Blog
Cyber Security Job Roles and Certifications in 2021
- March 17, 2021
- Posted by: Muhammad Afaq Khan, CCIE #9070
- Category: Cybersecurity

So, you’ve decided to pursue a cybersecurity certification and it is a big step for your professional career. But, before you start your hunt for the best or the highest paying cybersecurity certification, you need to do your homework. Why? Because every certification requires a commitment of time and money from you, so it behooves you to understand the value of certification and how exactly it would help you to advance your career before you jump in with both feet.
Global Knowledge IT Report 2020
Now, here are some interesting facts from a recent report published by Global Knowledge. The link to this report is in the video description, just in case. So, here are the key findings. Number one. 87% percent of IT professionals have at least one certification, while nearly 40% are already pursuing their next certification. Number two. Learning a new skill or earning a certification can result in a raise upwards of $12,000 a year. So, even if you are earning $200,000 a year today, pursuing certification can still bring a 6% bump to your paycheck. Number three and more importantly, cybersecurity and cloud computing certifications are associated with the highest IT salaries around the world.
Certifications from ISACA, ISC2, AWS, and Google Cloud are amongst the top-paying. What’s more? Cloud and IT security skills are also the most in-demand, as IT decision-makers continue to struggle to hire in these areas. It is estimated that there are going to be 3.5 million unfilled cybersecurity jobs globally this year alone. Just think about that number and the opportunity it represents. Despite industry-wide efforts to reduce the skills gap, the open cybersecurity headcount in 2021 will be enough to fill 50 NFL stadiums. So, what am I talking about? There is a full-on war for cyber talent and you just can’t afford to let it go. So, in this video, I want to discuss the Cybersecurity career path and the top cyber certifications.
Cybersecurity Roles
So, there are three main cybersecurity career paths and those are Cybersecurity Engineers like SecOps or IT Security folks who design, configure, deploy and troubleshoot security devices such as firewalls or other security solutions, then you have Cybersecurity Testers mostly working as Consultants, these are the folks who you see in the Hollywood movies hacking into stuff, and then finally the folks who deal with the cybersecurity incident after it has taken place, so we can call them the Cybersecurity Responders. A simpler way to visualize these roles is to use a linear IT-inspired timeline. So first we have Cyber Engineers who install, configure, deploy, manage and troubleshoot. So, these are your firewall administrators, the engineers that make sure sufficient cyber defenses are in place, to begin with. Many of these guys come from traditional IT job roles, such as network engineers or system administrators. They are part of the IT organization and report to the IT chain of command. The Cybersecurity Testers are your auditors or red teamers, their job is to analyze the gaps and mistakes before an attacker does. They are your Ethical hacker, penetration tester, exploit developer, and auditor working mostly in consultant roles.
Cybersecurity Certifications (Entry, Pro and Expert Levels)
Let me now take you back to the Global Knowledge IT survey, and one interesting bit of information in there is, top 10 most widely held certifications in 2020 and the ones to be most pursued in 2021 as reported by thousands of IT professionals worldwide who participated in the survey. The list on the left includes three cybersecurity certifications and those are CISA and CISM from ISACA and the Security+ from CompTIA. And on the right-hand side, you can see CISSP from ISC2, CISM, and CRISC from ISACA and Certified Security Specialist from AWS. Now, granted these certifications are most sought-after, it still doesn’t mean you got to pursue them for that reason alone. For example, if you are starting your cyber engineering career, there is no need to go after CISSP. You might want to get started with Security Plus from CompTIA for example. It is far easier to achieve and can help you land your first job with some prior networking or IT experience. If you are already a Cyber or security engineer or a senior network engineer, you might want to consider Certified Ethical Hacker or CEH. It is harder than Security Plus but the extra earning potential more than makes up for the difficulty. If you already have CEH, then you might want to work up the food chain and target Certified Security Analyst or ECSA or Certified Information Systems Security Professional or CISSP. CISSP is a tough certification but the gain is more than worth the pain. The CISSP is ideal for experienced security practitioners, managers, and even CISOs interested in proving their knowledge across a wide selection of security practices and principles. If you are looking to be hired by the US Department of Defense, then among other things, CISSP certification could be your ticket to land that job. It is arguably the most prestigious Cybersecurity certification today. Here are the eight domains of knowledge that CISSP exam topics cover. In addition to passing the exam, a candidate must have at least five years of experience in a cybersecurity-related field. If that’s not enough, each CISSP exam take will set you back by $700. But it is not fair to focus too much on the cost since professionals with CISSP can make a decent six-figure salary. If you want to pursue a career in cloud security, then you can consider Certified Security Specialist from AWS or a vendor-neutral certification such as CCSK for an entry-level job and CCSP from ISC2 for sort of mid-tier jobs.
If you are gearing up to become a Cyber Tester, and IT auditing is your passion, then the CISA certification is for you. Here are the five domains of knowledge that are covered by CISA exam topics. Now, what about certifications for those vying for the Cyber Tester jobs. If you are a junior IT or a network engineer, you can venture into a Cyber testing career with either CEH or GIAC Security Essentials or GSEC certification. For someone who’s already working as a Cyber tester, your best bet would be to go for CompTIA Advanced Security Practitioner or Certified Security Analyst from EC Council. For the expert level, you can pursue CISSP.
Now, finally, if cyber responder jobs pique your interest and your passion is to perform forensics, then consider GIAC since they offer multiple certifications such as Battlefield Forensics & Acquisition, Certified Forensic Examiner, and Certified Forensic Analyst, GIAC Network Forensic Analyst, and Cyber Threat Intelligence.
So, now that we have covered Cyber certifications across the three broad roles, let me recap everything. Number one. If you are starting your IT career as a young professional, or ready to switch to a Cybersecurity career, then Security Plus or CEH is likely to be the best entry-level certifications for you. CEH does carry a higher price tag of $1200 as opposed to Security Plus at $339. Number two. If you are already in a Cybersecurity career and want to advance your career, then your best bet is to go for CISSP. It is hard and exam prep will take time, but the data shows that it is worth it. It will put your earning potential on steroids. Number three. If neither of those two works out for you, then it is time to take a step back and take a more nuanced approach, consider the three broad Cyber roles that I mentioned, and take your time to make an informed decision, one that is aligned with your career plan.
Now, here is my final thought. Cybersecurity is an industry that is perfect for anyone who is interested in technology and who values work that has a real impact like protecting an organization from nefarious threat actors and at the same time offers practically unlimited growth. Each situation is a unique puzzle and a new opportunity to rise to the challenge. The job also offers global mobility since cyber concerns uniformly apply to every geography. There hasn’t been a better time to start a career in cybersecurity.
THANK you for reading this article, I hope you found it helpful. I’d love to hear your thoughts.
Author:Muhammad Afaq Khan, CCIE #9070

Leave a Reply Cancel reply
0 (0) Today, we live in a world where there is nothing, and I mean nothing, off the limits for cyberattacks and particularly ransomware attacks. Our hospitals, our universities, oil pipelines, and now even our meat is under cyberattack. The cyberattack that flattened the IT operations at JBS Foods over the weekend turns out was […]
0 (0) Ransomware has been a growing menace for years, but there has been a marked increase, during the recent months, in sophistication and level of innovation in this portion of the cybercrime underbelly. If you didn’t know, cybercrime comes in many different types, such as email and internet fraud, identity theft, financial theft like […]
0 (0) It’s time to check your Pulse. I mean your Pulse Connect Secure VPN appliance. Hackers have been exploiting several previously known and one zero-day vulnerabilities affecting Pulse Connect Secure aka PCS VPN appliances. They are targeting defense, government, and financial organizations around the world. According to FireEye, several threat actors have been exploiting […]
5 (1) OK, we now have another supply chain attack that could become the next big hack. When April fools’ jokes were being published online, one company known as Codecov discovered something that was far from a joke. So, who is Codecov? Codecov is one of the many DevOps tools out there. It provides hosted […]
5 (1) So, what is Ethical Hacking? Well, it is hacking ethically. OK, that was not helpful. There are two types of hacking, white hat hacking, black hat hacking. They use similar tools and have similar goals, so then what is the difference. Well, there is one big difference and that has to do with […]