In our previous blog, we discussed the most in-demand skills employers are currently looking for in cybersecurity. This was to help individuals who are interested in getting into cybersecurity. With security teams short-staffed, the cybersecurity field has many opportunities for candidates to apply for a job. So, why aren't these cybersecurity positions being filled? Let's have a quick re-cap of the current dilemma.

Re-cap: The Dilemma

As mentioned before, the industry is currently in a dilemma where organizations are looking to hire, but candidates do not have the required background or knowledge. Furthermore, because organizations are already short-staffed, they want professionals who can immediately enter the team and understand what needs to be done. Therefore, organizations are looking for individuals with at least 3-5 years of experience. Furthermore, they are looking for experienced individuals so they do not have to train a new security professional – which would take both time and money.

On the flip side, individuals looking to gain experience in the cybersecurity field are unable to do so because they keep getting rejected by the open security positions. With no one willing to hire them – and with minimal knowledge on cybersecurity – people new to the industry are unable to gain a foothold in the cybersecurity field.

However, this isn't to say that stepping into cybersecurity with little to no experience is impossible. So, what can you do to prove you have the ability of an experienced cybersecurity professional?

Certifications

With zero experience under your belt, you can learn and educate yourself on the different topics in cybersecurity. While some certifications also require at least five years of experience, there are many certifications that you can earn with zero years of experience in the industry. Here are a few you can start off with.

1.       CompTIA Security+

CompTIA Security+ is the basic security certification for IT professionals with sufficient theoretical knowledge on security. There are no formal requirements to qualify for the exam. However, CompTIA recommends candidates to have at least two years of experience and/or a CompTIA Network+ Certification. As such, you can expect the exam to be difficult, and you will need deep knowledge of security for the exam. Nevertheless, this certification is a good place to start to prove your knowledge of the industry. Having this certification will help you land an entry-level security position.

2.       GIAC Security Essentials (GSEC)

Global Information Assurance Certification (GIAC) has provided and developed several different Cyber Security Certifications. The GIAC Security Essentials (GSEC) is the certification for security professionals who wish to demonstrate their ability for hands-on roles with security tasks.

Candidates taking this certification must use their theoretical knowledge and implement them into hands-on security tasks and projects. GSEC has no prerequisite and can be prepared for with books covering Computer Information Security or affiliate training.

3.       GIAC Certified Incident Handler (GCIH)

The GIAC Certified Incident Handler (GCIH) certifies your ability to "detect, respond, and resolve computer security incidents" by using essential security knowledge and skills. This certification is for you if you are looking to become an incident handler, system administrator, or a first responder security professional.

Candidates must understand how to manage security incidents and how to respond to a cyber attack. Much like the GSEC, the GCIH does not have a prerequisite to take the exam. However, you still need a deep understanding of security tools, network protocols, and cyber attack techniques.

4.       EC-Council Certified Security Analyst (ECSA)

EC-Council Certified Security Analyst (ECSA) focuses on the pen testing method, emphasizing hands-on learning. The ECSA course contains a fully hands-on program with labs and exercises using real world scenarios. This course will also allow you to practice and learn skills needed to uncover an organization's vulnerabilities.

The only prerequisite to the ECSA exam  is for you to perform a real-world penetration testing at the EC-Council's secure cyber range and to create a pen test report that documents the vulnerabilities found in the pen test. The ECSA's self-paced training will teach everything for the ECSA exam.

5.       Offensive Security Certified Professional (OSCP)

The Offensive Security Certified Professional (OSCP) is a certification focused on penetration testing. Its companion course, Penetration Testing with Kali Linux (PWK), teaches how to use penetration testing in a hands-on situation. It is the first completely hands-on offensive information security certification, which evaluates if you have a clear and practical understanding of pen testing.

There is no formal prerequisite to take the OSCP exam. However, it is recommended to complete the PWK course. Additionally, you should be familiar with basic web applications, hacking techniques, and programing languages.

6.       Google IT Support Professional Certificate

If you are completely new to IT and security, then CompTIA has recommended for you to get a Google IT Support Professional Certificate. With this course, you will learn the fundamentals to IT and in-demand skills that will prepare you for an entry-level job in cybersecurity.

7.       IBM Cybersecurity Professional Certificate

The IBM Cybersecurity Professional Certificate is another certification that will help you in landing an entry-level position in cybersecurity. This course/certification builds job-ready skills and helps develop your knowledge on cybersecurity tools. You will also be able to get hands-on experience, understand incident response and digital forensics, and learn the key compliance and threat intelligence. Additionally, the certification will prove to potential employers that you have the ability and skill to fill in their open cybersecurity position.

Other Certifications

We have only listed the top 7 cybersecurity certification for people wanting to get their foot into cybersecurity. However, to advance as a cybersecurity expert, you must continue to learn and achieve higher level certificates while gaining experience.

Certified Information Systems Security Professional (CISSP)

The Certified Information Systems Security Professional (CISSP) is the most sought-after cybersecurity certification. Earning the CISSP from the cybersecurity professional organization (ISC)2 will show to your experience in IT security to potential employers. The certification also demonstrates your capability of designing, implementing, and monitoring a cybersecurity program.

The CISSP is for more experienced professionals who are looking to advance their career in cybersecurity. The CISSP exam requires candidates to have five or more years of cumulative work experience in at least two or more cybersecurity domains. These domains include: Security and Risk Management, Asset Security, Security Architecture and Engineering, Communication and Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations, and Software Development Security.

Security Certification Roadmap

Of course, there are many different paths you can go on in cybersecurity. Check out this Security Certification Roadmap by Paul Jerimy to find which security certifications path you want to follow for your cybersecurity career:

security certifications roadmap
Security Certification Roadmap by Paul Jerimy (2021)

Disclaimer: Zartech is not affiliated with any of the certificate issuing organizations.

If you found this blog useful, please share with others: