CISSP, CSP, CEH: Security certifications for individuals. Some security practitioners smile at them, some job offers explicitly demand them. In any case, it’s not easy for anyone who wants to be certified as a security expert, because there are a large number of different certification bodies, training providers, and certifications.
What are the benefits of personal security certifications?
If you take a look at the job advertisements for security experts, for example, you will often read as a requirement for an “Information Security Engineer (m/f)” something like: “At least one security certification (CISSP, CISM, ISO 27001 or similar)”. As an applicant, you then have to ask yourself several questions: What is behind the desired certifications, if you do not have the one mentioned, but possibly a similar one.
In some cases, you also have to ask yourself whether the certifications you are looking for in job advertisements actually exist.
The problem with security certifications for people who are supposed to prove certain security knowledge and skills of the applicant is that, on the one hand, there are quite a few different certificates on the market. On the other hand, there are security experts who think nothing of such certificates and deliberately do without them.
The diversity of certifications
There is no doubt, however, that advanced training in security makes sense. Those who then want to have their (new) level of knowledge proven by certification can and should do so, whereby certifications definitely represent a certain investment, for employers or for the security experts themselves.
The job advertisements mentioned at the beginning can provide orientation as to which certification makes sense. This also depends on the exact security position, because there is a whole range of different roles and tasks. Some examples of security certifications are:
- Information Security Officer – ISO (TÜV) IT Security Officer according to ISO 27001 and IT-Grundschutz
- Chief Information Security Officer Professional CISO.PROF
- ISMS Officer / ISMS Manager
- IT Security Officer (TÜV)
- BSI IT-Grundschutz expert according to BSI IT-Grundschutz catalogs and standards
- Cyber Security Practitioner
- TeleTrusT Information Security Professional (T.I.S.P.)
- Expert IT Security
- Certified Ethical Hacker (CEH)
Not to forget the large number of security certifications offered by certain security vendors such as Cisco Certified Network Associate (CCNA Security), Check Point Certified Network Security Administrator (CCSA) or F5 Certified BIG-IP Administrator (F5-CA). Of course, these certifications always make sense if the employer uses or intends to use the vendor’s corresponding solutions.
The famous shortcuts
Some security experts keep a list of abbreviations behind their names, each of which refers to security certifications. Examples include (ISC)², an IT security certification body based on ANSI/ISO/IEC standard 17024:
- CISSP (Certified Information Systems Security Professional) is suitable for security users, managers, and executives interested in expanding their knowledge regarding a broad range of security practices and principles.
- CCSP (Certified Cloud Security Professional) is intended for cybersecurity and IT professionals to demonstrate their awareness and understanding of cloud security standards.
- SSCP (Systems Security Certified Practitioner) fits cybersecurity and IT professionals who represent the hands-on, executive side within the day-to-day safeguarding of their organization.
Certifications are not everything
Since no one will have the aspirations and ultimately cannot afford to obtain all possible security certifications, it remains to be said: Security certifications are not a must for every employer, but they can help land a job, especially in larger companies. More important, however, is the knowledge that one must have or acquire for the certification. This knowledge must be acquired in order to work in companies as a security expert, and if you can then prove your knowledge via certifications, all the better.