This article is about the value of cybersecurity certifications. To see our list of recommended resources for preparing for certification exams, check out our listing here. If instead, you are looking for our list of the best certifications for beginners, you can see our article here.
A lot of people question whether cybersecurity certifications are worth the investment of time and money. Several arguments can be made against certifications, especially since there are so many certifications out there now and many have come and gone in terms of popularity over the years. With that said, they are still an intriguing option for the entry level cybersecurity professional or career changer looking to move into the cybersecurity field.
So, are cybersecurity certifications worth the effort? Cybersecurity certifications are worth the effort if you use them as a supplement to other qualifications on your resume. Only having certifications on a resume is an indication to employers that your knowledge is not based on experience.
In other words, certifications are worth the effort, but they are not the only thing that will require your time and effort while you’re building your cybersecurity career. I am a big proponent of certifications because I’ve seen them help my career and the careers of many others, and they provide many benefits other than just the obvious potential financial impact. Let’s look at several of those benefits now.
The benefits of getting a certification
Many people just starting out in cybersecurity assume that certifications are all about the money, and that can be true, but certifications can also provide several other benefits for your career.
Benefit #1: Certifications can be a differentiator.
Certifications can be a differentiator between you and someone else competing for the same position. I have witnessed a few occasions where an applicant with a certification or multiple certifications beat out a similarly-qualified but non-certified applicant, solely because of the certification. In these cases, the employer used the certification as the deciding factor. For those attending college, I always recommend that they also pursue a certification because the certification serves as a point of difference between them and other college graduates.
Benefit #2: Certifications show a level of accomplishment and perseverance.
Everyone knows that earning a certification takes work, so having them does convey a level of commitment to your career and knowledge base. This is especially important as you start your career and have less to rely on or talk to potential employers about. Having a certification shows you’re serious about your career field.
Benefit #3: A lot of employers place high value them.
Not all employers are swayed by certifications, but there are still A LOT of employers that are impressed by them. Even the Department of Defense has established baseline certifications for their personnel, such as the CompTIA Security+ for many of the security and intelligence positions. Some employers even give preference to certifications over a college degree, so having a certification can get you noticed by them as well.
Benefit #4: A certification can keep your employer on their toes.
Several times in my career I’ve followed the playbook of earning a certification on my own time and with my own money, all without letting my employer in on my intentions. After I earned the certification, I would forward them the email confirmation or let them know verbally (or just hang it on my office wall without saying anything.) In these scenarios, you can start to see the wheels turn as they wonder when you completed the certification, why you’re improving yourself and what your intentions are.
By obtaining a certification while you’re working, either in the cybersecurity field or not, obtaining a certification can get your employer to take notice. In many cases, this can give you leverage.
Benefit #5: Certifications can be used to negotiate a raise or promotion.
At some point, money must become a factor in any career decision, and here it is. Certifications can be helpful in providing a cybersecurity professional with leverage to negotiate a raise or promotion. This is why so many certification providers try to tie their certifications to pay rates. Of course, there are many other factors involved in whether a certification can lead to a raise for you but can be worth the effort to try to use a certification as a bargaining chip for higher pay.
Benefit #6: Everyone who doesn’t have one wishes they did.
To me, this may be the best benefit of all. Wouldn’t you rather have the certification than not? Think about it. Is there any person out there without a degree that wouldn’t wave a magic wand to get a degree if they could? Is there any IT person out there who wouldn’t mind having an alphabet of certifications after their name? We all like these qualifiers, but many of us simply don’t have the drive to pursue them – which makes them that much more valuable to those of us who do.
Benefit #7: Employers often place more credibility in certifications than training programs.
There are tons of online and in-person training programs available, and the number of people that have dumped thousands of dollars into them is astounding. Many of these training programs are paper mills or brain dumps, where the student isn’t really given the time to learn anything, and often isn’t offered the opportunity to try to learn things hands on. The challange is that many of these programs are tied to certification preperation, although many of the students are unable to pass the exam at the end of the training. Having a certification is often seen by employers as a higher validation of knowledge than just having completed some training.
What is the best way to prepare for a certification?
When preparing for a cybersecurity certification, be sure to use a variety of sources. Any given textbook, class or video course is going to be that provider’s interpretation of what is best able to prepare you for the exam. No one resource will be able to provide everything that you need for guaranteed success or will be able cover all of the exam topics in the best way.
With that in mind, a good approach for cybersecurity certification preparation is to take a course or video course first, and then reinforce that training with textbook study and hands on practice. Many certification books are available at public libraries. Check out those resources and use them to supplement the coursework you’ve already done. Once you become comfortable with the material, work through several practice exams. The best practice exam options explain the correct answers in detail, as well as the incorrect answers. Since many certification exams have fifty or more exam questions, you’ll want to work through several hundred practice questions to prepare and ensure you’ve seen enough question topics and question variety. Keep in mind that any questions on the exam are written from the perspective of how the test writer sees the content, and not necessarily what is done in any given operational setting. That means it’s best to think of the exam concepts from the point of view of the test writer. This is why so many certification preparation books say things like “CompTIA wants you to know…” or “Cisco considers…”.
How do I know when I’m ready to sit for the certification exam?
I have found that a great way to know you’re ready to sit for a certification exam is to evaluate if you know the material well enough to teach it to others. If you can fully explain the certification material to someone who is unfamiliar with that content, that is a good indication you know the material well enough to answer any questions that the exam may ask. As you near the end of your certification exam preparation, try explaining and teaching the material to someone you know. If you feel confident in explaining it to others, that should give you the confidence that you’re ready to sit for the exam.
Does the market get saturated with too many certified people? It isn’t right now but it has been before. The rise of paper mill certification training centers in the late 90’s and early 2000’s really hurt the certification market because these training centers would suggest that a certification would guarantee a good job to anyone, even with no experience in the field. This influx of certified but otherwise unqualified people hurt the market back then, but the market has grown a good bit since then, so it doesn’t seem to be a problem any longer. This is why certifications need to be a supplement to experience in your approach to building your cybersecurity resume.
Could the market become saturated again? This is doubtful. Many certifications now require renewal every three years, and certification exams today are probably more challenging than they have been in the past. Also, the sheer number of certifications available has grown exponentially. All these things have helped to ensure the certification market does not become saturated.