One of the fastest growing areas of the enterprise is cybersecurity. Every year, more attacks are carried out meaning more of the IT budget is allocated for bolstering security, ultimately leading to the need to hire more cybersecurity experts to protect your organisation.
According to cybersecurity company CrowdStrike, which recently published a casebook with takeaways and insights into the frontlines of incident response (IR) cases spanning 2018, organisations are not making substantive progress to detect intruders and stop breaches overall.
The study also found that commodity malware was often observed as a precursor to larger, more disruptive attacks, and that there has been a dramatic rise in the number of attacks that leveraged social engineering and phishing.
With 82% of IT and cybersecurity professionals claiming they don’t have the right amount of necessary talent within their organisation, many are no resorting to in-house training to bring their employees up to scratch.
Certifications are often the best way to ensure the people you work with have the right knowledge and skills to excel in their job. Malaysia has even set up its own certification body which operates under the ‘Cybersecurity Malaysia Information Security Management System Audit and Certification (CSM27001) Scheme’.
It provides recommendations based on the National Institute of Standards and Technology (NIST) framework and has developed a stringent process for local vendors that includes a comprehensive evaluation of all qualifications.
So, whether you’re hiring a new employee or looking to improve your own career prospects, here is a list of some of the best IT security certifications currently on offer.
Requirements: A minimum of two years experience in IT and network security
CompTIA’s Security+ is often considered to be a core, entry level certification that can act as a springboard for IT professionals looking to peruse intermediate-level cybersecurity jobs.
The certification combines hands-on trouble shooting with practical problem-solving skills to ensure those who pass the certification can both identify and address security incidents.
It covers network security, compliance and operation security, threats and vulnerabilities, as well as application, data and host security.
GIAC Security Essentials (GSEC)
Cost: US$769, if part of training/bootcamp, US$1,899 (without training, also called “certification challenge” or “certification attempt”)
Requirements: No specific training is required, however practical experience is recommended.
This entry-level certification is designed for professionals looking to prove that they possess the skills and technical expertise necessary to occupy “hands-on” security roles on top of their understanding of information security technology and concepts.
While a training programme is not essential, those interested in achieving this certification might want to consider taking the SANS GIAC course that includes the cost of the exam.
The GSEC certification has to be renewed every four years and pay a maintenance fee of US$429 at the end of each period.
NIST Cybersecurity Framework (NCSF), both Foundation and Practitioner
Cost: US$995 for Foundational, US$3,295 for Practitioner
Requirements: The Foundational course has no pre-requisites however you must hold a valid NIST Cybersecurity Foundation Certification or have equivalent knowledge to complete the Practitioner.
The Foundation level NCSF course introduces applicants to the NIST Cybersecurity Framework and outlines current cybersecurity challenges and explains how organisations who implement a NCSF programme can mitigate these roadblocks.
The Practitioner level course provides students with the skills and abilities to design, build, test, manage and improve a cybersecurity program based on the NIST Cybersecurity Framework.
Offensive Security Certified Professional (OSCP)
Cost: starting at US$800
Requirements: Penetration Testing with Kali Linux
Offensive Security’s OSCP is an ethical hacking certification aimed at information security professionals.
The course teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution. It requires holders to successfully attack and penetrate various live machines in a safe lab environment.
It is considered more technical than other ethical hacking certifications, and is one of the few certifications that requires evidence of practical penetration testing skills.
Certified Ethical Hacker (CEH)
Requirements: Attend a five-day EC Council approved training course or have at least two years information security experience.
Considered to be one of the most desirable information security training programmes currently on offer, it provides students with all the necessary skills to assess the weaknesses and vulnerabilities of IT systems and infrastructures.
This certification is a must-have for anyone looking to pursue a career in penetration testing or ethical hacking.
Certified Information Security Manager (CISM)
Requirements: Five years in cybersecurity and three years in security management
This certification is a high-level credential undertaken by those looking to work in the security or risk management sector.
This qualification teaches a whole host of practical security management skills that are crucial for any information security professional.
Certified Cloud Security Professional (CCSP)
Cost: US$549 per attempt
Requirement: A minimum of 5 years of full-time, paid, cumulative information technology, including at least three years of information security and one year of cloud computing.
A certification becoming more popular as cloud computing is on the rise, CCSP is specifically designed for information security professionals with extensive experience in paid work experience in information technology.
This certification programme is suitable for mid to advanced-level professionals involved with information security, IT architecture, governance, web and cloud security engineering, risk and compliance, as well as IT auditing.
CCSP credential holders are competent in the six CCSP domains, namely architectural concepts and design requirements, cloud data security, cloud platform and infrastructure security, cloud application security, operations, and legal and compliance.
Certified Information Systems Security Professional (CISSP)
Cost: One six-hour exam at US$699 plus four additional concentration exams at US$599 each.
Requirements: At least 5 years of recent full-time professional work experience in 2 or more of the 8 domains of the CISSP common body of knowledge.
Another high-level certification, CISSP is a qualification undertaken by those working in network security.
Provided by the International Information Systems Security Certification Consortium, it equips students with a comprehensive understanding of the common body of knowledge domains; asset security, engineering and access management – to name a few.
Certified Protection Professional (CPP)
Requirements: Nine years of security experience, at least three of which responsibility for a security function has been held.
Described as the ‘gold standard’ of cybersecurity certifications, this high-level qualification is often looked for by organisations wanting to hire a CISO.
It requires security management professionals to demonstrate their knowledge of seven key security domains that have been identified by CPPs as the major areas involved in security management.
Additional reporting by Cristina Lago