(305) 834 4183
8d3fbed8f5e940027c45d3023852677e32a88176_markus-spiske-666905-unsplash.jpg
learning and development

Navigating your IT security certifications, part 2

h
Martin Schaeferle
2019-04-15

This is part 2 of a two-part series. To read part 1, click here

Welcome back. Previously we discussed some of the basic certifications you will need to jump start your journey into the IT Security field and open many opportunities for you. But what if you want to take it to the next level. Perhaps you are aspiring for a Director of Security or CISO role. What certifications lay the foundation to purse that direction?

null

There are actually many other specialty areas in security available for us to discuss (like those created by industry leaders like Cisco, GIAC, SANS, ISACA, (ISC)2 and many others). But for the interest of brevity, I’d like to highlight some of the more popular ones. The first two I’d like to introduce are from ISACA and are favorable certifications for those who wish to move into management positions. Those two are: Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM).

There are more than 140,000 professionals certified globally with CISA and it is one of the top paying IT certifications of 2018 as reported by Global Knowledge. As companies are faced with increasingly more security challenges including new global threats (e.g. ransomware), new government regulations (e.g. GDPR), and new technologies to secure; they are under enormous pressure to hire the right talent to manage it. With the CISA certification, you will be recognized as someone that can take a comprehensive view of information systems and their relationship to a success business-wide security initiative. In addition to passing the exam, this certification requires the submission of a formal application which requires certain levels of education and work experience. Check out their web site for more information.

The CISM certification is different and comes at security from a company policy standpoint. It covers four key areas: information security governance, Information risk management, information security program development and management, and information security incident management. Passing this certification demonstrates that you understand security and how it relates to the overall business goals. It shows that you not only understand security, but also how to build and manage an information security program within the company.

But perhaps you’re looking to achieve an even higher position, one that leads all of the company’s security needs, such as Chief Information Security Officer (CISO) and Director of IT Security. Moving into these roles require digging much deeper into all the individual niches in the security field. The first one to consider is CompTIA’s Advanced Security Practitioner (or CASP). CASP is a relatively new certification from CompTIA and is meant to test the student on a broad range of security skills. In fact, it meets the ISO 17024 standard and is compliant with regulations in the Federal Information Security Management Act (FISMA).

Once you pass the CASP certification, you’ll likely be feeling pretty good about your skills, a Luke Skywalker of Security experts if you will. But what if you want to go for Yoda status? One of the top respected certifications is undoubtedly the (ISC)2 Certified Information Systems Security Practitioner (or CISSP), which is not your average certification and will require significant work to achieve. It is meant to demonstrate a clear and deep knowledge of all things security and is fast becoming a requirement for many of the very top positions in IT security.

Although CASP and CISSP are great options for some of the top IT positions and cover a broad range of security topics, they are very different in what the exam covers. The CASP exam tests whether you know HOW to implement many of common security concepts, so their questions will be mostly unambiguous. For example, “what command line tool is used to create a 128-bit hash?” The CISSP exam, on the other hand, tests whether you know what the best practices are when dealing with complex security situations. Here, the options available to choose from may, in fact, all be technically correct. For example, take the following question, “Which of the following is the PRIMARY advantage of data classification for an organization?” Here, all the options could be valid examples of legitimate advantages, but the correct answer is the one that has the most advantages.

Be sure to check out many of the training titles we have in security, and good luck my young Jedi.

About the Author:

Martin Schaeferle

Vice President of Technology | LearnNowOnline | Eden Prairie, MN

Martin Schaeferle is the Vice President of Technology for LearnNowOnline. Martin joined the company in 1994 and started teaching IT professionals nationwide to develop applications using Visual Studio and Microsoft SQL Server. He has been a featured speaker at various conferences including Microsoft Tech-Ed, DevConnections and the Microsoft NCD Channel Summit. Today, he is responsible for all product and software development as well as managing the company’s IT infrastructure. Martin enjoys staying on the cutting edge of technology and guiding the company to produce the best learning content with the best user experience in the industry. In his spare time, Martin enjoys golf, fishing, and being with his wife and three adult children. 

null

Go1 helps millions of people in thousands of organizations engage in learning that is relevant, effective and inspiring.
Get in touch
Latest stories and insights
How to personalize training to encourage skill transfer and engagement
BlogHow to personalize training to encourage skill transfer and engagement
We’ll analyze how to personalize training to encourage skill transfer and engagement, including how to perform a learning needs analysis and identify performance gaps.
View blogs
Go1 Multi-Generational Learning Report
ResourcesGo1 Multi-Generational Learning Report
Meeting the upskilling and training needs of a multi-generational workforce
View resources
Join us at Learning Technologies 2024 in London
EventsJoin us at Learning Technologies 2024 in London
Join Go1 at the prestigious Learning Technologies 2024 in London, where HR, and Learning and Development professionals will explore the latest trends, insights, and innovations shaping our industry.
View events
Park Place Technologies and Go1: Enabling learning across the business
Customer storiesPark Place Technologies and Go1: Enabling learning across the business
Park Place Technologies has partnered with Go1 to decrease training spend and provide all employees with more development opportunities.
View customer stories
How to personalize training to encourage skill transfer and engagement
Blog
How to personalize training to encourage skill transfer and engagement
We’ll analyze how to personalize training to encourage skill transfer and engagement, including how to perform a learning needs analysis and identify performance gaps.
View blogs
Go1 Multi-Generational Learning Report
Resources
Go1 Multi-Generational Learning Report
Meeting the upskilling and training needs of a multi-generational workforce
View resources
Join us at Learning Technologies 2024 in London
Events
Join us at Learning Technologies 2024 in London
Join Go1 at the prestigious Learning Technologies 2024 in London, where HR, and Learning and Development professionals will explore the latest trends, insights, and innovations shaping our industry.
View events
Park Place Technologies and Go1: Enabling learning across the business
Customer stories
Park Place Technologies and Go1: Enabling learning across the business
Park Place Technologies has partnered with Go1 to decrease training spend and provide all employees with more development opportunities.
View customer stories