There’s a high demand for cybersecurity specialists equipped to help organisations defend themselves against cyberattacks. Industry certifications that validate your cybersecurity experience can be a great way to publicise your abilities, increase your earning potential, and boost your career prospects in this field.
Microsoft, the International Information System Security Certification Consortium, Offensive Security, and eLearn Security provide some of the most comprehensive cybersecurity certification courses on the market, du Plessis explains.
Microsoft offers a variety of cybersecurity training options to help you achieve technical certifications that showcase your industry-relevant skills. Du Plessis advises starting with the SC-900 certification to get to grips with the fundamentals of Microsoft’s security, compliance, and identity solutions.
“You’ll gain valuable insights into the relationship between these solutions and how they can be leveraged to ensure end-to-end cybersecurity. After that, you can move on to technology-specific and role-based certifications in security operations, identity and access management, and information protection, in line with what you want to achieve professionally.”
Du Plessis recommends the following order:
“Microsoft has outlined its own recommended path for individuals looking to specialise in security, compliance, and identity, but I think you can adapt this learning journey to suit your personal outcomes,” says du Plessis.
Quick Tip | The MICROSOFT SECURITY, COMPLIANCE, AND IDENTITY TRAINING AND CERTIFICATIONS GUIDE contains more information about the SC-900, AZ-500, MS-500, SC-400, SC-300, SC-200, and SC-100 certifications, and MICROSOFT LEARN has an extensive collection of free training materials to aid your studies and exam preparation.
The INTERNATIONAL INFORMATION SYSTEM SECURITY CERTIFICATION CONSORTIUM –or (ISC)² – offers technology professionals a range of information security certifications. (ISC)² certifications are recognised globally and deal with everything from security administration to operations and management. These are the four that u Plessis suggests:
CERTIFIED IN CYBERSECURITY (CC) is an entry-level certification aimed at graduates,beginners, and novice practitioners in the field. “It’s designed to give you the foundational knowledge required to start a career in cybersecurity,” says du Plessis. “If you’re new to the industry or perhaps changing your job focus, this could be the first rung on the ladder as you develop your skills.”
SYSTEMS SECURITY CERTIFIED PRACTITIONER (SSCP) is a credential that proves your ability to implement, monitor, and manage IT systems and infrastructure securely. “It’s a way to demonstrate your holistic understanding of the best practices, accepted policies, and international standards regarding security operations,” explains du Plessis. The SSCP certificate is a popular choice among experienced systems administrators, systems analysts, and systems engineers.
CERTIFIED CLOUD SECURITY PROFESSIONAL (CCSP) is best suited for information security leaders with experience in cloud security architecture, design, operations and orchestration. “With the CCSP certification behind your name, prospective employers will know that you have advanced capabilities when it comes to protecting critical cloud assets,” says du Plessis.
CERTIFIED INFORMATION SYSTEMS SECURITY PROFESSIONAL (CISSP) is widely regarded as the globe’s premier cybersecurity certification. “But it doesn’t come easy,” du Plessis warns. “CISSP certification requires a substantial investment of both time and money. There’s a staggering volume of course information to get through, but the reward is well worth it. Plus, the credential itself can open new doors for you.” In the United Kingdom, the CISSP certification is comparable to Level 7 of the Regulated Qualifications Framework.
(ISC)² offers several other certifications, but du Plessis cautions that they’re geared toward professionals in particular disciplines or industries. “If your focus area is governance and compliance, or risk management, then CERTIFIED AUTHORISATION PROFESSIONAL (CAP) may be a good path to explore. But if your responsibilities include protecting sensitive patient data and medical records, then becoming a HEALTHCARE INFORMATION SECURITY AND PRIVACY PRACTITIONER (HCISPP) might make more sense.”
Quick Tip | The (ISC)² CYBERSECURITY QUALIFICATION PATHFINDER tool can help you decide which certifications match your current and future career goals.
Penetration testing and digital forensic investigation are highly specialised fields that require cybersecurity pros to expand their practical, technical, and analytical capabilities. “For those with the necessary credentials in these niches, there’s certainly no shortage of work,” remarks du Plessis. “At BUI, our penetration testers are booked months in advance. And worldwide, there’s a growing demand for forensic experts who can help organisations uncover evidence of cybercrime.”
The OSCP (OFFENSIVE SECURITYCERTIFIED PROFESSIONAL) course presented by OFFENSIVE SECURITY is considered far more technical than other ethical-hacking qualifications on the market. “It’s also one of the few cybersecurity certifications that requires students to prove their practical skills in a test environment,” adds du Plessis. “The combination of hands-on training and real-world simulation is hugely beneficial.”
The certifications offered by ELEARNSECURITY are also worth looking into – especially if you want to narrow your focus by specialising in penetration testing for web or mobile applications, says du Plessis. The eLearn Security CERTIFIED PROFESSIONALPENETRATION TESTER (ECPPT) credential is recognised on all seven continents, and the WEB APPLICATIONPENETRATION TESTER EXTREME (EWPTX) and MOBILE APPLICATIONPENETRATION TESTER (EMAPT) certifications are respected in IT circles.
The eLearn Security CERTIFIED DIGITALFORENSICS PROFESSIONAL (ECDFP) accreditation is designed for senior technologists with existing cybersecurity knowledge. It focuses on the processes and methodologies used in modern digital forensics investigations.