How do you pick the path through the various cyber security disciplines? There are many programs that offer “guaranteed” results in the job market, but with so many promises what do you need to consider?
Your interests are what is going to keep you invested and drive you forward in the long game of life, it should also give you every advantage in your career. An echoing effect on furthering your career are the increases to your salary.
What if you don’t know what you want to focus on? Some certifications have laser focused topics and some allow you to get a level view on multiple domains. For myself, I didn’t have a specific focus when I jumped into cybersecurity over a decade ago. I didn’t have as many choices as there are today, but there was still an abundance to consider. At the time I was mainly focused on IAM and Cryptography, though I knew I wanted to branch out so I could develop a broader knowledge rather than honing in on any one topic. I choose the CISSP as a first step and it was the perfect fit to allow me to see more. This approach may not work for everyone, as previous experience and education can be added to the equation.
Formal education as in degrees, masters or PhDs should also be considered as these will drive your edge in the career arena. Depending on your current life stage, going back to school full-time may or may not be an option.
We’ve all see the exemplary entry job description with the 5+ years and looking for CISSP and CISA certifications in the requirements fields. With that you would think every security person alive needs to have a CISSP at birth. There are many certifications that will allow you to have an advantage over the rest of the field, but it will also boil down to experience, education, soft skills and personality. While having 10 certifications beside your name can be impressive, I also think that you can achieve to the same level of problem solving results as someone who has an equivalent combination of school education and experience.
Another consideration are the costs involved in the certification programs, not only will you need to consider training costs, but also testing and maintenance costs. There are many simple and less costly options, like programs available from major cloud providers, online course providers, and LinkedIn. Between these free to low cost options, you can start to build your resume and also figure out what suits you best.
Regulators around the world are also asking questions about the merrtis of security divisions by ensuring that there is a minimum level of specific cyber education and certifications. This can play into your hand once certified depending on how heavily regulated the country / industry is.
Note: Make sure you take advantage of your formal education as credits/experience in to your certification applications where possible.
There is no shortage of options.
Now for the reward, you might want to consider after all the time and money you are about to put in, what’s the return on investment going to be. What’s it going to mean to your bottom line.
Here are some example job descriptions with the related certifications against the base pay:
IT Security Engineer – $94,971
Senior Security Consultant – $121,942
IT Audit Manager – $124,168
Information Security Analyst – $99,275
Security Director – $148,000
Cloud Security Architect: $165,890
Pen Tester – $102,405
Ethical Hacker – $101,165
Take these figures with a grain of salt. There is no one size fits all salary globally and it can even vary company to company. My advice is to look at where the position can take you. Some companies may already see value in you as a security leader and support/pay for certification courses and testing.
In the end your cybersecurity path can and may lead you down a number of avenues which require a number of skills, but one thing is for certain – education and willingness to learn will pay back in dividends where opportunities exist. While some people may say certain certifications “weren’t worth it” I bet they have helped that person achieve their goals and allowed them to capitalize on opportunities.
There is no wrong choice.