Cyber Security Job Roles and Certifications in 2021
- March 17, 2021
- Posted by: Muhammad Afaq Khan, CCIE #9070
- Category: Cybersecurity
So, you’ve decided to pursue a cybersecurity certification and it is a big step for your professional career. But, before you start your hunt for the best or the highest paying cybersecurity certification, you need to do your homework. Why? Because every certification requires a commitment of time and money from you, so it behooves you to understand the value of certification and how exactly it would help you to advance your career before you jump in with both feet.
Global Knowledge IT Report 2020
Now, here are some interesting facts from a recent report published by Global Knowledge. The link to this report is in the video description, just in case. So, here are the key findings. Number one. 87% percent of IT professionals have at least one certification, while nearly 40% are already pursuing their next certification. Number two. Learning a new skill or earning a certification can result in a raise upwards of $12,000 a year. So, even if you are earning $200,000 a year today, pursuing certification can still bring a 6% bump to your paycheck. Number three and more importantly, cybersecurity and cloud computing certifications are associated with the highest IT salaries around the world.
Certifications from ISACA, ISC2, AWS, and Google Cloud are amongst the top-paying. What’s more? Cloud and IT security skills are also the most in-demand, as IT decision-makers continue to struggle to hire in these areas. It is estimated that there are going to be 3.5 million unfilled cybersecurity jobs globally this year alone. Just think about that number and the opportunity it represents. Despite industry-wide efforts to reduce the skills gap, the open cybersecurity headcount in 2021 will be enough to fill 50 NFL stadiums. So, what am I talking about? There is a full-on war for cyber talent and you just can’t afford to let it go. So, in this video, I want to discuss the Cybersecurity career path and the top cyber certifications.
So, there are three main cybersecurity career paths and those are Cybersecurity Engineers like SecOps or IT Security folks who design, configure, deploy and troubleshoot security devices such as firewalls or other security solutions, then you have Cybersecurity Testers mostly working as Consultants, these are the folks who you see in the Hollywood movies hacking into stuff, and then finally the folks who deal with the cybersecurity incident after it has taken place, so we can call them the Cybersecurity Responders. A simpler way to visualize these roles is to use a linear IT-inspired timeline. So first we have Cyber Engineers who install, configure, deploy, manage and troubleshoot. So, these are your firewall administrators, the engineers that make sure sufficient cyber defenses are in place, to begin with. Many of these guys come from traditional IT job roles, such as network engineers or system administrators. They are part of the IT organization and report to the IT chain of command. The Cybersecurity Testers are your auditors or red teamers, their job is to analyze the gaps and mistakes before an attacker does. They are your Ethical hacker, penetration tester, exploit developer, and auditor working mostly in consultant roles.
Cybersecurity Certifications (Entry, Pro and Expert Levels)
Let me now take you back to the Global Knowledge IT survey, and one interesting bit of information in there is, top 10 most widely held certifications in 2020 and the ones to be most pursued in 2021 as reported by thousands of IT professionals worldwide who participated in the survey. The list on the left includes three cybersecurity certifications and those are CISA and CISM from ISACA and the Security+ from CompTIA. And on the right-hand side, you can see CISSP from ISC2, CISM, and CRISC from ISACA and Certified Security Specialist from AWS. Now, granted these certifications are most sought-after, it still doesn’t mean you got to pursue them for that reason alone. For example, if you are starting your cyber engineering career, there is no need to go after CISSP. You might want to get started with Security Plus from CompTIA for example. It is far easier to achieve and can help you land your first job with some prior networking or IT experience. If you are already a Cyber or security engineer or a senior network engineer, you might want to consider Certified Ethical Hacker or CEH. It is harder than Security Plus but the extra earning potential more than makes up for the difficulty. If you already have CEH, then you might want to work up the food chain and target Certified Security Analyst or ECSA or Certified Information Systems Security Professional or CISSP. CISSP is a tough certification but the gain is more than worth the pain. The CISSP is ideal for experienced security practitioners, managers, and even CISOs interested in proving their knowledge across a wide selection of security practices and principles. If you are looking to be hired by the US Department of Defense, then among other things, CISSP certification could be your ticket to land that job. It is arguably the most prestigious Cybersecurity certification today. Here are the eight domains of knowledge that CISSP exam topics cover. In addition to passing the exam, a candidate must have at least five years of experience in a cybersecurity-related field. If that’s not enough, each CISSP exam take will set you back by $700. But it is not fair to focus too much on the cost since professionals with CISSP can make a decent six-figure salary. If you want to pursue a career in cloud security, then you can consider Certified Security Specialist from AWS or a vendor-neutral certification such as CCSK for an entry-level job and CCSP from ISC2 for sort of mid-tier jobs.
If you are gearing up to become a Cyber Tester, and IT auditing is your passion, then the CISA certification is for you. Here are the five domains of knowledge that are covered by CISA exam topics. Now, what about certifications for those vying for the Cyber Tester jobs. If you are a junior IT or a network engineer, you can venture into a Cyber testing career with either CEH or GIAC Security Essentials or GSEC certification. For someone who’s already working as a Cyber tester, your best bet would be to go for CompTIA Advanced Security Practitioner or Certified Security Analyst from EC Council. For the expert level, you can pursue CISSP.
Now, finally, if cyber responder jobs pique your interest and your passion is to perform forensics, then consider GIAC since they offer multiple certifications such as Battlefield Forensics & Acquisition, Certified Forensic Examiner, and Certified Forensic Analyst, GIAC Network Forensic Analyst, and Cyber Threat Intelligence.
So, now that we have covered Cyber certifications across the three broad roles, let me recap everything. Number one. If you are starting your IT career as a young professional, or ready to switch to a Cybersecurity career, then Security Plus or CEH is likely to be the best entry-level certifications for you. CEH does carry a higher price tag of $1200 as opposed to Security Plus at $339. Number two. If you are already in a Cybersecurity career and want to advance your career, then your best bet is to go for CISSP. It is hard and exam prep will take time, but the data shows that it is worth it. It will put your earning potential on steroids. Number three. If neither of those two works out for you, then it is time to take a step back and take a more nuanced approach, consider the three broad Cyber roles that I mentioned, and take your time to make an informed decision, one that is aligned with your career plan.
Now, here is my final thought. Cybersecurity is an industry that is perfect for anyone who is interested in technology and who values work that has a real impact like protecting an organization from nefarious threat actors and at the same time offers practically unlimited growth. Each situation is a unique puzzle and a new opportunity to rise to the challenge. The job also offers global mobility since cyber concerns uniformly apply to every geography. There hasn’t been a better time to start a career in cybersecurity.
THANK you for reading this article, I hope you found it helpful. I’d love to hear your thoughts.
Author:Muhammad Afaq Khan, CCIE #9070
5 (1) The United States is home to the world’s most iconic cybersecurity companies such as Palo Alto Networks, Fortinet, FireEye, CrowdStrike, McAfee, Tanium and I can go on and on but here is the point. Despite being at the cutting edge of cybersecurity technologies, US enterprises and the government get successfully targeted and hacked […]
5 (1) If you need more reasons to dive into a Cybersecurity career, here are a few pieces of information to consider. Gartner says that the cybersecurity spending is expected to reach $123 billion and continue to grow at about 10% each year for another 8 years. Just for context. At 10,000 feet, the cybersecurity […]
5 (1) The global Cybersecurity market is worth $202B today and is expected to reach a whopping $433B by 2030. The cyber security market consists of five major segments and those are network security and endpoint, threat detection and intelligence, identity access management or IAM, data and cloud security, encryption, and cryptography, and a few […]
5 (1) If you didn’t know, the SolarWinds hack was not one of, but the most sophisticated software supply chain attack to ever occur. SolarWinds hackers enjoyed unfettered access to thousands of SolarWinds customers worldwide for 9 months. They could have continued it for even longer if not for the unforced error on their part […]
5 (1) Another week, and another hack. If the SolarWinds and Microsoft Exchange hacks were not enough, F5 to the rescue. With a high-severity vulnerability, a patch-ASAP-grade, you can bet attackers reacted like sharks that smell blood in the water. Just for some historical context, a similarly critical remote code execution or RCE vulnerability in […]