The 10 Most Valuable Cybersecurity Certifications To Get In 2019

Knowledge Is Power

Cybersecurity solution providers looking to hit the jackpot should pursue certifications around security strategy and risk management, vulnerability assessment and management, and hacking methods and investigations.

That's according to information gathered for the 2018 IT Skills and Salary Survey, conducted by Cary, N.C.-based business training and certification company Global Knowledge. Certifications needed to have at least 20 responses in order to be considered for the CRN list.

All but three of the top 10 certifications pay more than $100,000, with the most lucrative certification paying in excess of $124,000. Three of most lucrative cybersecurity certifications are managed by ISACA, two are managed by the EC-Council, two are managed by Cisco, and each of the remaining three is managed by a separate vendor-neutral organization.

Below are the most valuable cybersecurity certifications to get in 2019.

10. CompTIA Security+

According to Global Knowledge, holders of the CompTIA Security+ Certificate brought in an average salary of $84,011, down from $87,666 last year.

This certification confirms a user can not only apply knowledge of security concepts, tools, and procedures to react to security incidents, but can also anticipate security risks and guard against them. The foundation-level, vendor-neutral certification is an ideal first step for aspiring cybersecurity experts, according to CompTIA.

The certification requires that users demonstrate competency in: network security; compliance and operational security; threats and vulnerabilities; application, data, and host security; access control and identity management; and cryptography. Candidates are required to have at least two years of experience as an IT administrator with a focus on security and have day-to-day security experience.

More than 900 North American respondents told Global Knowledge that they hold the Security+ certificate.

9. Cisco Certified Network Associate Security

Holders of the Cisco Certified Network Associate (CCNA) Security certificate brought in an average salary of $84,317, down from $84,652 last year, according to Global Knowledge.

Achieving the certification validates that a user has the skills to develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats. The curriculum emphasizes installing, troubleshooting and monitoring network devices to maintain data and device integrity, confidentiality, and availability, along with competency around Cisco's security technologies.

The credential is valid for three years, with a CCENT certification or ICND1 v3.0 – Interconnecting Cisco Networking Devices, Part 1 recommended before pursuing the CCNA Security. This certificate is held by 17 percent of IT professionals, according to Global Knowledge, with 250 North American respondents to the 2018 survey indicating that they have the CCNA Security.

8. Certified Information Systems Auditor

According to the survey, holders of the Certified Information Systems Auditor (CISA) brought in an average salary of $97,117, down from $110,689 last year.

The CISA certification is designed to test a candidate's ability to manage vulnerabilities, ensure compliance standards within IT and business, and propose controls, processes and updates to a company's policies. It is managed by ISACA, and intended for people with auditing, controlling, monitoring or assessing responsibilities in the IT or business system ecosystem.

CISA dates back to 1978 and has been awarded to more than 130,000 people. It requires at least five years of information systems auditing, control or security experience, as well as passing an exam that's offered only during two sixteen-week windows per year.

Nearly 750 North American professionals told Global Knowledge in 2018 that they hold the CISA certificate.

7. Cisco Certified Network Professional Security

Holders of the Cisco Certified Network Professionals (CCNP) Security certification bring in an average salary of $102,280, up from $100,891 last year, according to Global Knowledge.

Certificate-holders are required to pass four security implementation exams covering secure access, edge network security, secure mobility and threat control.

The secure access exam focuses on identity services and network access security; the edge network security exam covers firewalls, routers with the firewall feature set, and switches; the secure mobility exam covers remote access and site-to-site VPNs; and the threat control exam covers a wide range of devices as well as how to design secure web, email and could web solutions.

Prerequisites for this certification include either the Cisco Certified Network Associate (CCNA) Security or any Cisco Certified Internetwork Expert (CCIE) certificate. Some 40 North American professionals told Global Knowledge they hold the CCNP Security certificate.

6. Certified Ethical Hacker

The Certified Ethical Hacker (CEH) brings in an average salary of $103,018, according to the survey, up from $102,482 in 2016.

Created and managed by the International Council of E-Commerce Consultants (EC-Council), the certification tests the ability of IT professionals to prod for holes, weaknesses and vulnerabilities in an end user's network defenses using hackers' methods. While a hacker would be interested in causing damage or stealing information, a CEH would be interested in fixing the deficiencies found.

The need for CEHs is quite high, according to Global Knowledge, given the volume of attacks, amount of personal data at risk and possible legal liabilities. More than 200 North American respondents told Global Knowledge that they hold the CEH certificate.

5. Certified Information Security Manager

Holders of the Certified Information Security Manager (CISM) bring in an average salary of $105,926, the survey found, down from $122,448 last year.

CISM is aimed at management and focuses on security strategy and assessing the systems and policies in place. More than 38,000 people have been certified by ISACA in CISM since it was introduced in 2002, making it a highly sought-after area with a relatively small supply of certified individuals, Global Knowledge said.

The certification requires at least five years of information security experience, with at least three of those as a security manager. The exam was only offered during two sixteen-week periods in 2017.

Continuing education credits are required each year to maintain the CISM certification. Some 385 North American respondents told Global Knowledge that they hold the CISM certificate.

4. Computer Hacking Forensics Investigator

Holders of the Computer Hacking Forensic Investigator (CHFI) bring in an average salary of $106,452, according to Global Knowledge, up from $91,684 last year.

Achieving this EC-Council certification validates that a user has the knowledge and skills to detect hacking attacks, properly obtain evidence needed to report the crime and prosecute the cybercriminal, and conduct an analysis that enables the prevention of future attacks. The certification focuses on forensic tools across both the hardware and software realms, as well as specialized techniques.

The CHFI certification provides the ideal level of network security expertise for law enforcement personnel, system administrators, security officers, defense and military personal, legal professionals, bankers, and security professionals, Global Knowledge found.

Some 25 North American professionals told Global Knowledge in 2018 that they hold the CHFI certificate.

3. Certified in Risk and Information Systems Control

Holders of the Certified in Risk and Information Systems Control (CRISC) certification bring in an average salary of $107,968, according to the survey, down from $127,507 last year.

The CRISC certification is designed for IT professionals, project managers and others who identify and manage risks through appropriate information systems controls. It is managed by ISACA, covers the entire life cycle from design to implementation to ongoing maintenance.

To obtain the CRISC certification, one must pass the exam – which is only offered during two sixteen-week windows per year – and have at least three years' experience in at least two of the four areas that the certification covers.

More than 20,000 people worldwide have earned the CRISC certification since it was introduced in 2010. More than 275 North American professionals told Global Knowledge in 2018 that they have the CRISC certificate.

2. Certified Information Systems Security Professional

According to the survey, holders of the Certified Information Systems Security Professional (CISSP) bring in an average salary of $109,965, down from $118,179 last year.

CISSP is run by (ISC)2 and intended to provide vendor-neutral security expertise and consists of an exam based around security and risk management, communications and network security, software development security, asset security, security architecture and engineering, identity and access management, security assessment and testing, and security operations.

CISSP certificate-holders must earn Continuous Professional Education (CPE) credits every year to remain certified. They must also have at least five years of full-time, paid experience in at least two of the eight computer security areas tested.

There are more than 122,000 CISSPs worldwide, with approximately two-thirds of them in the U.S. More than 920 North American respondents told Global Knowledge that they have the CISSP certificate.

1. Certified Information Privacy Professional/US

Holders of the Certified Information Privacy Professional/US (CIPP/US) certificate bring in an average annual salary of $124,909, up from $116,622 last year.

Achieving the credential demonstrates that a user has a strong foundation in U.S. privacy laws and regulations, as well an understanding of the legal requirements for the responsible transfer of sensitive personal data to/from the U.S., the EU and other jurisdictions. Developed by the International Association of Privacy Professionals, this has become the preeminent credential in the privacy field.

The CIPP/US exam consists of 75 scored multiple-choice items, and test-takers must get 300 out of 500 possible points to pass. The certification is valid for two years, and professionals must fulfill 20 hours of continuing privacy education to maintain their credential.

Some 20 North American respondents told Global Knowledge in 2018 that they have the CIPP/US certificate.