High-profile security breaches (such as this week’s hack of Ashley Madison) have highlighted the need for skilled security professionals. The most recent IT Skills and Certifications Pay Index from research and analysis firm Foote Partners confirms that IT pros holding security certifications can expect premium pay.
In-demand IT security certifications
As high-profile security breaches (e.g., Target, Sony, Adobe and most recently, Ashley Madison) continue to dominate headlines, companies are doubling down on pay to hire the best and the brightest IT security professionals. The most recent IT Skills and Certifications Pay Index (ITSCPI) from research and analysis firm Foote Partners confirms that IT pros holding security certifications can expect premium pay. Market values for 69 information security and cybersecurity certifications in the ITSCPI have been on a slow and steady upward path for two years, up 8 percent in average market value during this time, states co-founder, chief analyst and research officer David Foote in the report.
“It’s been a long time coming, but 2015 will be a year when discretionary spending for security — that is, everything not related to compliance spending — will start to reflect the fact that …virtually every industry is formulating a cybersecurity strategy and searching for people with skills in this area. There is ample evidence of a global gap in cybersecurity skills. But with a lack of consistency in jobs and career paths for security professionals, we can expect organizations to have difficulty attracting and retaining cybersecurity talent in the foreseeable future,” said Foote.
The information being reported is part of Foote Partner’s IT Skills and Certifications Pay Index for Q1 2015. The Index tracks premium pay for 749 IT certifications and noncertified skills on a quarterly basis. The latest edition data was collected through April 1, 2015, and includes information from 54,899 validated IT professionals receiving premium pay for their skills and/or certifications. Here are the top eight most valuable security certifications based on changes in market value/premium pay.
Information Systems Security Engineering Professional (ISSEP/CISSP)
Developed in conjunction with the U.S. National Security Agency (NSA), the Information Systems Security Engineering Professional (ISSEP) certification covers integration of security methodologies and best practices into any and all information systems, including projects, applications and business practices. ISSEP/CISSP certifications showed a market value percent change of 36.4 percent in Q1 2015 over the previous quarter.
EC-Council Licensed Penetration Tester
The LPT certification demonstrates a professional’s ability to audit network security, perform penetration testing and recommend corrective action for any weaknesses found. The two-part EC-Council Certified Security Analyst/Licensed Penetration Tester (CSA/LPT) program is a comprehensive, standards-based, methodology intensive training program that teaches information security professionals to conduct real life penetration tests by utilizing EC-Council’s published penetration testing methodology. Professionals with this certification reported a 28.6 percent market value percent change in Q1 2015 over the previous quarter.
GIAC Certified Penetration Tester
The GPEN certification is for security personnel who assess target networks and systems to find security vulnerabilities. Certified pros know the ins-and-outs of penetration-testing methodologies, the legal issues surrounding penetration testing and how to properly conduct a penetration test as well as technical and nontechnical techniques specific to penetration testing and best practices. This certification reported a 28.6 percent market value percent change in Q1 2015 over the previous quarter.
GIAC Security Essentials
The GSEC certification is for security professionals that want to demonstrate they are qualified for hands-on application of security tasks related to a broad range of IT systems. Candidates are required to demonstrate an understanding of information security beyond simple terminology and concepts, and must prove they can put theory into practice. The certification reported a 20 percent market value percent change in Q1 2015 over the previous quarter.
Cybersecurity Forensic Analyst
The Cybersecurity Forensic Analyst certification (CSFA) proves that certification holders can conduct a comprehensive analysis of computer and electronic systems, properly interpret the evidence and deliver the investigation results to business stakeholders effectively and efficiently. The certification also demonstrates that professionals can perform these analyses within a limited time frame. Requirements and testing scenarios are based on real-world examples and are continuously updated to reflect the latest threats. The certification has experienced a 15.4 percent market value percent change in Q1 2015 over the previous quarter.
EC-Council Certified Secure Programmer
Most software vulnerabilities are due to programming errors; EC-council Certified Secure Programmers (ECSP) have proven that they can develop high-quality code that makes use of best practices and sound programming techniques to protect against vulnerabilities. There are ECSP certifications available for .Net and for Java. The certification has experienced a 12.5 percent market value percent change in Q1 2015 over the previous quarter.
Check Point Certified Security Expert
The Check Point Certified Security Expert (CCSE) certification teaches security professionals how to build, modify, deploy and troubleshoot Check Point Security Systems on the Gaia operating system. Hands-on lab exercises teach how to debug firewall processes, optimize VPN performance and upgrade management servers for optimal security. The certification has seen an 11.1 percent market value percent change in Q1 2015 over the previous quarter.
Certified Secure Software Lifecycle Professional
The Certified Secure Software Lifecycle Professional (CSSLP) certification validates a professional’s ability to develop application and software security protocols within their organizations and to reduce vulnerabilities and lock down potential breach points throughout the software development lifecycle (SDLC). The certification has seen a 7.1 percent market value percent change in Q1 2015 over the previous quarter.