Introduction: A pathway for a career in the cyber-realm

The field of IT is both wide and varied, with lots of career pathway options as CyberSeek shows. This sector, in particular, is plagued by a dangerous shortage of qualified workers in the United States, with risks for the digital privacy and the infrastructure of many companies. 

So what is the best way to create the supply to fill that demand? Offering options for professionals to embrace a clear career pathway and being able to prove the knowledge they have acquired is one of the important steps to take. Certifications can help in that effort. The right qualification can help an IT practitioner break into a fast-growing field like cybersecurity. 

Studying for a credential has several advantages. It helps professionals focus their effort in a specific niche of the cybersecurity world; it serves as a guide for all the topics that are needed to succeed in that particular area; and it makes them more competitive for any job vacancy by showing they have the right, up-to-date knowledge and the will to keep training that most employers are looking for.

The important thing, however, is for professionals to concentrate on the right credential. This needs to be a credential that fits their aspirations, career goals and level, as well as what is currently in need by potential employers.


Choosing the right certification for career success in cybersecurity

So what’s the next step in your career ladder? Let’s take a closer look at some popular IT security certifications. This will help you easily select the one that most closely aligns to where you are now and where you want to be in the future.

An interesting chart published by the analytics software company Burning Glass Technologies clearly shows the credentials that are most often listed in job postings, as well as the additional salary that a cybersecurity professional can expect when having that certification.

At the end of the day, it really comes down to what career path the individual wants. It’s evident that certifications like CISSP that addresses a wider range of topics are listed on a higher number of vacancies, but looking at more specific credentials can really give a professional that competitive edge that can make them stand out from the mass of job seekers. Their competitive edge will, of course, be learned skills in security analytics, intrusion detection and response, data analysis and vulnerability discovery and risk management — which are naturally part of most cybersecurity positions. 

Obviously, a more focused certification could benefit an individual’s worth over other candidates who are competing for the same work while making the hiring decision easier. Options like CompTIA CySA+, GIAC®️ GSEC and (ISC)² SSCP are worth considering to be leaders in the field.

Comparable certifications: CySA+, SSCP, GSEC 

Given the many certifications in IT security to choose from, how do you know where to start? If you already have a particular job or organization in mind, the obvious answer is to consider what the employer may require (or highly prefer) for specific roles.

Then, there are many other considerations too, from the intended career path, previous knowledge, other certifications already obtained, formal education previously acquired, as well as cost of the exam and the length of time before the need to recertify.

However, the very first thing to look into is the level for which each certification is appropriate.

  • Those with a minimum of three to four years of hands-on information security or related experience and planning on pursuing a cybersecurity technical track will find the Cybersecurity Analyst+ (CySA+) certification a great intermediate-level certification
  • A professional with at least a year of experience of information systems security-related work that opt to become a cybersecurity generalist will realize the Systems Security Certified Practitioner (SSCP) certification covers a wide breadth of topics pertaining to advanced security administration and operations
  • Those who have any minimum relevant work experience that can demonstrate they are qualified for a proactive IT security role will find the GIAC Security Essentials (GSEC) certification at an entry-level of interest because it focuses on evaluating an individual’s practical knowledge of information security

Certifications and careers 

Cybersecurity analyst

As a cybersecurity analyst, CompTIA CySA+ may be perfect for you! To become an entry-level cybersecurity analyst, one must possess a handful of technical and analytical skills. You must also have the experience needed for planning and activating security measures in order to help build cutting-edge solutions that prevent malicious hackers from penetrating corporate networks and compromising a business’s data system or stealing their data. Read more: CompTIA CySA+ Certification: Overview and Career Path

Security engineer

As a security engineer, will find the SSCP certification from (ISC)2 is among the best intermediate-level qualifications and gives professionals the specialized learning and hands-on involvement needed to execute organizations’ data security approaches and techniques. Those building their foundation in information security or who are already employed in IT positions may benefit from pursuing this career path and can look into this certification to boost their salary potential

To earn this credential requires candidates to have basic knowledge of cryptography and malware, network monitoring, troubleshooting, communications, and backup and disaster recovery. Read more: SSCP Certification: Overview and Career Path.

System administrator

As a system administrator, GSEC might be a good choice. This credential focuses on utilizing essential security tools in the fight against cybercrime and teaches general information security best practices and methods for real-world applications. 

Anyone who is looking to take a role in an active defense response in hardening and monitoring a network monitor, on to applying threat hunting and vulnerability scanning to identify threats and work to create steps to defend against any suspicious activity, would find the GSEC cert of interest. Read more: The GSEC Certification and Exam.

Certifications and DoD baseline qualifications for an IAT Level II position 

If you want a qualification to carry weight, it has to be tied to an industry accreditation, and these credentials definitely are. Each of the described certifications is ANSI/ISO/IEC 17024 (Accredited) and DOD-approved 8140 (DoDD 8570) for Level II IAT.

CompTIA Cybersecurity Analyst (CySA+) 

The CySA+ certification is a rather new certification from CompTIA that is starting to get more attention, as it has recently been approved as Information Assurance (IA) baseline certifications for the IA Workforce by Department of Defense (DoD) and is listed on the same level as the SSCP and GSEC certification in some categories. The certification is valid also for the following roles: CSSP Infrastructure Support, CSSP analyst, CSSP incident responder and CSSP auditor.

(ISC)² Systems Security Certified Practitioner (SSCP)

The SSCP certification suits IA jobs categorized as “Technical” level I and II. What’s more, the SSCP also falls under a DoD Cyber Security Service Provider (CSSP), similar to the CySA+, that has various job-specific functions. These include utilizing common security tools and techniques to implement, monitor and administer an IT infrastructure using information security policies and procedures — ensuring the confidentiality, integrity and availability of data. In that program, this credential is listed as valid for CSSP Infrastructure Support. 

GIAC Security Essentials (GSEC)

The GSEC certification also meets current industry standards and is DOD-approved 8140 (DoDD 8570) for Level II IAT. This means it’s globally recognized by military, government and industry leaders. The GIAC’s certification prepares individuals to assume hands-on roles concerning security tasks and is a great option for those who wish to prove their capabilities prevalently in technical matters.

Certification info and how to prepare

CySA+

This exam evaluates one’s ability to execute vulnerability and threat analysis. For the most part, the test is a validation of intermediate-level security skills and knowledge with a technical, “hands-on” focus on IT security analytics. 

CySA+ consists of a maximum of 85 multiple-choice and performance-based questions, with 165 minutes to complete it. 

Passing score: 750 (on a scale of 100-900).

Price of exam: $349 USD

SSCP

This exam reinforces one’s skills to manage and monitor IT infrastructures and apply security policies.

SSCP consists of 125 multiple-choice questions with four choices each and uses a computer-based format. Participants will have three hours to complete the SSCP examination. 

Passing score: 700 (out of 1000)

Price: $250 USD

GSEC

This exam verifies one’s hands-on IT security capability.

GSEC has 180 multiple-choice and advanced questions. Participants will have 300 minutes to complete. it with a minimum passing score of 74%.

Note: GIAC exams are open-book format, but not open-internet or open-computer. It’s also important to know that there is no specific training required for the GIAC Security Essentials certification, but a professional with technical mastery and practical experience, might supplement their knowledge with relevant courses from a training partner.

Passing score: 74%

Price: At $1,899 USD, the GIAC Security Essentials exam is quite a bit more expensive than the comparable certs. 

Which security certification(s) should I get?

After reading the info above, you might already have a good idea of which certification to obtain. A decision, however, can only be made after fully understanding which topics (domains and exam objectives) are covered by each credential program: 

One possible security certification progression career path: GSEC → SSCP → CySA+. Generally, GSEC is suitable for gaining knowledge, as the exam is focused on understanding key security concepts; on the other hand, the SSCP is a certification for the individual who must have some hands-on experience. That leaves the CySA+ credential, which goes beyond theory and tests more practical cyberskills and is fit for those in a mid-level role as a cybersecurity threat hunter or analyst.

Conclusion 

Is a certification worth a professional’s time and effort? The answer is obviously yes, as employers frequently look to certification as an important measure of excellence and commitment to a career. In the cybersecurity realm, especially, a certification is a great way to stand out and prove up-to-date knowledge and willingness to train continuously. 

CySA+, SSCP and GSEC can all be great credentials that will best fit your IT security career. Any of these certifications is a great choice. Many of today’s credential holders find the SSCP is more well-known and respected amongst employers during the hiring process, while the CySA+ is more respected within the technical community itself and GSEC has been a suitable option for someone just starting a career in the IT security field.

 

Sources

  1. CySA+, CompTIA
  2. SSCP, (ISC)²
  3. GSEC, GIAC
  4. GSEC, SSCP and Security+, TechExams by Infosec
  5. A Guide to Cyber Security Certifications, CyberDegrees.org
  6. 10 Most Popular Certifications Needed for Cybersecurity Careers, InCyberDefense
  7. How to Get a Cybersecurity Job in Three Charts: a Degree, a Certification, and a Clearance, Burning Glass Technologies

Be Safe

Section Guide

Daniel
Brecht

View more articles from Daniel

Earn your CySA+ the first time with Infosec and pass your exam, GUARANTEED!

Section Guide

Daniel
Brecht

View more articles from Daniel