The threat of cyber-attacks is increasing and the trend is expected to continue, according to Robert Half’s ‘Cyber-security – Defending your future’ report. While companies are facing the huge reputational and financial damage that can flow from breaches in cyber-security, those with IT security expertise have a sunnier outlook.
There’s never been a better time to consider whether you should add IT security certifications to your CV. Managing director of Protiviti Ewen Ferguson comments that demand is outstripping supply when it comes to IT security specialists.
“Many companies resort to overseas recruitment because the talent pool in their national market is not sufficiently large. They also place staff retention higher on their business agenda for exactly the same reason.”
This increasing threat has also seen the rise of the chief information security officer (CISO) within companies, giving those in the field an opportunity to progress to senior managerial positions.
As the number of IT security trends rise, we consider two of the top IT security certifications – CISSP vs CEH – and get the lowdown on which would be more beneficial for your IT security career.
CISSP: A business-focused IT security certification
The CISSP (Certified Information Systems Security Professional) certification, governed by the International Information System Security Certification Consortium, is globally recognised.
IT security consultant and managing director of ThreatDefence Zlatko Hristov says, “The CISSP is a very broad certification, and involves a challenging exam. In job descriptions, the CISSP is almost everywhere. If you apply for any IT security job that has management responsibilities, then this certification is a must.”
Cyber-security consultant and IT blogger Karissa A. Breen comments, “The CISSP certification is indicative of someone who is looking to step up in their career. The certification requires a comprehensive level of understanding towards the industry.”
The reason the CISSP is so valuable on a CV stems from the nature of the business environment. According to Hristov, “One of the biggest challenges in IT security is obtaining business endorsement and sign-off on proposed security strategies and measures. A candidate with CISSP will be able to achieve this more easily because it’s a very business-focused certification, giving them the skills to move away from just technical language.”
CEH: An IT certification to wage war against cyber-criminals
The CEH (Certified Ethical Hacker) certification offered by EC-Council does exactly what the name suggests – teaches you to hack in an ethical way. By learning to look for weaknesses and vulnerabilities in target systems, using the same knowledge and tools as a malicious hacker, someone with a CEH qualification can assess the security of targeted systems. The course is premised on the idea: To beat a hacker, you need to think like a hacker.
Again, when completing this certification, it can help if you have some previous experience. “When you’re learning how to use hacking tools, you don’t need technical knowledge,” says Hristov. “But the more you have, the easier it will be. If you work as a system administrator or you’re managing severs, throughout that experience you’ll have learnt ways to exploit the system by accident.”
“Similar to the CISSP, having a CEH demonstrates your passion and capability to an employer about IT security,” says Breen. “HR departments will know you have undergone a rather extensive and difficult exam to achieve the certification.”
CISSP vs CEH: Which is the right IT security certification for you?
When choosing whether to take the CISSP or CEH, it really depends on what type of role in IT security you’re after, and the demand from recruiters.
Breen suggests being very clear about which certification suits you best, and then finding a mentor to provide direction when completing the certification. “This is mainly down to the level of difficulty and time commitment involved,” says Breen.
While certifications are great, Hristov says, “Achievements will take you further than a collection of certificates. Candidates should also be able to answer the hard technical questions.”
When selecting IT security staff, Hristov looks to certifications last. First, he looks for passion and a hunger to learn. “Being self-taught can be a sign of passion,” he says.
For those considering a career in IT security, according to Robert Half’s ‘Cyber-security - Defending your future’ report, those with technical experience in the following areas are especially in demand:
- Cloud security
- Hacking/penetration testing
- Big data/data analytics
- IT audit
- Mobile security
While cyber-security skills are in hot demand, you shouldn't be complacent. Take the time to research and identify which qualification suits your career objectives for cyber-threats. In an ever-changing environment, certifications and skills should be continually updated to meet the rigorous demands of the IT security industry.