Six New Cybersecurity Certs that Address Hotly Demanded Skills

Cloud security concept file folder behind door

Cybersecurity is one of the hottest fields in information technology and skilled cybersecurity professionals are in high demand. Threats to enterprise security evolve constantly and organizations require increasingly skilled specialists with the knowledge required to combat those threats.


As the cybersecurity field becomes increasingly specialized, industry is responding with a series of niche certification programs designed to demonstrate an individual's qualifications to fill these new positions.


For job candidates, cybersecurity specializations can be extremely rewarding. A recent Certification Magazine salary survey ranked the top IT certification programs and five of the top ten certifications cover cybersecurity issues and command salaries of around $140,000. Let's take a look at six of the most in-demand cybersecurity certifications that have reached the marketplace in the past five years.


CompTIA Advanced Security Practitioner (CASP)


CompTIA is one of the long-standing leaders in both security certifications and IT certifications in general. Their Security+ certification has long been recognized as the industry-leading certification for entry-level security practitioners, and many of today's cybersecurity experts cut their teeth by earning that credential.


In 2011, CompTIA built upon this success by launching an advanced certification program: the CompTIA Advanced Security Practitioner (CASP), designed to help Security+ credential holders move up the ladder to the next level in their career. (The newest version of the CASP exam, CAS-002, arrived last year in January.)


The CASP program combines technical and security leadership skills in a single certification designed for those with at least 10 years of information security experience and five years of hands-on technical experience. Earning the certification requires passing an exam containing up to 90 questions administered during a 165-minute exam period.


CompTIA followers should also keep an eye on the organization's security certification announcements. CompTIA recently conducted a Job Task Analysis (JTA) workshop for a cybersecurity analyst certification program that is expected to fill the gap between the entry-level Security+ credential and the master-level CASP.


Certified Cloud Security Professional (CCSP)


The explosive growth of cloud computing over the past few years is taking the IT industry by storm. Organizations that were completely averse to cloud options a few years ago are now rapidly adopting all-in "Cloud First" strategies that shift massive portions of enterprise computing to cloud providers.


This shift affects many IT disciplines and cybersecurity is no exception. Cybersecurity professionals must recognize that the shift to the cloud is real and any modern cybersecurity effort must include a realistic set of cloud computing controls.


In April 2015, (ISC)2 partnered with the Cloud Security Alliance (CSA) to launch the Certified Cloud Security Professional (CCSP) certification program. The CCSP builds upon the security certification experience of (ISC)2, provider of the gold standard CISSP certification, and the cloud expertise of CSA to provide a common body of knowledge for cloud security professionals.


Earning the CCSP certification requires passing a 125 multiple-choice question exam by earning a scaled score of at least 700 out of 1000 points. The exam covers six domains of cloud security: architectural concepts and design requirements, cloud data security, cloud platform and infrastructure security, cloud application security, operations, and legal and compliance.


Global Industrial Cybersecurity Professional (GICSP)


Industrial control systems manage some of the most sensitive components of the world's cyberinfrastructure. These systems regulate power plants, weapons systems, manufacturing facilities, water treatment plants and many of the controls that we depend upon to provide the essential elements of daily living in a safe, reliable manner.


The criticality of these systems makes them an attractive target for attackers and cybersecurity professionals must respond with sophisticated controls that are uniquely tailored to protect critical infrastructure components.


The SANS Institute's Global Information Assurance Curriculum (GIAC) has long offered a series of very niche cybersecurity specialist certification programs. GIAC responded to this recent need with the new Global Industrial Cybersecurity Professional (GICSP) program that offers a vendor-neutral approach to protecting industrial control systems.


Earning the GICSP certification requires passing a 115-question open-book proctored exam, normally administered after candidates attend a SANS Institute training program that focuses on the GICSP curriculum. This comes with a hefty price tag, requiring a payment of approximately $4,600 for both the course and examination.


Certified Chief Information Security Officer (CCISO)


CCISO concept woman leading discussion

Strong information security programs require strong leaders and most organizations now have an executive-level information security position. This individual is typically named as the Chief Information Security Officer (CISO), Director of Information Security, or similar title and oversees the organization's enterprise security efforts. Unsurprisingly, a specialized certification recently emerged for individuals seeking CISO positions.


The EC-Council, purveyors of the popular Certified Ethical Hacker (CEH) certification, recently launched the Certified Chief Information Security Officer (CCISO) program for aspiring CISOs. This program includes coverage of five knowledge domains:


? Governance (Policy, Legal and Compliance)
? IS Management Controls and Auditing Management
? Management – Projects and Operations (Projects, Technology and Operations)
? Information Security Core Competencies
? Strategic Planning and Finance


These domains combine traditional information security knowledge with the management and leadership skills required to operate at an executive level. Candidates for this credential must not only pass an exam but also demonstrate that they have five years of experience in three or more of the domains. The exact experience requirements depend upon whether candidates wish to pursue self-study or participate in an official CCISO training program.


Payment Card Industry Professional (PCIP)


Credit card security became a hot topic over a decade ago with the release of the Payment Card Industry Data Security Standard (PCI DSS) in 2004. Over the intervening years, a huge industry grew to support PCI DSS compliance efforts, including auditors, assessment tools, and an army of consultants who specialize in helping organizations interpret the security standard and apply it to their business environments with minimal disruption and expense.


In 2012, the PCI Security Standards Council launched the Payment Card Industry Professional (PCIP) program designed to help professionals demonstrate their mastery of the PCI DSS standard.


Earning the credential requires demonstrating at least two years of IT experience and passing a 90-minute computer-based exam containing 60 multiple-choice questions. One important note – once you are approved to take the exam, you must do so within 30 days, so don't apply until you're ready to take the test!


Certified Information Privacy Manager (CIPM)


Individuals expect that the organizations who handle their sensitive personal information will do so with the utmost respect for their privacy. Government agencies, financial institutions, healthcare organizations, educational institutions and a variety of other organizations all must build comprehensive privacy programs designed to fulfill the organization's legal and ethical requirements to safeguard personal privacy.


The International Association of Privacy Professionals (IAPP) offers a number of certification programs designed to recognize qualified staff to implement these privacy programs. In 2013, the IAPP launched the Certified Information Privacy Manager (CIPM) certification program to recognize individuals qualified to lead privacy programs.


Earning the CIPM certification requires passing a 90-question multiple-choice exam by earning a scaled score of at least 300 out of 500 points.


Stay sharp


There's no end in sight to the cat-and-mouse game between attackers and enterprise security specialists. Earning any one of these certifications is bound to make a job candidate stand out, especially when combined with relevant work experience and education. Think of these specialist certifications as a gold star that can embellish a resume and make it stand out from the pack!


Would you like more insight into the history of hacking? Check out Calvin's other articles about historical hackery:
About the Author

Mike Chapple is Senior Director for IT Service Delivery at the University of Notre Dame. Mike is CISSP certified and holds bachelor’s and doctoral degrees in computer science and engineering from Notre Dame, with a master’s degree in computer science from the University of Idaho and an MBA from Auburn University.