10 Hot Cybersecurity Certifications In 2022
As the demand for skilled cybersecurity workers rises and evolves, so do certification offerings
The demand for cybersecurity practitioners at all levels has never been greater.
Unfortunately, demand is far outstripping the supply of skilled cybersecurity workers across the United States and the globe.
A number of cybersecurity corporations, including Palo Alto Networks and Fortinet, are trying to do something about the workforce skills gap by proactively offering various training and certification programs.
The major cloud-service providers, including Amazon, Google and Microsoft, are also pushing certification programs that put a heavy emphasis on security.
Meanwhile, nonprofit groups, such as the SANS Institute and ISC2 (International Information System Security Certification Consortium), re going all-out to boost cybersecurity certification of workers, while the for-profit Skillsoft has its own certification offerings.
Harpreet Sidhu, who heads Accenture’s managed security services, says cybersecurity certification programs are always evolving, as organizations adapt to market forces and the evolving nature of cyberattacks.
Data and AI security certifications are currently big, but Sidhu thinks they’ll only grow bigger in terms of demand.
What are some emerging cybersecurity certification fields? Science and space fields (both private and public) and maybe even the Metaverse, Sidhu said.
The bottom line: Cybersecurity certification is growing and evolving and it will continue to do so for the foreseeable future.
As part of CRN’s Cybersecurity Week 2022, here is a look at ten cybersecurity certifications highlighted by officials at SANS, ISC2, Skillsoft and Accenture.
CC – Certified in Cybersecurity
This credential program, launched on Sept. 1 by ISC2, is a runaway hit for two reasons: It’s a true beginner’s course at a time when demand for cybersecurity personnel is far outstripping the supply of qualified cybersecurity employees. And the program is free.
“It is an entry-level certification program and we just created it,” says Clar Rosso, chief executive of ISC2, the nonprofit provider of cybersecurity certification programs.
“We looked at the workforce gap year after year and we said, ‘You know, it‘s really time we did something about closing it.’”
CC was the answer. About 40,000 people have already signed up for the course.
ISC2 plans to offer CC for free to as many as one million people over the next five years, Rosso said. “We need to drive more people into cybersecurity,” she said.
According to a summary provided to CRN, the CC certification “proves to employers that you have the foundational knowledge, skills and abilities necessary for an entry or junior-level cybersecurity role, as well as comprehension of best practices, policies and procedures.”
AWS Certified Solutions Architect – Professional
The AWS Certified Solutions Architect – Professional (as opposed to the familiar Associate program) provides advanced training on a wide range of cloud-related solutions topics. But a major module within it is all about cybersecurity, says Mike Hendrickson, vice president of technology development at Skillsoft, the Nashua, N.H.-based provider of online courses and training.
Based on a SkillSoft survey, this AWS certification program is No. 1 in terms of the pay it bestows on practitioners, largely because it’s all about the cloud. “It’s a biggie,” said Hendrickson of its popularity.
According to Skillsoft’s Alec Olson, solutions architects are among the most in-demand jobs in IT – and the AWS Certified Solutions Architect – Professional validates an individual’s ability in this area.
Google Cloud – Professional Cloud Architect
This is yet another popular cloud certification program with a huge cybersecurity component to it, ranking as the third most in-demand IT position based on the salary people receive after getting the certification, according to Skillsoft.
Skillsoft’s Hendrickson calls Google Cloud - Professional Cloud Architect a “really interesting” certification course due to it having a “whole section on design for security and compliance.”
“Another interesting note about Google Cloud, as opposed to Amazon or Microsoft Azure, is Google Cloud communicates well with AWS and with Azure, whereas the other two don‘t communicate to each other at all,” Hendrickson added:
According to Skillsoft’s Alec Olson: “This credential also validates the ability to manage implementation, provision infrastructure, improve processes and more.”
CISM – Certified Information Security Manager
There’s been no big uptick in demand of late for this certification, but it’s still a perennial favorite of sorts, says Skillsoft’s Mike Hendrickson.
The reason: it’s all about “protecting your information,” says Hendrickson. “You have to protect information flow and data flow today.”
According to Skillsoft’s Olson: “CISM validates the ability to manage, design and assess an enterprise’s information security. It proves expertise in these domains: information security governance, information security risk management, information security program, and incident management.”
CISSP – Certified Information Systems Security Professional
This certification is another oldie-but-goodie offering no matter where it’s taught or by whom, according to industry officials.
This is how ISC2 describes CISSP to CRN: “This certification recognizes security leaders who understand cybersecurity strategy and hands-on implementation. Proves professionals have the knowledge and experience to design, develop and manage an organization’s overall security posture.”
From Skillsoft’s Alec Olson: “Earning the CISSP certification has been compared to earning a master’s degree in IT security, as it proves professionals have what it takes to effectively design, implement and manage a cybersecurity program.”
CCSP – Certified Cloud Security Professional
Once again, it’s all about the cloud these days. And security in the cloud is paramount. Thus the demand for certifications such as CCSP.
“For over two years running cloud security has been the top area that cybersecurity professionals have told us they need to build their expertise,” says ISC2’s Rosso. “What the CCSP does is it helps people understand the whole cloud ecosystem and how you manage your information and systems within the ecosystem.”
Here‘s ISC2’s summary of CCSP: “This certification shows professionals have the advanced technical skills and knowledge to design, manage and secure data, applications and infrastructure in the cloud.”
OT Security Certification
The demand to protect operational technology, not just IT, is increasing – and so is demand for OT security certification. “It‘s certainly gained more and more popularity in recent years,” Harpreet Sidhu, who heads Accenture’s managed security services, says of OT security programs.
If anything, there’s a convergence of IT and OT underway and it’s “driving security operation centers and teams to focus on bringing visibility across the IT network and the OT network,” said Sidhu.
As an example, he noted an Accenture client that makes candies – and its factories’ OT network and its business IT network need to interact at some point. The net result: a bigger field to protect.
“Cyber teams are looking for threats across the entire attack surface,” Sidhu said.
He also said OT environments tend to be unique in how they operate because of proprietary technology involved.
SSCP – Systems Security Certified Practitioner
Businesses want to have confidence that a cybersecurity employee can configure and operate safely in different environments – and that’s where SSCP enters the equation.
ISC2’s Rosso says SSCP is one of the most technical certifications – and one of the more valuable to practitioners as a result.
Here’s ISC2’s summary of SSCP: “This certification shows professionals have the technical skills to implement, monitor and administer IT/ICT infrastructure using information security policies and procedures.”
GCLD – GIAC Cloud Security Essentials
The SANS Institute’s Global Information Assurance Certification unit runs a number of certification programs – and not surprisingly cloud security certification is right at the top when it comes to demand.
Jeff Pike, director of technology at GIAC, said the GCLD certification is the “gateway” to more advanced security training.
GIAC says GCLD “covers the essentials of cloud security from a vendor-neutral perspective while touching on the three major cloud platforms (Azure, AWS, GCP).”
But Pike said people shouldn’t think of GCLD as a simple session.
“It’s not easy,” he said of the certification program. “It’s broad (in scope), but it definitely gets into the details.”
GCPN - GIAC Cloud Penetration Tester
Cybersecurity companies are becoming more proactive when it comes to protecting their customers.
One such “offensive security” tactic is testing customers’ security measures in a form of “red teaming” and other methods. And GCPN is all about such security tactics in the cloud.
GIAC’s summary of this certification program: GCPN “covers the extension of traditional, offensive penetration testing into the cloud environment. Content includes cloud-based microservices, in-memory data stores, serverless functions, Kubernetes meshes, containers, and testing of cloud-native applications. It also covers penetration testing tactics specific to the AWS and Azure environments.”