Which Cybersecurity Certification Is The Most Valuable? 14 MSPs Sound Off

From vendor-neutral certificates like the CISSP, Security+, CySA+, CEH and CISM to supplier-specific knowledge around Microsoft and others, here are the cybersecurity certifications MSPs value the most.

CISSP Reigns Supreme

Cybersecurity Career Awareness Week will build awareness about the wide range of cybersecurity job opportunities, how cybersecurity plays a vital role in global society and showcase how building a global workforce enhances each nation’s security and promotes economic prosperity. The week is led by the National Initiative for Cybersecurity Education (NICE) as part of Cybersecurity Awareness Month.

Each day of the week-long campaign provides an opportunity to learn about the contributions and innovations of cybersecurity practitioners, and the plethora of job opportunities that can be found when exploring cybersecurity as a career choice. Whether it’s students, veterans, or those seeking a career change, the dynamic field of cybersecurity is rapidly growing and has something for everyone.

For week three of Cybersecurity Awareness Month, CRN spoke with 16 managed service providers with security services expertise about the cybersecurity certifications that provide the greatest return on investment. From vendor-neutral certificates like the CISSP, Security+, CySA+, CEH and CISM to supplier-specific knowledge around Microsoft and others, here’s the certifications MSPs value the most.

CISSP

Shane Vinup, CEO, Maple Grove, Minn.-based Cyber Advisors, No. 456 on the 2021 CRN Solution Provider 500

The best cybersecurity certification by far is the Certified Information Systems Security Professional (CISSP) from the ISC2. Originally designed to cover a broad spectrum of infosec domains, it remains the most respected and one of the most difficult certifications to achieve. Few security professionals have the luxury to remain heads-down in only one domain of security for their entire careers while remaining highly effective and sought after. The CISSP guarantees a baseline level of knowledge that every security professional needs to be broadly effective. It is also the only certification that can be used in any infosec jobs platform keyword search to find any type of security position, and for that reason alone is worth hundreds of thousands of dollars over the course of a typical career.

Specialize, Don’t Generalize

Andrew Reese, Chief Architect – Security, Office of the Chief Technology Officer, Auburn, Wash.-based Zones, No. 30 on the 2021 CRN Solution Provider 500

There is no one single certification that is the most valuable. It all comes down to the job role and its responsibilities.

It is not about feeding the cybersecurity certification industry engine with another new cash-cow certification. It is supposed to be about training people for the roles and job responsibilities they are fulfilling. In today’s cybersecurity industry, there is a strong push to specialize, not generalize; to become a master of one, rather than none. Each specialty will have different technical training and natural talent requirements, as well as IQ and EQ. You also have industry certifications and product specific training. As someone who has been in the security industry for more than 40 years, I’ve had to re-invent myself every 3-6 months. The focus is always on preparing to address the latest threats of the day, not the certification that is in vogue.

CISSP

Julie Talbot-Hubbard, Senior Vice President of Cyber Protection and Identity, Denver-based Optiv, No. 25 on the 2021 CRN Solution Provider 500

I would recommend the CISSP as the single, cybersecurity certification that is most valuable.

-- Provides the foundation that cuts across eight bodies of knowledge, enabling a robust understanding of core security capabilities required for an effective security program. 1) Security and Risk Management 2) Asset Management 3) Security Architecture and Engineering 4) Communication and Network Security 5) Identity and Access Management 6) Security Assessment and Testing 7) Security Operations and 8) Software Development

-- This is great for individuals who are wanting to get into cybersecurity initially as a profession and further develop once in the profession.

-- Globally recognized and industry agnostic (health care, FIS).

-- Abundance of training — exam preparedness options offered, including the ISSA which sponsors this certification.

CISSP, Security+ & CySA+

Mark Cooley, Vice President of Security and Compliance, Cedar Rapids, Iowa-based Involta, No. 255 on the 2021 CRN Solution Provider 500

For myself and my management team, I find that being a Certified Information Systems Security Professional (CISSP) is vital for anyone managing a security team or security program. For our Security Engineers and Security Operations, there is a wide range of certifications to obtain based on what the technician‘s role is within the security department. We find that a good foundation starts with the CompTIA Security + and/or Cybersecurity Analyst+ (CySA+). A good foundation provides education and guidance for our team members to branch out into different specialties down the road in their careers.

Technology Vendor Certifications

Brad Taylor, Co-Founder and CEO, Carlsbad, Calif.-based Proficio

While we use a variety of training content associated with organizations like Security+ and GIAC, we’ve found the training and certifications offered by industry leading technology vendors are often the most valuable for our staff. They provide a level of in-depth knowledge that a more generalized training or certification cannot offer, allowing us to help our clients maximize their investments in their security tools. It also allows us to build subject matter experts across the technology stack and across multiple products, so we can help provide vendor agnostic services to our clients.

CISSP & CISM

Chris Schueler, CEO, Alpharetta, Ga.-based Simeio, No. 270 on the 2021 CRN Solution Provider 500

I would recommend two very valuable certifications. CISSP being the first one I recommend because it provides and educates about the complete perspective of the security industry domains instead of just a focused domain. The second one that I believe adds value by covering the management and governance of a cybersecurity program is the CISM certification.

CEH & CISSP

Aaron Leiberman, Chief Technology Officer, Bedford, Mass.-based ConRes, No. 71 on the 2021 CRN Solution Provider 500

Andy Chiquoine, Chief Technologist, Managed Services, ConRes

Our Cybersecurity Engineers are required to achieve the Certified Ethical Hacker (CEH) certification and for more senior Engineers we recommend pursuing the Certified Information Systems Security Professional (CISSP) certification. In addition, our teams are trained on the solutions our customers are most frequently using.

Security Foundation, Networking & Cloud

Jeff Schmidt, CEO, Phoenix-based Avertium, No. 405 on the 2021 CRN Solution Provider 500

The combination of both security foundation certifications like CISSP along with networking and cloud certifications (CCNA, CCNP, AWS CSA/CAN). If you don’t understand what you are trying to secure it’s nearly impossible to execute with the visibility needed.

EdX.org And Coursera

Randy Watkins, Chief Technology Officer, Plano, Texas-based Critical Start, No. 200 on the 2021 CRN Solution Provider 500

With numerous specializations to grow into, beginners should look at more general, industry recognized certifications. Additionally, free offerings from universities through platforms such as EdX.org or Coursera are a wealth of information across both general and specialized tracks.

Nothing Beats Experience

Lewie Dunsworth, CEO, Commerce, Mich.-based Nuspire, No. 409 on the 2021 CRN Solution Provider 500

Good ‘ole experience. In all seriousness, certifications should be used to validate your experience in a domain or expertise on a particular technology. Don’t cheat the industry. If you’re going to be certified on anything, hold yourself professionally accountable to meet the expectations of that certification.

Office 365 Security & Azure Security

Michael Goldstein, President, Fort Lauderdale, Fla.-based LAN Infotech

We are very Microsoft focused and are looking at Microsoft Certs specific to Office 365 Security and Azure Security. Want to start at the source and work our way thru.

CISSP & Security+

Frank Ernesto IV, CEO, Richmond, Va.-based NDSE

CISSP is by far the best and most sought after. Security+ from CompTIA is a great all-around entry-level security certification that we encourage our staff to obtain and seek out new hires that have it.

CISSP

Malinda Gagnon, CEO, Portland, Maine-based Uprise Partners

CISSP is the gold standard, however proper understanding of network, business operations, DLP, and configuration management trump any certification.

Experience, Critical Thinking More Important

Milton Bartley, Co-Founder, President and CEO, Nashville-based ImageQuest

Personally, I think certifications can be overrated. We are far more interested in experience and critical thinking skills.