)2's CISSP (Certified Information Systems Security Professional) credential. This certification one of the most widely recognised in information security, and it's especially advantageous to anyone pursuing the role of CISO.


The CISSP is a vendor-neutral certification and ideal for expert cybersecurity professionals with a proven record of technical and managerial skills. As ((ISC)2 states, "Not only is the CISSP an objective measure of excellence, but also a globally recognised standard of achievement." This is the gold standard certification for IT Security professionals.


4) Security Manager

Average salary: $38,000 to $112,000 (PayScale)


Security managers design, build and manage the implementation of network and computer security for an organization. This is a senior-level role, so you'll be responsible for creating complex security systems. There's also a senior-level salary to match, with yearly pay of up to $112,000.


Employers will be looking for advanced security certifications from accredited bodies. One credential that attracts consistent interest across the industry is the Certified Information Security Manager (CISM). Offered by ISACA, an independent nonprofit association, the CISM proves a security professional's ability to develop and manage an enterprise information security program.


The CISM also boosts your understanding of the relationship between IT security programs and broader business goals and objectives. The CISM exam is only offered during the months of June, September and December, so take this into account if studying.


5) Network Administrator

Average salary: $40,000 to $77,000 (PayScale)


Network administrators are responsible for maintaining, repairing and upgrading an organisation's computer network. Though this is not typically considered a cybersecurity role, given the rise in cybercrime, network administrators (and network engineers) must also possess security knowledge.


Security is now the responsibility of everyone in the organization. As such, businesses must have security-savvy pros who are focused on protecting, detecting and responding to threats on company networks. "While there will be more 1.5 million cybersecurity jobs unfilled by 2019, millions of IT and network administrators remain untrained on network defense techniques," says Michael Brown, CEO of Symantec.


EC-Council's Certified Network Defender (CND) credential was launched in 2016 and is positioned parallel to the Certified Ethical Hacker certification. Get CND-certified and you'll develop a detailed understanding of how to design a secure network in your organisation. You'll also study the fundamentals of network defense, including how to detect and respond to network attacks.


As a result of the Certified Ethical Hacker's success, EC-Council's reputation as a certification vendor is already secure. If you're considering expanding your network security knowledge, or upskilling your team, then this certification is definitely one to consider.


You can learn more out more about the CND by watching this offbeat video from EC-Council.


Would you like more insight into the history of hacking? Check out Calvin's other articles about historical hackery:
About the Author
Alex Bennett of Firebrand Training

Alex Bennett is a technical writer for Firebrand Training. Working at the forefront of the IT training industry, Alex uses his insider knowledge to write regularly on IT security, networking and cloud technology.