(First appeared in October 2018 ChannelPro Magazine)
SECURITY IS A LIKE MINEFIELD; figuring out the best security certifications to pursue for your business and your customers can be as well. Channel pros who attempt to navigate the cottage industry that has sprung up around cybersecurity without a good plan stand to waste time and money on certifications that never pay off.
Security specialists agree that while the certification path eventually leads to specialization, mastering the basics is crucial. Ron Culler, chief technology officer at Secure Designs Inc., in Greensboro, N.C., warns that novices who grab advanced certifications too soon quickly find themselves overwhelmed by information without the skills to capitalize on the credential they’ve earned. He suggests the CompTIA Security+ (SY0-401) certification as a great first step.
CompTIA gets a second vote as an affordable vendor-neutral starting point from Robert Boles, president of San Francisco-based Blockworx Inc. Boles also recommends the Cisco Certified Network Associate (CCNA) series, which he calls one notch above entry level.
“It’s a really strong foundational certification for understanding networking,” he says.
Once you’ve mastered the basics, Culler says, knowing your ultimate goal is crucial. For instance, ISACA’s Certified Information Systems Auditor (CISA) and the PCI Security Standards Council’s Qualified Security Assessor (QSA) certifications are best for people who plan to offer compliance and auditing services, respectively. Engineers looking to increase their earning potential should check out CompTIA’s Cybersecurity Analyst+ (CySA+) and Advanced Security Practitioner (CASP) certifications, which are valuable for working in high-stakes industries such as banking and government.
Considered the crème de la crème, the (ISC)² Certified Information Systems Security Professional (CISSP) certification is an option for people with several years of experience.
“Some say it’s an inch deep and [a] mile wide,” remarks Culler. “It’s more policy based, more framework, [and] it’s expensive. People using that as part of their portfolio need to be able to bill accordingly for it.” He says that unless an MSP has a significant security practice complete with dedicated staff, it’s difficult to get a favorable return on investment from CISSP.
Boles, who expects mobility-related certifications to become more valuable within the next year, says advanced training from the SANS Institute also costs more but offers valuable insight from proven security leaders.
When in doubt, let your portfolio determine your path. It could follow a technology suite or industry vertical such as healthcare, where government regulations impact security needs. Whatever direction you choose, though, don’t rush to shell out money right away. Boles suggests that enrolling in certification courses through partners that specialize in security can yield discounted rates, not to mention a healthy dose of experienced peer-to-peer guidance.