COPPER SQUARED

What We Think

The Information Security Certification You Need in 2018

Licensed under Creative Commons by Flickr user JD Lasica

Licensed under Creative Commons by Flickr user JD Lasica

We’re in the middle of a cybersecurity job boom, and with good reason: Data and its newfound value have created a corresponding class of thieves, as any premium asset would. According to Javelin Strategy & Research, $16 billion was stolen from more than 15 million Americans in 2016 as a result of data breaches, identity theft, and other digital incursions. As a result, the demand for infosec workers—and the professional certifications available to them—has soared.

But which certification should a Senior leader who wants an infosec strategy that is designed to protect their business critical assets look for in a candidate? I believe there’s a clear winner, but first let’s take a look at a few of the most common:

Certified Information Systems Security Professional (CISSP)

Who issues it: International Information Systems Security Certification Consortium (ISC)2 What you need first: Five years of professional experience in the information security field. What the test is like: 250 questions covering corporate security management practices, access control, networks, and security architecture Who it’s for: Chief information security officers (CISOs), security analysts, systems engineers Demand: High Annual pay: $121,729

GIAC Security Essentials Certification (GSEC)

Who issues it: Global Information Assurance Certification (GIAC) What you need first: No formal prerequisites What the test is like: 180 questions covering hands-on cybersecurity practices Who it’s for: Entry-level information security practitioners Demand: Steady Annual pay: $75,000

Certified in Risk and Information Systems Control (CRISC)

Who issues it: ISACA What you need first: Three years of related experience What the test is like: Exam covering risk assessment, monitoring, and response Who it’s for: Chief information security, compliance, and risk officers Demand: The highest paying IT certification in 2017 according to Global KnowledgeAnnual pay: $131,298

Certified Ethical Hacker (CEH)

Who issues it: International Council of Electronic Commerce Consultants (EC-Council) What you need first: Two years of related experience What the test is like: 125 questions covering systems security and vulnerabilities Who it’s for: Security consultants and penetration testers Demand: Ranked by CIOs as one of the top two technology certifications Annual pay: $71,331 (average)

EC-Council Certified Security Analyst (ECSA)

Who issues it: International Council of Electronic Commerce Consultants (EC-Council) What you need first: Two years of information security experience What the test is like: Two stages including performing penetration testing exercises with report and taking a 150 question exam Who it’s for: Network administrators, risk professionals, security consultants, penetration testers Demand: Considered the best certification for penetration testing skills Annual pay: $99,000

And the winner is …

Certified Information Security Manager (CISM)

Who issues it: Information Systems Audit and Control Association (ISACA) What you need first: Five years of information security experience What the test is like: 200 questions covering the management of information security programs and incident-response protocols Who it’s for: Information security managers and consultants Demand: Growing fast Annual pay: $128,156

Cybersecurity professionals are no longer relegated to the corporate IT department. As data has become mission-critical to more and more organizations, the need for executive-level managers with security expertise has grown. This is where the CISM certification shines. After verifying five years of direct information-security experience, an individual seeking CISM designation has to sit for what is perhaps cybersecurity’s most grueling exam: A four hour test that is virtually un-passable without both managerial expertise and extensive, hands-on incident-response experience.

Gaining the CISM includes acceptance to ISACA and its deep infosec resources. ISACA keeps CISM-certified professionals updated on the latest in information-security news and tools, provides them with access to a network of global security experts, and its seal of approval provides regulators with confidence in your organization’s cyber threat management capabilities.

Many CISM-certified professionals enter the lucrative world of management consulting, helping data-dependent companies solve and avoid digital catastrophes, but their numbers in corporate c-suites and boardrooms are on the rise. If you’re a chief executive looking to strengthen your cyber-defenses throughout every level of your organization, make sure your hire has a CISM on her resume.

Copper Squared on Twitter

Lonzo JacksonComment