In a time when professionals with IT security skills are in high demand, are certifications still important to obtain? In a field where hands-on experience and a proven track record of network defense successes are normally considered the must-have, what role do certifications have? And in particular, is a CompTIA Security+ Certification the right cert to have when looking for a job in InfoSec?
Certifications complement well a professional’s work experience; many employers use them to screen candidates, and many jobseekers are relying on them to prove their worth to future employees and to gain an edge on competition. The fact that certifications are still required for many positions and are still very sought-after by professionals shows that they do have an important role in the life of InfoSec practitioners.
Why would an employer want to hire someone with the Security+?
For more than two decades, CompTIA has been helping IT security and InfoSec professionals advance in their career through training and certification exams. CompTIA Inc.’s vendor-neutral certification program provides a way for information security professionals to expand their knowledge and prove their skills and expertise thanks to a combination of questions designed to test not only their theoretical knowledge but also their hands-on abilities in topics such as network security and risk management. Passing a Security+ test and being certified can assure that the tester has at least the standard, required know-how to perform well in his profession and that his knowledge is comprehensive and current.
An interesting study by Harrison College shows how CompTIA Security+ is one of the five IT certifications highest in demand together with CompTIA A+, Cisco Certified Network Associate (CCNA), CompTIA Network+ and Certified Information Systems Security Professional (CISSP). The analysis was performed on 335,814 entry-level information technology jobs posted between 2015 and 2016 and outlined how these are the most requested certifications to enter the field. It is clear, then, how a certification like Security+ might not be the deciding factor in a hiring action or a promotion, but it might actually be the decisive element that lands a resume on the table of a hiring official.
Listed as a requirement in many vacancy announcements, it is a screening tool that is used in an attempt to focus on candidates that can prove, at first on paper, to be savvy in specific topics. At a minimum, an applicant certified in Security+, in fact, can guarantee an employer a baseline knowledge in information security and skills in protecting the organization’s infrastructure from any number of security incidents, ranging from phishing attack emails, to hacking that causes the theft, loss or compromise of sensitive data (PII). Security+ credential holders have been tested on their knowledge of network risk prevention and the use of system threat detection tools in identifying possible vulnerabilities, the need for conducting regular data threat assessments, security control measures; in addition to pure technical skills, they have also demonstrated their familiarity with legal requirements and regulatory issues as well as proper logging, effective reporting and investigations requirements.
Employers, however, might have yet other reasons to seek employees that already hold some certifications. According to a 2015 study by CompTIA on HR Perception of IT Training and Certification Study, in fact, 91 percent of polled employers actually look at having an IT certifications as a reliable predictor of the future success of an employee. The certification becomes almost a proof of the employee’s reliability, drive for success and level of engagement in his profession. In fact, 90% believe IT-certified individuals are more likely to be promoted; 89% believe IT-certified individuals tend to perform better and are more likely to stay with their organization than non-certified IT staff in similar positions.
Is there justification for employees to get certified?
Some companies still struggle to justify the financial costs of having to educate their staff. Apart from implementing and maintaining effective security systems, however, protecting digital assets entails necessarily addressing the risks related to the human element. As “security is only as strong as your weakest link,” employees’ awareness is a cardinal point in any effective defense strategy. It’s essential, for instance, to educate employees on phishing and social engineering tactics that are often used by hackers. Even more important is to make sure that a dedicated skill-enhancing program is devised for the group of employees that is more directly entrusted with the protection of the network. This need could be addressed through the creation of a certification track for all IT personnel working for the company. According to a study, Practices of Security Professionals, from CompTIA, the nonprofit association for the technology industry, “two thirds of those polled said the way to remedy security skills gaps in their organizations was by training existing employees.” The study, based on an online survey of 500 IT security professionals across the U.S., found that 56% of firms seek out IT security certifications for their technology staff.
Employees working towards their first certification or studying to renew their expiring one, guarantee they are always in contact with the newest findings and their knowledge is up to date. A solid education program that includes certifications and recertification is also an effective retention incentive, guarantying reduced attrition for experienced employees who feel empowered to continue their growth in the field without the need to change jobs periodically. It also shows the company is willing to invest in its workforce and is committed to its staff’s development; this can be a great source of motivation and builds loyalty.
For a company, there are also other types of benefits in creating a certification program for its employees. Even though the IT security field is constantly growing and there are more and more organizations looking to hire IT security consultants for the protection of their resources, competition in the IT security field is fierce and employing certified professional is often a gateway to being able to apply for specific jobs and contracts available only to firms that can provide certified consultants; it can also be a tangible proof that a company is particularly attentive to making sure its employees’ knowledge is always up-to-date; this alone can sometime give a business a nice edge on its competitors.
What types of jobs would benefit from the Security+?
Obviously a Security+ certification would be beneficial for any professionals deciding to enter or progress in the InfoSec field; in particular it is a great asset for security analysts, network security engineers, security specialist, compliance and operational security managers and anyone who has the responsibility to protect the network from threats and vulnerabilities, manage the security of applications, data and hosts as well as perform access control and identity management. Information assurance managers, information assurance analysts or similar figures that are required to identify risks for hardware and software as well as detecting any suspicious behavior or traffic with the ability of finding vulnerabilities and creating plans to avoid and recover from them, as well as, even, pen testers would require the security expertise covered in the Security+ domains.
However, as the CompTIA Security+ certification is geared towards touching on many aspects of the IT security field, it can also prove helpful for other types of IT professionals to acquire or refresh their knowledge on issues, topics and technologies that might not be part of their daily routine but that can greatly help them in the performance of their duties and show their well-roundness. For jobs like computer and information systems managers, network administrators and helpdesk analysts, InfoSec knowledge is needed to protect a company’s digital assets from unauthorized access and to understand the best resolution to mitigate cyber threats. In addition, having the certification can help secure a position as an Information Security Instructor.
CompTIA Security+ can also help secure and retain specific roles, as well as becoming a member of the federal workforce or enter the staff of several renowned IT companies that normally require or give preference to certified candidates: IBM, Dell, Microsoft to mention some. In fact, it is globally-recognized with the ISO/ANSI accreditation status, “meets the ISO 17024 standard and is approved by U.S. Department of Defense to fulfill Directive 8570.01-M requirements.
Computer security is one of the fastest growing fields in IT and, although there is a skills shortage and a demand that is higher than the actual pull of resources, such professionals are still in need to compete for the best and higher-paying jobs or still need to prove their knowledge, skills and abilities when entering the field, especially right after college.
Acquiring a certification like Security+ can be the added value that sets the professional apart and makes it easier for employers to trust in his or her skills; it can help open doors and give access to positions that would be otherwise precluded. CompTIA Security+ suits professionals in the realm of information security but also IT professionals in other fields that are still entrusted with the protection of the digital assets of their company; this is the reason why it is one of the most popular certifications and why it is still often listed as a requirement in many vacancy listings.
For professionals, there are also some added benefits; in fact, another great “side effect” of studying for an acquiring a certification is the ability to zero in on a possible specialization. A certification like Security+ prepares for a career in information security and helps employees gain knowledge in all aspects of the field, identify gaps and be exposed to all roles that an IT security professional might need to undertake. Employees can then also be guided to choosing the niche that better fit their interests and abilities.
Another benefit is also the possibility to have access to higher paying jobs and negotiating higher salaries. For professional with the CompTIA Security+ certification the average mean salary is USD$75,000 – $80,000. According to Payscale.com, certified information security analysts can make up to $98,611 and network engineers up to $96,606 (data updated as of May 2017).
This is why certifications are still a hot topic in the field and why CompTIA Security+ is still one of the most sought-after certifications. In an ever changing, fast pace field where malicious hackers and security professionals race each other to prevail, certifications, as a way to keep skills current, testing current knowledge and pushing to continuous updating, are a welcome tool and an asset for any employee, but also for any company trying to gain an edge in the field.
Armerding, T. (2014, June 16). Security training is lacking: Here are tips on how to do it better. Retrieved from http://www.csoonline.com/article/2362793/security-leadership/security-training-is-lacking-here-are-tips-on-how-to-do-it-better.html
AskTheComputerTech.com. (n.d.). Top 5 Best Computer Certifications. Retrieved from http://www.askthecomputertech.com/best-computer-certifications.html
Bednarz, A. (2015, March 9). Shortage of IT security pros worsens. Retrieved from http://www.computerworld.com/article/2893309/shortage-of-it-security-pros-worsens.html#tk.drr_mlt
CompTIA, Inc. (n.d.). CompTIA Security+: Exam Code SY0-401. Retrieved from https://certification.comptia.org/certifications/security
CompTIA, Inc. (n.d.). IT Careers for Professionals. Retrieved from https://certification.comptia.org/why-certify/professionals
Drinkwater, D. (2015, September 2). How CISOs can beat the information security skills-gap. Retrieved from http://www.csoonline.com/article/2979517/security-industry/how-cisos-can-beat-the-information-security-skills-gap.html
Harrison College. (2016, October 14). Is Becoming CompTIA certified worth it? 5 Things to Consider. Retrieved from https://harrison.edu/blog/is-becoming-comptia-certified-worth-it-5-things-to-consider
InfoSec Institute. (n.d.). IT Certifications: Security+. Retrieved from https://resources.infosecinstitute.com/category/certifications-training/securityplus/
Lane, P. (2016, October 11). Introducing the CompTIA Cybersecurity Career Pathway. Retrieved from https://certification.comptia.org/it-career-news/post/view/2016/10/11/introducing-the-comptia-cybersecurity-career-pathway
PayScale, Inc. (n.d.). Average Salary for Certification: CompTIA Security+. Retrieved from http://www.payscale.com/research/US/Certification=CompTIA_Security%2B/Salary
Ritchey, D. (2014, May 1). Why the Security Talent Gap Is the Next Big Crisis. Retrieved from http://www.securitymagazine.com/articles/85451-why-the-security-talent-gap-is-the-next-big-crisis
Stackpole, B. (2015, April 27). IT careers: Security talent is red-hot. Retrieved from http://www.computerworld.com/article/2909569/it-careers/it-careers-security-talent-is-red-hot.html
Tittel, E. & Kyle, M. (2017, March 30). CompTIA Certification Guide: Overview And Career Paths. Retrieved from http://www.tomsitpro.com/articles/comptia-certification-guide,2-972.html
Πηγή : infosecinstitute