Cyber security is a hot topic these days. If you are on social media, you’ve probably seen at least one incident of a friend who's had their account hijacked by a hacker; Denial of Service attacks have taken down many high profile servers and even credit ratings agencies have been compromised by these hackers.
Certifications or Certificates What is the Difference?
Certificates and Certifications are often confused. It's easy to do so and your auto fill program might often recommend one when the other is properly used, thus increasing the confusion. The difference is significant, though, at least in terms of long-term utility.
That is because a certificate is the result of an educational process. When you receive a certificate in cyber security, for instance, you have completed a set of courses from an accredited educational facility. You can thus use your coursework to count towards a full degree later, if you choose.
A certification, on the other hand, is generally the result of an assessment provided by a non-educational or non-governmental agency. These are often purely for use in an occupation and the content they cover comes from industry and not peer-reviewed, academic research. A certification might help you land a job or boost your resume, but it won't count towards any academic degrees. Further, certifications frequently expire and require ongoing coursework, and sometimes periodic re-testing, to remain valid.
What You Need to Know to Get Properly Certified
Certifications Vs. Degrees
Computer science degrees span two-year associate degrees through PhDs. As you increase your academic achievement, you will see how each degree builds on the previous one. Further, once you attain a degree, you can use those courses and credits towards your next degree.
A certification, on the other hand, is based more on occupationally applicable facts and data. Generally speaking, the information you need to attain a certification is not based on academic research but on the facts of commercial software or industry trends. Thus, your certification must be constantly maintained and upgraded to keep pace with new products or technologies.
A degree, on the other hand, is a credential that does not expire. Though the information you cover during the course of a degree can become depreciated, the degree itself demonstrates an overall ability to work with the material in your field. In effect, a certification shows that you have built on the material you covered during your school days.
Vendor-Neutral vs. Vendor-Specific
A vendor specific certification is one that trains and assesses you on the operation and maintenance of a specific commercial product. In the world of cyber security, you might be certified to guard Microsoft products from a cyber-attack, such as their server software. Thus, you might not be able to work on Cisco servers or protect a Linux server from attack without earning a different certification.
Vendor neutral certifications, on the other hand, are conferred by industry organizations apart from hardware or software vendors. They are likely to be more broad-based in nature and quite possibly applicable to a range of specific products. For instance, such a neutral certification might test you on ethical hacking, penetration tests, or auditing information systems.
In both cases, these certification programs might have their own set of prerequisites. Some might require a specific degree, while others require that you verify a certain level of experience. There are some that have no requirements but you will still want to undergo a period of intensive study prior to sitting for their exam.
Undergraduate Vs. Graduate Certifications
Undergraduate and graduate certificates offer a fantastic option for professionals who want to add new academic credentials to their resumes without committing to a full degree program. While you can take the credits from a certificate program and apply them to a full degree later, there is no requirement to do so. There are two basic sorts of certificate, undergraduate and graduate.
An undergraduate certificate is comprised of a series of courses and credits that are considered to be ample to demonstrate sufficient knowledge in a field. For instance, you might take 18 credit hours in computer science to qualify for a college's undergraduate certificate. This is a great option if you have limited knowledge of CS and want to start transitioning to a new career. To qualify for a certificate program, you may have to take or show proof that you've taken certain prerequisites.
On the other hand, a graduate certificate performs much the same function. It's a great way to develop your knowledge of a subject, such as computer science or ancillary subjects, without committing to a full degree program. At the graduate level, you will probably be required to have an undergraduate degree in the subject, or at least have passed certain prerequisites.
Cost & Time Frame
Any sort of training, whether a vendor certification or a college degree, takes a lot of time and energy to attain. In the case of a certification, you may need to spend a good deal of time studying or even taking preparation courses before you sit for the exam. Some certifications require that you have verifiable experience in the field prior to sitting for their exam.
Academic degrees and certificates, on the other hand, have set time frames for completion. That is, they are designed to take a set amount of time. Associate degrees are slated to take approximately two years and you can often complete an academic certificate in a year or less. You might need more time, and programs typically allow extra time, or you might be able to finish your program early. In fact, many academic programs offer accelerated tracks to graduation that might shave a half-year from your total time. Keep in mind that most academic time frames are based on full-time attendance, which might impinge on your work or other obligations.
Degrees and academic certificates can also be quite costly. Their pricing is based on credit hours and will add up quickly. However, educational achievement is highly valued in our society, so you can find federal student loans to help pay your tuition. There are also scholarships available from a wide array of sources. For military personnel you might receive funds via the GI Bill, and there are even special programs and scholarships available specifically for active-duty and honorably discharged veterans.
Where to Find Cyber Security Certifications
Cyber Security Certifications are available from a wide range of vendors. For instance, technology companies offer certifications for people who work with their products. There are also independent organizations that offer certifications that are highly valued and applicable across a range of products and IT systems.
These certifications are primarily based on how well you perform on an examination. For most of them, you don't necessarily have to complete any specific training or take any courses. However, since the exams are quite rigorous, you will probably want to purchase and study specific materials, take courses, and even attain lower-level certifications prior to achieving your end goal.
There are also various schools online and elsewhere that offer certifications. These programs are not academic institutions but are often conglomerations of IT and cyber security experts who have designed curriculum and examinations that have received industry accolades. For instance, Linux Academy offers a range of online courses and exams that have the esteem of many in the IT industry. You don't need any sort of credentials to take their courses, apart from willingness to learn and the ability to pay their nominal fees.
You may find a wide variety of outlets that offer certifications. However, make sure to do your research to discover whether the organization has a strong reputation. If you're just getting your feet wet, a less-reputable outlet might be a cheap way to gain a bit of knowledge and determine whether that path is truly for you.
If you decide to pursue an academic degree as part of your training for a cyber security career, you must make certain that your chosen program has been endorsed by a reputable, independent accrediting agency. Accreditation means that your program's curriculum, instructors, and even student outcomes have been thoroughly audited and found to be of high quality. Your education will thus be well-respected. Furthermore, if you are completing a two-year or baccalaureate degree, your coursework is likely to transfer to your next degree-granting institution. Without accreditation, you might not be able to attend a good graduate school until you take or retake certain courses.
Certification programs can likewise achieve accreditation. The American National Standards institute (ANSI) qualifies occupational certifications. Their standards are much like those of any accrediting agency, thus ensuring that your training and examination will provide satisfactory results.
Important Organizations to Know About
There are a growing number of cyber security organizations that offer certifications to skilled professionals who can pass their examinations. There are also educational outlets that offer courses that are specifically designed to prepare you to pass those exams. Some will serve both purposes and all of them can help you take your career to the next level.
- International Information System Security Certification Consortium - (ISC)2
- Computing Technology Industry Association
- Linux Academy
- International Council of Electronic Commerce Consultants (EC-Council)
- Information Systems Audit and Control Association (ISACA)
- National Initiative for Cybersecurity Careers and Studies (NICCS)
- Code Fellows
- Linux Foundation
Businesses Offering Certifications
- Cisco Systems
- IBM Security Learning Academy
Once you pass a certification examination you can certainly celebrate that achievement. Those exams can take up to six or more hours, often require weeks or months of preparation, and can help you land the job of your dreams. However, there is still work to do.
Many certifications require maintenance. You may need to take more coursework as time goes on, and perhaps re-certify at certain intervals. This is because the field is constantly changing. Criminal hackers devise new ways to break into systems and there are new systems being designed all the time. For instance, you may need to learn more about quantum cyber security or security via blockchain. These new technologies are sure to be in enough flux that you will need to stay on top of the latest developments.
While you can still list an expired certification on your resume, if you keep your credentials active and current, bosses and employers are sure to reward you all the more.
These days you can learn most anything online. This might especially apply to cyber security. You can take professional certification courses or academic certificate programs entirely online. However, you can also find classroom instruction that will prepare you for industry certification as well as on-campus colleges that can provide any level of degree that you are ready for.
Since industry certifications are only contingent on your exam scores, you can even purchase books and prepare with the help of a physical or electronic book. Be sure to confirm the requirements necessary to sit for the exam, as some require a certain level of experience or a degree.
If you are excited about advancing your knowledge base, as well as your career, you will likely be interested in how you can make your classroom work or examination scores pay off in the future. If you have taken accredited classes and earned a certificate from an academic institution, your transcripts can be used when applying for the next level degree or certificate. While there is never a guarantee that all of your course credits will transfer, the courses will receive acknowledgment.
On the other hand, if you have an industry certification that you earned by passing an examination, you will not be able to use that work towards a degree. That is, you won't have any college credits to show on a proper transcript. However, if you have an academic degree as well as the industry certification, admissions counselors will count that when weighing your application for admission. For instance, if your GPA isn't quite up to par but you have certifications and years of experience, some graduate schools may put less weight on your academics.
Before you enroll in a program, be sure to do your research. Review the course offerings for an academic certificate or the content and purpose of a professional certification. You should also take a measure of what people's actual experience has been; look around for reviews. You can also discuss the programs and certifications with industry professionals.
When you check reviews online, always be a bit wary. Look for reviews that are substantial and that rely more on facts than subjective opinions. If you want advice on what general degree or certification to pursue, look for websites like Quora, which tend to attract responses from professionals who provide detailed responses.
Since Cyber Security is a matter of national security, the National Security Agency (NSA) sponsors a Center of Academic Excellence in Cyber Defense. They offer two designations in this area: one for education, which covers associate, bachelor’s, graduate, and doctoral programs, the other designation is for research.
The NSA has created this standard and assigns the esteemed designations in an effort to bolster our overall national security. While you may certainly want to find such a program if you intend to work in a government agency, it is also valuable in the private sector. The NSA provides this because every system in the nation needs cutting-edge cyber security, including private businesses.
This designation is surely sought after by department heads in all academic computer science and information technology departments. After all, if a graduate can claim the NSA's Cyber Defense designation then employers will know that their coursework was at the cutting edge for the United States.
Popular Industry Types and Specialties
CISSP: Certified Information Systems Security Professional
This certification is designed for experienced Cyber Security professionals who may even be at the C-level, such as Chief Information Officers. This exam, and the resulting certification, will prove to all that your knowledge and skill sets are at the highest levels. In order to qualify to sit for the exam, you must be able to show a minimum of five years cumulative paid work experience in the field. In particular, you must regularly work in two of these eight domains:
- Security and Risk Management
- Asset Security
- Security Architecture and Engineering
- Communication and Network Security
- Identity and Access Management
- Security Assessment and Testing
- Security Operations
- Software Development Security
CISA: Certified Information Systems Auditor
The CISA certification proves your ability to audit information systems, manage IT, develop and implement IT, manage service and maintenance of IT, and protect information assets. This certification tends to focus on auditing and thus might be well-suited for someone interested in computer forensics as well as troubleshooting security protocols. Your CISA certification will lend yourself and your organization an added layer of credibility and thus help you land the jobs you most covet.
CISM: Certified Information Security Manager
The CISM certification proves your expertise in information security governance, information risk management, information security development and management, and incident management. Each of those domains share a near-equal portion of the exam, though risk management comprises the largest portion, taking up 30% of the test. Note that, to maintain your CISM, you must pay annual fees and remain current with your Continuing Professional Educational Credits.
GCIH: GIAC Certified Incident Handler
Incident handling involves preparing for, defending against, and responding to any cyber-attack on your IT department. A passing score on the exam proves that you have expert knowledge of handling client attacks, denial of service attacks, containment, password attacks, and much more.
Since the 150-item exam covers so many practice areas, you may wish to find a preparation program prior to registration. However, there are no special requirements for sitting this exam. Once you pass, you may find a wide range of salaries for professionals with this certification. Certified incident handlers earn between $50,000 and $150,000, depending on their job title, education, and experience level.
CEH: Certified Ethical Hacker
Ethical hackers do essentially what unethical hackers do, but on the side of the good guys. They seek to hack into systems for the sake of discovering weak points and assessing how to better support security protocols within a system. The test to become a CEH involves 125 multiple-choice items and there are four hours allotted to the testing period. While you don't need to have any specific background or qualifications for this certification, you might consider taking a prep course, reading books on the subject, and consulting with the ethical hackers you may already know.
Additional Security Certifications
Cyber security certifications are increasingly popular, and in demand. Our national consciousness is increasingly aware that forces, both from within and without, are aiming to compromise our information systems. Thus, to be the very best professional you can be, it is vital to prepare for and pass a cyber security certification test.
You can prepare in any number of ways. Some certifications require that you have extensive experience, but most suggest training courses. Since there is so much riding on your expertise, and to help ensure that you pass the exam the first time, it is advised that you prepare yourself with classes and books on the subject.
Department of Defense 8140/8570 Requirements and Certifications
The United States Department of Defense directive 8570 will soon transition over to 8140 for the purposes of ensuring the safety and integrity of information properties held by the DoD. Any military service member, civilian contractor, or anyone at all who has access to sensitive information or systems under the purview of the DoD must now receive some sort of cyber security certification in order to obtain work. This protocol requires a GIAC certification in cyber security. Depending on your job, you may be asked to take examinations for one of the following certifications:
- GIAC Security Essentials Certification
- Certified Incident Handler
- Security Leadership Certification
- GIAC Certified Intrusion Analyst
- GIAC Systems and Network Auditor
- Global Industrial Cyber Security Professional
Computer Forensics Certifications
Computer forensics is the practice of investigating crimes that involve computers or servers. These professionals seek to uncover how breaches occur and how the criminals cover their tracks. They might also be called up on to search computers for vital information. For instance, when investigators seize thousands of emails, they implement the tools, and professionals, of computer forensics to handle that job.
Positions for computer forensics professionals are proliferating in the law enforcement community, including state and federal agencies. However, you might also find that the private sector is interested in hiring forensics professionals on a contract or even full-time basis. Attorneys might also be interested in using computer forensics experts to help protect their criminal and civil clients.
Computer forensics experts may work on cases related to hacking, but that is not their primary work. Penetration testers, ethical hackers, and security software engineers are more concerned with attacks to an organization's cyber security. Pen-testers and ethical hackers emulate the methods of a hacker to determine the relative security of a system, while security software developers and engineers create firewalls and other security software to ward off attacks.
Ultimately, computer forensics professionals are called in after a crime has been committed, or to help investigate a suspected crime. They search through hard drives, thumb drives, and email accounts when such items are entered into discovery during a civil matter.
Types and Abbreviations for Forensics Certs
- Certified Forensic Computer Examiner (CFCE)
- Certified Computer Examiner (CCE)
- EnCase Certified Engineer (EnCE)
- AccessData Certified Examiner (ACE)
- Computer Hacking Forensic Investigator (CHFI)
Global Information Assurance Certification (GIAC)
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Certified Forensic Examiner (GCFE)
- GIAC Reverse Engineering Malware (GREM)
- GIAC Network Forensic Analyst (GNFA)
- GIAC Cyber Threat Intelligence (GCTI)
- GIAC Advanced Smartphone Forensics (GASF)
Information Security Certifications
Information security is a sector of the information technology profession and industry that is concerned with the overall integrity of information systems. Governments and businesses rely on the integrity of their data, and thus they need professionals that specialize in information security. IS experts have thus devised rubrics with which to certify high tech workers as specifically qualified to work in security.
When you have a certification in information security, you will have credentials that prove that you are capable in this specific area of IT. That is, a network administrator might be able to moderate a network during normal operations, assigning permissions and passwords to users. The security professional, on the other hand, might have the skills to penetrate that network and take over a user's account, if not usurp the network administration functions all together.
Other areas of IT, such as software development, may offer certifications for professionals who work on standard user-based software. Then there are developers who create security software that runs on desktops and over networks. Those who specialize in security might opt for a Certified Secure Software Lifecycle Professional (CSSLP), which is offered through ISC2 and is a great way for a software developer, for instance, to bring her career to the next level.
Types and Abbreviations for Information Certs
- Certified Information Security Manager (CISM)
- Certified Information Systems Security Professional (CISSP)
- Cisco CCNA Cyber Ops
- Certified Virtualization Professional (CVP)
- Certified Cyber Secure Coder (CCSC)
- Certified Identity and Access Manager (CIAM)
- Certified Identity Governance Expert (CIGE)
- Certified Identity Management Professional (CIMP)
- Certified Identity and Security Technologist (CIST)
- Certified Identity Protection Advisor (CIPA)
- Certified Red Flag Specialist (CRFS)
- Certified in Data Protection (CDP)
- Certified Information Privacy Professional/Manager/Technologist (CIPP/CIPM/CIPT)
- Healthcare Information Security and Privacy Practitioner (HISPP)
Computer Security Certifications
Computer Security certifications are special credentials given to computer professionals as evidence of their expertise with cyber security tools and practices. These certifications often require a great deal of knowledge and skill. In fact, many computer security certifications have inspired a host of educational outlets to train IT professionals so that they can pass the certifying examination.
To attain credentials in this field, you must not only have expertise in a specialized area of information technology, such as network administration or software development, but you must also know all of the security issues involved. Certified network administrators may be experts at monitoring, developing, and maintaining a network for normal, day-to-day use. However, a computer security professional might understand how to exploit weaknesses in that network. Thus, security experts frequently begin as regular IT professionals and then adapt their knowledge to the security side of things.
In a similar way, a certified software developer might transition to work on security software. She would thus pursue credentials to verify her skills in that field. While the two positions and credentials are similar, demonstrating expertise in security software might make the difference when it comes to landing a dream job.
Types and Abbreviations for Computer Certs
- CompTIA Cybersecurity Analyst (CySA+)
- Certified Ethical Hacker (CEH)
- CompTIA Security+
- NIST Cybersecurity Framework (NCSF) Foundation/Practitioner
- Certified Cloud Security Professional (CCSP)
- Certified Protection Professional (CPP)
- Offensive Security Certified Professional (OSCP)
- Certified Access Management Specialist (CAMS)
- CyberSec First Responder (CFR)
- SANS GIAC Security Essentials (GSEC)
- Advanced Security Practitioner
- Certified Authorization Professional (CAP)
- Certified Cyber Forensics Professional (CCFP)
- Certified Expert Penetration Tester (CEPT)
- Certified Incident Handler (CIH)
- Certified Information System Auditor (CISA)
- Certified Penetration Tester (CPT)
- Certified Penetration Testing Consultant (CPTC)
- Certified Penetration Testing Engineer (CPTE)
- Certified Secure Software Lifecycle Professional (CSSLP)
- Certified Security Analyst (CSA)
- Certified Security Testing Associate (CSTA)
- Master Mobile Application Developer (MMAD)
- Systems Security Certified Practitioner (SSCP)