<Sigh> While not the intent of this post, the credential bashing soon dominated the comments section. I'm not going to do that, but what I will do is point out the obvious, to those who may be missing it, that it is high time that the credential "industry" be regulated. You've all seen the large mapping of creds in our industry and many of you chase them like dogs to dinner. Stating that one, or more, is worse than others is a false flag, because it's the credential holder that has to perform, not the credential. I've hired and fired lots of folks with significant creds, including Masters degrees and beyond, who could not write effectively, let alone do the work. If there is something productive to be done, it's the slowdown of commoditizing the security education industry, as it will soon be unaffordable for entry-level folks to even contemplate Cybersecurity.
🛡️Cybersecurity certifications 🛡️ We've pored through thousands of cybersecurity roles that have been posted on Crux to identify the most in demand certs by domain, as measured based on mentions in the job posting. Full report, including many other stats on the current jobs market, is available via link in the comments. Here's the list: Pen testing 1) OSCP 2) GPEN 3) CISSP 4) CEH 5) GWAPT IR 1) CISSP 2) CEH 3) CC 4) GFIA 5) GCFA Network security / security engineering 1) CISSP 2) CC 3) CISM 4) CEH 5) CISA GRC and leadership 1) CISSP 2) CISM 3) CISA 4) CRISC 5) CC Cloud security 1) CISSP 2) AWS 3) CC 4) CCSP 5) CISM Security operations 1) CISSP 2) CISM 3) CEH 4) CC 5) CISA IAM 1) CISSP 2) CISM 3) CISA 4) CC 5) CCSP Appsec 1) CISSP 2) OSCP 3) CEH 4) CISM 5) CSSLP
Lead Organizer, BSides Fredericton | Senior Security Analyst, Bulletproof | GCFA, GREM, CEH, CISSP, M365:EAE
3moThanks for this first off, very interesting. I disagree with various parts, 1. "as it will soon be unaffordable for entry-level folks to even contemplate Cybersecurity" I'd say this is already the case. If your company is not paying for the cert, many are already too much out of pocket. And as much as I love SANS, they're WAY too over priced, even for most company's budgets. As for the image, this says a LOT about what's wrong in this industry. CISSP for pentesting? CISSP across the board pretty much? Why?? CISA/CISM for Security Operations and Networking? Like WTH? The people doing up these job postings have NO CLUE what they even want clearly. Very sad. Reminds me of the job ads like 10yrs ago what i used to call the "unicorn" postings (We want a CISSP, CCIE, MCSE, CEH, GCFA, GREM, GRID, with 47 years experience, payband 35-45k/yr) :)