Why certificates matter, and which ones matter most

You're new to security or want to make a career change into the industry. What do you need to know, and where do you start?

Why certificates matter, and which ones matter most

You’re new to security? Welcome. So am I.

As I approach my one-year anniversary of writing for CSO Online, I know that I have much to learn about security and room to grow as a writer.

When I decided that I wanted to be a writer, I really had no idea the direction my career would take. I was an English major in undergrad, then earned a Master’s in Education so that I could teach.

After spending over a decade in the classroom, I knew I was ready for a change, but I didn’t know how to make that change happen. I decided to enroll in an MFA program because in my mind, being a writer required an MFA.

[ MORE ON CERTS Which certifications matter most for those new to securityBeyond the basics: The certifications you need based on the path you choose ]

At the time, I hadn’t considered journalism as an option for my writing career — I was going to write books. Unlike the information security industry, the writing world is over-saturated. Everyone wants to be a published author.

The road that brought me to CSO Online was circuitous, but it was the path I traveled. As I send off my student loan payment each month, I question whether there was something I should have done differently.

[ ALSO ON CSO: How to become a CISO ]

What I do know is that even with two master’s degrees, I still take the time to enroll in self-taught training courses to sharpen my journalism skills. I’ve joined professional organizations for networking and access to information that I might not find on my own.

Whether you’ve landed a job in security through your experience or you’ve just enrolled in a degree program or you’re working toward certificates in other training programs, you are needed in this industry. NGO’s are scrambling to recruit young people into this field because of the dearth of talent out there, so bravo to you!

But don’t get to thinking there will come a time when you can rest on your laurels. Threat landscapes change as quickly as technology does, and in order to hone and develop skill sets, those new to the cybersecurity profession need extensive and continued training.

One thing I’ve noticed is that whether I was writing about social engineering or network security vs. application security, the folks I talked to had the same recommendations for mitigating risks. Do a risk assessment. Have an incident response plan. Know where the crown jewels are. Segment the network. These are the constants that need to happen despite the growing threats that evolve.

Because the underlying goal of any security position is to safeguard valuable assets, there are certifications that offer holistic training that isn’t sector specific. This week, before getting sector specific, I’ll be looking at which certifications you should get first and talking about the differences among some of them.

Professional certifications are declarations of your experience, knowledge, and willingness to develop and hone your skill sets. Because the landscape of cybersecurity careers is vast, encompassing information security, intelligence, network security, application security, governance, risk, and compliance, and much more, the number of certifications one can hold is also expansive.

For security newbs, determining which certifications are needed can be overwhelming.

How many certifications does one really need?

Which ones are most important when it comes to landing a job?

The answers, unfortunately, are not crystal clear because the certifications you need are based on the area of security in which you wish to work. While skill can sometimes trump training, successfully passing the exams for globally recognized training programs boosts your credibility.

If you’re bursting at the seams and can’t wait for the follow up to this post, here’s some reading material to keep you overwhelmed. Infosec Institute offers a variety of categories, differentiating certificate programs from professional tracks, but I’m going to start with the basics. If you’re heading down the path of a pen tester, don’t worry. I’ll have more for you later this week.

Copyright © 2016 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)