The Information Security Certification You Need in 2018
We’re in the middle of a cybersecurity job boom, and with good reason: Data and its newfound value have created a corresponding class of thieves, as any premium asset would. According to Javelin Strategy & Research, $16 billion was stolen from more than 15 million Americans in 2016 as a result of data breaches, identity theft, and other digital incursions. As a result, the demand for infosec workers—and the professional certifications available to them—has soared.
But which certification should a Senior leader who wants an infosec strategy that is designed to protect their business critical assets look for in a candidate? I believe there’s a clear winner, but first let’s take a look at a few of the most common:
Certified Information Systems Security Professional (CISSP)
Who issues it: International Information Systems Security Certification Consortium (ISC)2 What you need first: Five years of professional experience in the information security field. What the test is like: 250 questions covering corporate security management practices, access control, networks, and security architecture Who it’s for: Chief information security officers (CISOs), security analysts, systems engineers Demand: High Annual pay: $121,729
GIAC Security Essentials Certification (GSEC)
Who issues it: Global Information Assurance Certification (GIAC) What you need first: No formal prerequisites What the test is like: 180 questions covering hands-on cybersecurity practices Who it’s for: Entry-level information security practitioners Demand: Steady Annual pay: $75,000
Certified in Risk and Information Systems Control (CRISC)
Who issues it: ISACA What you need first: Three years of related experience What the test is like: Exam covering risk assessment, monitoring, and response Who it’s for: Chief information security, compliance, and risk officers Demand: The highest paying IT certification in 2017 according to Global Knowledge. Annual pay: $131,298
Certified Ethical Hacker (CEH)
Who issues it: International Council of Electronic Commerce Consultants (EC-Council) What you need first: Two years of related experience What the test is like: 125 questions covering systems security and vulnerabilities Who it’s for: Security consultants and penetration testers Demand: Ranked by CIOs as one of the top two technology certifications Annual pay: $71,331 (average)
EC-Council Certified Security Analyst (ECSA)
Who issues it: International Council of Electronic Commerce Consultants (EC-Council) What you need first: Two years of information security experience What the test is like: Two stages including performing penetration testing exercises with report and taking a 150 question exam Who it’s for: Network administrators, risk professionals, security consultants, penetration testers Demand: Considered the best certification for penetration testing skills Annual pay: $99,000
And the winner is …
Certified Information Security Manager (CISM)
Who issues it: Information Systems Audit and Control Association (ISACA) What you need first: Five years of information security experience What the test is like: 200 questions covering the management of information security programs and incident-response protocols Who it’s for: Information security managers and consultants Demand: Growing fast Annual pay: $128,156
Cybersecurity professionals are no longer relegated to the corporate IT department. As data has become mission-critical to more and more organizations, the need for executive-level managers with security expertise has grown. This is where the CISM certification shines. After verifying five years of direct information-security experience, an individual seeking CISM designation has to sit for what is perhaps cybersecurity’s most grueling exam: A four hour test that is virtually un-passable without both managerial expertise and extensive, hands-on incident-response experience.
Gaining the CISM includes acceptance to ISACA and its deep infosec resources. ISACA keeps CISM-certified professionals updated on the latest in information-security news and tools, provides them with access to a network of global security experts, and its seal of approval provides regulators with confidence in your organization’s cyber threat management capabilities.
Many CISM-certified professionals enter the lucrative world of management consulting, helping data-dependent companies solve and avoid digital catastrophes, but their numbers in corporate c-suites and boardrooms are on the rise. If you’re a chief executive looking to strengthen your cyber-defenses throughout every level of your organization, make sure your hire has a CISM on her resume.