Cybersecurity training is the key that unlocks the door to lucrative and flexible career paths in a field where professionals are scarce and demand is high.
It’s also a wise investment for organizations filling in professional gaps by retraining their existing workforces.
How urgent is the cybersecurity hiring and training need? The numbers paint a clear picture:
- Cybersecurity Ventures predicts there will be 3.5 million unfilled cybersecurity jobs globally in 2021
- Fewer than one in four applicants for open cybersecurity positions are qualified, according to the MIT Technology Review
- A cyberattack occurs somewhere in the world every 39 seconds
- Data breaches cost organizations an average of $4.1 million per incident in recovery costs, according to IBM
The demand in cybersecurity contributes to an increasingly chaotic cybersecurity training market — the choices can feel overwhelming. This review lay outs information about some of the primary options available for cybersecurity training, including certifications, college degrees, and supplemental courses to bolster existing skill sets.
The eight cybersecurity domains
Cybersecurity is an umbrella term that encompasses a wide range of related and interrelated topics. A helpful framework for understanding the specialties within cybersecurity is thinking of the field as being separated into a set of eight Certified Information Systems Security Professional (CISSP) domains — or cybersecurity areas that require unique skill sets:
- Security and risk management
- Asset security
- Security architecture and engineering
- Communication and network security
- Identity and access management
- Security assessment and testing
- Security operations
- Software development security
Cybersecurity in higher education
Many cybersecurity professionals start their careers with a college degree. Typical majors include:
- Information security
- Computer science
- Computer engineering
College graduates often complement their bachelor’s degrees by studying at the postgraduate level in a specialized cybersecurity field.
College is not the only viable path toward a career in cybersecurity. Certifications issued by various corporations and associations can be beneficial. Depending on the role, it could prove more practical than broader college coursework, which is sometimes more on the theoretical side of cybersecurity. Many cybersecurity professionals hold multiple certifications in addition to their college and postgraduate degrees.
Still, it’s important to note that hundreds of thousands of positions within the cybersecurity field do not require four-year degrees. Many of these can be great fits for candidates holding various certifications.
5 top cybersecurity certifications
These five certifications are among the most sought after.
Certified Information Systems Security Professional (CISSP)
CISSP certification, issued by (ISC)², is one of the most popular credentials in the cybersecurity field. This wide-ranging certificate covers IT security and the design, implementation, and administration of cybersecurity programs.
CISSP is aimed at experienced security professionals who want to expand their roles or advance their careers.
- Chief information security officer (CISO)
- Security administrator
- IT security engineer
- Senior security consultant
- Information assurance analyst
- Five or more years of cumulative work experience in two of eight cybersecurity domains
Note: A four-year computer science degree satisfies one year of the work requirement, and part-time positions and paid internships count too.
Certified Information Systems Auditor (CISA)
CISA is also geared toward IT professionals seeking to enhance their roles.
- IT audit manager
- Cybersecurity auditor
- Information security analyst
- IT security engineer
- IT project manager
- Compliance program manager
Requirements: Five years of experience in IT or information security auditing, control, security, or assurance. Two- and four-year degrees count toward the requirement.
Certified Information Security Manager (CISM)
ISACA also issues the CISM certification, which focuses on the management side of information security. The CISM demonstrates knowledge in governance, program development, and program, incident, and risk management.
- IT manager
- Information systems security officer
- Information risk consultant
- Director of information security
- Data governance manager
Requirements: Five years of experience in information security management. Two years of the requirement can be met with general information security experience, other certifications in good standing, and graduate degrees in related fields.
CompTIA’s Security+ certification is designed as an entry-level option that demonstrates holders have core cybersecurity skills. Topics include organizational security assessment, cloud monitoring and security, Internet of Things (IoT) environments, risk and compliance, and security incident response.
- Systems administrator
- Help desk manager
- Cloud engineer
- Security engineer
- Security administrator
- IT auditor
- Software developer
Requirements: CompTIA recommends obtaining their Network+ certification first and putting in at least two years of IT work with a security focus, but there are no strict requirements to take the exam.
Certified Ethical Hacker (CEH)
The CEH certificate, issued by the EC-Council, covers “white hat” hacking, penetration testing (“red team”), and other roles related to lawful hacking. Organizations use ethical hackers to try to uncover vulnerabilities before bad actors can.
- Penetration tester
- Cyber incident analyst
- Threat intelligence analyst
- Cloud security architect
- Cybersecurity engineer
Requirements: Two years of work experience in information security or completing an EC-Council training.