Blog
Navigating Your IT Security Certifications, Part 1
By Martin Schaeferle | April 02, 2021
You don’t have to read too many news articles to know that Internet security is on everyone’s mind. Even Hollywood knows this and is trying to cash in with hit shows like Person of Interest, Black Mirror, and the Emmy-winning Mr. Robot. Major corporations are also taking notice. Gartner is forecasting worldwide enterprise security spending to total $123.8 billion in 2020. When I first blogged on this subject two years ago, spending was only projected at $96.3 billion—that’s nearly a 30% increase! This challenge is not going away.
You don’t have to read too many news articles to know that Internet security is on everyone’s mind. Even Hollywood knows this and is trying to cash in with hit shows like Person of Interest, Black Mirror, and the Emmy-winning Mr. Robot. Major corporations are also taking notice. Gartner is forecasting worldwide enterprise security spending to total $123.8 billion in 2020. When I first blogged on this subject two years ago, spending was only projected at $96.3 billion—that’s nearly a 30% increase! This challenge is not going away.
So it should be no surprise that this increase in spending has led to an increased demand for IT Security talent—and the data shows it. From the ISACA State of Cybersecurity 2020 report, 62% of organizations say their cybersecurity team is understaffed and 57% say they currently have unfilled cybersecurity positions available. What’s more, 70% say fewer than half of cybersecurity applications are well qualified.
But not all is doom and gloom; for the IT professional, this is a great climate for those looking to update their skills and join the relatively new and growing sector of IT security. Don’t believe me? In a July 2020 article posted by CIO.com, four of the top six most valuable IT certifications are security based, and all had an average annual salary well north of $125K. Security certification has become a serious and well-respected credentials.
Now you are probably wondering, where does one start in getting a piece of this lucrative cyber-pie? As I quickly found out myself, this is not an easy answer. There are many different certifications around security to choose from and many different companies and organizations offering them. But don’t fret; let me help you carve the right path and get you on your way.
Being a security professional is not about finding the one perfect certification; it’s more about finding the right combination of certifications that’s right for you. What certifications you seek depends on what areas of security you’re most interested in and how high up the corporate ladder you wish to climb. The most popular certifications are those that are relevant to all areas of IT security. But before we get into too much detail, I think it is important to establish some baselines. One does not simply jump immediately into security without a solid background in the general IT hardware and networking field.
Getting Started
If you’re going to attempt entering a security field and IT is not a current profession or hobby of yours, then I’d suggest tackling a couple of certifications to get you started. The first is CompTIA A+ and this is where all IT begins. This certification focuses on learning the standard computer hardware, basic operating system functionality, and general troubleshooting. From there, I’d recommend getting certified in CompTIA Network+, which will get you familiar with basic networking concepts like DNS, DHCP, IP masks, domains, packet routing—essentially everything that defines the framework that Internet security relies on.
Okay, now that you’re an IT expert—what’s next? It’s good to start with the core building blocks of security, and the best certification for that also comes from our friends at CompTIA. Their Security+ covers all the core concepts in IT security from Wi-Fi passwords and firewalls to employee best practices. Although this doesn’t necessarily go deep into any one area, it provides an excellent starting point and a balanced overview of the major topics.
Ok, so what next? Well, after you have Security+ under your belt, you are ready to consider some specialty certifications. One of the most popular next steps is EC-Council’s Certified Ethical Hacker (CEH) certification and Certified Security Analyst (ECSA). One of the best ways for a company to ensure that their systems are hardened (or secure) is to hire someone to try and break in. And since recruiting hackers from the Dark Web is considered very unwise (really, don’t do it), they instead look for those trusted individuals (often referred to as White Hats) who are trained to think like a hacker. Based on that premise, the ethical hacker certification was born. Once certified, you will understand the tools (like Kali Linux and Metasploit) and the techniques (like Pen Testing) that you can use to assure companies that their systems are indeed secure.
Another very popular certification is EC-Council’s Computer Hacking Forensic Investigator (CHFI). Like the television show CSI, it is an area of the security field that focuses on the collection and analyzing of digital evidence to detect and document when something nefarious is about to or has actually happened. Most companies are aware that it’s not a matter of IF you will be hacked, but WHEN. And in many instances of company being hacked, there are often telltale signs or fingerprints that are left behind by the perpetrators. This incents companies to hire professionals to look for these clues in order to identify areas that may need more hardening to avert a pending attack or to clean-up after the damage is done and document what happened for compliance purposes. This certification is about learning the skills for detecting or mitigating the aftermath of a successful hack.
That's all we're covering in this post, stay tuned for part 2 where we will continue down the road to more advanced IT security certification...