While not having an IT security certification doesn’t disqualify you from getting a job offer or promotion, but prospective employers looking for industry-leading credentials look at it as one measure of qualifications and commitment to quality. As the market for information security talent heats up and the skills shortage continues, infosec experts who have the right combination of credentials and experience are in remarkably high demand.
“A certification today is like a college degree,” says Grady Summers, America’s leader for information security program management services at Ernst & Young. “You may not hire a candidate just because they have one, but it is something that you come to expect in this field.”
“There is no replacement for real-world experience,” Summers says. “However, certifications are important and have become de facto minimum criteria when screening resumes.”
Here is a list of top five security certifications, which are based on review of job boards and interviews with IT security recruiters and employers:
Certified Ethical Hacker (CEH)
Certified Ethical Hacker (CEH) is gaining popularity as organizations concentrate on securing their IT infrastructure and networks from internal and external attacks. Some employers aggressively look to hire candidates with CEH validation for hands-on security operations and intelligence activities.
CEH is a comprehensive Ethical Hacking and Information Systems Security Auditing program offered by EC-Council, suitable for candidates who want to acquaint themselves with the latest security threats, advanced attack vectors, and practical real time demonstrations of the latest hacking techniques, tools, tricks, methodologies, and security measures.
The goal of the CEH is to certify security practitioners in the methodology of ethical hacking. This vendor-neutral certification covers the standards and language involved in exploiting system vulnerabilities, weaknesses and countermeasures. Basically, CEH shows candidates how the attacks are committed. It also makes efforts to define the legal role of ethical hacking in enterprise organizations.
Global Information Assurance Certification (GIAC)
Global Information Assurance Certification (GIAC) is the leading provider and developer of Cyber Security Certifications, globally recognized by government, military and industry leaders. As a result, its demand is rising in specific disciplines such as security operations, digital forensics, incident handling, intrusion detection, and application software security.
This certification is designed for candidates who want to demonstrate skills in IT systems roles with respect to security tasks. Ideal candidates for this certification possess an understanding of information security beyond simple terminology and concepts.
“GIAC’s focus on open source tools and its aggressive in-depth training is very useful,” says Daryl Pfeil, CEO of Digital Forensics Solutions, a computer security and digital forensics firm. She finds GIAC certified candidates highly skilled and talented to handle the dynamic demands of the real-world job environment.
Similarly, employers and recruiters are gradually finding the GIAC credential as a requirement for hands-on technical positions.
Certified Information Security Manager (CISM)
Certified Information Security Manager (CISM) is significantly in demand as the profession concentrates on the business side of security. Offered by Information Systems Audit and Control Association (ISACA), CISM addresses the connection between business needs and IT security by concentrating on security organizational issues and risk management.
This certification is for candidates who have an inclination towards organizational security and want to demonstrate the ability to create a relationship between an information security program and broader business goals and objectives. Basically, CISM is perfect for IT security professionals looking to grow and build their career into mid-level and senior management positions. This certification ensures knowledge of information security, as well as development and management of an information security program.
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Security Professional (CISSP) is an independent information security certification governed by the International Information System Security Certification Consortium, also known as (ISC)², the not-for-profit consortium that offers IT security certifications and training.
CISSP is viewed as the baseline standard for information security professions in government and industry. Companies have started to require CISSP certification for their technical, mid-management and senior management IT security positions. This certification is designed for candidates who are interested in the field of information security. The ideal candidates are those who are information assurance professionals and know how to define the design, information system architecture, management and control that can guarantee the security of business environments.
The CISSP is widely popular within the IT security community, as it provides the basis of security knowledge. “We feel safe hiring candidates carrying this validation,” says Ellis Belvins, division director at Robert Half International, a professional staffing consultancy. The certification validates the security professionals’ high proficiency, principles and methodologies, commitment and deeper understanding of security concepts.
The increasing need for hands-on network engineers, along with social computing and web technology, has pushed network security even further. Vendor certifications including Microsoft’s Certified Systems Engineer (MCSE) with focus on security, Cisco’s Certified Network Associate Certification (CCNA), and Check Point’s Certified Security Expert (CCSE) top the list as organizations within government, banking and healthcare that look to fill open positions including system administrators, network and architects.
“We look for completion of these certificates in potential network security candidates,” Summers says, “as having those on their resume says a lot about someone’s depth of knowledge.”