What are the best cybersecurity certifications?
It’s a tough question to answer. However, one way to measure their value is based on the certifications held by cybersecurity experts working in the field.
According to a recent report by The Enterprise Strategy Group, Inc., and the Information Systems Security Association (ISSA), titled “The State of Cyber Security Professional Careers” there are four that top the list.
- (ISC)2 Certified Information Systems Security Professional (CISSP)
Held by 56 percent of cybersecurity professionals - CompTIA Security+
Held by 19 percent of cybersecurity professionals - Certified Information Security Manager (CISM)
Held by 17 percent of cybersecurity professionals - Certified Information Security Auditor (CISA)
Held by 16 percent of cybersecurity professionals
Of course, there are many more certs held by cybersecurity experts. As an example, I added in the (ISC)2 Systems Security Certified Professional (SSCP) in the following chart.
Clearly, the CISSP tops the list. Many people believe that it’s a valuable certification for gaining useful cybersecurity knowledge and getting a job in the cybersecurity field.
The Need for Cybersecurity Knowledge
Unless you’ve been hiding your head in the sand, you’ve heard about hacks, data breaches, ransomware attacks, credential theft, and more.
Criminals have been successful and they continue to develop and improve their tactics, techniques, and procedures. Attacks aren’t stopping. Instead, criminals consistently increase them.
Organizations are responding by increasing their cybersecurity capabilities. Unfortunately, according to an ESG report, 46 percent of organizations report a problematic shortage of cybersecurity skills. There just aren’t enough cybersecurity professionals to fill the needs.
Admittedly, earning certifications aren’t the only way to build cybersecurity skills and knowledge. However, for people willing to take the time to learn the concepts, cybersecurity certifications do help people follow a structured study path. This helps professionals build a solid foundation of current knowledge.
Security professionals build on this knowledge with cybersecurity training courses, participating in professional organizations, and with on-the-job training from other cybersecurity professionals.
Path for the Best Cybersecurity Certifications
The CISSP might look like it is the only certification to pursue. However, it is a very tough exam. I’ve heard from many people that studied for six months or more only to fail the exam the first time they take it. At the end of the six months, they don’t have anything to show for their time.
A better alternative is to build your knowledge by pursuing some of the other cybersecurity certifications. As an example, one path is to start with the Security+ certification and then pursue the CISSP certification.
Note that the Security+ certification is the second most popular certification held by cybersecurity professionals. One reason is that many organizations (such as the U.S. Department of Defense) require employees to have it for certain IT related jobs.
Still, it is a leap from the Security+ to the CISSP. A second possible path to the CISSP is to do the Security+, then the (ISC)2 SSCP, followed by the CISSP. It’s a short leap from the Security+ to the SSCP certification and by taking the SSCP, you’ll learn many of the concepts related to the CISSP along with the overall process of (ISC)2 certification exams.
How long will this take? Everyone learns differently so there isn’t a single answer that fits everyone. However, it’s possible to study for six months and earn all three certifications. During this time, you’re steadily building your knowledge while verifying that you’re understanding and retaining it well enough to pass the certification exams.
- In the first path, you simply study six months for the CISSP.
Assuming you pass, you’ll end up with the CISSP certification. - In the second path, you study for the Security+ for 45 days and then the next four and a half months on the CISSP.
You end up with two certifications: CompTIA Security+ and CISSP. - In the third path, you study for the Security+ for 45 days, the SSCP for the next 45 days, and then the next four and a half months on the CISSP.
You’ll then have three certifications: Security+, SSCP, and CISSP.
What About CISA and CISM
Unfortunately, I’m not close to the Certified Information Security Auditor (CISA) or the Certified Information Security Manager (CISM) certifications. However, my research indicates that these cannot be used as a stepping stone to the CISSP.
The CISA certification is a specialty certification for auditors. Compare this to the CISSP. The CISSP is focused on implementing information security and the CISA is focused on auditing IT security.
The CISM certification is more closely associated with the CISSP in that it focuses on information security and information security management. It pairs well with the CISA because someone with both the CISA certification and the CISM certification has knowledge about both auditing IT security and managing IT security. Someone with both certifications has the knowledge to bridge the communication gaps between different communities such as auditors, IT security administrators, and senior management.
Best Cybersecurity Certifications Summary
There is a growing need for cybersecurity professionals. If you want to get into this field, there are several certifications that can help you do so. The (ISC)2 CISSP is the security certification held by most cybersecurity professionals, and many people start with the CompTIA Security+ certification.