by David Foote

10 tech certifications that pay the highest and are still growing in value

Dec 02, 2019
CareersCertificationsIT Jobs

While pay for tech certifications has been declining overall, these certs are bucking the trend more than most.

Number 10, distressed type
Credit: Shelly Still / Getty Images

Extra pay awarded by employers to talented tech professionals holding 497 tech certifications – also known as cash pay premiums – decreased in the third calendar quarter of 2019 for the fifth consecutive quarter and is now at its lowest point in 5 years. The reasons for this certifications pay trend was analyzed in “Why pay for tech certifications is declining.”

It’s not a small number of tech workers who receive pay for hot certified and non-certified skills: at last count our firm was able to validate and report cash pay premiums for nearly 1,100 skills and certifications being earned by 78,234 U.S. and Canadian tech professionals in a sample of 3,421 private and public sector employers. We’ve tracked and reported this benchmark data since 2000 in the quarterly-updated IT Skills and Certifications Pay Index (ITSCPI),

And the winners are…

The following tech certifications meet two prerequisites: they recorded impressive above-average gains in cash market value in the six months ending October 1, 2019 and they are also earning cash pay premiums significantly above the average of all 497 skills reported. They are listed below in descending ranked order of cash premium first, and percentage market value increase (including ties) second.

Application development

Certified Secure Software Lifecycle Professional (CSSLP) Market Value Increase: 6.7 percent (in the six months through October 1, 2019)         

Like other (ISC)2 certifications, the Certified Secure Software Lifecycle Professional is a vendor-neutral credential relevant to many kinds of programming and development projects. Aimed at software developers, engineers, architects, QA and penetration testers, security specialists and the like, the CSSLP recognizes competency in securing applications throughout the software development lifecycle.

Prerequisites include at least four years’ full-time work-related experience in the software development lifecycle in at least one of eight CSSLP domains, or three years’ experience plus a bachelor’s degree or equivalent in an IT-related field such as computer science or information technology. The required exam covers all phases of this lifecycle, including secure software concepts, requirements, design, implementation and coding and testing. Candidates should also be up to speed on the eight CSSLP Common Body of Knowledge domains which include software concepts, requirements, design, implementation/programming, testing, lifecycle management, deployment and operations.


Information Systems Security Architecture Professional (ISSEP/CISSP) Market Value Increase: 23.1 percent (in the six months through October 1, 2019)

Certified Information Systems Security Architecture Professional (CISSP) Market Value Increase: 8.3 percent (in the six months through October 1, 2019)         

Corporate America and the U.S. government have been sounding the cybersecurity alarm bell for years: There’s a significant shortage of skilled information security professionals in this country. Although numbers vary among various sources, a conservative estimate is that the InfoSecurity profession is growing at a CAGR of 36.5 percent between 2012 to 2022 with demand for the cybersecurity workforce expected to rise to 6 million globally by the end of 2019. In the U.S. alone the cybersecurity workforce gap will be 1.8 million jobs by 2022.

Almost every day, around 10,000 positions are available on U.S. job sites that request a Certified Information Systems Security Professional (CISSP). This clearly points to a need for skilled infosec workers, and CISSPs in particular, which is great news for aspiring CISSP candidates. A CISSP is a seasoned employee or consultant, usually with a title such as security manager, security analyst or chief information security officer, to name just a few. This person has been on the job for five or more years, and has thorough knowledge of the IT threat landscape, including emerging and advanced persistent threats, as well as controls and technology to minimize attack surfaces. A CISSP also creates policies that set a framework for proper controls and can perform or oversee risk management and software development security.

The Information Systems Security Architecture Professional (ISSAP) is for network security experts with a minimum of two years of architecture experience who are placed in key roles and generally design, develop and analyze a complete security plan. They specialize in designing security solutions and providing management with risk-based guidance to meet organizational goals. ISSAPs facilitate the alignment of security solutions within the organizational context (e.g., vision, mission, strategy, policies, requirements, change and external factors). The broad spectrum of topics included in the ISSAP Common Body of Knowledge (CBK) ensure its relevancy across all disciplines in the field of information security. Successful candidates are competent in the following six domains:

  • Identity and Access Management Architecture
  • Security Operations Architecture
  • Infrastructure Security
  • Architect for Governance, Compliance and Risk Management
  • Security Architecture Modeling
  • Architect for Application Security

Certified Forensic Computer Examiner (CFCE) Market Value Increase: 6.7 percent (in the six months through October 1, 2019)         

The International Association of Computer Investigative Specialists (IACIS) is the organization behind the Certified Forensic Computer Examiner (CFCE) credential. This organization caters primarily to law enforcement personnel, and candidates must be employed in law enforcement to qualify for regular IACIS membership. A formal application form, along with an application fee, is necessary to join IACIS. Regular membership includes current computer/digital forensic practitioners who are current or former government or law enforcement employees or forensic contractors to a government agency.

To obtain the CFCE credential, candidates must demonstrate proficiency with CFCE core competencies which can be achieved via an expensive IACICS two-week training program; candidates completing the training course can enroll directly in the CFCE program upon completion of the course. Another way is to attend a comparable course (subject to IACIS approval), pay a registration fee and successfully pass a background check to enroll in the CFCE program and sit for the exam.

The CFCE exam is a two-step testing process that includes a peer review and CFCE certification testing. The peer review consists of accepting and completing four assigned practical problems based on core knowledge and skills areas for the credential. These must be solved and then presented to a mentor for initial evaluation (and assistance, where needed) before being presented for peer review. Candidates have 30 days to complete each of the practical problems.

Upon successful conclusion of the peer review, candidates automatically progress to the certification phase. Candidates must begin work on a hard-drive practical problem within seven days of the completion of the peer review phase. Forty days are allotted to candidates to independently analyze and report upon a forensic image of a hard drive provided to them. Following specific instructions, a written report is prepared to document the candidate’s activities and findings. Once that report is accepted and passed, the process concludes with a 100-question written exam (which includes true/false, multiple-choice, matching and short-answer questions). Candidates have 14 days to complete the written examination. A passing score of 80 percent or better is required for both the forensic report and the written exam to earn the CFCE.

Cisco Certified Network Professional – Security (CCNP) Market Value Increase: 18.2 percent (in the three months through October 1, 2019)

The Cisco Certified Network Professional (CCNP) takes aim at platforms and products from a leading networking equipment vendor found at most communications and internet service providers, not to mention enterprises and businesses of all sizes, including government, research and academia. It’s hard to go wrong with Cisco certification nowadays, and the CCNP is its most important midrange credential across a wide variety of specialties. One of those is the CCNP – Security certification which is aligned specifically to the job role of Cisco Network Security Engineer responsible for security in routers, switches, networking devices and appliances as well as choosing, deploying, supporting and troubleshooting firewalls, VPNs and IDS/IPS solutions for their networking environments.

GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) Market Value Increase: 8.3 percent (in the six months through October 1, 2019)         

A white hat hacker, or ethical hacker, uses penetration testing techniques to test an organization’s IT security and to identify vulnerabilities. IT security staff then uses the results of such penetration tests to remediate vulnerabilities, strengthen security and lower an organization’s risk factors. Penetration testing is never a casual undertaking; it involves lots of planning, which includes getting explicit permission from management to perform tests, and then running tests as safely as possible. These tests often involve the very same techniques that attackers use to breach a network for real.

White hat hacking involves a great deal of problem solving, as well as communication skills. A white hat hacker also requires a balance of intelligence and common sense, strong technical and organizational skills, impeccable judgement and the ability to remain cool under pressure.

At the same time, a white hat needs to think like a black hat hacker, with all their nefarious goals and devious skills and behavior. Some top-rate white hat hackers are former black hat hackers who got caught, and for various reasons decided to leave a life of crime behind and put their skills to work in a positive (and legal) way. There are no standard education criteria for a white hat hacker — every organization can impose its own requirements on that position — but a bachelor’s or master’s degree in information security, computer science or even mathematics provides a strong foundation. For those who aren’t college bound, a military background, especially in intelligence, can help your resume get noticed by hiring managers. Military service is also a plus for employers who require or prefer those with security clearances.

The GIAC Exploit Researcher and Advanced Penetration Tester certification targets security personnel whose job duties involve assessing target networks, systems and applications to find vulnerabilities. The GXPN certifies that candidates have the knowledge, skills and ability to conduct advanced penetration tests, model the behavior of attackers to improve system security and the knowledge to demonstrate the business risk associated with these behaviors

EC-Council Certified Security Analyst (ECSA) Market Value Increase: 33.3 percent (in the six months through October 1, 2019)         

EC-Council Certified Security Analysts are required to demonstrate the application of the penetration testing methodology that is presented in the ECSA program and are able to perform a comprehensive security audit of an organization. They perform advanced network scans beyond perimeter defenses, leading to automated and manual vulnerability analysis, exploit selection, customization, launch and post exploitation maneuvers.

GIAC Certified Forensics Analyst (GCFA) Check Point Certified Security Administrator (CCSA) Market Value Increase: 22.2 percent (in the six months through October 1, 2019)         

The GIAC Certified Forensics Analyst focuses on computer forensics in the context of investigation and incident response, and thus also focus on the skills and knowledge needed to collect and analyze data from Windows and/or Linux computer systems during such activities. Candidates must possess the necessary skills, knowledge and ability to conduct formal incident investigations and advanced incident handling, including dealing with internal and external data breaches, intrusions and cyberthreats; collecting and preserving evidence; understanding anti-forensic techniques; and building and documenting advanced digital forensic cases.

The Check Point Certified Security Administrator certification validates the ability to install, configure and manage Check Point Security Gateway and Management Software Blade systems on the GAiA operating system. Holders of this certification are tested to be able to: Defend against network threats; evaluate existing security policies and optimize the rule base; manage user access to corporate LANs; monitor suspicious network activities and analyze attacks; troubleshoot network connections; and implement Check Point backup techniques

More specially the skills the holders of this certification embrace are:

  • Installing R80 management and a security gateway in a distributed environment
  • Configuring objects, rules and settings to define a security policy
  • Working with multiple concurrent administrators and define permission profiles 
  • Configuring a Virtual Private Network and work with Check Point clustering
  • Performing periodic administrator tasks as specified in administrator job descriptions