It’s human nature to become complacent with a cushy status-quo. As we progress in our professional careers, structured learning can take a backseat to our hectic, day-to-day schedules. However, there’s no substitute for continuous learning to deliver the digital trust solutions that today’s enterprises need, and that is especially true if you are a cybersecurity professional. I haven’t met a cybersecurity professional in recent times who hasn’t upskilled beyond the on-the-job learning. It is amazing to see the zeal with which younger professionals want to learn more in a technologically changing environment.
There are a whole lot of structured learning options in cybersecurity, and it is easy to get overwhelmed by the sheer number of them. Here’s my shortlist of certifications that cybersecurity professionals across the spectrum would be well-served to consider.
Certifications for Independent Directors
Knowledge of cybersecurity processes and nuances is important for independent directors on the Board as they can then not only decipher what the CTO or CISO proposes but also guide the Board in matters pertaining to cybersecurity. Since cybersecurity is an area with major impact on an organization’s success, it is important for directors to train themselves in how it aligns with enterprise strategy. The MIT Management Executive Education has some courses for board directors that can be accessed based on their schedule and are a knowledgeable resource to pursue.
Certifications for Managers
When you grow as a professional, you also take upon additional responsibilities of managing teams and not just projects. My suggestion would be to get Certified in Risk and Information Systems Control (CRISC) by ISACA. CRISC validates your experience in building a well-defined, agile risk-management program, based on best practices to identify, analyse, evaluate, assess, prioritise, and respond to risks. This enhances benefits realisation and delivers optimal value to stakeholders.
Another certification that managers can explore is the Certified Information Security Manager (CISM), also from ISACA. This certification focuses on validation of experience in risk management and indicates expertise in information security governance, program development and management, incident management and risk management.
Certifications for Cybersecurity Professionals and Information Security Auditors
It is a known fact that what is relevant in cybersecurity today might not be as relevant a year later. Auditors can sharpen their professional expertise by being a Certified Information Systems Auditor (CISA).. This flagship ISACA credential is a world-renowned standard of achievement for those who audit, control, monitor, and assess an organisation’s information technology and business systems.
Earning a CISSP – Certified Information Systems Security Professional, certified by (ISC)2, validates your professional capabilities to effectively design, implement and manage a best-in-class cybersecurity program. This certification unlocks several growth opportunities for cybersecurity professionals globally. I would consider earning a CISA or a CISSP as high-priority certifications in the learning capability of cybersecurity professionals. You can even go for both of them!
Technical Certifications
The most amazing part of being a cybersecurity professional is that you can choose to be an expert in a sub-segment of cybersecurity and become a voice to reckon with in the industry. You also can become a sounding board for clients, who are always on the lookout for innovative solutions proposed by those whose professional skills have been validated through certifications.
- Industrial Automation
The certification by ISA is based on ISA/IEC 62443 and covers the complete lifecycle of industrial automation and control system (IACS) assessment, design, implementation, operations, and maintenance. The program is designed for professionals involved in IT and control system security roles that need to develop a command on industrial cybersecurity terminology, as well as a thorough understanding of the material embedded in the ISA/IEC 62443 series of standards.
- Cloud Certifications
It’s a cloud-based world and as a cybersecurity professional, you would need to understand not just the infrastructure that you are going to secure but also the infrastructure that has been compromised by intrusion attempts. The latter helps in hardening your infrastructure and systems against possible attacks. Certifications by large cloud platforms such as AWS, Google Cloud and Azure for their respective environments are a good place for you to begin your journey on certifications related to cloud platforms. Additionally, the Certificate of Cloud Auditing Knowledge (CCAK) from ISACA and the Cloud Security Alliance is the industry’s first global cloud auditing credential.
Privacy-related Certifications
Privacy-related certifications are mostly about the ethics and legality of how data is processed by organizations and their systems. These are as important for both the enforcer of such data privacy policies at organisations – the data privacy professionals – and also the cybersecurity professional, who is responsible for keeping the data safe.
While the International Association of Privacy Professionals (IAPP) offers professionals the opportunity to earn the Certified Information Privacy Professional (CIPP), the Data Security Council of India (DSCI) offers professionals to become DSCI Certified Privacy Professionals and the DSCI Certified Privacy Lead Assessor. ISACA has the Certified Data Privacy Solutions Engineer (CDPSE), which validates the technical skills and knowledge it takes to build and implement privacy solutions.
Certifications in Emerging Technologies
In an ever-evolving technological landscape, it is prudent for cybersecurity professionals to be aware of emerging technologies and be certified in protecting the platforms from harm. For instance, how will data flow across systems in a data-privacy compliant manner that does not get compromised in the Metaverse? ISACA offers the ISACA Certified in Emerging Technology (CET) certification, which covers four key technologies – cloud, blockchain, Internet of Things, and artificial intelligence.
The certification that you want to go for depends on the career path you want to pursue. It’s easy to be engrossed in a daily work schedule but make a conscious effort to take up certifications at a regular interval so that you are keeping pace with the ever-evolving technology, threat and regulatory landscapes.
In addition to these technical certifications, focus on your communication and interpersonal skills. Cybersecurity is a complex matter and if you are able to explain the solutions to business problems in easy-to-understand ways, you are reinforcing your executive presence. Your ability to not just find solutions to business problems, but also articulate the solutions and coordinate with distributed teams, makes emphasis on developing communication soft skills a must for you to be a cybersecurity professional of repute.
Happy learning!
7 Certifications for Cybersecurity Professionals in 2023
By Deepa Seshadri, Partner, Deloitte India; member of the ISACA Emerging Trends Working Group
It’s human nature to become complacent with a cushy status-quo. As we progress in our professional careers, structured learning can take a backseat to our hectic, day-to-day schedules. However, there’s no substitute for continuous learning to deliver the digital trust solutions that today’s enterprises need, and that is especially true if you are a cybersecurity professional. I haven’t met a cybersecurity professional in recent times who hasn’t upskilled beyond the on-the-job learning. It is amazing to see the zeal with which younger professionals want to learn more in a technologically changing environment.
There are a whole lot of structured learning options in cybersecurity, and it is easy to get overwhelmed by the sheer number of them. Here’s my shortlist of certifications that cybersecurity professionals across the spectrum would be well-served to consider.
Certifications for Independent Directors
Knowledge of cybersecurity processes and nuances is important for independent directors on the Board as they can then not only decipher what the CTO or CISO proposes but also guide the Board in matters pertaining to cybersecurity. Since cybersecurity is an area with major impact on an organization’s success, it is important for directors to train themselves in how it aligns with enterprise strategy. The MIT Management Executive Education has some courses for board directors that can be accessed based on their schedule and are a knowledgeable resource to pursue.
Certifications for Managers
When you grow as a professional, you also take upon additional responsibilities of managing teams and not just projects. My suggestion would be to get Certified in Risk and Information Systems Control (CRISC) by ISACA. CRISC validates your experience in building a well-defined, agile risk-management program, based on best practices to identify, analyse, evaluate, assess, prioritise, and respond to risks. This enhances benefits realisation and delivers optimal value to stakeholders.
Another certification that managers can explore is the Certified Information Security Manager (CISM), also from ISACA. This certification focuses on validation of experience in risk management and indicates expertise in information security governance, program development and management, incident management and risk management.
Certifications for Cybersecurity Professionals and Information Security Auditors
It is a known fact that what is relevant in cybersecurity today might not be as relevant a year later. Auditors can sharpen their professional expertise by being a Certified Information Systems Auditor (CISA).. This flagship ISACA credential is a world-renowned standard of achievement for those who audit, control, monitor, and assess an organisation’s information technology and business systems.
Earning a CISSP – Certified Information Systems Security Professional, certified by (ISC)2, validates your professional capabilities to effectively design, implement and manage a best-in-class cybersecurity program. This certification unlocks several growth opportunities for cybersecurity professionals globally. I would consider earning a CISA or a CISSP as high-priority certifications in the learning capability of cybersecurity professionals. You can even go for both of them!
Technical Certifications
The most amazing part of being a cybersecurity professional is that you can choose to be an expert in a sub-segment of cybersecurity and become a voice to reckon with in the industry. You also can become a sounding board for clients, who are always on the lookout for innovative solutions proposed by those whose professional skills have been validated through certifications.
- Industrial Automation
The certification by ISA is based on ISA/IEC 62443 and covers the complete lifecycle of industrial automation and control system (IACS) assessment, design, implementation, operations, and maintenance. The program is designed for professionals involved in IT and control system security roles that need to develop a command on industrial cybersecurity terminology, as well as a thorough understanding of the material embedded in the ISA/IEC 62443 series of standards.
- Cloud Certifications
It’s a cloud-based world and as a cybersecurity professional, you would need to understand not just the infrastructure that you are going to secure but also the infrastructure that has been compromised by intrusion attempts. The latter helps in hardening your infrastructure and systems against possible attacks. Certifications by large cloud platforms such as AWS, Google Cloud and Azure for their respective environments are a good place for you to begin your journey on certifications related to cloud platforms. Additionally, the Certificate of Cloud Auditing Knowledge (CCAK) from ISACA and the Cloud Security Alliance is the industry’s first global cloud auditing credential.
Privacy-related Certifications
Privacy-related certifications are mostly about the ethics and legality of how data is processed by organizations and their systems. These are as important for both the enforcer of such data privacy policies at organisations – the data privacy professionals – and also the cybersecurity professional, who is responsible for keeping the data safe.
While the International Association of Privacy Professionals (IAPP) offers professionals the opportunity to earn the Certified Information Privacy Professional (CIPP), the Data Security Council of India (DSCI) offers professionals to become DSCI Certified Privacy Professionals and the DSCI Certified Privacy Lead Assessor. ISACA has the Certified Data Privacy Solutions Engineer (CDPSE), which validates the technical skills and knowledge it takes to build and implement privacy solutions.
Certifications in Emerging Technologies
In an ever-evolving technological landscape, it is prudent for cybersecurity professionals to be aware of emerging technologies and be certified in protecting the platforms from harm. For instance, how will data flow across systems in a data-privacy compliant manner that does not get compromised in the Metaverse? ISACA offers the ISACA Certified in Emerging Technology (CET) certification, which covers four key technologies – cloud, blockchain, Internet of Things, and artificial intelligence.
The certification that you want to go for depends on the career path you want to pursue. It’s easy to be engrossed in a daily work schedule but make a conscious effort to take up certifications at a regular interval so that you are keeping pace with the ever-evolving technology, threat and regulatory landscapes.
In addition to these technical certifications, focus on your communication and interpersonal skills. Cybersecurity is a complex matter and if you are able to explain the solutions to business problems in easy-to-understand ways, you are reinforcing your executive presence. Your ability to not just find solutions to business problems, but also articulate the solutions and coordinate with distributed teams, makes emphasis on developing communication soft skills a must for you to be a cybersecurity professional of repute.
Happy learning!
(The author is Deepa Seshadri, Partner, Deloitte India; member of the ISACA Emerging Trends Working Group and the views expressed in this article are her own. The article is for guidance purposes and does not guarantee employment.)
