Six Big Cybersecurity Certification Changes for 2018

Secure data center

On the heels of one of the most significant years in cybersecurity history, organizations around the world are making plans to develop the cybersecurity skills of their technical teams in 2018. IT leaders recognize that the threat landscape continues to shift and that they require skilled cybersecurity professionals to protect their information and systems against sophisticated attackers.


Whether you're already a cybersecurity professional, or you're seeking to switch into an exciting, growing career field, there's plenty of opportunity to go around. The field needs plenty of newcomers to fill the cybersecurity skills gap and opportunities abound for existing security professionals to ramp up their skills and earn internal promotions and opportunities at new firms.


Just as the changing threat environment is creating new staffing needs, it's also leading the technical certification industry to increase their focus on cybersecurity certification programs. The next 12 months will be full of changes in professional certification programs and IT pros should pay careful attention. Let's break down some of the biggest developments in the field as we enter the new year.


Cybersecurity Analyst+ Takes Center Stage


CompTIA launched their intermediate-level Cybersecurity Analyst+ (CSA+) certification in 2017 and it's rapidly gaining popularity among technical professionals. CSA+ is designed for individuals who have three or four years of hands-on work experience and it emphasizes the technical skills required to serve as a cybersecurity analyst. The exam covers four domains of knowledge, including threat management, vulnerability management, incident response, and security architecture and tools.


Expect to see the CSA+ cert continue to grow this year on the heels of an October 2017 announcement that the Department of Defense is approving the certification for use in its workforce development program. It's no secret that DoD drives a significant portion of the interest in cybersecurity certification and CSA+ should benefit from this designation.


CompTIA Penetration Tester Certification Debuts


CompTIA invited subject matter experts in penetration testing to join them for a workshop in February 2018 as part of the development of a new penetration testing certification program. The CompTIA Penetration Tester (CPT+) certification is positioned as a companion certification to the CSA+ credential launched last year. The CompTIA team is designing CPT+ to target individuals with 3-4 years of experience in penetration testing and vulnerability management.


We've yet to see an announcement about the CPT+ launch date, but expect to see a beta exam later this year. If you're interested in earning the certification, watch carefully for the beta exam announcement. CompTIA usually allows about 400 people to take the exam and those slots fill quickly. In exchange for serving as a guinea pig for the exam, you get to attempt the certification at a substantial discount. The CSA+ beta exam was $50, compared to the $320 fee for the normal exam.


Four New Stackable Certifications Encourage Cybersecurity Career Development


Snap together blocks

Rounding out CompTIA's busy year on the cybersecurity front was their Dec. 20 launch of stackable cybersecurity certifications. These are credentials that candidates earn when they achieve a series of other CompTIA certifications. They're designed to encourage candidates to continue to advance along a career path and, of course, to continue to pursue CompTIA certifications along the way.


Many IT professionals learned of this program when they received an email from CompTIA informing them that they automatically earned a stackable certification based upon their existing credentials. The new stackable certifications include:


? CompTIA Secure Infrastructure Specialist is awarded to candidates who earn the A+, Network+, and Security+ credentials.
? CompTIA Secure Cloud Professional requires earning the Security+ and Cloud+ certifications.
? CompTIA Security Analytics Professional certification goes to those who earn both the Security+ and CSA+ certifications.
? CompTIA Security Analytics Expert requires the Security+, CSA+ and CompTIA Advanced Security Practitioner (CASP+) certifications.


Expect to see these pathways continue to develop as CompTIA releases the CPT+ credential and other certifications. It's also likely that these stackable certifications will drive renewed interest in CompTIA certification programs and increase the number of IT professionals adding the Security+, CSA+, and CASP+ credentials to their resumes.


CISSP Moves to Adaptive Testing


CompTIA is making the biggest waves in cybersecurity certification this year with the launch of six new certifications, but they're not the only ones making changes. This year's big news out of (ISC)2 is the launch of adaptive testing for the Certified Information Systems Security Professional (CISSP) exam.


The new CISSP testing technology rolled out quietly in December and is now the only option for English test-takers. Candidates will find themselves taking a shorter exam, maxing out at three hours, that becomes increasingly difficult as candidates answer questions correctly


This isn't the only change in store for the CISSP exam. (ISC)2 also made revisions to the eight CISSP domains to keep the material current and will be revising the exam to cover the modifications in April.


(ISC)2 To Push SSCP Certification


The Systems Security Certified Practitioner (SSCP) credential isn't new by a long shot. The (ISC)2 entry-level certification program has lived in the shadows of the CISSP credential for years, but word on the street is that is about to change.


During the recent (ISC)2 Security Congress in Austin, several industry insiders remarked that they expected to see a renewed push to position the SSCP as a premier entry-level certification and develop the SSCP market over the coming year. We haven't seen this push begin yet, but keep your eyes open for developments.


While these new developments will certainly change the landscape of cybersecurity certification programs, those seeking to enter the field and enhance their skills shouldn't forget the time-tested basics. CompTIA's Security+ certification remains the most popular entry-level certification and is in the process of completing a transition to the new SY0-501 exam this spring, with the retirement of the SY0-401 exam at the end of July.


It's still a fantastic starting point for those seeking their first position in cybersecurity who aren't ready to move onto one of the more advanced or specialized certification programs.


Would you like more insight into the history of hacking? Check out Calvin's other articles about historical hackery:
About the Author

Mike Chapple is Senior Director for IT Service Delivery at the University of Notre Dame. Mike is CISSP certified and holds bachelor’s and doctoral degrees in computer science and engineering from Notre Dame, with a master’s degree in computer science from the University of Idaho and an MBA from Auburn University.