Cybersecurity is an issue of pressing urgency as threats and attacks escalate against our government, businesses and individuals. With hundreds of millions of dollars at risk – not to mention sensitive intelligence – cybercriminals have the ability to paralyze victims if their threats are not prevented.
As cybersecurity continues to play an integral role in the global environment, IT professionals can hone their skills to tackle threats by enhancing their education credentials and earning industry certifications. Examples of IT security certifications can include:
The globally-recognized CISSP® certification from (ISC)²®, an organization specializing in information security, can help build knowledge in the field of information security. Professionals earning this certification define the architecture, design, management and controls that help assure the security of business environments. It's the first certification in the field to meet the stringent requirements of ISO/IEC Standard 17024.
The certification also supports the Official (ISC)² Guide to the CISSP CBK, Fourth Edition, which covers the eight CISSP domains: Security and Risk Management (Security, Risk, Compliance, Law, Regulations, Business Continuity); Asset Security; Security Engineering; Communication and Network Security; Identity and Access Management; Security Assessment and Testing; Security Operations (Foundational Concepts, Investigations, Incident Management, Disaster Recovery); Software Development Security (Understanding, Applying and Enforcing Security Software).
Typically, candidates must have at least five years of experience in two of the eight CISSP domains. They are tested on their competence in the domains covered in the (ISC)² CBK®. Once a professional passes the certification exam, they are CISSP certified and must re-certify every three years and commit to continuing professional education to keep their credentials in good standing.
If a professional does not meet the required five years of experience, they may earn the Associate of (ISC)² designation by passing the required CISSP examination.
Certification offers a variety of career advancement opportunities for the IT security professional. Professionals who have earned a certification may have greater credibility and marketability in the workplace than those who do not. One study suggested that CISSP-certified professionals earn 25% more money than non-certified IT security professionals on a global basis. CISSPs can also gain (ISC)² member benefits, such as peer networking.
The SSCP, a certification of the (ISC)², can be beneficial for those seeking to advance their information security careers, expand their skills or launch a new career. Open to candidates with as little as one year of experience, the certification can help ensure that candidates are skilled in continuously monitoring systems to safeguard against security threats. They also learn how to apply the security concepts, tools and procedures to react effectively to incidents.
The SSCP supports the Official (ISC)² Guide to the SSCP CBK® Second Edition, which covers the domains of Access Controls; Security Operations and Administration; Risk Identification, Monitoring and Analysis; Incident Response and Recovery; Cryptography; Network and Communications Security; Systems and Application Security.
Candidates seeking certification usually need valid experience with IT security-related work. Their experience should have direct application to the domains of SSCIP with one year of cumulative work experience in at least one of the seven domains required. Those without experience may sit for the exam and become an Associate of (ISC)² when experience has been gained. Recertification is required every three years, along with 10 CPEs each year of the certification cycle.
The SSCP certification can demonstrate a knowledge base in information security and can also signal a strong commitment to the profession. It may be one way to differentiate yourself from others who haven’t earned this designation, and can give you access to (ISC)² resources such as peer networking and idea exchange. An industry study by (ISC)² also found that security certifications were considered important by nearly 90% of IT security hiring managers.
The (ISC)² Certified Authorization Professional (CAP) certification applies to professionals responsible for formalizing processes used to assess risk and establish security requirements and documentation. Their decisions can ensure that information system security aligns to the level of exposure to potential risk. This credential may be beneficial for commercial markets, civilian and local governments and the U.S. Federal government, including the State Department and the Department of Defense (DoD).
CAP supports the Official (ISC)² Guide to the CAP® CBK®, Second Edition and covers a candidate’s knowledge across seven domains: Risk Management Framework (RMF); Categorization of Information Systems; Selection of Security Controls; Security Control Implementation; Security Control Assessment; Information System Authorization; Monitoring of Security Controls.
To sit for the certification exam, candidates should have valid experience performing IT security work. Two years of cumulative work experience in one or more of the seven domains is also typically required. Recertification is required every three years, and CPEs are required to maintain the credential on an ongoing basis.
In response to heightening cyber threats to commercial and DoD interests, the DoD 8570 Information Assurance Training, Certification and Workforce Management mandate went into effect. Under it, commercial contractors and military and civilian personnel are proactively educated and certified to perform their critical duties as Information Assurance professionals. Those with privileged access to DoD systems must obtain an ANSI-approved commercial certification through (ISC)². Certifications can vary based on the specific job function of the professional.
The CAP certification can serve as a validation of competence and skill, which may help boost career advancement and earnings potential. It can also help differentiate professionals who are credentialed from those who are not. Certified professionals may benefit from presented opportunities within the (ISC)² global network of CAP domain experts.
A Certified Ethical Hacker (CEH) is one who uses skills and knowledge of computers and networks in a lawful manner to identify vulnerabilities to help protect against security breaches. The CEH designation by the EC-Council takes a vendor-neutral approach to certify individuals in Ethical Hacking.
This certification is also related to DoD 8570, which covers the training, certification and management of an information assurance workforce, and accordingly classifies personnel in four main categories. The CEH designation covers four out of five positions under one of those categories: Computer Network Defense.
To test for the CEH designation, candidates must demonstrate at least two years of information security related experience or they must have taken training courses, either through distance learning or an academic setting. Candidates under 18 are not eligible unless they can show written parental consent and a supporting letter from their nationally accredited institution of higher learning.
CompTIA Security+ helps ensure holders have the knowledge to both anticipate and react to IT security risks. It demonstrates competency in network security; compliance and operational security; threats and vulnerabilities; application, data and host security; access control and identity management; and cryptography.
Among the positions held by candidates can be security architect, security engineer, security consultant/specialist, information assurance technician, security administrator, systems administrator and network administrator. This is also one of the certification options for DoD 8570.
Two exams are required for this certification: CompTIA A+ 220-801 covers the fundamentals of computer technology, including the installation and configuration of PCs and laptops and basic networking. CompTIA A+ 220-802 covers the skills needed to install and configure PC operating systems along with configuring common features for mobile operating systems.
This certification is one that network administrators, technicians and installers, design technicians and IT cable installers may seek to demonstrate their qualifications in physical computer networking. It covers networking technologies, installation and configuration, media and topologies, management, and security. The certification is typically a prerequisite for technicians seeking to join the Apple Consultants Network. The Department of Defense may also recognize it.
Cybersecurity is an issue of increasing importance, especially as the global environment becomes more networked and reliant on technology systems. Professionals who hone their IT security skills to recognize and guard against the risks to this environment, and earn the certifications that speak to their capabilities, can greatly benefit the security community.