Last October, The Edge brought you "14 Hot Cybersecurity Certifications Now." Time, per usual, has flown, leaving us to wonder, "What difference does a year make? Especially in this very unusual year?"
In revisiting trends with certification issuers, we learned of some new and emerging certifications now offered to address the current landscape. We also reached out to security training and career firm Cybrary to find out what they are seeing.
According to Ken Underhill, master instructor at Cybrary, the usual "hot" certifications (CISSP, CISA, and CISM) are still popular. He also noted AWS, Azure, and Google Cloud certs are big now as companies increasingly move assets to multicloud environments. More on those later.
In addition, an understanding of privacy -- coupled with a certification to back that expertise -- is taking hold, says Underhill.
"With organizations facing litigation and fines under CCPA, NY SHIELD, and other privacy laws, we are seeing practitioners scooping up more privacy certs, like the IAPP, CIPP, and CIPM, and the newer CDPSE," he says.
While the certs we listed last year still stand, here are some others now high on security pros' 2020 list.
Details: ISACA launched its new Certified Data Privacy Solutions Engineer (CDPSE) certification this past May.
CDPSE allows privacy technologists to demonstrate they understand the technical aspects of creating and managing privacy programs and solutions to ensure compliance and mitigate risk. More than 8,000 professionals have become certified since CDPSE's launch, says an ISACA spokesperson.
"The certification's emphasis on privacy governance, privacy architecture, and the data life cycle complements the important work done by CISOs and chief privacy officers or data protection officers," says Matt Stamper, CISO and executive adviser at EVOTEK and president of the ISACA San Diego Chapter.
Issuer: International Association of Privacy Professionals (IAPP)
Details: The swelling interest in privacy expertise is also reflected in recent updates to the IAPP's Certified Information Privacy Technologist (CIPT) certification.
"IAPP's ANSI-accredited CIPT prepares technologists to bridge the gap between privacy and security by employing strategies, processes, and techniques to confidently assist organizations with meeting their privacy goals while enabling prudent data use," says IAPP spokesperson Doug Forman.
Matthew Ireland, a hiring manager and executive security strategist at security firm NTT, also notes privacy backgrounds are increasingly needed in security roles.
"What we're seeing at NTT and with our customers right now is that companies are looking for privacy expertise and vendor or suppler risk management," he says. "The driving force behind privacy's priority is twofold: US companies are realizing that GDPR really does affect them and California's passing of the CCPA, which is driving new accountability and responsibility."
Details: The Certified Ethical Emerging Technologist (CEET) is focused on developing ethical artificial intelligence (AI) and data solutions.
"Although not specifically a cybersecurity topic, it is near adjacent as both factor into areas such as facial recognition, contact tracing, use of personal data, and more. We prereleased three of five modules on Coursera less than a week ago and already have nearly 1,000 registrants for the course," says spokesperson Jeff Felice.
Details: The CyberSec First Responder (CFR) certification validates the knowledge and skills required to protect critical information systems before, during, and after an incident.
"Our most popular certification continues to be CyberSec First Responder [CFR] as more organizations are migrating to Blue Team strategies to combat the continuous onslaught of threats – which has only increased over the past nine months," says CertNexus' Felice.
Issuer: Multiple vendors
Details: Examples include:
• Cloud security certifications from Amazon Web Services, Microsoft Azure, and Google.
• Infrastructure certifications from vendors like Cisco and Palo Alto Networks.
• Product certifications from vendors that apply to specific controls: vulnerability management, privileged access management, and security event information management.
"I look for certifications in specific products based on the controls I need to hire for," says Morey Haber, CISO and CTO at BeyondTrust. "For example, if I need a new security engineer to work on vulnerabilities or cloud security, I look for certifications or years of experience operating solutions in those disciplines. I find the empirical knowledge of how to use tools better than a paper certification."
Issuer: The Linux Foundation and Cloud Native Computing Foundation
Details: The upcoming Certified Kubernetes Security Specialist (CKS) exam from The Linux Foundation and Cloud Native Computing Foundation will be available in November. The nonprofit organizations issuing it say CKS will consist of a performance-based certification exam testing competence across several best practices for securing container-based applications and Kubernetes platforms during build, deployment, and runtime.
"We see this as a game-changer for security teams dealing with increased use of cloud technologies, and for cloud teams that need to improve their security chops," says Dan Brown, senior manager, content and social media at The Linux Foundation.
Details: We can't offer a certification update without the latest numbers on what is still considered the quintessential professional certification for security leaders. The Certified Information Systems Security Professional (CISSP) certification continues to be the most popular offering from issuer (ISC)2, with 11,752 new certs issued since Oct. 1, 2019.
Details: (ISC)2 representatives note that though it only issued only 140 new HealthCare Information Security and Privacy Practitioner (HCISPP) certs since Oct. 1, 2019, it expects it to be a much more popular certification due to the COVID-19 pandemic.
"While a much lower number than the others, it's still considered popular in that industry but a little more niche in the realm of cybersecurity," says Brian Alberti, (ISC)2's corporate public relations manager. "I anticipate we'll see a spike this coming year based on the amount of medical data that is being shared due to the pandemic. Healthcare organizations will likely be looking for professionals who are certified to secure such data."Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online. View Full Bio