Top 6 non-security certifications for security professionals
Why pursue a non-security certification?
A large number of security-focused certifications are available. Studying for and taking the exams and maintaining certifications via continuing professional education (CPE) can easily fill any available training time. So why take a non-security certification?
The image above is from the 2020 ISACA State of Cybersecurity report and highlights the main skills gaps that exist within the cybersecurity industry. Behind soft skills, IT knowledge is the biggest skills gap (before cybersecurity technical experience).
Having and demonstrating knowledge of the systems and environments you are trying to secure is important and can be a key differentiator when seeking a new role, promotion or raise. With that in mind, it may be worth considering pursuing a certification in networking, cloud infrastructure or operating systems.
Networking is one of the fundamentals of cybersecurity. Without a good understanding of how networking works, it is impossible to properly defend against cyberthreats. Many cyberattacks misuse common network protocols, and a grasp of network architecture is essential to identifying potential attack vectors within an organization’s environment.
For this reason, networking certifications are a good choice when seeking a non-security certification. Two of the best network-focused certifications available are the Cisco Certified Network Associate (CCNA) and Network+.
The CCNA certification is designed to test fundamental knowledge of networking concepts. The certification exam has no prerequisites other than knowledge of the concepts.
The CCNA is a mix of theory and practice. It includes the fundamentals of networking (IP addressing, network protocols and more) and knowledge of how to configure different systems and set up various network architectures. Since the CCNA is a Cisco certification, the focus is on Cisco products.
The Network+ certification is offered by CompTIA to evaluate applicants’ understanding of networking concepts. CompTIA acknowledges the importance of strong networking knowledge for cybersecurity and places this certification (or equivalent knowledge) as a prerequisite to the Security+ certification.
The Network+ exam tests an applicant’s knowledge of how to configure, manage and troubleshoot wired, wireless, mobile and virtualized networks. The latest version of the exam also incorporates critical security concepts to help bridge the gap between it and the Security+ exam.
Cloud and virtualization certifications
Cloud adoption is growing rapidly, with almost all businesses using at least some cloud-based infrastructure. An understanding of fundamental cloud concepts is essential to securing modern corporate environments.
Additionally, 93% of enterprise cloud users have deployed a multi-cloud environment. This means effectively operating in these environments requires an understanding of the major cloud platforms, such as Amazon Web Services (AWS) and Microsoft Azure.
AWS Cloud Practitioner Essentials
Amazon provides several different certifications on its AWS platform. These are organized into four levels: foundational, associate, professional and specialty.
The AWS Cloud Practitioner Essentials is the only AWS certification classified as foundational. It provides details about how the AWS platform works, including the core services, use cases and security features. For those interested in achieving the AWS Security Specialty certification or in cloud security in general, the AWS Cloud Practitioner Essentials course is a necessary prerequisite.
Microsoft certified: Azure fundamentals
Like Amazon, Microsoft provides many certifications testing knowledge of various topics and skill sets within their platform. There are three entry-level exams covering topics relating to Microsoft Azure: Azure fundamentals, Azure AI fundamentals and Azure data fundamentals.
The fundamentals certification tests foundational knowledge regarding cloud environments in general and Azure in particular. This includes the basic concepts of cloud environments and how Azure services, workloads, security, privacy, pricing and support work. This course demonstrates the knowledge necessary to start working with Microsoft Azure and is a good starting point for pursuing more advanced and specialized certifications with Microsoft.
VMware offers several different certification tracks, including:
- Data center virtualization (DCV)
- Cloud management and automation (CMA)
- Desktop and mobility (DTM)
- Network virtualization (NV)
- Digital workspace (DW)
Each of these tracks enables an applicant to demonstrate specialized knowledge and skills.
However, all of these certification tracks begin at the same place, with the VMware Certified Associate – Digital Business Transformation (VCA-DBT) certification.
The VCA-DBT exam tests an applicant’s knowledge of the fundamental concepts of virtualization and how they can be used within an organization. Applicants must demonstrate knowledge of how to use VMware’s virtualization products. Taking this certification is a good starting point for learning more about virtualization and selecting and pursuing a more specialized VMware certification path.
Operating system certifications
A deep understanding of operating is essential to securing on-premises environments. The most commonly-used operating systems for servers are Linux and Microsoft Windows Server.
Until recently, the Microsoft Certified Solutions Associate (MCSA) Server 2019 certification exam would be a recommended exam for those wishing to demonstrate deep knowledge of Windows server environments. However, this exam was officially retired in June 2020 with students encouraged to pursue certifications focused on Microsoft Azure.
For those working with Linux server environments, pursuing the Red Hat Certified System Administrator (RHCSA) certification is a good choice. An RHCSA certification demonstrates knowledge of the necessary skills to administrate Red Hat Linux environments.
The skills tested in the RHCSA are a mix of basic administration and security. An applicant will have to demonstrate competency in the Linux OS and the ability to perform standard maintenance tasks (installation and configuration, updates and more) as well as configuring settings required for a secure Linux environment (management of the file system, user groups, and firewall and SELinux configurations). While the certification is designed for Red Hat Linux environments, many of the skills are widely applicable across Linux distributions.
Choosing the right certification
Many different certification options exist, and it can be difficult to choose the right one to pursue next. The right choice depends on your current level of experience and desired career path. When beginning a career, demonstrating knowledge of fundamental and widely-applicable concepts like networking may be good, while a more experienced practitioner may want to specialize more and pursue a certification path focused on the cloud or operating systems.
State of Cybersecurity 2020, ISACA
Network+ certification, CompTIA
CCNA Exam Topics, Cisco
Certification prep, AWS
Azure Fundamentals, Microsoft
State of the Cloud 2020, Flexera