Tuesday, 5 January 2021

The Top Cybersecurity Certifications in 2021

What are the Most Valued Cybersecurity Certifications in 2021?
This is an important question for employers, recruiters, seasoned security professionals, and especially for those planning a cybersecurity career. The Information Security Careers Network (ISCN) recently surveyed its LinkedIn community of over 90,000 members about the 50 leading cybersecurity industry certifications and courses. The results of which have been compiled into the following definitive top ten list of the most desired cybersecurity certifications in 2021.

CyberSecurity Certificates in High Demand by Employers
The Top Ten CyberSecurity Certificates and Courses


10. SANS Penetration Testing Courses
The selection of penetration testing courses and certifications offered by the SANS Institute are well regarded for helping both beginners and experts alike to increase technical cybersecurity expertise and paygrades. The SANS/GIAC Penetration Tester (GPEN)
9. Cybersecurity or Information Security University Degree
A cybersecurity or information security university degree is recommended for those looking to 'jumpstart' into a cybersecurity career, and for those seeking senior management and leadership roles as a career goal. However, most cybersecurity professionals surveyed by ISCN did not rate a degree as valuable to building up a ‘real world’ experience within dedicated junior security roles.

First or second class cybersecurity themed degrees with work experience (i.e. a sandwich course) from a reputable university can help a candidate's CV stand out from the crowd, but don't expect to walk straight into senior security professional roles without building up years of in-role experience.

The Times Higher Educational guide provides a list of the top universities offering computer science degrees.

8. Certified Cloud Security Professional (CCSP) by ISC2
Despite dropping a couple places from last year's ISCN survey, the Certified Cloud Security Professional (CSSP) from ISC2 remains popular among survey respondents, with 15% of them stating their intention to complete the course within the next 12-24 months.  

The popularity of CSSP has grown due to the migration from on-premise IT to cloud computing systems in recent years, with organisations short of expert security resources to help secure the cloud services which they are now highly dependent upon. 

CSSP is suitable for mid to advanced-level professionals involved with information security, IT architecture, governance, web and cloud security engineering, risk and compliance, as well as IT auditing. CCSP credential holders are competent in the following six domains:
  • Architectural Concepts and Design Requirements
  • Cloud Data Security
  • Cloud Platform and Infrastructure Security
  • Cloud Application Security
  • Operations
  • Legal and Compliance
Aside from the passing the CCSP exam, to achieve the certification, ISC2 requires information security professionals have a minimum of 5 years of work experience, including a minimum of 1 year of cloud security experience and 3 years of information security experience

7. CompTIA Security+
CompTIA Security+ is considered one of the best introductory security qualifications, suited for those taking their first steps in building a cybersecurity career.  As a globally recognised security certification, holding the CompTIA Security+ certification demonstrates knowledge of the baseline skills necessary to perform core security roles and functions. 

CompTIA Security+ provides a good platform to build an IT security career, useful for gaining junior security roles to help buildup all-important in-role experience and serves as a good foundation in taking on the more advanced topics found on the elite security certifications. 26% of survey respondents praised CompTIA Security+ relevance to real-world scenarios.

6. Certified Chief Information Security Officer (CCISO) by EC-Council
Increasing in popularity in recent years is the Certified Chief Information Security Officer (CCISO) by the EC-Council, which is suitable for those seeking to be promoted into senior managerial, leadership, and executive-level positions. 
33% of cybersecurity professionals stated that this course is one of the best for equipping participants to succeed in managerial positions. 

CCISO is considered the industry-leading CISO role training course. To achieve this certification, five years of experience is required in each of the course's five domains, along with passing the CCISO exam.
  1. Governance and Risk Management
  2. Information Security Controls, Compliance, and Audit Management
  3. Security Program Management and Operations
  4. Information Security Core Competencies
  5. Strategic Planning, Finance, Procurement, Vendor Management
5. Cisco Certified Network Professional (CCNP) Security
The Cisco Certified Network Professional certification (CCNP) Security remains a network security certification desired by employers, with 23% of surveyed respondents citing CCNP Security as a certification in demand. As a professional technical certification, Cisco's CCNP requires the passing of a core exam and a 'concentration exam' of your choice.

4. Certified Ethical Hacker (CEH) by EC-Council
EC-Council’s Certified Ethical Hacker (CEH) qualification consistently ranks near the top of security accreditations which are in highest demand within the security industry. The CEH course teaches practically on how to use the latest commercial-grade hacking tools, techniques, and methodologies to ethically and lawfully hack organisations.

The CEH online training course covers 18 security domains, comprehensively covering over 270 attack methods and technologies, while the certification requires passing a four-hour 125 exams questions the course domains, technologies, and hacking techniques.  Achieving CEH certification will open the door to financially lucrative and in high demand penetration tester roles, so little surprise that 21% of respondents stated their intent take CEH course within the next 12-24 months.

The EC-Council also provides following well-valued courses and certifications which didn't quite make it into this top ten.
3. Certified Information Security Manager (CISM) by ISACA
As its title suggests, the Certified Information Security Manager (CISM) by ISACA is suited for security management roles and is one of the most respected certifications within the security industry.  The CISM is not suited for beginners, a minimum of five years dedicated in role cybersecurity \ information security experience is required to take the course. 

The CISM course is designed for security managers, so has a strong focus on governance, strategy, and policies, which are split across four subject matter domains:
  1. Information Security Governance (24%)
  2. Information Risk Management (30%)
  3. Information Security Program Development and Management (27%)
  4. Information Security Incident Management (19%)
According to a 2020 salary study by Forbes, CISM was 3rd place overall with an impressive annual salary of £110,000 ($148,622 USD), which was the highest dedicated security certification listed by the study.

2. PWK OSCP by Offensive Security

As an online ethical hacking course, it is self-paced and introduces penetration testing tools and techniques through hands-on experiences. PEN-200 trains not only the skills but also the mindset required to be a successful penetration tester. Students who complete the course and pass the exam earn the Offensive Security Certified Professional (OSCP) certification.

The course was ranked highly in the survey results.  Cybersecurity professionals said the course provided strong relevance to the ‘real world’, ranking the OSCP qualification in second place in terms of how much it was ‘in-demand’ by employers.

1. Certified Information Security Professional (CISSP) by ISC2
The ISC2 Certified Information Systems Security Professional (CISSP) remains the security certification in the greatest demand within the security industry. A whopping 72% of those surveyed said the CISSP certification was in the most in-demand by employers.

CISSP is a longstanding and globally well-respected information security professional certification. Like the CISM, the CISSP is not aimed at beginners. The certification requires 5 years of information security in role experience, or 4 years if you hold a cyber / information security-related degree. 

The CISSP three-hour exam of 100 to 150 questions has proven notoriously difficult to pass for some because the CISSP course covers a very broad spectrum of information security disciplines, which are split across eight domains.  

The CISSP 8 domains are:
  1. Security and Risk Management (15%)
  2. Asset Security (10%)
  3. Security Architecture and Engineering (13%)
  4. Communication and Network Security (13%)
  5. Identity and Access Management (IAM) (13%)
  6. Security Assessment and Testing (12%)
  7. Security Operations (13%)
  8. Software Development Security (11%)
ISC2 also offer several CISSP 'concentrations' courses and exams for those holding the CISSP accreditation, which demonstrates an advanced knowledge in specific areas of security. While CISSP concentrations tend not to be specifically sorted by employers in job ads, CISSP concentrations can help you to stand out from the crowd as a specific security subject matter expert.

For those nearer the start of their cybersecurity career journey, ISC2 offer the Associate of ISC2, as a gateway towards achieving the CISSP.

Let us know your top ten in the comments.

Survey data for this post is kindly provided by the Information Security Careers Network (ISCN).