Six Hot Cybersecurity Certifications for 2019
Here we are in 2019. I can already feel the heat of summer and the dawn of a new dawn of a new data breach. There will be a bunch of excuses from corporate America about why the breach happened, and a bunch of hollow promises about what they will do better to protect your data.
The certification market will respond in kind with new certifications and courses to prepare the expanding IT workforce to protect against these new threats. Somewhere down the road there will be a different, possibly scarier breach, and the cycle will continue.
How, in the upcoming new year, can you prepare to defend against this onslaught? What new, cutting edge certifications can you obtain to show that you are at the forefront of information security and data protection technology? The certification landscape has many options to tempt you, but here are six of my very favorite ones:
First on my list is the Amazon Web Services (AWS) Certified Solutions Architect. It combines security, cloud, and server workload knowledge and wraps it all up in a ball of goodness. There are many reasons to get AWS certified, and to make this credential your point of entry.
First off, the popularity of cloud-based technology and services has increased tenfold in recent years and shows no signs of slowing up. As more organizations turn to the cloud to help them save time, money, and even physical real estate, the demand for skilled IT professionals who can leverage the cloud will soar.
The Certified Solutions Architect certification specifically prepares you to design and deploy cloud systems using the AWS platform. There are two Solutions Architect certs, one that's an associate-level introductory credential, followed by a professional-level credential that up the ante.
With AWS holding the biggest share of the cloud hosting market, embracing their platform and tools and building up your skills could be a game-changer for your professional growth — and your salary, as AWS positions can command six figures.
Next up is an old, reliable warhorse certification that is definitely something you should pursue. Celebrate 50 years or ISACA by taking a long look at that august association's Certified in Risk and Information Systems Control (CRISC) credential.
CRISC is the most current and rigorous assessment available for those who want to specialize in evaluating the risk management proficiency of IT professionals and other employees within an enterprise or financial institution. Achieving CRISC certification validates your ability to help companies understand business risk.
It also confirms that you have the technical knowledge to implement appropriate information system (IS) controls. This certification should go at the top of your list because at the heart of every good cybersecurity framework methodology is "control" and "understanding risk". CRISC covers both.
The risk response section of the test covers a lot of real-world scenarios that I have experienced in my everyday job. If you've worked in IT for very long, you'll probably have a similar reaction. This credential would probably be on my cybersecurity short-list for most years.
In the middle of the pack, is CompTIA's vendor-neutral CompTIA Advanced Security Practitioner (CASP+) certification. This overall, all-around cybersecurity certification verifies that both breadth and depth of security knowledge.
It's also an impressively cost-effective cybersecurity cert, requiring an overall investment of less than $500. And, as with other CompTIA credentials, CASP+ has Uncle Sam's seal of approval: Many Department of Defense-rated facilities require this certification.
I personally know a friend who had to pass this to fulfill a Navy document review requirement. Yes, the government requires people who touch their data and handle their cybersecurity protections and processes to become certified. It's just another reason to get this certification, or any CompTIA certification, really.
Fourth is the recently overhauled Certified Ethical Hacker (CEH) credential sponsored by EC-Council, which released CEH version 10 last year. The most unique thing about this test is the completely translatable skill set it offers and tests you on.
If you haven't ever broken into somewhere or something, then you will be hard pressed to pass this test. You must demonstrate and understand each of the steps of a penetrating a secure system, even though you will be engaging in such hacktivity (ahem) legally.
Some of EC-Council's other credentials, like their Blockchain certification, or their penetration and forensic testing certification, have no parallel in the industry. Be careful: Once you get a taste of what EC-Council has to offer, you are going to want to dump a lot of cash on these tests.
That's the kind of investment that will pay off in the end, though you should probably still try to exercise moderation. Having obtained the CEH, I can readily attest to the fact that EC-Council's exams are highly addicting.
My fifth pick is the Certified Information Security Manager (CISM) credential offered, like the above-referenced CRISC, by ISACA. If you want to be a CISO, you want your team to call you chief — and mean it — then I recommend getting this certification.
CISM is a solid r�sum� building block. You can point to this one and everyone will know that you have proven your cybersecurity bona fides. Along with (ISC)2's CISSP credential (another strong potential addition to your cybersecurity CV, incidentally), CISM is one of the highest-paying certifications you can achieve. Get it for yourself and for your pocketbook.
Lastly, I would be remiss if I did not mention that getting a master's degree in cybersecurity, cybersecurity management, or IT Management is an excellent digression from, or foundation for, any certification-driven cybersecurity career path. An advanced degree in "infosec" can take you far.
The rate of change and innovation within the information security field makes it important to have a rock-solid grounding in the core principles and practices of good cybersecurity. The good news is that more universities and colleges are offering infosec degree programs than ever before (even Ivy League schools) and many are participating in ground-breaking research.
Yes, students have the opportunity to participate in hands-on security research and learning opportunities at many of today's top institutions. Who doesn't want to be part of the research team that devises, say, a quantum computer technique that solves P=NP (look It up)?
Take a look on Coursera to see all the choices that are out there, or do a quick Google search and brace yourself for a flood of results. What's more, the global shortage of information security talent means that pursuing a degree or research program within the field can be a highly rewarding career move.
Indeed, many employers will readily provide financial support, should you wish to pursue and obtain an advanced degree from a reputable university. Most Ivy League schools now offer such degrees and obtaining one is a strong sign to an employer (or future employer) that you know your stuff.
A master's degree is not a certification, of course. You can make yourself stand out by obtaining one, however, because it will prove you have what it takes to work hard and maintain focus. Both are important traits when confronting the ever-changing threat landscape of the cybersecurity world.
No matter what certification you choose to arm yourself with, go after it whole-heartedly and with intense focus. You might be surprised to see what a little "elbow grease" can do to smooth your path. As always, I wish you the best of luck and happy certifying.