IT certifications can add a lot of value for technology pros. That’s especially true for these security certifications, writes Anjali Simplilearn in this guest post.
“The more IT certifications you have, the more marketable you are,” said Jerry Irvine, CIO of IT consulting firm Prescient Solutions and a member of the National Cyber Security Task Force, in a testimony for a feature written by Lauren Gibson Paul for CSO Online. Irvine holds at least 20 certifications of his own.
IT Security certifications make you put your heart where your mouth is. You get hired presumably because you now have a professional justification for your expertise.
And many of the top IT certifications employers are looking for are related to IT security.
IT networks are now more vulnerable than ever. According to a PWC Global State of Information Security Survey 2013, about 45% of the respondents believe that total spending on IT security will increase in the next 12 months.
When asked about how confident these businesses were when it comes to instilling effective information security behaviors into organizational culture, 38.7% were only “somewhat confident,” 14.7% were “not confident” and about 6.21% were “not at all confident.”
As for security incidents, at least 31.94% of the companies reported 1-9 security related incidents detected in the last 12 months. About 13.13% of the companies reported 50 or more such incidents.
Clearly, organizations need help. IT security management certified professionals resemble hope for organizations. These are change agents that could save companies billions of dollars and protect their reputations.
According to a Foote Partners report, the perceived value of IT security management certifications has been on the rise much more during the recession compared to the value of any other type of certification.
Here are the IT Security Management certifications in the highest demand now:
Businesses depend on IT applications to operate. As such, applications also happen to be one of the most vulnerable elements of IT security management. Those in charge of security need to think on offensive, rather than the defensive.
Hence, certifications such as CSSLP by ISC2, and GSSP-Java and GSSP-NET by GIAC train developers and IT security professionals to think like attackers. Guarding session cookies, validating incoming data, and understanding the psyche and approaches of a hacker are all a part of the learning process.
A similar certification that is also popular is Certified Ehtical Hacking Training.
Part of IT security management is to look for trouble before trouble comes looking to attack. That’s one of the reasons why certifications such as Certified Information Systems Auditor are on the rise in terms of popularity.
Gaining a certification like that isn’t easy, though: Candidates go through a test, adhere to the Information Systems Audit along with the Control Association’s Code of Professional ethics, and work for at least five years on professional IS auditing, control and security. Candidates also have to enroll themselves for continuing professional education.
Decision making and management
Problem solving has everything to do with management. Businesses today need managers to foresee problems, develop a defensive wall with the right IT strategy, and much more.
Port that to IT and then the rule continues to apply. Certifications such as the Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) have grown in demand recently.
As far as project management goes, other certifications have risen in prominence, such as the PMP Training and Certification offered by the Project Management Institute.
New roles are emerging in IT security for physical security, loss prevention, fraud investigation, security incident handling, theft risk management, security incident investigation and even forensic analysis, along with the rising need for privacy management.
A few certifications pertaining to these jobs are:
- Certified Protection Professional (CPP) & Physical Security Professional (PSP) by ASIS International
- Loss Prevention Qualified (LPQ) and Loss Prevention Certified (LPC) by Loss Prevention Foundation
For fraud investigation and forensics, popular certifications are:
- Certified Fraud Examiner (CFE) issued by the Association of Certified Fraud Examiners
- Certified Computer Security Incident Handler (CERT) by the Software Engineering Institute (SEI)
- Certified Identity Theft Risk Management Specialist (CITRMS) by the Institute of Consumer Financial Education
- Professional Certified Investigator (PCI) by ASIS International
- Cyber Security Forensic Analyst (CFSA)
- Computer Hacking Forensic Investigator Certification (CHFI), and
- Certified Information Privacy Professional (CIPP).
Penetration testing and wireless security
All over the world, WiFi hotspots are on the rise. So is the vulnerability in WiFi security.
Wireless security is an area within IT management that rises to prominence — business have their own WiFi networks, and employees depending more and more on other networks to do work outside of the office. The need for secure wireless access hasn’t gone unnoticed and hence certifications such as The Certified Wireless Security Professional (CWSP) exist.
Penetration testing, business continuity, cloud computing, and many other areas of IT security management also have certification programs such as Certificate of Cloud Security Knowledge (CCSK), Systems Security Certification Practitioner (SSCP), Certified Penetration Tester (CPT), and Certified Expert Penetration Tester (CEPT).
But, do these certifications by themselves have value? According to Foote Partners, a few of these certifications have increased in value by at least 10%.
For hopeful IT security professionals, it’s the certification along with the thirst to learn more that holds the key to success in their chosen field. As Jerry Irvine says, the key today is not to spice up your resume with a ton of certifications — it’s also important to put knowledge into practice.
Learn it, do it, and prove it.
How are you going to expand your skillset? Did you choose your IT specialization yet? Please share your stories with us.
About the author: Anjali Shenoy is a professional writer and blogger. She wants to share a little about CISSP Training and Certification to manage your IT Security in a smart way.