The Top Certifications in Information Security: How They Benefit Your Career
When it comes to IT and information security certifications, there are many options to choose from. But which one is the right fit for you? In this blog post, we will take a look at some of the most popular IT security certifications and discuss the benefits that they offer career-wise. Whether you are just starting in your IT career or you are looking to move up to the next level, these certifications can help you get there!
Certifications or Degree?
When it comes to IT certifications, there are pros and cons. On the one hand, certification programs are often shorter and less expensive than degree programs. They can also be more specific to the IT field, which can be beneficial if you already have a degree in another area. On the other hand, degrees tend to be more comprehensive and may offer more job opportunities down the road. Ultimately, the decision of whether to pursue a certification or a degree depends on your career goals and schedule.
How many certifications are too many certifications?
Another polemic topic to get out of the way before jumping into the actual recommendations. The IT field is notorious for its alphabet soup of certifications. But how many is too many? The answer, as always, depends on your goals and what you hope to achieve with your IT career. If you are just starting, it may be best to focus on one or two certifications that will help you get your foot in the door. Once you have established yourself in the field, you can then start thinking about pursuing additional certifications.
There is no magic number of IT certifications that you should have. However, it is important to make sure that the certifications you do have are relevant to your career goals. IT is a rapidly changing field, so it is also important to keep your certifications up-to-date. In general, having too many IT certifications may not be looked upon favorably by potential employers as it can suggest that you are unfocused or unable to commit to one area.
Also, there are two different ‘ways’ to earn a new certification, actually learning and then testing yourself against an exam (that usually does not translate 100% of a real-world scenario), or just memorising and passing the exam proving you can memorise a lot of stuff. Can’t count how many people I interviewed that held 15+ certifications but were clueless about the actual job and are just good at memorising and passing exams being almost like a game instead of knowledge.
If you are going for certifications with the right intention there are great benefits.
Benefits of Certification:
- Gives credibility and boosts confidence
- Enhances career opportunities
- Helps keep knowledge up-to-date
- Provides a sense of accomplishment
The certification path
Now with all the polemics out of the way let’s get to it.
It depends on what you are interested in, or roles you think you want to shoot for. Common certification ‘stack’ recommended is A+, Net+, and Sec+ for someone completely new. This is a great recommendation for getting started in IT and who want to build towards many common cybersecurity careers.
This is a complex answer because different regions have different regulations and standards which may require or prefer different certifications, for example, CompTIA Security+ is a valid cert but not well known in Australia so holding it won’t make much of a difference in your resume. The list of certifications below is mostly generic and widely accepted but do your research in your region before deciding to pursue a specific cert.
CompTIA
CompTIA has very good entry-level certs and some intermediaries that can be valuable to someone transitioning from another IT area or even completely outside of the technology industry. Certifications from CompTIA are vendor-neutral so the core concepts apply everywhere regardless of vendor or technology used.
A+: Entry level for someone without any knowledge or experience in IT in general, this certification is focused on basic hardware and software notions, troubleshooting basic issues in operating systems, and other support tasks. There is no mandatory order for CompTIA certs, all certifications can be taken independently but there is a path to grow from cert to cert.
Network+: Probably the next logical step after A+, this certification is focused in understand the basic concepts of computer networks, designing and troubleshoot those networks, and understanding all the technologies involved in that.
Security+: The first actual security-focused certification. This one will present most fields of Cyber Security and Information Security, main concepts and technologies, and give a good knowledge base for entry-level positions in cyber security.
CySa+: The certification following Sec+ on the hands-on cybersecurity side. Intended for people looking to advance on this more hands-on technical side like incident responders, threat detection, etc.
CASP+: The highest level of CompTIA certifications in security. Expanding the previous ones to architecture concepts, techniques, and requirements and other concepts related with more Infosec than technical hands-on.
CompTIA does have other certifications like Pentest+, Linux+, Cloud+, and others, however, other providers have better equivalent certifications.
ISC2
ISC2 is one of the main certification organisations holding the CyberSecurity holy grail called CISSP. Their certifications tend to be more on the administrative level than technical hands-on but for that specific end, those are highly regarded.
SSCP: The entry-level certification, is a bit hands-on but focused on the main cybersecurity concepts, something similar to Security+.
CCSP: Considered by some a subset of CISSP focused on cloud security. Basic concepts of cloud and cybersecurity-focused on the more administrative side but touched on some vendor-agnostic technical controls.
CISSP: Probably the mainly adopted and desired certification of the entire industry. CISSP is designed for management-level but desired (and sometimes wrongly requested) in all levels of cybersecurity careers.
CSA
The Cloud Security Alliance (CSA) has a very good certification focused on cloud security called CCSK similar to CCSP. This certification is an open book certification which means will be an easy test since you can consult your answers on the book.
Offensive Security
OffSec is highly regarded for certifications because memorising definitions without knowing the practice will not help. Those certifications are not simple multiple-choice exams, most of them involve some sort of practice exam to test the candidates to the limit.
OSCP: One of the best certifications for penetration testers in the field and one of the most challenging certifications to get. Extremely hands-on covering all bases for pentest. Following the same logic, OffSec has other more specific certifications focused on pentest or specialization.
OSCE: Same style of OSCP but focused on exploring flaws and writing exploits for web applications
OSEE: More focused on the exploitation side of things, writing modules for exploit frameworks, identifying flaws and creating exploit PoCs for them, and all sorts of heavy coding for security.
EC-Council
In the past they provided ok certifications for entry-level, but nowadays most certs (except CHFI for forensics which still seems to be good) and the parent company as a whole have a very bad reputation for having unethical behavior despite calling their certification Ethical Hacking. The main certification called CEH teaches the candidates only how to run a bunch of scripts and tools without much knowledge of the overall security concepts and even the legality of their actions.
For a very extensive list of certifications in the security field, have a look at this page.
Infosec certifications are great to get your foot in the door or move up in your career. Certs also help in the HR filtering where you stand out from the crowd.
There are a lot of IT and security certifications available, and it can be difficult to decide which one is right for you. However, by considering your career goals and level of experience, you can narrow down your options and choose a certification that will benefit your career.
In general, security certifications will help you learn new technologies and advance in your career while giving you the skills you need to protect organizations from cyber threats. Whichever route you decide to take, make sure you do your research so that you can choose the best certification for your needs.
However, they should not be the only focus as experience and learning by doing is still an important aspect of this field. Pick a few that fit your goals and study hard!
