A look at cybersecurity certifications beyond CISSP Credit: Thinkstock With the rising tide of trouble for organizations trying to protect their infrastructures, training companies, consulting services businesses, technology vendors and higher institutions have all jumped on the training-cum-certification bandwagon. Given that there are currently 16 designated critical infrastructure sectors in the U.S., many of the IT Security professionals with whom I have spoken, have suggested that their respective sector’s needs varies just enough to require further focus on issues relating to those sectors. For example, a cyber security professional with a strong background in HIPAA might be somewhat out of place in the Energy or Utilities sectors of business, in which key security issues are found in understanding NERC (although many of the NERC compliance rules are common across most Critical Infrastructures). Aside from the CISSP Uber-cert, and the rising need for CISM / CISA and the heavy-duty SANS GSE / GIAC certification, the following table provides suggested links to industry-leading certifications by sector…Critical infrastructure sector: ChemicalRelevant IT security certification: “The Chemical Sector is an integral component of the U.S. economy that manufactures, stores, uses, and transports potentially dangerous chemicals upon which a wide range of other critical infrastructure sectors rely. Securing these chemicals against growing and evolving threats requires vigilance from both the private and public sector.”—DHSDisaster Recovery Institute (Various Certs)Computer Security Incident Handler (CSIH)Other DHS Chemical Sector TrainingGICSPCritical infrastructure sector: Commercial Facilities Relevant IT security certification: “The Commercial Facilities Sector includes a diverse range of sites that draw large crowds of people for shopping, business, entertainment, or lodging. Facilities within the sector operate on the principle of open public access, meaning that the general public can move freely without the deterrent of highly visible security barriers.”—DHSCompTIA Security+Certified Information System Auditor (CISA)Other DHS Commercial Sector TrainingCritical infrastructure sector: Communications Relevant IT security certification: “The Communications Sector is an integral component of the U.S. economy, underlying the operations of all businesses, public safety organizations, and government. Presidential Policy Directive 21 identifies the Communications Sector as critical because it provides an “enabling function” across all critical infrastructure sectors.”—DHS Microsoft MCSE SecuritySIP SSCARSACritical infrastructure sector: Critical Manufacturing Relevant IT security certification: “The Critical Manufacturing Sector is crucial to the economic prosperity and continuity of the United States. A direct attack on or disruption of certain elements of the manufacturing industry could disrupt essential functions at the national level and across multiple critical infrastructure sectors.”—DHSISA 62443 (ICS)ISO 28000 CertSABSACCIPSCritical infrastructure sector: Dams Relevant IT security certification: “The Dams Sector delivers critical water retention and control services in the United States, including hydroelectric power generation, municipal and industrial water supplies, agricultural irrigation, sediment and flood control, river navigation for inland bulk shipping, industrial waste management, and recreation. Its key services support multiple critical infrastructure sectors and industries.”—DHS CSSAGICSPGIACCISSP / ISSEPCISMOther DHS Dams Sector TrainingCritical infrastructure sector: Defense Industrial Base Relevant IT security certification: “The Defense Industrial Base Sector is the worldwide industrial complex that enables research and development, as well as design, production, delivery, and maintenance of military weapons systems, subsystems, and components or parts, to meet U.S. military requirements. Defense Industrial Base companies include domestic and foreign entities, with production assets located in many countries.”—DHSCISSPNISTFISMA CFCPCompTIA Security+ / CASPCritical infrastructure sector: Emergency Services Relevant IT security certification: “The Emergency Services Sector (ESS) is a community of millions of highly-skilled, trained personnel, along with the physical and cyber resources, that provide a wide range of prevention, preparedness, response, and recovery services during both day-to-day operations and incident response.”—DHSFEMA EMI CoursesISO 22320 Homeland Security (Specific to Emergency Services)CHSM CEMS OthersCritical infrastructure sector: Energy Relevant IT security certification: “The U.S. energy infrastructure fuels the economy of the 21st century. More than 80 percent of the country’s energy infrastructure is owned by the private sector, supplying fuels to the transportation industry, electricity to households and businesses, and other sources of energy that are integral to growth and production across the nation.”—DHSFEMA EMI CoursesHomeland Security (Specific to Energy Sector)CSSAGICSPISA 62443 (ICS)CPSS CCIPS Critical infrastructure sector: Financial Services Relevant IT security certification: “The Financial Services Sector represents a vital component of our nation’s critical infrastructure. Large-scale power outages, recent natural disasters, and an increase in the number and sophistication of cyberattacks demonstrate the wide range of potential risks facing the sector.”—DHSAICPABASEL IIIPCIPCFECritical infrastructure sector: Food & Agriculture Relevant IT security certification: “The Food & Agriculture Sector is almost entirely under private ownership and is composed of an estimated 2.1 million farms, 935,000 restaurants, and more than 200,000 registered food manufacturing, processing, and storage facilities, and accounts for roughly one-fifth of the nation’s economic activity.”—DHS ISO 22000Supply Chain Management CertISO 22317 Critical infrastructure sector: Government Facilities Relevant IT security certification: “The Government Facilities Sector includes a wide variety of buildings, located in the United States and overseas, that are owned or leased by federal, state, local, and tribal governments. These facilities include general-use office buildings and special-use military installations, embassies, courthouses, national laboratories, and structures that may house critical equipment, systems, networks, and functions.”—DHSGIACCISSP / ISSEPCISMPSPCPPCritical infrastructure sector: Healthcare & Public Health Relevant IT security certification: “The Healthcare and Public Health Sector protects all sectors of the economy from hazards such as terrorism, infectious disease outbreaks, and natural disasters. Because the majority of the sector’s assets are privately owned and operated, collaboration and information sharing between the public and private sectors is essential to increasing resilience of the nation’s Healthcare and Public Health critical infrastructure.”—DHSHCISPPCHPACompTIACHPCritical infrastructure sector: Information Technology Relevant IT security certification: “Information Technology is central to the nation’s security, economy, and public health and safety as businesses, governments, academia, and private citizens are increasingly dependent upon Information Technology Sector functions. These virtual and distributed functions produce and provide hardware, software, and information technology systems and services, and—in collaboration with the Communications Sector—the Internet.”—DHSCISSPCISMGIACCompTIACEHCOBITCritical infrastructure sector: Nuclear Reactors, Materials, WasteRelevant IT security certification: “The Nuclear Reactors, Materials, and Waste Sector covers most aspects of America’s civilian nuclear infrastructure. The Nuclear Sector-Specific Agency within the Department of Homeland Security is responsible for coordinating the security and resilience of the Nuclear Sector.”–DHS FEMA EMI CoursesHomeland Security (Specific to Nuclear Materials Sector)CPSS CCIPS NUCPISA 62443 (ICS)CSSAGICSPOthersCritical infrastructure sector: Transportation Systems Relevant IT security certification: “Homeland Security and the Department of Transportation are designated as the Co-Sector-Specific Agencies for the Transportation Systems Sector. The nation’s transportation system quickly, safely, and securely moves people and goods through the country and overseas.”—DHSDepartment of Transportation Specific DetailsCISSPCISMGIACCompTIANISTCritical infrastructure sector: Water & Wastewater Systems Relevant IT security certification: “Safe drinking water is a prerequisite for protecting public health and all human activity. Properly treated wastewater is vital for preventing disease and protecting the environment. Thus, ensuring the supply of drinking water and wastewater treatment and service is essential to modern life and the Nation’s economy.”—DHSISA 62443 (ICS)ISO 22000Supply Chain Management CertGICSPCSSA Related content opinion Back to school, part 2: no whaling allowed! 5 security safeguards to keep the CEO out of hot water. By Drew Williams Sep 12, 2017 7 mins Hacking Social Engineering Technology Industry opinion What I learned about risk on my summer vacation 10 homework assignments CSOs can give their teams to keep their bosses safe (and stay out of the principal's office!) By Drew Williams Aug 29, 2017 11 mins Risk Management Security opinion Keep the change: 9 steps to adapting to IT security Applying adaptive change management to improve infrastructure security. By Drew Williams Apr 19, 2017 9 mins Network Security Security opinion Keeping security (and alerts) in context When working to improve their security alerting and response models, CSOs might consider the context of what's getting reported as critical metadata in evaluating system behavioral characteristics. By Drew Williams Feb 28, 2017 8 mins Data Breach Data and Information Security Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe