I'm in college studying IT, and I'd like to pursue a career in security. Which are the best cybersecurity certifications...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Cybersecurity is a laudable and exciting profession. As the number of cybersecurity incidents continues to escalate, the demand for skilled cybersecurity professionals will only increase over the years.
The State of Cybersecurity Survey: Implications for 2016 conducted by ISACA in January 2016 reported that nearly 65% of the 461 cybersecurity managers and practitioners stated all entry-level cybersecurity applicants lacked the requisite skills to perform the tasks related to the jobs they were seeking. It further reports that 86% of those polled use on-the-job training as the means to develop needed technical skills. Only 16% would engage 2-year technical/trade schools and 4-year college/university applicants. It also stated that 38% of hiring is based on skills-based training and cybersecurity certifications.
Cybersecurity certifications for beginners: Are they worth it?
A separate 2016 Cybersecurity Survey polling of nearly 3,000 IT and cybersecurity professionals reported that when hiring new graduates for entry-level cybersecurity positions, 63% of hiring managers stated that "it is difficult to identify who has an adequate level of skills and knowledge." It further reports that 81% are more likely to hire a cybersecurity applicant who holds a performance-based certification. These would include cybersecurity certifications that require demonstrable hands-on cyber skills as opposed to skills-based certifications.
For example, skills-based cybersecurity certifications include Certified Information Systems Auditor, CISSP, Certified Information Security Manager, Certified in Risk and Information Systems Control, Certified Secure Computer User, EC-Council Certified Security Specialist, Security+ and the GIAC cybersecurity essentials certification. Performance-based certifications include the Certified Ethical Hacker, Offensive Security Certified Professional, Offensive Security Web Expert, GIAC Web Application Defender, GIAC Certified Forensic Analyst, and CSX Practitioner. This is not a complete list, but it does include the mostly widely achieved cybersecurity certifications for beginners.
Millennials are our future and the opportunities in cybersecurity abound. The cybersecurity and CIS degrees are a plus and prove the applicant has a good foundation and aptitude for information security. However, the best advice is to start with skills-based cybersecurity certifications, most of which require three to five years of experience. However, if an entry-level candidate has taken the exam and successfully passed it, it sends the employer a clear signal of the candidate's serious intention to grow into the position. You can attempt to take a performance-based certification examination but most entry-level candidates may find it more of a challenge.
But don't stop there. Get involved in professional organizations such as ISACA, ISSA and OWASP. Volunteer in local chapter events, such as conferences, seminars, chapter meetings and research projects. Network with member professionals and make an impression. Let them see your interest in cybersecurity and your passion to learn. Participate in collegiate cyberdefense competitions and above all, read, study and find your niche that you want to develop expertise in. When an opportunity arises, you will undoubtedly come to mind. We all look forward to you joining us fight the fight.
Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)
Take a look at this in-depth introduction to cybersecurity certifications
Find out if security certifications are a key requirement for new hires
Learn five reasons why you should invest in ISO 27001 and other security certs
Dig Deeper on Security Industry Certifications
Related Q&A from Mike O. Villegas
A security portfolio shouldn't be used as an alternative to a reporting structure, but it can still be beneficial to enterprises. Expert Mike O. ...continue reading
A virtual CISO is a good option for smaller organizations that want stronger security leadership, but don't have the budget. Expert Mike O. Villegas ...continue reading
Security vendor hype is a problem CISOs often have to deal with. Expert Mike O. Villegas discusses some ways to cut through the hype and make smart ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.