Looking for a career change in the new year? There's no better time to consider a career in cybersecurity: U.S. businesses and government agencies are spending billions of dollars each year to protect their data and assets from malicious attacks, with Forbes reporting that $170 billion will be spent worldwide by 2020.
With the demand for qualified security professionals soaring, certification is a logical way for you to verify your skills and knowledge, and to get your resume noticed. Here are five certifications that can help launch your cybersecurity career.
1. Microsoft Technology Associate (MTA) Security Fundamentals
Of the certifications featured in this article, the MTA Security Fundamentals is the most "entry-level" one of the bunch. Aimed at high school and early college students, as well as those in the workforce who are looking to change careers, the MTA Security Fundamentals recognizes knowledge of core security principles as well as the basics of operating system, network and software security. To achieve certification, you must pass a single exam, which costs $127.
To improve your chances of achieving the MTA Security Fundamentals certification, Microsoft recommends that you have some hands-on experience with Windows Server, Windows-based networking, firewalls and other common security products.
2. ISACA CSX Cybersecurity Fundamentals Certificate
Folks in the security industry know ISACA for such long-running certificates as its Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA) and similar certifications, all of which grant intermediate to advanced credentials. The CSX Cybersecurity Fundamentals Certificate is relatively new to the ISACA certification program and was designed to fill the entry-level niche. Geared toward recent post-secondary graduates and those seeking career changes, this certificate covers five cybersecurity-related domains: concepts; architecture principles; network, system, application and data security; incident response; and security of evolving technology.
The single exam costs $150, and the certificate doesn't expire or require periodic recertification.
3. CompTIA Security+
Perhaps the most well-known entry-level security certification is the Security+, which covers a wide array of security and information assurance topics, including network security, threats and vulnerabilities, access controls, cryptography, risk management principles, and application, host and data security. The certification meets U.S. Department of Defense Directive 8570.01-M requirements — an important item for anyone looking to work in IT security for the federal government — and complies with the Federal Information Security Management Act (FISMA).
CompTIA recommends that candidates have two years of relevant experience and achieve the Network+ credential before taking the Security+ exam. At $311, this exam lands roughly midway between least and most expensive, compared to other entry-level certifications. The Security+ leads to such jobs as security administrator, security specialist and network administrator, among others.
4. GIAC Information Security Fundamentals (GISF)
GIAC gears the GISF toward system administrators, managers and information security officers who need a solid overview of information assurance principles, defense-in-depth techniques, risk management, security policies, and business continuity and disaster recovery plans. The topics covered on the single GISF exam are similar to those for the CompTIA Security+, but GISF is considered to be more challenging. GIAC exams in general require test takers to apply knowledge and problem-solving skills, so hands-on experience that has been gained through training or on-the-job experience is recommended.
If you take a SANS training course and then sit for the GISF exam, the exam cost alone is $689. Taking the exam without completing training, referred to as a "certification attempt" by GIAC, bumps the exam cost to a whopping $1,249. GIAC includes two practice exams in the certification-attempt package.
After achieving the GISF, consider pursuing the GIAC Security Essentials (GSEC), an intermediate-level certification that takes a big step beyond foundational information security concepts.
5. (ISC)2 Systems Security Certified Practitioner (SSCP)
The (ISC)2 Certified Information Systems Security Professional (CISSP) is probably the most recognizable and popular security certification today. But (ISC)2 offers several security-related certifications, with the ANSI-accredited SSCP filling the entry-level slot. The SSCP prepares you for such jobs as systems security analyst, network security engineer and security administrator, which typically start at the junior level if you don't already have technical or engineering-related information technology experience.
To achieve the SSCP, you must pass a single exam that includes questions that span seven common body of knowledge (CBK) domains: (1) Access Controls, (2) Security Operations and Administration, (3) Risk Identification, Monitoring, and Analysis, (4) Incident Response and Recovery, (5) Cryptography, (6) Network and Communications Security, and (7) Systems and Application Security.
To ensure that you have sufficient hands-on security knowledge before taking the exam, (ISC)2 recommends that you attend training courses or conference workshops, participate in webinars, and read white papers and books.
The exam costs $250, and (ISC)2 offers a variety of study resources for purchase on its website.
Preparing for your exams
Regardless of which certification seems like a best fit for you, be prepared to devote ample self-study time to the effort. Many test takers prefer to use a top-rated study guide along with some practice tests and flash cards when preparing for a certification exam. If your learning style is more conducive to formal instructor-led training, factor the costs and required time into your plans. Although training costs vary by certification, they typically run from $400 to over $5,000, depending on whether you choose online, virtual classroom or in-classroom delivery.