CYBERSECURITY
Should I get cybersecurity certification?
Phillip Kittelson | 08 Feb 23 |
2 min read
|
Ask any who works in cybersecurity if you should pursue a certification, and you will get mixed results. The two main camps out there either say a certification is required for just about any position in the industry, or a certification is completely useless.
Certifications can be either woefully inflated, or considered the “gold standard” in an industry. Take CompTIA’s Security+ certification, which their website states recommended experience as having the CompTIA Network+ certification and “two years of experience in IT administration with a security focus.” If you enlist in the military, especially the Air Force, most of your training will concentrate on getting you to pass the Security+ exam, without having any of the recommended experience.
In fact, if you attend technical training for the Air Force’s 1D7 Cyber Defense specialty and you already have a Security+ (or higher) certification, you can expediate your progress in the course, and graduate early. Security+ is used as a litmus test to determine the skills you already have.
So…should you get a certification in cybersecurity? It depends!
There are plenty of reasons to get, and not get, a certification. Let me give you my opinion on the subject.
Regulatory
If you intend to work for a federal government agency or as a government contractor, especially on a Department of Defense (DoD) contract, you will need a certification. The DoD follows their 8140/8570 policies and requires certifications for different levels of work associated with privileged access or anything to do in the categories of Information Assurance, Information Assurance Management, Security Architecture and Engineering, and Cyber Security Service Provider roles.
In the early days of the 8570 certification mandate, you would often see a requirement to have a certification or the ability to obtain the certification within the first six months of employment. I do not see many job announcements these days with this option. Most now just state the requirement to have the certification already. The mandate has matured enough most contracts or companies just expect you to have the certification.
Lazy HR
Unfortunately, some companies receive so many applications they turn to artificial indicators for qualifications, regardless of regulatory requirements, including college degrees and certifications. Most large companies operate this way. Without the certification in-hand, most HR recruiters will just disqualify you.
Self Improvement
Reading the above, you may think I am in the anti-certification camp, however: I do defend certifications heavily in one area. A certification path often provides a solid direction and resource for upskilling (or increasing knowledge) in a particular subject area.
Sometimes navigating a subject can be tricky. What books do I trust? Which material is relevant? A certification path, included with a list of study material, can be a great shortcut in determining what to study.
When it comes to studying you can always pick up a certification book to increase your noggin, and not even take the exam. Certification books are always a great resource.
Resources
- DoD Approved 8570 Baseline Certifications
- CompTIA Security+
- CompTIA CySA+
- (ISC)2 CISSP
- CCNA Security
- SANS GIAC Security Essentials (GSEC)
- EC-Council Certified Network Defender (CND)