I hate to say this, but this is the last full weekend of Cybersecurity Awareness Month. There have been many hot topics that have been brought up in the Cyber news headlines, and you can guess that they all deal primarily with Election Security.
But I have tried to hit upon those topics and issues that aren’t normally addressed every day, in order to bring you some value in what you read. In today’s blog, we look at theme of Cyber Certs, or certifications.
If you look through all of the job listings in the major search boards, as it relates to Cyber, you will see that many of them require some sort of cert or claim that it would be preferable that you are planning to get one. One of the main problems is that there are so many of them out there, it is hard to tell what you will really the most return.
IMHO, probably the best ones to get are those offered by the (ISC)2 and CompTIA. One of the best-known certs out there that has truly stood the test time of time is that of the CISSP. Its probably one of the oldest ones out there, but still one of the most highly recognized ones still yet.
But keep in mind that that as COVID19 is expected to get worse this fall and that the Remote Workforce is going to be around for quite some time to come, data privacy is going to be one of the hottest issues in Cyber.
This has been primarily fueled by the lack of security controls to protect confidential information and data, as well as the notoriety that the GDPR and CCPA are accumulating. Not only this, but there are other states and countries worldwide that are also in the processing of coming up with their own data privacy laws.
Because of this, there is a whole new plethora of certs related to data privacy that have come about. Here are some of them:
*The Certified Data Privacy Solutions Engineer:
This is a very new cert, as it was created and launched in May of this year. It is currently being offered by ISACA, and more information on it can be found here:
So far, this is deemed to be more of a technical kind of cert, as it relates to making sure companies have the right controls in place to reduce their current levels of Cyber Risk and that they are fully compliant.
*The Certified Information Privacy Technologist:
This cert is currently being offered by the International Association of Privacy Professionals (aka the “IAPP”). More details on this cert can be found here:
This cert has been crafted to test your knowledge and prove that you understand the necessary security protocols that are needed to help protect and ensure the integrity of Personal Identifiable Information (PII) datasets.
*The Certified Ethical Emerging Technologist:
This cert is offered by the CertNexus, and more information on this can be found here:
This has been held to be a much more of a general type of cert, in that it focuses on the ethical issues and uses of the technologies that relate to Cyber. These include Artificial Intelligence (AI), Facial Recognition, contract tracing as it relates to COVID19, etc.
*The Cybersec First Responder:
This is too is being offered by CertNexus, and details of this can be found here at this link:
Believe it or not, although this cert is very new, it is actually probably one of the most popular ones yet. It is designed for those individuals that are the first to intercept any legitimate warnings and alerts, and to pass them on in the escalation process, and work in close synch with the Blue Team in any Penetration Testing exercise. In a way, individuals that have this kind of cert act like First Responders whenever a huge physical disaster has occurred.
*The Certified Kubernetes Security Specialist:
The organizers of this cert are the The Linux Foundation and Cloud Native Computing Foundation, respectively. It has been designed to test the exclusive knowledge on how to properly deploy security protocols for both container-based applications and Kubernetes platforms. To be honest, this is the first kind of cert that has been designed to deal with the issues specific Cyber issues as it relates to Web based applications. More information about this cert can be seen at the link below:
*The HealthCare Information Security and Privacy Practitioner:
This cert is currently being offered by the (ISC)2, the same organization that offers the CISSP. This has been designed exclusively for those Cyber workers in the healthcare field, and it is expected to grow in huge demand in the coming years mostly fueled by the COVID19 pandemic, and the need to further protect confidential patient information and data. More information on it can be seen here:
My Thoughts On This
So, these are some of the top Cyber certs at the present time and are expected to gain full steam in 2021. While these sound exciting, keep in mind some key things:
*The cert is not the be all to get a job in Cyber. IMHO, they are only designed to show potential employers that you have a certain base of knowledge in that certain area. In other words, don’t get too hung up by having a long list of acronyms by your name. The cert will for sure help you to get the interview, but it is by no means a guarantee that you will actually get a job.
*Certs are expensive, especially if you are self-funding your plan of study. Probably the best way to get one is to have your employer pay for your actual training and the exam that is needed to get the cert. But this can take some time, as it will take some hard convincing to your boss as to the ROI that the company will get by having you get this cert. If possible, try to get your company to sponsor you for a bootcamp kind of training, as these are one of the better methods to prepare and take the exam for the cert.
*As mentioned earlier, they are tons of certs out there. You should not just go after them willy nilly, you need to pick those one or two that relate to the Cyber field that you are currently in and prepare for those. Perhaps start with a baseline cert first one, and them move onwards to a more advanced one (for example, getting the CompTIA Security+ cert before you get your CISSP).
*There are tons of cert vendors out there, just as there are tons of Cybersecurity vendors. Many of them will claim exaggerate exam pass rate numbers, in an effort to lure you into their training programs. In fact, this is now even a prime area for the Cyberattacker, by creating phony cert vendor websites and offering fictitious training materials. Before you sign up with a vendor, always do a Google search on them first to see what kind of reviews they have received from both former and current students.
*Don’t forget the old-fashioned way of self-study. With this, you can buy an authentic cert study book from Amazon for a very affordable price, as well as practice exams and questions. While this route of method take the longest time amount of time to get your desired cert, you can carve out the study time needed based upon your own schedule. But keep in mind that this requires a lot of self-discipline on your part.
Finally, once again, don’t get obsessed by how many acronyms that you have behind your last name. This prestige of this only last for a fleeting moment, it does not have a lot of long-lasting value. As for me, I have always been an opponent for certs, as I have always thought (and continue to think) that they are simply a money-making racket.
But in the end, I have decided to get one, which is the CompTIA Security+ cert. I have decided to only get this one and no more, because I only want to show people that I actually do have a baseline knowledge in what I write about for clients and others.