2019’s Hottest, and Most Bankable, Security Certs

Most certifications can help your career, but a select few will land you a great job or add money to your paycheck. Here are the most bankable certifications this year, as well as a glimpse of next year’s most wanted list, according to those in the field and those who do the hiring.

Hot Certifications This Year

Employers are looking first for the certifications that prove a strong, general background in security skills. After that, they look for specialty certifications. But they won’t expect a job candidate to have certifications in emerging specialties, as none yet exist for skills matched to up-and-coming technologies and threats.

Here are what the experts working in the real world have to say about this year’s hottest certifications:

CISSP: “CISSP remains the top cyber certification for which we see the most demand. CISSP brings a strong general background and allows you to add specialty certifications in various areas,” said Pravin Kothari, CEO at CipherCloud.

CISM: “Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) are still by far the most common and in-demand,” said Giora Omer, head of Security Architecture at Panorays.

Triple Pack: “The rest of the pack includes CEH (certified ethical hackers), GSEC (Sans) and Security+ (CompTIA),” added Kothari. “All of these are excellent backgrounds when combined with undergraduate studies in computer science or perhaps engineering.”

OSCP: “Offensive Security Certified Professional (OSCP) is one of the hottest certifications out there now. The reason for it being in such high demand is the amount of work security professionals have to put into it to get one. It’s purely skills-based and proves whether a professional can perform the activities or not,” said Darian Lewis, a lead threat intelligence analyst at Relativity.

CIPP:“With privacy regulations like GDPR and CCPA on the rise, companies are turning to their security personnel for guidance. While there are no official certifications for these new laws and regulations, organizations are looking for the closest thing they can find. As a result, the IAPP’s Certified Information Privacy Professional (CIPP)—which is not a new certification—has recently become much more popular,” Omer added.

PKI:“Organizations are increasing their usage of TLS certificates and SSH keys, which act as machine identities. This growth is driving enormous demand for certified PKI specialists that understand how to manage them,” said Dave Culter, vice president of professional services at Venafi. “Even in very large companies that use thousands of certificates and SSH keys, there are usually only two or three people that really understand best practices. And since encryption is fundamental to security, this skill translates directly to compensation; we often see security people that add PKI certification to their resume add at least $10,000 to their salary.”

CISO level certs: “The Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) and Certified CISO (C|CISO) certifications make a lot of sense if you are experienced in cybersecurity and seeking a role in management,” said James Carder, CISO of LogRhythm.

Certifications Likely to be ‘Most Wanted’ Next Year

As the attack surface gets bigger and more complex every year, some emerging threats—and the skill sets to counter them—gain staying power. And when they do, the search for certified talent in these specialties skyrockets.

“In most cases, to support a particular trend, an individual needs to get hands-on experience in that discipline. For example, right now data loss prevention (DLP), encryption and tokenization are very active security technologies, but most security team members have to learn these applications hands-on,” Kothari said.

It’s vital that you add experience in battling emerging threats to your resumé, along with a list of your more traditional certifications.

“There are really no certifications in these areas and like everything else, there are vendor-specific dependencies that need to be understood. While these skills are in demand if you have experience, the basic security certifications will work well to align you with a multitude of potential opportunities,” Kothari added.

That said, here are the certifications and types of certifications that security experts say are likely to be hot next year, based on what they see evolving now:

CTPRP:The Certified Third Party Risk Professional (CTPRP) certification has been generating a lot of buzz since its inception several years ago and we’re seeing steady demand for it,” said Tom Garrubba, senior director and CISO at The Santa Fe Group/Shared Assessments Program. “CTPRP prepares security professionals with a deeper understanding of the various roles within third party risk, as well as the information security and privacy topics to address in an assessment based on their own organization’s risk tolerance.”

Risk certifications: “I’m seeing an expansion in better understanding risk. There are numerous RMA risk certifications but the most popular still appears to be the Certified in Risk and Information Systems Controls (CRISC) by ISACA. I’m also seeing industry-specific IT and security-based certifications. An example would be the HCISPP—Healthcare Information Security and Privacy Practitioner,” explained Garrubba.

Privacy certifications: “The current demand is for certifications that have anything to do with privacy. The CIP certifications by IAPP are leading the field in privacy protection, and thus have become sought-after additions to CISSP and CISM certifications. Unquestionably, however, more privacy-related certifications will follow,” Omer predicted.

Government certifications: “Some of the skills needed that are not represented right now are those around government requirements, such as FedRAMP.  There is no certification, per se, that means security professionals are well-versed in that,” said Lewis. “However, many product and service providers run their own certifications to show that users know their product suite, they can configure and maintain it, as well as integrate their solutions with others.”

Pam Baker