How 5 Top Cybersecurity Certifications Can Advance Your Career

Little article for you guys - How 5 Top Cybersecurity Certifications Can Advance Your Career | Redbud

Summing up - their top 5 are CISSP, CISA, CISM, GSEC, & Security+.

FWIW, Security+ was my starter and I found it very valuable at a 101 level.

I don't know that GSEC was around at that time, but if I had the money then I would agree now that it would have been a great technical-level follow-up to Security+.

CISA I'm not as impressed by. I hear they're in the midst of redoing it some and I agree it could be tweaked to be more focused as well as have some concepts brought more in line with the other ISACA cert principles. It's good, but not as good as it could be with some reworking.

CISSP of course is the one that opens the doors. It isn't mandatory, but you do learn a lot of basic principles and it gets your foot in the door for just about any infosec job nowadays.

CISM is likewise the one that opens the doors to the infosec mgr spots. It's a decent cert in terms of knowledge you gain, but as usual at the end of the day you only get out of a cert what you want to. If you just learn to pass the test then the value is limited. If you learn to gain concepts to put into your daily life it has a lot of good value.

Overall I think this is actually a good list compared to the random babble that most places put out. Are there other good certs, yes, but for a list of 5 that would have value to someone's career, I'd agree these all fit the bill.

And no I don't have anything to do with whoever this guy is, I just stumbled across the article and thought I'd share.

Find more posts tagged with

Comments

Sheiko37

I think they're overstating the CISSP. I can tell you I haven't designed any policy or standard since getting it, and I wouldn't consider it "advanced-level".

dustervoice

Sheiko37 wrote: »

I think they're overstating the CISSP. I can tell you I haven't designed any policy or standard since getting it, and I wouldn't consider it "advanced-level".

Creating policies has to do with your role not passing a Cert! i don't get your point here. Its like me saying I passed my CISSP but i don't do software development.. well no Sh*t i'm not a programmer/coder

towentum

His point is that the CISSP is heavily focused on creating standards and policies around information security. It's not heavily focused on the technical aspect of Information Security like other certs. That's what I think he's saying at least, I don't have the CISSP nor have I looked to deeply into it, but outwardly it really appears to focus on industry best practice and management of security teams rather than working in the industry as a security professional who get's down and dirty with the technology.

dustervoice

Well if thats what he is saying then Policies and standards are very important as that's what should drive the technology.. buying lots of blinkie boxes isnt security if there are no process or procedures around it. Technical is only half of the story.

towentum

Believe me, I understand that. Policies are important, as such the CISSP is important. It's not for everyone though. I personally will not go for it as I have no interest in managing an information security team. I know it pays well, but I have to be hands on and not designing policies and procedures all day.

Sheiko37

dustervoice wrote: »

Creating policies has to do with your role not passing a Cert! i don't get your point here.

Did you read the article? I'm responding to that.

Tongy

Sec+ was good to study for and get, made no decernable difference to my marketability but found it interesting.
CISM has been ok - some jobs use CISM/CISSP interchangeably, and I'm now appearing on recruiters radar which is a double-edged sword.
I'm doing GSEC training at the moment. For a "fundamental" cert it's pretty comprehensive and much broader and deeper than Sec+ (although it sits alongside it on the DoD chart). Very interesting material and I have learnt things from it. I don't see it adding to my marketability as it is a largely unknown cert in the UK.
As with most in infosec CISSP is on my "to do" as it is the gold standard when lookingfor new positions.
I am told that CISA is good, but it's not on my list!

As has been said before her many times - the cert doesn't make the person, the person makes the cert.

Howard the Duck

What about CEH?

NOC-Ninja

Isnt these certs are all managerial roles?

OctalDump

Howard the Duck wrote: »

What about CEH?

Not sure if serious, but CEH is a specialist certification so rarely appears on these 'top' lists. Top lists of "info sec" certifications are always biased to the generalist certification, because they will cover a greater breadth hence more people with them, hence more top people with them.

It's similar to the advice people give to get the popular certifications - they have the most jobs available. The downside is that those jobs often have the most applicants - since everyone gets the popular certifications.

If you really want to get ahead, find an in demand niche and get really good. There will be far fewer people for the jobs that come up, so you are in a stronger position. The risk is that your niche disappears.

OctalDump

NOC-Ninja wrote: »

Isnt these certs are all managerial roles?

To add to my last post, this is an artefact of how these lists are composed. They look at the big groups of top earners and that is management. There are 100s of specialist roles where people earn lots of money and have interesting careers, but those roles don't have a lot of commonality. So a top pen tester and a top forensics person and a top PCI compliance person might have some low level certifications in common (eg Sec+, GSEC), but might not have anything else in common as their paths diverge.

Management is a fairly conservative area: you see the same qualifications again and again - MSIS, MBA, CISSP etc. People are almost forced to do this just to get the foot in the door. They also dress the same

The technical rockstar is harder to pin down. They are just very good at what they do, and that isn't about certification per se, it's a breadth and depth within their particular niche.

The safe bet is to get really, really good at something.

virtualizationG

I would also agree the CISSP is a bit over valued in this article, however it's on par with the industries perspective. Which in many cases is that of non IT staff and management. They can't value things they don't know exist. In my experience most non IT staffers have no clue what most technicians signatures even mean. The few exceptions are certifications like CISSP and CCIE for example. Not putting CCIE and CISSP in the same category but based on industry metrics they are both considered "Top Tier" certifications to hold in their respective disciplines.

SaSkiller

Yet another generic mostly worthless article. Anyone with half a brain has known these certs have been valuable for the past 5-10 years. And it ignores specializations. I know a guy who works on one security tool who has a CISSP. Does it hold value to him? IDK.

TechGromit

virtualizationG wrote: »

I would also agree the CISSP is a bit over valued in this article, however it's on par with the industries perspective.

I plan on getting a CISSP just because it's widely recognized security certification among the computer illiterate (ie HR), but once I obtain it, I will not be pursuing any more ISC certs, just SANS certs.

stephens316

Howard the Duck wrote: »

What about CEH?

Not worth the price of training take a SANS Class

docrice

If I'm interviewing candidates for a technical role, I'd be much more biased towards GIAC and OffSec certs. The CISSP, CISA, CEH, and Sec+ would mean little to me unless it was an introductory junior role. That said, those certifications certainly don't hurt and shows a degree of ambition and effort.

More important than certs is mindset and willingness to explore far beyond the textbook. At the end of the day, certs are nice and in many places allows for positive keyword matching with HR resume search systems, but practically I'm less concerned with certs than I am about aptitude.

adrenaline19

I just wish HR would stop asking for a Bachelor's in CS or 5 years of experience for an entry-level position.

It's pathetic.

roninkai

For someone with a heavy technical background (20 years), but almost no management experience, what certs would be good to get toward priming myself for CISO positions? I'm working on CISSP now. Also working on my Master's in Cyber. I know eventually I'll need to get some management under my belt, just dont want to move away from technical work either. The managers at my workplace that used to be technical jump at every chance they can to work on a technical problem that they should be delegating. I think for some, the management path has lead to a highly paid "email manager/meeting advisor". I guess this is the path though. Anyway, for CISO aside from an MBA and CISSP, what other certs are worthwhile. Does EC-Council's "CISO" cert hold any weight?

dustervoice

dragonsden wrote: »

For someone with a heavy technical background (20 years), but almost no management experience, what certs would be good to get toward priming myself for CISO positions? I'm working on CISSP now. Also working on my Master's in Cyber. I know eventually I'll need to get some management under my belt, just dont want to move away from technical work either. The managers at my workplace that used to be technical jump at every chance they can to work on a technical problem that they should be delegating. I think for some, the management path has lead to a highly paid "email manager/meeting advisor". I guess this is the path though. Anyway, for CISO aside from an MBA and CISSP, what other certs are worthwhile. Does EC-Council's "CISO" cert hold any weight?

People management skills is what you need not more certs..if you look at lots of ciso profiles on linkedin very few have certs. With your years of experience, education and CISSP coupled with people skills is more than enough to become a ciso. good luck.

636-555-3226

dragonsden wrote: »

Does EC-Council's "CISO" cert hold any weight?

EC-Council holds no weight for me..... EC-Council is really just known for CEH, and that mostly impressed people who don't know a lot about infosec. I guess the C|CISO thing might look good on a resume, and it's not like there are a lot of "CISO" positions out there, so it's not like it's going to hurt you much. If you're looking to learn more about the subject matter itself to be better at the job, there are better opportunities out there (such as anything ISACA-related which covers the same domains but without "CISO" in the cert title).

g33k3r

dragonsden wrote: »

For someone with a heavy technical background (20 years), but almost no management experience, what certs would be good to get toward priming myself for CISO positions? I'm working on CISSP now. Also working on my Master's in Cyber. I know eventually I'll need to get some management under my belt, just dont want to move away from technical work either. The managers at my workplace that used to be technical jump at every chance they can to work on a technical problem that they should be delegating. I think for some, the management path has lead to a highly paid "email manager/meeting advisor". I guess this is the path though. Anyway, for CISO aside from an MBA and CISSP, what other certs are worthwhile. Does EC-Council's "CISO" cert hold any weight?

I am not a CISO or do I have any manager experience, but I've worked for VPs, Directors & Managers. I've worked with managers who will not let go of technology and it can be very disruptive. IMO, a good manager manages (align with the business, advocate for their staff, assist staff in professional development, coordinate resources, etc...). I am sure there are course on general management and leadership, but I believe some people have a natural ability to working with people and some really struggle at it.

My 2 cents.

IronmanX

docrice wrote: »

If I'm interviewing candidates for a technical role, I'd be much more biased towards GIAC and OffSec certs. The CISSP, CISA, CEH, and Sec+ would mean little to me unless it was an introductory junior role. That said, those certifications certainly don't hurt and shows a degree of ambition and effort.

More important than certs is mindset and willingness to explore far beyond the textbook. At the end of the day, certs are nice and in many places allows for positive keyword matching with HR resume search systems, but practically I'm less concerned with certs than I am about aptitude.

SANS probably has the best training out there but is very pricey.
If your hiring some one with a SANS cert they have most likely had that training paid for by a company.
Your going to have to pay a premium to steal that employee away.

I've heard before about the shortage of employees for certain jobs. In my experience it seems like they are looking for some one with experience already doing the job. Of course the problem with that is that person is either working for you already or your competitors.

IronmanX

g33k3r wrote: »

I am not a CISO or do I have any manager experience, but I've worked for VPs, Directors & Managers. I've worked with managers who will not let go of technology and it can be very disruptive. IMO, a good manager manages (align with the business, advocate for their staff, assist staff in professional development, coordinate resources, etc...). I am sure there are course on general management and leadership, but I believe some people have a natural ability to working with people and some really struggle at it.

My 2 cents.

There really needs to be a shift away from limiting pay of non management staff to less then their manager.
We don't see this in sports but we see it in the business world.

This is basically the Peter Principal. Every one wants to move up the ladder for more money. Every one moves up until they are incompetent in their current role and can not progress any further.

The way around this? become a consultant........