The 11 Hottest Cybersecurity Certifications In 2020

From public cloud security and administering and engineering firewalls to ethical hacking, risk management and incident response, here’s a look at some of 2020’s most in-demand cybersecurity certifications.

Closing The Skills Gap

Security practitioners are looking for ways to perform their job more efficiently as they face increased demands on their time during the COVID-19 pandemic, said Zane Schweer, director of marketing communications at Global Knowledge. Schweer said users are increasingly turning to certifications to close skill gaps around emerging technologies, boost productivity and help meet client requirements.

When it comes to beefing up on cutting-edge technology, Schweer said it’s often helpful to learn things directly from the manufacturer that have been authorized by the manufacturers. Vendor-specific certifications around public cloud security, administering and engineering firewalls and identity and access management have been all the rage in recent years, according to experts who spoke with CRN.

As part of Cybersecurity Week 2020, CRN spoke with 11 cybersecurity vendors and industry organizations about what certifications deliver the most value to solution providers. From forensics, auditing and risk management to ethical hacking and incident response, here’s a look at some of 2020’s most in-demand cybersecurity certifications.

Certified Information Security Systems Professional (CISSP)

The CISSP is a very holistic certification that assesses knowledge across eight different domains to assess both technical and non-technical policy and management, according to Brad Puckett, global portfolio director at Global Knowledge. The CISSP enables a practitioner to work in many different places across a cybersecurity organization and doesn’t have that deep of a managerial bend, Puckett said.

CISSP is an industry benchmark known around the world, and covers best practices to ensure users and organizations have all the right components in their security program, according to Bruce Beam, chief information officer at (ISC)2, which administers the CISSP. The CISSP addresses all aspects of an organization’s security posture and goes well beyond a point in time skills assessment, Beam said.

The CISSP teaches good fundamentals around access models such as the difference between a confidentiality model and an integrity-first model, according to McAfee Chief Information Officer Scott Howitt. The certification covers basic concepts around minimizing risk to maximize value for the company that is too often forgotten by practitioners who just went down the technical path, he said.

AWS Certified Security – Specialty

Demand for the AWS Certified Security – Specialty certification has eclipsed pretty much every other vendor-specific cybersecurity certification given the acute need for technical personnel proficient around AWS that is unfilled right now, according to Global Knowledge’s Puckett. The proliferation of this certification reflects the appetite of practitioners to gain skills that will help advance their careers.

Securing the cloud has created a new front for mid-career cybersecurity personnel who have specialized in a related field like penetration testing or identity and access management (IAM), Puckett said. Specifically, the explosion in cloud builds and migrations has created a whole new frontier in cybersecurity that’s different for anyone who’s been in the field for a meaningful period of time, he said.

Moving from on-premise to hybrid or cloud deployments has created a different security environment with a look and field that is foreign to a lot of security professionals, Puckett said. As a result, Puckett said the rise of public cloud providers like AWS has created demand for a new set of skills that weren’t traditionally needed ten or fifteen years ago.

Certified Cloud Security Professional (CCSP)

IT organizations moving away from older technology and embracing hybrid or cloud-first strategies often find that they lack the capacity to secure their new environment like they need to, according to (ISC)2’s Beam. Standard security teams are often good at firewalls and access control, but face obstacles in making that all work when it goes into the cloud so that S3 buckets aren’t being left unsecured, he said.

The CCSP – which is administered by (ISC) – applies best practices around manning, documentation and compliance to the cloud model, Beam said, moving beyond tactical conversations around routing paths or configuring S3 buckets. The CCSP gives practitioners a very detailed and specific look at how they should look at cloud from both a security and compliance perspective, according to Beam.

With companies increasingly turning to the cloud, Beam said the CCSP provides information that would be helpful as workloads shift off premise and examines factors around security and balance that would be applicable in hybrid environments.

ISACA Certifications – CISA, CISM and CRISC

The ISACA certifications are most helpful for senior leadership and management positions in security organizations, according to Global Knowledge’s Puckett. They provide practitioners with the opportunity to be an information security officer, information security manager or installed auditor who goes around doing continual audits to check for cybersecurity compliance, Puckett said.

People pursuing the ISACA certifications have already moved through mid-career specialties such as identity and access management (IAM) and data loss prevention (DLP) and are now ready to be in the managerial role of creating and enforcing policy, Puckett said. CISA gives practitioners a framework to apply compliance checks within an organization so that they’re equipped to be cybersecurity auditors.

CRISC accredits users around risk management and related fields such as disaster recovery, business continuity and risk assessment, ensuring that practitioners are equipped with all the formulas and math necessary to conduct risk analysis, Puckett said. And CISM teaches cybersecurity managerial roles such as how to enforce policies and maintain cybersecurity structure within an organization, Puckett said.

OT Security Certifications

OT environments are far more delicate than IT environments, allowing for observation and data collection but putting restrictions around changes since they’re supporting a critical business environment, according to Harpreet Sidhu, who leads the global managed security services for Accenture, No. 2 on the 2020 CRN Solution Provider 500.

Certifications can provide practitioners with knowledge of how to operate in an OT environment and drive consistence and confidence in their response while retaining the necessary chain of custody for evidence, Sidhu said. OT environments are far more sensitive to changes than IT environments, and users need to have a clear understanding of what’s happening and what actions need to be taken.

SANS certifications provide users in OT environments with a standardized and structured way to handle incident response procedures, Sidhu said. In addition, Sidhu said certifications from vendors like Nozomi and Forescout can provide users with a better understanding of proprietary protocols and software and help bring commonality to the experience from a visibility perspective, according to Sidhu.

Palo Alto Networks - PCNSA and PCNSE

Palo Alto Networks’ PCNSA and PCNSE certifications provide users with the principles of firewall administration so that practitioners can quickly and easily engineer different types of firewalls in a multi-vendor deployment, according to Global Knowledge’s Puckett. Puckett said firewall administrators and security network administrators have the need to be very versatile.

The PCNSA certificate is focused on general administrative maintenance and provisioning, according to Puckett. In contrast, Puckett said the PCNSE is an engineering certificate focused on making firewalls work at a higher level through actions like the interconnection of tunnels.

The PCNSA and the PCNSE drive a lot of the Palo Alto Networks business and training for Global Knowledge, Puckett said. Interest in Palo Alto Networks training fluctuates with the number and type of software releases, Puckett said, with demand surging whenever a new release comes out.

Systems Security Certified Practitioner (SSCP)

The rise in development of cloud-based apps means that firms must know how to bring their DevSecOps team together to ensure they’re not the next attack victim, according to (ISC)2’s Beam. The application development process is vulnerable to attack if not done correctly, and the SSCP attempts to ensure the problem is being attack holistically and securely through the entire development and release process.

(ISC)2 has seen not only the security and development teams coming together as part of the DevSecOps process, but also the incorporation of architectural design professionals who can apply their knowledge anywhere on-premise or in the cloud, Beam said. Interest in the SSCP started to heighten 18 months ago as practitioners realized they’d like to know more about securing continuous development, he said.

Businesses are realizing there’s the need for a little more specialization when looking at the cloud, which Beam said is reflected in the requirements from various organizations such as the U.S. government. The SSCP should provide employers with confidence in the knowledge that a practitioner can configure and operate safely in an environment, according to Beam.

Certified Ethical Hacker (CEH)

The CEH is more of an offensive security accreditation covering the tools and methodologies needed for ethical hacking, according to Global Knowledge’s Puckett. The certification is intended for pen testers with deep industry expertise who have been hired to go and perform third-party assessments, Puckett said.

The CEH teaches the framework and methodology to go about doing ethical hacking, Puckett said, addressing the rules, form and functions people should adhere to when ethically pen testing and hacking networks, according to Puckett. The certification also teaches practitioners how to use tools that are pervasive in ethical hacking like Kali Linux and Metasploit, according to Puckett.

The certification teaches users how to go out and do pen testing in a productive and helpful way, Puckett said, covering what is or isn’t ethically acceptable and providing a framework and methodology for carrying out ethical hacking in a respectful manner. The CEH also helps practitioners think about what the goals of the pen testing process should be, according to Puckett.

SANS Institute Certifications

The SANS Institute certifications are very well recognized for technical and engineering career paths, and are seen as a strong validation of skills, according to Nico Fischbach, global chief technology officer at Forcepoint. In the past decade, practitioners have looked at the SANS Institute certifications as a good bar of entry in fields such as forensics and penetration testing, demonstrating a solid base of knowledge.

SANS Institute certifications are more technical and hands on, requiring time and training to gain in-depth knowledge of a particular subject, according to Fischbach. Given the complicated nature of these certifications, Fischbach said users can’t just walk in and take a test.

Organizations like it when prospective employees hold SANS Institute certifications since it signals the prospect is up to level, meaning the employer doesn’t need to double check the worker’s skills during the hiring process, Fischbach said. The SANS Institute certifications around forensics and pen testing are the most difficult, Fischbach said, while the incident response certificate is also more advanced.

Cisco Identity Services Engine (ISE)

There continues to be high levels of demand for Cisco security certifications given the staggering install base of Cisco gear around the world as well as the company’s leadership position in networking, security and firewalls over the past quarter-century, according to Global Knowledge’s Puckett. Given the number of IT professionals who will work at Cisco, Puckett expects demand for certifications to remain robust.

When organizations move their network and install base off premises to a cloud, one of the biggest things they must concentrate on is identity and access management (IAM), Puckett said. Specifically, Puckett said there’s an acute need for practitioners with expertise around admission criteria, account management, credentialing, verification, two-factor authentication and multi-factor authentication.

Cisco’s identity services portfolio is highly pursued and valued, Puckett said, and is particularly useful for new cloud deployments. As a result, Puckett said there’s rising demand for training around the company’s identity services.

AV-Test And MRG Effitas

Some of the testing firms like AV-Test and MRG Effitas offer certificates that really focus on understanding how malware works at a granular level and get into the brain of how adversaries act, said Hal Lonas, chief technology officer of SMB and consumer for OpenText. Once a user understands how malware works, Lonas said it opens up new insights into what’s needed from a defense standpoint.

The certificate process addresses how malware gets into the system at a root kit or kernel level, how it executes, and what signs you might see on a machine that indicates malware is present, Lonas said. The certificates also ensure practitioners know where in the machine to go and look for malware as well as the pivot from executable files to scripts by verifying users understand what a malware script looks like.

By deconstructing malware, Lonas said practitioners can improve their remote engineering capabilities and better identify quiet APTs (Advanced Persistent Threats) on the network.