- CEH (Certified Ethical Hacker)
- OSCP (Offensive Security Certified Professional)
- CISA (Certified Information Security Auditor)
- GCIH (GIAC Certified Incident Handler)
Security Certifications: Are They Worth Earning?
With an estimated 3 million un-filled cyber security jobs around the world, and more expected to open as enterprises invest more in increasing their defenses, security professionals looking for work or a promotion have their pick. However, this open market begs some questions: Who has an edge when it comes to getting those jobs? Will a certain cyber security certification help when it comes to edging out the competition? The (perhaps unsurprising) answer: It depends. The International Information System Security Certification Consortium, (ISC)², notes that these types of accreditations are a key to getting a better cyber security job within an enterprise, or breaking into the field in the first place. In a recent report based on responses from over 1,400 participants, (ISC)² noted that nearly 50 percent of respondents reported that relevant cyber security experience was the most important factor in hiring. A little further down the list, another 37 percent of respondents noted that a degree and certifications are a major factor when hiring. (It should be noted that (ISC)², a non-profit, offers a number of certifications for its membership, including Certified Information Systems Security Professional (CISSP), Information Systems Security Architecture Professional (CISSP-ISSAP), Information Systems Security Engineering Professional (CISSP-ISSEP), Information Systems Security Management Professional (CISSP-ISSMP) and others.) The importance of certifications remain in the eye of the beholder. "Cyber security certifications are essential to showing the level of knowledge of a cyber security professional. However, they should never alone be the only reference," Joseph Carson, the chief security scientist at security vendor Thycotic, told Dice in an email. "There are many cyber security certifications available, but it really comes down to what skillset or direction the individual wants to go," Carson added. "Certifications range from penetration testers, government/industry regulatory compliance, ethical hacking to industry knowledge. Some certifications are entry-level and others require several years of experiences with peer references before getting certified." Carson noted that the CISSP certification holds a good deal of respect among professionals. He also noted several other accreditations, including: