Beyond the basics: The certifications you need based on the path you choose

Turns out that a lot of people have a lot of differing opinions on the education, certifications, and training folks new to security ought to have.  If you read Lysa Myers’ blog post earlier this week, you know that she started off as a receptionist and worked her way up to security researcher, developing her skill set as she gained experience.

I was so inspired I felt that even I could apply for a security position. While I do love the classroom, I also learn best when I can combine auditory instruction with the visual and kinetic tools that bring content to life. After a week of trying to answer the question of why certifications matter, I’m still not convinced that they are the key to being successful at a job. 

They are, however, a way to get you noticed to get an interview.

Karen Evans, USCC national director said, “Most Human Resources (HR) departments look for the certifications from multiple certifying bodies. The certifications do provide a filter for HR to screen applications and attempt to provide the baseline qualifications needed for the position(s).”  

[ MORE ON CERTS: Which certifications matter most for those new to security | Why certificates matter, and which ones matter most ]

Beyond the certifications already mentioned this week, there are some sector specific trainings that will help you to advance in your career.

Looking at security through the four lenses of ‘cyber’, ‘information’, ‘infrastructure’, and ‘software’ will help you determine the best career path and which certifications you need, said David Shearer, CEO, (ISC)².  Those who are looking to advance their careers might want to consider the Associate of (ISC)² program, which serves as an on ramp for entry level folks looking to hone skills through rigorous training.

Many of the industry folks I connected with said that they look for the SANS certifications, and the Center for Internet Security recommended the following certifications for those interested in being analysts, though they also said that none of these are official or required when recruiting.

For SOC analysts the first certification we recommend is SANS GCIA: Certified Intrusion Analyst

For CERT analysts the consensus is to start with SANS GCFE (FOR408): Windows Forensic Analysis and then go to GCFA(FOR508): Advanced Digital Forensics and Incident Response (note: if you do not have any forensics experience you should not start with 508)

“I highly suggest SANS courses, which includes GCIA and GCFA, and they greatly increase chances for, at minimum, an interview, said, Tom Gorup, security operations leader, Rook Security.

Gorup said, “These are great hands-on certifications which require a decent amount of technical know-how to get started, and give real world scenarios and hands-on training to gain a great understanding of the domain.”

For Security Analysts Jeff Schilling, CSO, Armor, said, “Security + is still a great foundational certification for those entry level security analysts. As a next step, we like to see our security analysts progress and get their Certified Ethical Hacker certification so they can learn the way threat actors think.”

The top three certifications that Michael Angelo, chief security architect – CRISC, CISSP, Micro Focus likes to see in candidates are:

• Certified in Risk and Information Systems Controls (CRISC):  demonstrates that the recipient knows how to analyze risks in infrastructure. More times than not, people will make decisions, without understanding the issue or risk they will incur.
• Certified Ethical hacker (CEH):  While it focuses on already existing tools, it demonstrates that the recipient understands the current state of hacker tools that can be used to analyze an environment for potential security vulnerabilities. It demonstrates a person knows how to develop code securely and can adhere to the requirements of Secure Development Life Cycle (SDLC). 
• Certified Secure Software Lifecycle Professional (CSSLP):  Given that all computer systems contain software, and that the cause of most successful attacks on systems is via the software, this certification is a must have.