Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More
Table of contents
In the face of an unprecedented number of cyberattacks, phishing emails and ransomware incursions, people who possess the right cybersecurity certifications and experience are in high demand. Salaries are skyrocketing due to a cybersecurity skills gap of major proportions. Whether due to resignations, retirements, burnout or a desire to quit the corporate treadmill, there is a real shortage of talent out there.
That shortage is being felt across the IT landscape. The 2021 Skillsoft IT Skills and Salary Report found that 76% of IT decision-makers face critical skills gaps in their teams, a 145% increase since 2016. Specific to cybersecurity, 92% of respondents to the InfoSec IT and Security Pipeline survey noted significant challenges and delays in filling open cybersecurity positions. If anything, the situation has worsened in 2022. An Enterprise Strategy Group (ESG) survey of cybersecurity professionals found that 95% of respondents have seen no improvement in the skills gap over the past few years.
“Companies need to find new ways to attract and retain talent and a reskilling program is one component – such as certifications to document and legitimize skills and knowledge,” said Tom Strong, director of employer activation, National Fund for Workforce Solutions. “Partnering with local academic institutions and other entities such as technical schools and certificate programs could help with the reskilling process.”
This list is an aggregation of a number of cybersecurity career and certification sites, as well as guides to top university programs. Examples of sites include cyberdegrees.org, cybersecurityguide.org and bachelorsdegreecenter.org.
Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.
What is a cybersecurity online course/certification?
There is a wide range of cybersecurity training courses and cybersecurity certification programs available today. Many are online and others are delivered in a classroom or college setting. Some are free, others available for a fee.
Typically, cybersecurity courses and cybersecurity certification are kept separate. The candidate takes one or a series of courses and then applies to take an examination to achieve formal certification. Even if the cybersecurity courses online are available at no charge, there is typically a fee for the examinations.
Some cybersecurity programs are aimed at entry-level workers, giving them basic skills in the use of specific security tools and technologies. Other cybersecurity classes are professional-level certifications. Still others require no experience at all. But generally, it is recommended that candidates are experienced in the technology being examined. Those attaining these certificates can display them as a symbol of their mastery of certain security skills. The holders are often favored in decisions related to cybersecurity employment and career advancement.
Also read: Cybersecurity degrees: types, comparisons and best practices for selection
Key must-have course programs and trainings for success
The annual Top Paying IT Certifications list from Global Knowledge lays out the hottest certifications in terms of pay rate. These are:
- Google Certified Data Engineer
- Google Certified Professional Cloud Architect
- Amazon Web Services (AWS) Certified Solutions Architect – Associate
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
These certifications are each almost a golden ticket to high pay. The last three are purely about security. The first three include security within a broad education about a larger platform or discipline. The average salary for the three security-specific certifications is around $150,000 per year, and they are each a good way to move up in a security career. Holders of the security certs are likely to find themselves on short lists for positions such as security manager, security director, security engineer, security analyst, or security architect. The others might boost competitiveness for CIO, CTO, IT manager or sought-after positions within the Google or Amazon universe.
10 top cybersecurity online courses and certifications in 2022
Plenty of other good options out there, too. Here are some of the top cybersecurity certifications for 2022. We are including both the hottest more general certifications (with salaries beginning up to and over $170,000 per year) that include security as a component.
Google Certified Data Engineer
Google is one of the hottest employment tickets around right now. Professional Data Engineers certified by Google aren’t security specialists as such, but they learn a range of security skills as part of the training. Once certified, they are in a good position to enable data-driven decision-making by designing, building, operationalizing, securing and monitoring data processing systems, machine learning models and high-quality Google Cloud solutions. Due to the current state of the online world, security and compliance are given heavy emphasis. They also learn to address scalability, cloud efficiency, reliability, flexibility and portability. These individuals can leverage, deploy and train pre-machine learning models.
While there are no specific prerequisites for this certification exam, Google recommends at least three years of industry experience that should include at least a year designing and managing solutions using Google Cloud. Examinations are available for a fee of $200 in English and Japanese. They last two hours based on a multiple-choice or multiple-select format. They can be taken remotely or in person at a test center. The certification is only valid for two years, at which point the exam must be retaken.
Google Certified Professional Cloud Architect
Professional Cloud Architects enable organizations to leverage Google Cloud technologies. With a thorough understanding of cloud architecture and Google Cloud, they can design, develop and manage secure, scalable and available solutions. Those earning this cert should be able to design and plan a cloud solution architecture, manage and provision a Google Cloud solution infrastructure, bake in security and ensure compliance, analyze and optimize technical and business processes, manage all necessary cloud implementations and ensure operational reliability.
Prerequisites, recommended experience, exam length, costs and recertification requirements are similar to those for Google Certified Data Engineer. For both certifications, Google offers a wealth of training courses on specific skills. The one most on-point for security specialists would be IT Security: Defense against the digital dark arts.
Amazon Web Services (AWS) Certified Solutions Architect – Associate
Earning AWS Certified Solutions Architect – Associate demonstrates the ability to design and implement distributed systems on Amazon Web Services (AWS). Before taking this exam, candidates should be experienced in deploying, managing and operating workloads on AWS, as well as implementing security controls and compliance requirements. They should also have familiarity with using both the AWS Management Console and the AWS Command Line Interface (CLI). In addition, they should possess an understanding of the AWS Well-Architected Framework, AWS networking, security services and the AWS global infrastructure. This exam takes around two hours and costs $150. It is available in English, French, German, Italian, Japanese, Korean, Portuguese, Chinese and Spanish.
The AWS Certified Solutions Architect – Associate exam is intended for anyone with one or more years of hands-on experience designing systems on AWS. Candidates should have hands-on AWS experience in compute, networking, storage and database services. They should also be able to implement security controls and compliance requirements. To prepare candidates for examination, there are also plenty of Amazon-based courses available. On the security side, for example, there are cybersecurity training options for both beginners and more advanced users.
Certified in Risk and Information Systems Control (CRISC)
A CRISC certificate holder can identify, evaluate and manage IT risk, as well as plan and implement the appropriate defensive and remediation measures. Those completing this cybersecurity training also learn how to communicate security matters, not only within IT, but to non-technical personnel and executives across the organization. There are over 100,000 people who hold this certification.
Part of the reason for the popularity of CRISC is that, as documented by the Foote Partners IT Skills and Certifications Pay Index, risk management is in high demand. Those venturing into security fields such as threat intelligence and risk analytics must become fluent in machine learning (ML) and artificial intelligence (AI). Anyone trained in cybersecurity, threat intelligence, AI and ML will find themselves much sought after.
ISACA’s CRISC certification is aimed at mid-career IT/IS audit, risk and security professionals. It is not for beginners. As well as addressing IT risk management, it covers in detail subjects such as governance, risk response, reporting and, of course, IT security. ISACA surveys reveal that 94% of employers say a CRISC cert adds value well beyond the cost. 52% say the certs helped them close a serious skills gap. 44% agreed that it boosts productivity. The exam is available in 10 languages. It can be taken remotely or at one of over a thousand locations worldwide. Prices for ISACA exams are not published online.
Certified Information Systems Security Professional (CISSP)
Earning the CISSP establishes that the holder has what it takes to design, implement and manage a cybersecurity program. CISSP expertise is split into eight different domains.
- Domain 1. Security and Risk Management
- Domain 2. Asset Security
- Domain 3. Security Architecture and Engineering
- Domain 4. Communication and Network Security
- Domain 5. Identity and Access Management (IAM)
- Domain 6. Security Assessment and Testing
- Domain 7. Security Operations
- Domain 8. Software Development Security
CISSP is aimed at experienced security practitioners, managers and executives interested in proving their knowledge in security practices and principles. This includes professionals in positions such as CISO, CIO officer, director of security, IT director/manager, security systems engineer, security analyst, security manager, security auditor, security architect, security consultant and network architect.
Certified Information Security Manager (CISM)
ISACA’s Certified Information Security Manager (CISM) certification signals expertise in information security governance, program development and management, incident management and risk management. Mid-career IT professionals aspiring to senior management roles in IT security and control will find the CISM invaluable. There are almost 50,000 holders of this certificate around the world.
CISM domains include:
- Information security governance
- Information risk management
- Information security program development & management
- Information security incident management
Microsoft Certified: Security Operations Analyst Associate
Being a security analyst offers plenty of career opportunities. Security analysts operate in areas such as analysis of security risk, forensics and threat intelligence. Foote Partners reports that as a skillset, managing a cyberthreat intelligence program has a market value that has surged by almost 15% in the past year. This role involves collecting threat information from a number of sources and subjecting it to evaluation. Context is key, as well as ascertaining the reliability of the information. Those most valued in this arena possess the ability to detect similarities and differences within vast quantities of information – and thus spot anomalous activity.
One certificate that provides in-depth know-how in this area is Microsoft Certified: Security Operations Analyst Associate. A Microsoft security operations analyst collaborates with others to secure systems. The goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat-protection practices and referring violations of organizational policies to appropriate stakeholders.
Responsibilities include threat management, monitoring and response using a variety of security solutions. The role primarily investigates, responds to and hunts threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender and third-party security products. Since the security operations analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies. The SC-200 exam determines certification. It is available in many languages at a cost of $165.
SEC560: Network Penetration Testing and Ethical Hacking
SANS Institute’s SEC560 cert prepares a candidate to conduct successful penetration testing and ethical hacking projects. They learn how to perform reconnaissance, exploit target systems to gain access and measure risk and scan target networks in hands-on labs. They become skilled in the best pen test tool sets available. The course concludes with a capture-the-flag exercise to conduct a penetration test against a sample target organization and demonstrate mastery.
Every organization needs skilled security personnel that can find vulnerabilities and mitigate their effects, and this course is designed for that role. It covers planning, scoping and reconnaissance, as well as scanning, target exploitation, password attacks and Windows Domain and Azure Active Directory attacks. For example, candidates learn to use the Nmap scanning tool to conduct network sweeps, port scans, operating system fingerprinting and version scanning to develop a map of target environments. They execute Nmap Scripting Engine scripts to extract detailed information from target systems.
Additionally, they analyze the output of scanning tools to manually verify findings and perform false positive reduction using Netcat and the Scapy packet crafting tools. Additionally, they become skilled in utilizing Windows and Linux command lines to plunder target systems for vital information that can further overall penetration test progress. The Metasploit exploitation tool is also taught as well as Kerberos attacks and others. Training costs around $7,000.
The Offensive Security Certified Professional (OSCP) certification course is all about penetration testing with Kali Linux. This online ethical hacking course is self-paced. The training marries textual and video-based content with hands-on exercises and labs. It introduces penetration testing tools and techniques via hands-on experience. PEN-200 trains not only the skills, but also the mindset required to be a successful penetration tester. It is intended for the likes of security professionals transitioning into penetration testing, existing pentesters wishing to up their game, network administrators, and other experienced IT pros.
All candidates are required to have:
- A solid understanding of TCP/IP networking.
- Reasonable Windows and Linux administration experience.
- Familiarity with basic Bash and/or Python scripting.
Costs range from $1149 to $1499. This includes 30 to 90 days lab access and one exam attempt.
InfoSec Institute offers plenty of courses that help prepare people for a variety of certification exams, including many covered on this list. With training for dozens of popular certifications, Infosec Skills provides tools both for those earning a first certification or for seasoned cybersecurity professionals. Live boot camps are also available. Those who enroll for instructor-led training are prepared to pass their certification exams. They can take practice exams and earn continuing education credits. InfoSec charges $599 per year for an individual. The InfoSec Institute training lineup is often used by individuals before applying for some of the certifications covered above. It is also a good way to stay current with industry trends, best practices and the latest technologies while adding further certifications to one’s repertoire.
Certifications are the road to cybersecurity jobs
Security certifications are valuable in attaining well-paying cybersecurity jobs. Some of the most valuable certificates cover broader IT management as well, and many of them are meant for already experienced IT, if not security, professionals. That means almost any IT experience is a start for a cybercareer path. However, some certificates are suitable for newcomers, and online courses and formal degree programs can also help novices get certifications or otherwise started in the field.
Read next: Top 10 cybersecurity colleges in the U.S. in 2022
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.