Six Hot Cybersecurity Certifications for 2023

These six cybersecurity certifications are a slam dunk for your career.

Here we are coming up on 2023: I can already feel the heat of summer and the dawn of a new data breach. Thanks to a year of instability, encompassing everything from the FTX debacle to a string of hacks resulting in billions of dollars lost, Bitcoin (yet again) may already be in its death throes.

There will be a bunch of excuses from corporate America about how the various breaches happened, and a bunch of hollow promises about what they will do better to protect your data. The certification market will respond in kind with new credentials and courses to prepare the expanding IT workforce to protect against these new threats.

Somewhere down the road there will be new and different, possibly scarier breaches, and the cycle will continue. How, in the upcoming new year, can you prepare to defend against this ongoing onslaught? What new, cutting edge certifications can you obtain to earn your place at the forefront of information security and data protection technology?

The certification landscape has many options to tempt you, but here are six of my very favorite ones:

AWS Certified Solutions Architect

First on my list is AWS Certified Solutions Architect from Amazon Web Services. It combines security, cloud, and server workload knowledge and wraps it all up in a ball of goodness. There are many reasons to get AWS certified, and to make this credential your point of entry.

First off, the popularity of cloud-based technology and services has increased tenfold in recent years and shows no signs of slowing up. As more organizations turn to the cloud to help them save time, money, and even physical real estate, the demand for skilled IT professionals who can leverage the cloud will soar.

The Certified Solutions Architect credential specifically prepares you to design and deploy cloud systems using the AWS platform. There are two Solutions Architect certs, one that's an associate-level introductory credential, followed by a professional-level credential that ups the ante.

With AWS holding the biggest share of the cloud hosting market, embracing their platform and tools and building up your skills could be a game-changer for your professional growth — and your salary, as AWS positions can command six figures.

Certified in Risk and Information Systems Control (CRISC)

These six cybersecurity certifications are a slam dunk for your career.

Next up is an old, reliable warhorse certification that is definitely something you should pursue. Tip your hat to one of the longest lived IT certification organizations in the world, cybersecurity and IT governance professional association ISACA, by taking a long look at that august organization's Certified in Risk and Information Systems Control (CRISC) credential.

CRISC is the most current and rigorous assessment available for those who want to specialize in evaluating the risk management proficiency of IT professionals and other employees within an enterprise or financial institution. Achieving CRISC certification validates your ability to help companies understand business risk.

It also confirms that you have the technical knowledge to implement appropriate information system (IS) controls. This certification should go at the top of your list because at the heart of every good cybersecurity framework methodology is "control" and "understanding risk". CRISC covers both.

The risk response section of the test covers a lot of real-world scenarios that I have experienced in my everyday job. If you've worked in IT for very long, you'll probably have a similar reaction. This credential would probably be on my cybersecurity short-list for most years.

CompTIA Advanced Security Practitioner (CASP+)

In the middle of the pack, is CompTIA's vendor-neutral CompTIA Advanced Security Practitioner (CASP+) certification. This overall, all-around cybersecurity credential verifies both breadth and depth of security knowledge. It's also an impressively cost-effective cybersecurity cert, requiring an overall investment of less than $500.

And, as with other CompTIA credentials, CASP+ has Uncle Sam's seal of approval: Many Department of Defense-rated facilities require this certification. I personally know a friend who had to pass this to fulfill a Navy document review requirement.

Yes, the U.S. government requires people who touch their data and handle their cybersecurity protections and processes to become certified. It's just another reason to get this certification, or any CompTIA certification, really.

Certified Ethical Hacker (CEH)

These six cybersecurity certifications are a slam dunk for your career.

Fourth is the recently overhauled Certified Ethical Hacker (CEH) credential curated by EC-Council, which released CEH version 10 last year. The most unique thing about this test is the completely translatable skill set it offers and tests you on. If you haven't ever broken into somewhere or something, then you will be hard pressed to pass this test.

You must demonstrate and understand each of the steps of a penetrating a secure system, even though you will be engaging in such hacktivity (ahem) legally, or acting as what the industry terms a "white hat."

Some of EC-Council's other credentials, like their Blockchain certification, or their penetration and forensic testing certification, have no parallel in the industry. Be careful: Once you get a taste of what EC-Council has to offer, you are going to want to dump a lot of cash on these tests. That's the kind of investment that will pay off in the end, though you should probably still try to exercise moderation.

Having obtained the CEH, I can readily attest to the fact that EC-Council's exams are highly addicting.

Certified Information Security Manager (CISM)

My fifth pick is the Certified Information Security Manager (CISM) credential offered, like the above-referenced CRISC, by ISACA. If you want to be a CISO, and you want your team to call you chief — and mean it — then I recommend getting this certification.

CISM is a solid building block. You can point to this one and everyone will know that you have proven your cybersecurity bona fides. Along with (ISC)²'s Certified Information Systems Security Practitioner (CISSP) credential (another strong potential addition to your cybersecurity CV, incidentally), CISM is one of the best regarded, highest-paying certifications you can achieve. Get it for yourself and for your pocketbook.

Get a cybersecurity degree

Lastly, I would be remiss if I did not mention that getting a master's degree in cybersecurity, cybersecurity management, or IT management is an excellent digression from, or foundation for, any certification-driven cybersecurity career path. An advanced degree in "infosec" can take you far.

The rate of change and innovation within the information security field makes it important to have a rock-solid grounding in the core principles and practices of good cybersecurity. The good news is that more universities and colleges are offering more (and more varied) infosec degree programs than ever before. Even Ivy League schools are in the game.

Many universities are also participating in groundbreaking cybersecurity research. Yes, students have the opportunity to participate in hands-on security research and learning opportunities at many of today's top institutions. Who doesn't want to be part of the research team that devises, say, a quantum computer technique that solves P=NP? (Look it up, it's an amazing problem.)

These six cybersecurity certifications are a slam dunk for your career.

Take a look on Coursera to see all the choices that are out there, or do a quick Google search and brace yourself for a flood of results. What's more, the global shortage of information security talent means that pursuing a degree or research program within the field can be a highly rewarding career move.

Indeed, many employers will readily provide financial support, should you wish to pursue and obtain an advanced degree from a reputable university. Most major universities now offer such degrees, and obtaining one is a strong sign to an employer (or future employer) that you know your stuff.

A master's degree is not a certification, of course. You can make yourself stand out by obtaining one, however, because it will prove you have what it takes to work hard and maintain focus. Both are important traits when confronting the ever-changing threat landscape of the cybersecurity world.

No matter what certification you choose to arm yourself with, go after it wholeheartedly and with intense focus. You might be surprised to see what a little "elbow grease" can do to smooth your path. As always, I wish you the best of luck and happy certifying!

Would you like more insight into the history of hacking? Check out Calvin's other articles about historical hackery:
About the Author
Nathan Kimpel is a seasoned information technology and operations executive.

Nathan Kimpel is a seasoned information technology and operations executive with a diverse background in all areas of company functionality, and a keen focus on all aspects of IT operations and security. Over his 20 years in the industry, he has held every job in IT and currently serves as a Project Manager in the St. Louis (Missouri) area, overseeing 50-plus projects. He has years of success driving multi-million dollar improvements in technology, products and teams. His wide range of skills include finance, ERP and CRM systems. Certifications include PMP, CISSP, CEH, ITIL and Microsoft.