6 security analyst certifications to advance your career


The security analyst is the backbone of a company’s day-to-day IT security. Whether they monitor the network infrastructure for breaches and intrusions as part of a security operations center, perform internal security audits, or analyze past breaches to find the root causes of network vulnerability, they strive to keep the company’s infrastructure securely locked.

If you are looking to get started in this field, you might be wondering if a professional certification can help you stand out from the competition. good signal from a great candidate.

“As a seasoned hiring manager, certificates are important to me because they show a candidate’s potential to retain knowledge,” says Chuck Everette, director of cybersecurity advocacy at Deep Instinct Shares. Lucia Milică, CISO Global Resident at Proofpoint, agrees: “Security managers rely heavily on certifications for entry-level security positions as a high-level barometer of their level of knowledge in a particular area of ​​expertise, ”she says.

Of course, certificates aren’t everything. Far from there. “The totality of a person’s experience and desire to learn is equally critical,” says Milică. Everette agrees, “What the certificates don’t clearly reflect is the candidate’s ability to apply this knowledge to real-world applications. Having knowledge is a part, being able to apply knowledge correctly and effectively is a critical skill that certificates cannot always measure. “

Still, Everette and Milică cited several certifications that they said reflected the candidates well, as did other IT professionals we spoke with. We have highlighted here the six that our experts have mentioned most often. They can be broken down into two broad groups: three that might be useful at the start of a security analyst’s career, and then three more that might help an analyst gain experience and move up through the ranks or start to work. specialize in a particular field of infosec. .

Best Security Analyst Certifications

  1. Safety +
  2. CySA +
  3. Certified Ethical Hacker (CEH)
  4. Certified in Risk Control and Information Systems (CRISC)
  5. Certified Information Systems Auditor (CISA)
  6. Certified Information Systems Security Professional (CISSP)

Safety +
CompTIA’s Security + certification is, in CompTIA’s opinion, “the first security certification a candidate should achieve.” It aims to establish a base of security skills, including the ability to understand specific attacks and to conduct operations and incident response. Applicants will also leave with some understanding of security architecture, design and governance.

“For first-time applicants, I wouldn’t expect to see an exhaustive list of certifications, but if someone has a CompTIA certification like Security +, that’s an advantage,” says Tim Bandos, CISO at Digital Guardian. “It shows the candidate’s willingness to learn the fundamentals of the industry.”

There are no prerequisites for CompTIA Security +. However, CompTIA recommends that a candidate have at least two years of IT administration experience with a focus on security before applying for certification. Additionally, candidates may want to aim for CompTIA Network + certification before moving on to Security +, as networking basics are an important part of security knowledge.

Offered by: CompTIA
Preconditions: Nothing
Test format: 90 questions, including a combination of multiple-choice questions, drag-and-drop activities, and performance-based items, that test your ability to solve problems in a simulated environment
Cost: $ 370 for an exam voucher only; CompTIA sells higher priced packages that include study material
Official site: https://www.comptia.org/certifications/security

CySA +
If you want to be a security analyst, CompTIA’s CySA + really wants to be your certification: the name itself is short for CybreSsecurity Aanalyst, after all. If you follow the lead of CompTIA, CySA + is the next logical step after Security +, and begins to go beyond the basics of infosec to get to the heart of the analyst profession. As Keatron Evans, senior security researcher at the Infosec Institute, puts it, a CySA + certificate “helps security professionals know how to be an analyst.”

The CySA + exam features interactive performance-based questions designed to simulate real-world situations. Candidates should know how to take advantage of threat intelligence and detection techniques, identify vulnerabilities, and suggest preventative actions and strategies to respond to successful breaches. CompTIA + recommends a minimum of three to four years of practical security experience or related experience before taking the exam.

Offered by: CompTIA
Preconditions: Nothing
Test format: 85 multiple-choice and performance-based questions
Cost: $ 370 for an exam voucher only; CompTIA sells higher priced packages that include study material
Official site: https://www.comptia.org/certifications/cybersecurity-analyst

Certified Ethical Hacker (CEH)
The Certified Ethical Hacker certification is another early career certificate, but it has a very different flavor to the two CompTIA certifications we talked about. Rather than focusing on the “defensive” side, the CEH exam covers the offense: reconnaissance techniques, network and perimeter hacking, web application hacking, and more.

As the name of the certification suggests, it is aimed at “ethical hackers” – a fancy name for people otherwise known as penetration testers or offensive security experts, who launch mock attacks against clients or employers to probe the defenses for weaknesses. It’s a fun line of work to take on, but the EC-Council, the organization offering the certificate, includes analysts in its target audience. Evans of the Infosec Institute says a CEH certification “helps security analysts know the enemy,” and knowing how to penetrate a network can certainly help you better understand how to defend it.

Offered by: EC-Council
Preconditions: You must either have two years of infosec work experience or undergo formal training from the EC-Council
Test format: 125 multiple choice questions
Cost: Application fee of $ 100, plus $ 1199 to take the exam
Official site: https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/

Certified in Risk Control and Information Systems (CRISC)
With CRISC, we are entering a more specific area of ​​specialization in cybersecurity. Milică de Proofpoint cites it as a certification that signals a candidate’s serious interest in a more specific specialty, risk analysis and management, in this case. Applicants need to know how to balance the likelihood of a risk occurring and the potential harm that would result. Overall, the goal is to help understand, categorize and quantify an organization’s risk tolerance.

As ISACA, the organization offering the certificate, says, you aim for a career where you “build a well-defined and agile risk management program, based on best practices to identify, analyze, assess, assess, prioritize and respond to risk. ”This is an area of ​​security analysis that offers a promotion path to the top of the org chart, but it’s not for newbies and you will need some professional experience in this specific field before being able to be certified.

Offered by: ISACA
Preconditions: Three years of cumulative work experience performing the tasks of a CRISC professional in at least two of the four CRISC thematic areas
Test format: 150 multiple choice questions
Cost: Registration fee $ 50, exam fee $ 575 (ISACA members) / $ 760 (non-members)
Official site: https://www.isaca.org/credentialing/crisc

Certified Information Systems Auditor (CISA)
If you are in the middle of your career path and lean towards the audit side of the infosec world, CISA may be a promising certification for you. Security auditors use their analytical skills to assess internal audit processes, IT governance, business resiliency, and compliance. It’s another career path that points upwards. “For applicants with five or more years of experience, I value getting certifications like CISA,” says Bandos of Digital Guardian. And in fact, five years of relevant industry experience is a strict requirement to obtain this certification.

Offered by: ISACA
Preconditions: A minimum of five years of professional experience in audit, control or security of information systems
Test format: 150 multiple choice questions
Cost: Registration fee of $ 50, exam fee of $ 575 (ISACA members) / $ 760 (non-members)
Official site: https://www.isaca.org/credentialing/cisa

Certified Information Systems Security Professional (CISSP)
While CRISC and CISA represent specialty certifications for the mid-career analyst, CISSP is a generalist certificate, a logical progression from Security + for someone who has been there for some time. And as you can imagine, it’s in demand. “The certification I get the most questions about is the CISSP,” says Bandos. “I think this certification is very interesting, given its reputation in the cybersecurity industry.”

Advanced level analysts wishing to achieve CISSP certification will need to know all the ins and outs of security and risk management, asset security, operations, security assessment and testing, and more.

Offered by: (ISC)2
Preconditions: Five years of full-time work experience in two of the eight CISSP areas
Test format: An adaptive exam of 100 to 150 questions, including multiple choice and drag and drop
Cost: $ 749
Official site: https://www.isc2.org/Certifications/CISSP

Beyond certification intelligence

Do you feel overwhelmed, like suddenly you have a lot of homework to do? Maybe you are determined to start earning these certifications and move up through the ranks. But remember what our experts said up front: Certificates only demonstrate one aspect of preparing a potential candidate for a job. And some applicants may not need it at all.

“Some of the best and most successful security professionals we’ve hired don’t have professional certification,” says Matt Georgy, CTO at Redacted. “What is much more important is a critical thinking skill, an ability to multitask and prioritize, the ability to learn and apply new skills, and a passionate and passionate work ethic. empowerment that includes continuous curiosity and constant learning. With this, we can mold into a force that no certification can match. “

Copyright © 2021 IDG Communications, Inc.

Leave A Reply

Your email address will not be published.