Six Niche Security Certifications

The right security certification can help you fill an important niche job role.

There are a few big players in the cybersecurity certification space. CompTIA's Security+ certification is the go-to credential for entry-level cybersecurity professionals while those with more depth of experience commonly pursue the gold standard Certified Information Systems Security Professional (CISSP) certification.


If you've been active in the cybersecurity field, then you're probably also familiar with a few of the less common, but still prevalent credentials. For example, the Systems Security Certified Practitioner (SSCP) credential is another well-known entry level credential, while the Certified Information Security Manager (CISM) certification is popular among those on the management track.


But what if you're looking to specialize more deeply? There are many less well-known certifications out there that appeal to cybersecurity specialists seeking to document more niche skills in the field.


These credentials may not be widely pursued, and might also not be immediately recognized by some employers, but they are sought after by recruiters seeking to fill highly specialized positions. They may be the keyword on your resume that lands you your next job interview.


Let's take a look at six niche security certifications:


Certified Cloud Security Professional (CCSP)


There's no technology niche more important these days than cloud computing. Cybersecurity professionals who specialize in this area will find themselves well-positioned to help their organizations navigate the complexity of the cloud. The Certified Cloud Security Professional (CCSP) credential is a partnership between (ISC)2 and Cloud Security Alliance (CSA) that documents the knowledge of cloud security practitioners.


The CCSP program covers six domains of knowledge:

? Cloud Concepts, Architecture, and Design
? Cloud Data Security
? Cloud Platform and Infrastructure Security
? Cloud Application Security
? Cloud Security Operations
? Legal, Risk, and Compliance


You might think that a certification like the CCSP would be incredibly popular, but that's simply not the case. As of June 2019, there are just a bit more than five thousand CCSP-certified individuals worldwide. If you're looking for a high-demand niche that can quickly lead to gainful employment, this may be just the right fit for your next cybersecurity certification.


SANS GIAC Certified Forensic Analyst (GCFA)


The SANS Institute has long sponsored their Global Information Assurance Certification (GIAC) program that is specifically designed to fill the niches in cybersecurity. GIAC offers more than 30 cybersecurity certification programs that drill into many different niches, ranging from perimeter protection to Python coding and from penetration testing to incident handling. If you're looking for a certification covering a technical specialization in cybersecurity, the GIAC program is a good starting point.


The GIAC Certified Forensic Analyst (GCFA) credential is an advanced credential for those working in the digital investigation space. Technologists earning this credential are qualified to conduct advanced forensic examinations across a variety of hardware and software platforms. Earning the GCFA requires passing an exam covering 10 deeply technical forensic topics:

? Identification of malicious system and user activity
? Incident response in an enterprise network
? Incident response process and framework
? Timeline artifact analysis
? Timeline collection
? Timeline processing
? Volatile artifact analysis
? Volatile data collection
? Windows filesystem structure and analysis
? Windows system artifact analysis


As with the CCSP, you might assume that a respected certification like the GCFA would be extremely popular, but the numbers prove there is opportunity here — only 15,695 people have ever earned the GCFA credential.


Cybersecurity Analyst+ (CySA+)


The technology industry suffers from a cybersecurity skills gap — there simply aren't enough qualified individuals to fill all of the open positions posted by companies. And industry analysts expect that this gap is only going to get wider over time.


One of the key areas creating this gap is a lack of individuals qualified to work in cybersecurity analyst roles. These roles are typically a step up from entry-level positions and require thoughtful insight and broad knowledge of security operations. Cybersecurity analysts are typically the individuals who receive case escalations from front-line security personnel and conduct further investigation.


The Cybersecurity Analyst+ (CySA+) credential is designed to test a candidate's knowledge of four key areas:

? Threat Management
? Vulnerability Management
? Cyber Incident Response
? Security Architecture and Tool Sets


The right security certification can help you fill an important niche job role.

CySA+ is the most mainstream certification on this list, as it comes from certification behemoth CompTIA. It's a fairly new credential, however, so it's still gaining steam as a professional qualification. If you're looking to earn an intermediate-level certification that doesn't have a work experience requirement, then CySA+ may be just the niche for you.


Payment Card Industry Professional (PCIP)


Retailers, service providers, financial institutions and other organizations who handle credit card numbers must comply with a rigorous set of security standards called the Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS standard includes more than 50 pages of detailed specifications outlining the implementation of 12 major requirements. This is a tricky maze to navigate for those required to maintain compliance.


The PCI Security Standards Council (PCI SSC) is the organization responsible for maintaining the standard. They also offer a certification program called the PCI Professional (PCIP) that allows individuals to demonstrate their mastery of the PCI DSS and their ability to assist organizations in building compliant operations.


If you're thinking about a career in the financial sector, the PCIP credential provides you with qualifications in an extremely important compliance niche.


Certified Information Privacy Professional (CIPP)


Privacy concerns are everywhere in today's technology environment. It's now rare that a week passes by without news of some kind of data breach affecting the personally identifiable information (PII) of customers of a retail store, students at an educational institution, employees of a government agency, or some other group.


Regional and national regulators around the world are rapidly drafting new laws designed to keep up with these developments and the Certified Information Privacy Professional (CIPP) credential demonstrates that an individual has a current understanding of government privacy regulations.


Recognizing that privacy regulations differ significantly from jurisdiction to jurisdiction, the CIPP credential comes in different regional variations:

? Asia (CIPP/A)
? Canada (CIPP/C)
? Europe (CIPP/E)
? United States private sector (CIPP/US)


These certifications come from the International Association of Privacy Professionals (IAPP), who also previously offered a United States government (CIPP/G) version of the certification, which is now inactive. Earning the CIPP credential for your region is a great way to move into an important niche role.


HealthCare Information Security and Privacy Practitioner (HCISPP)


Healthcare information security and privacy is of paramount concern to patients, physicians, hospitals, insurance companies, and the vendors who work with them on a daily basis. Protected health information (PHI) is perhaps the most heavily regulated type of sensitive information and organizations who fail to protect the privacy and security of that data face significant fines and sanctions from regulators.


(ISC)2 offers the HealthCare Information Security and Privacy Practitioner (HCISPP) credential for individuals seeking to specialize in this important niche. The credential covers a variety of topics specific to the healthcare field, including specific health privacy regulations, the healthcare industry, and risk assessment and management topics.


As with the other credentials on this list, the importance of the field hasn't yet resulted in a plethora of certified individuals. If you earn the HCISPP certification, you'll find yourself on a list that currently has only 1,293 members.


Find Your Niche


Each of these certifications fills an important gap in the cybersecurity industry and possessing one or more of these credentials helps you stand out from the pack of cybersecurity professionals bearing more common certifications. Treat this list as a starting point and think about the specific niche that you'd like to fill in the cybersecurity world. There's probably a certification out there that will validate your skills!


Would you like more insight into the history of hacking? Check out Calvin's other articles about historical hackery:
About the Author

Mike Chapple is Senior Director for IT Service Delivery at the University of Notre Dame. Mike is CISSP certified and holds bachelor’s and doctoral degrees in computer science and engineering from Notre Dame, with a master’s degree in computer science from the University of Idaho and an MBA from Auburn University.