Here are a few sector specific certifications that will grow your skills and impress prospective employers. Credit: Thinkstock Turns out that a lot of people have a lot of differing opinions on the education, certifications, and training folks new to security ought to have. If you read Lysa Myers’ blog post earlier this week, you know that she started off as a receptionist and worked her way up to security researcher, developing her skill set as she gained experience.I was so inspired I felt that even I could apply for a security position. While I do love the classroom, I also learn best when I can combine auditory instruction with the visual and kinetic tools that bring content to life. After a week of trying to answer the question of why certifications matter, I’m still not convinced that they are the key to being successful at a job. They are, however, a way to get you noticed to get an interview.Karen Evans, USCC national director said, “Most Human Resources (HR) departments look for the certifications from multiple certifying bodies. The certifications do provide a filter for HR to screen applications and attempt to provide the baseline qualifications needed for the position(s).” [ MORE ON CERTS: Which certifications matter most for those new to security | Why certificates matter, and which ones matter most ]Beyond the certifications already mentioned this week, there are some sector specific trainings that will help you to advance in your career. Looking at security through the four lenses of ‘cyber’, ‘information’, ‘infrastructure’, and ‘software’ will help you determine the best career path and which certifications you need, said David Shearer, CEO, (ISC)2. Those who are looking to advance their careers might want to consider the Associate of (ISC)2 program, which serves as an on ramp for entry level folks looking to hone skills through rigorous training.Many of the industry folks I connected with said that they look for the SANS certifications, and the Center for Internet Security recommended the following certifications for those interested in being analysts, though they also said that none of these are official or required when recruiting.For SOC analysts the first certification we recommend is SANS GCIA: Certified Intrusion AnalystFor CERT analysts the consensus is to start with SANS GCFE (FOR408): Windows Forensic Analysis and then go to GCFA(FOR508): Advanced Digital Forensics and Incident Response (note: if you do not have any forensics experience you should not start with 508)“I highly suggest SANS courses, which includes GCIA and GCFA, and they greatly increase chances for, at minimum, an interview, said, Tom Gorup, security operations leader, Rook Security.Gorup said, “These are great hands-on certifications which require a decent amount of technical know-how to get started, and give real world scenarios and hands-on training to gain a great understanding of the domain.” For Security Analysts Jeff Schilling, CSO, Armor, said, “Security + is still a great foundational certification for those entry level security analysts. As a next step, we like to see our security analysts progress and get their Certified Ethical Hacker certification so they can learn the way threat actors think.”The top three certifications that Michael Angelo, chief security architect – CRISC, CISSP, Micro Focus likes to see in candidates are:Certified in Risk and Information Systems Controls (CRISC): demonstrates that the recipient knows how to analyze risks in infrastructure. More times than not, people will make decisions, without understanding the issue or risk they will incur.Certified Ethical hacker (CEH): While it focuses on already existing tools, it demonstrates that the recipient understands the current state of hacker tools that can be used to analyze an environment for potential security vulnerabilities. It demonstrates a person knows how to develop code securely and can adhere to the requirements of Secure Development Life Cycle (SDLC). Certified Secure Software Lifecycle Professional (CSSLP): Given that all computer systems contain software, and that the cause of most successful attacks on systems is via the software, this certification is a must have. Related content news analysis Searching for unicorns: Managing expectations to find cybersecurity talent Finding the cybersecurity leaders of tomorrow means being realistic about job descriptions and providing training and mentoring for non-traditional tech people. By Kacy Zurkus Sep 29, 2017 4 mins IT Skills Careers IT Leadership feature Vulnerability vs. risk: Knowing the difference improves security Conflating security terms evokes fear but doesn't help security newbs understand the difference between vulnerabilities and actual risks. By Kacy Zurkus Sep 26, 2017 3 mins Risk Management Vulnerabilities IT Leadership opinion What the Equifax breach means to me — an end user perspective Recovery and resiliency or apathy. Which will prevail now that most everyone's PII has been exposed in another massive breach? By Kacy Zurkus Sep 15, 2017 4 mins Cyberattacks DLP Software Internet Security opinion Abandoned mobile apps, domain names raise information security risks When app creators abandon domains for bigger, better deals, what happens to all the app-specific data? By Kacy Zurkus Sep 08, 2017 3 mins Access Control Data and Information Security Vulnerabilities Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe