As thousands of cybersecurity professionals converge in San Francisco at the RSA Conference, I thought I would throw my two cents in on the certification debate. To wit, there’s a lot of buzz about the assertion that softer analytics skills matter more than certifications. I’ve even heard people say some security certs detract from a resume.
You know the No. 1 attribute of people claiming security certifications don’t matter? They don’t have any. In my years of experience placing security pros in good jobs, it’s that simple. Having the right certifications matters, and here's why.
1. You will make more money. The 682 IT security professionals responding to the security cut of InformationWeek’s 2013 U.S. IT Salary Survey are unequivocal: Security staffers holding any security certification (CISSP, CISA, CISM) average $101,000 in total compensation vs. $87,000 for those with no certs. For managers, the spread is $130,000 vs. $121,000. Do you really need another reason?
2. Certs show your commitment to the security field. I know you’re serious about cybersecurity as a career, otherwise you wouldn’t be reading this. But how will a hiring manager know? Easy -- by scanning resumes to see which applicants are committed enough that they’re willing to spend free time studying and doing homework, often paying for the privilege out of their own pockets. Just 44% of security staffers and 49% of managers in the salary survey expected to get certification reimbursement.
Most of us were not Jeff Spicoli, but admit it, we hated homework as kids. We couldn’t wait to grow up so we could spend our free time (and cash) doing just about anything else. I know a person who burned a full week of vacation and paid for lodging to obtain his Cloud Security certification. As an employer and a hiring manager, that tells me he wants to become better. He’s the type of security professional that any company would be fortunate to have.
3. Certs make you more attractive to potential employers. Building on the above, obtaining a security certification shows you respect the industry and take pride in your profession. That kind of attitude is contagious. Moreover, it shows you’re smart enough to know what you don’t know and look to improve. It takes gumption to acknowledge that there are areas of one’s professional experience that could use a boost. Team members see this, and it rubs off.
All that adds up to a great employee. That hiring managers get this is a no-brainer. In a side-by-side comparison of otherwise equal candidates, most prefer the one with certs. Don’t take my word for it — check out the ISC2 Global Information Security Workforce Study. It concluded that almost 70% of respondents view certs as a reliable indicator of competency when hiring, and almost half require certification.
[If you realize that mobile security means more than ensuring users don't download malware-bearing games from the Android store, take our 2014 survey and enter to win a 32 GB Kindle Fire HDX.]
4. Certs jump out when robots and spiders crawl resumes. Most, if not all, resume reviews begin with an electronic search. The HR pro types in some keywords and voila. I know from experience that people conducting keyword searches typically begin narrowly and expand only if early results fail. “Narrowly” means entering in a comprehensive (read: long) list of keywords, and I guarantee that at least one certification will be among them. If your resume includes those magic letters, it will always help you get on the fast-track through the electronic screening process.
Plus, the InformationWeek security salary survey shows you’ll be in the minority if you don’t have any certifications.
5. You become a member of a club. While it might not be as glamorous as joining Bushwood Country Club, earning a certification grants you membership to an exclusive club. This association affords you the opportunity to network with like-minded individuals, share information, and gain ongoing knowledge. You can attend conferences, webinars, and have access to information provided only to members. Again, a career win/win for you and your employer.
Now, before leaving an angry comment, I am not implying that you are not serious, a great team player, and worthy of a job if you don’t have security certification(s). We all know a certification is not more important than experience. But the two combined is a powerful and delicious combination. Peanut butter is great on its own. Add jelly and it’s irresistible to hiring managers.
Engage with Oracle president Mark Hurd, NFL CIO Michelle McKenna-Doyle, General Motors CIO Randy Mott, Box founder Aaron Levie, UPMC CIO Dan Drawbaugh, GE Power CIO Jim Fowler, and other leaders of the Digital Business movement at the InformationWeek Conference and Elite 100 Awards Ceremony, to be held in conjunction with Interop in Las Vegas, March 31 to April 1, 2014. See the full agenda here.