There’s a lot of buzz around how certs aren’t important. I’m calling BS, and here’s why.

As thousands of cybersecurity professionals converge in San Francisco at the RSA Conference, I thought I would throw my two cents in on the certification debate. To wit, there’s a lot of buzz about the assertion that softer analytics skills matter more than certifications. I’ve even heard people say some security certs detract from a resume.

You know the No. 1 attribute of people claiming security certifications don’t matter? They don’t have any. In my years of experience placing security pros in good jobs, it’s that simple. Having the right certifications matters, and here’s why.

1.  You will make more money. The 682 IT security professionals responding to the security cut of InformationWeek’s 2013 U.S. IT Salary Survey are unequivocal: Security staffers holding any security certification (CISSP, CISA, CISM) average $101,000 in total compensation vs. $87,000 for those with no certs. For managers, the spread is $130,000 vs. $121,000. Do you really need another reason?

 

 

 

 

2. Certs show your commitment to the security field. I know you’re serious about cybersecurity as a career, otherwise you wouldn’t be reading this. But how will a hiring manager know?  Easy — by scanning resumes to see which applicants are committed enough that they’re willing to spend free time studying and doing homework, often paying for the privilege out of their own pockets. Just 44% of security staffers and 49% of managers in the salary survey expected to get certification reimbursement.

Most of us were not Jeff Spicoli, but admit it, we hated homework as kids. We couldn’t wait to grow up so we could spend our free time (and cash) doing just about anything else. I know a person who burned a full week of vacation and paid for lodging to obtain his Cloud Security certification.  As an employer and a hiring manager, that tells me he wants to become better. He’s the type of security professional that any company would be fortunate to have.

3. Certs make you more attractive to potential employers. Building on the above, obtaining a security certification shows you respect the industry and take pride in your profession. That kind of attitude is contagious. Moreover, it shows you’re smart enough to know what you don’t know and look to improve. It takes gumption to acknowledge that there are areas of one’s professional experience that could use a boost. Team members see this, and it rubs off.

All that adds up to a great employee. That hiring managers get this is a no-brainer. In a side-by-side comparison of otherwise equal candidates, most prefer the one with certs. Don’t take my word for it — check out the ISC2 Global Information Security Workforce Study. It concluded that almost 70% of respondents view certs as a reliable indicator of competency when hiring, and almost half require certification.

[If you realize that mobile security means more than ensuring users don’t download malware-bearing games from the Android store, take our 2014 survey and enter to win a 32 GB Kindle Fire HDX.]

4. Certs jump out when robots and spiders crawl resumes. Most, if not all, resume reviews begin with an electronic search. The HR pro types in some keywords and voila. I know from experience that people conducting keyword searches typically begin narrowly and expand only if early results fail. “Narrowly” means entering in a comprehensive (read: long) list of keywords, and I guarantee that at least one certification will be among them. If your resume includes those magic letters, it will always help you get on the fast-track through the electronic screening process.

Plus, the InformationWeek security salary survey shows you’ll be in the minority if you don’t have any certifications.

 

 

 

 

5. You become a member of a club. While it might not be as glamorous as joining Bushwood Country Club, earning a certification grants you membership to an exclusive club. This association affords you the opportunity to network with like-minded individuals, share information, and gain ongoing knowledge. You can attend conferences, webinars, and have access to information provided only to members. Again, a career win/win for you and your employer.

Now, before leaving an angry comment, I am not implying that you are not serious, a great team player, and worthy of a job if you don’t have security certification(s). We all know a certification is not more important than experience. But the two combined is a powerful and delicious combination. Peanut butter is great on its own. Add jelly and it’s irresistible to hiring managers.

Engage with Oracle president Mark Hurd, NFL CIO Michelle McKenna-Doyle, General Motors CIO Randy Mott, Box founder Aaron Levie, UPMC CIO Dan Drawbaugh, GE Power CIO Jim Fowler, and other leaders of the Digital Business movement at the InformationWeek Conference and Elite 100 Awards Ceremony, to be held in conjunction with Interop in Las Vegas, March 31 to April 1, 2014. See the full agenda here.

Mark Aiello is President of Cyber 360 Solutions, a cyber-security professional services and staffing firm headquartered in Boston. Cyber 360 Solutions is a division of Staffing 360 Solutions, a publicly listed company in the global staffing sector engaged in the acquisition of domestic and international staffing organizations with operations in the United States, Europe, and India. Previously, Mark was founder and CEO of The Revolution Group and secureRevGroup.

[Source: InformationWeek]

Summary: Certifications ranging from software lifecycle management to cloud and database architecture to project management are hot skill areas for the year ahead.

The U.S. Census Bureau recently released estimates that more than one in four of the working-age population has obtained a professional certification, license or educational certificate apart from a post-secondary degree awarded by a college or university. For managers and professionals in the fast-changing digital and tech economy, certifications may be the only way to keep skills current and relevant. Areas in hot demand right now — such as data science and analysis, cloud development, and open-source scripting languages — were not even around five years ago.

Certifications and accreditations are delivering positive results for both IT professionals and their employers. Foote Partners released its latest estimates of pay and premium rates for a range of IT skills, and finds that IT professionals with certifications are continuing to see an edge in their compensation. The trend continues upward in the aftermath of the economic trough of 2008-2010.

Extra pay specifically awarded to talented IT professionals for 354 noncertified IT skills and 296 IT certifications—also known as ‘skills premiums’— increased in the fourth quarter of 2013, the consultancy finds.  “It is only the third time since 2010 that both certified and noncertified skills categories have recorded pay gains in the same calendar quarter, the result of the reversal of a long running slump in market values for certifications dating back to 2006,” the consultancy observes.

The skills premium index has been tracking more than 2,500 North American employers and 150,000 IT professionals since 1999.

The top gainers in the last quarter include the following certification categories:

• Systems Administration/Engineering certifications: +2.5% (in market value)
• Information Security certifications: +2.0%
• Database certifications: +1.2%
• Networking & Communications certifications: +1.2%
• Architecture/Project Management/Process certifications: +1.0%
• Applications Development/Programming Lang. certifications: +0.9%

Here are the top 20 certifications that Foote predicts will continue to increase in value during the first half of 2014:

1. Certified Secure Software Lifecycle Professional (CSSLP)
2. CWNP/Certified Wireless Network Expert
3. GIAC Certified Forensics Analyst (GCFA)
4. GIAC Certified Penetration Tester (GPEN)
5. GIAC Web Application Penetration Tester (GWAPT)
6. HP ASE Cloud Architect V2
7. HP/Master ASE–Data Center and Cloud ArchitectV1
8. Information Systems Security Engineering Professional (ISSEP/CISSP)
9. InfoSys Security Architecture Professional (ISSAP/CISSP)
10. Microsoft Certified Solutions Master(all)
11. Open Group Certified Architect (Open CA)
12. Open Group Master Architect
13. Oracle Certified Professional, MySQL 5 Developer
14. Oracle Certified Expert MySQL 5.1 Cluster Database Administrator
15. Oracle Certified Professional MySQL 5 Database Administrator
16. PMI Risk Management Professional
17. PMI Agile Certified Practitioner (PMI-ACP)
18. Red Hat Certified Architect (RHCA)
19. Teradata 12 Certified Enterprise Architect
20. VMware Certified Design Expert – Cloud (VCDX-Cloud)

About Joe McKendrick

Joe McKendrick is an author, consultant and speaker specializing in trends and developments shaping the technology industry.

[Source: ZDNet]

John Hales, Global Knowledge VMware instructor,
A+, Network+, CTT+, MCSE, MCDBA, MOUS, MCT, VCP, VCAP, VCI, EMCSA

Introduction

It’s always a good idea to take stock of your skills, your pay, and your certifications. To that end, following is a review of 15 of the top-paying certifications for 2014. With each certification, you’ll find the average (mean) salary and a brief description.

Based on the 2014 IT Skills and Salary Survey conducted by Global Knowledge and Penton and completed in October 2013, the rankings below are derived from certifications that received the minimum number of responses to be statistically relevant. Certain certifications pay more but are not represented due to their exclusive nature. Examples include Cisco Certified Internetworking Expert (CCIE) and VMware Certified Design Expert (VCDX). This was a nationwide survey, and variations exist based on where you work, years of experience, and company type (government, non profit, etc.).

1. Certified in Risk and Information Systems Control (CRISC) – $118,253

The non-profit group ISACA offers CRISC certification, much in the way that CompTIA manages the A+ and Network+ certifications. Formerly, “ISACA” stood for Information Systems Audit and Control Association, but now they’ve gone acronym only.

The CRISC certification is designed for IT professionals, project managers, and others whose job it is to identify and manage risks through appropriate information systems (IS) controls, covering the entire lifecycle, from design to implementation to ongoing maintenance. It measures two primary areas: risk and IS controls. Similar to the IS control lifecycle, the risk area spans the gamut from identification and assessment of the scope and likelihood of a particular risk to monitoring for it and responding to it if/when it occurs.

Since CRISC’s introduction in 2010, more than 17,000 people worldwide have earned this credential. The demand for people with these skills, and the relatively small supply of those who have them, result in this being the highest salary for any certification on our list this year.

To obtain CRISC certification, you must have at least three years of experience in at least three of the five areas that the certification covers, and you must pass the exam, which is only offered twice a year. This is not a case where you can just take a class and get certified. Achieving CRISC certification requires effort and years of planning.

2. Certified Information Security Manager (CISM) – $114,844

ISACA also created CISM certification. It’s aimed at management more than the IT professional and focuses on security strategy and assessing the systems and policies in place more than it focuses on the person who actually implements those policies using a particular vendor’s platform.

More than 23,000 people have been certified since its introduction in 2002, making it a highly sought after area with a relatively small supply of certified individuals. In addition, the exam is only offered three times a year in one of approximately 240 locations, making taking the exam more of a challenge than many other certification exams. It also requires at least five years of experience in IS, with at least three of those as a security manager. As with CRISC, requirements for CISM certification demand effort and years of planning.

3. Certified Information Systems Auditor (CISA) – $112,040

The third highest-paying certification is also from ISACA; this one is for IS auditors. CISA certification is ISACA’s oldest, dating back to 1978, with more than 106,000 people certified since its inception. CISA certification requires at least five years of experience in IS auditing, control, or security in addition to passing an exam that is only offered three times per year.

The CISA certification is usually obtained by those whose job responsibilities include auditing, monitoring, controlling, and/or assessing IT and/or business systems. It is designed to test the candidate’s ability to manage vulnerabilities, ensure compliance with standards, and propose controls, processes, and updates to a company’s policies to ensure compliance with accepted IT and business standards.

4. Six Sigma Green Belt – $109,165

Six Sigma is a process of analyzing defects (anything outside a customer’s specifications) in a production (manufacturing) process, with a goal of no more than 3.4 defects per million “opportunities” or chances for a defect to occur. The basic idea is to measure defects, analyze why they occurred, and then fix the issue and repeat. There is a process for improving existing processes and a slightly modified version for new processes or major changes. Motorola pioneered the concept in the mid-1980s, and many companies have since followed their examples to improve quality.

This certification is different from the others in this list, as it is not IT specific. Instead, it is primarily focused on manufacturing and producing better quality products.

There is no organization that owns Six Sigma certification per se, so the specific skills and number of levels of mastery vary depending on which organization or certifying company is used. Still, the entry level is typically Green Belt and the progression is to Black Belt and Master Black Belt. Champions are responsible for Six Sigma projects across the entire organization and report to senior management.

5. Project Management Professional (PMP®) – $108,525

The PMP certification was created and is administered by the Project Management Institute (PMI®), and it is the most recognized project management certification available. There are more than half a million active PMPs in 193 countries worldwide.

The PMP certification exam tests five areas relating to the lifecycle of a project: initiating, planning, executing, monitoring and controlling, and closing. PMP certification is for running any kind of project, and it is not specialized into sub types, such as manufacturing, construction, or IT.

To become certified, individuals must have 35 hours of PMP-related training along with 7,500 hours of project management experience (if they have less than a bachelor’s degree) or 4,500 hours of project management experience with a bachelor’s or higher. PMP certification is another that requires years of planning and effort.

6. Certified Scrum Master – $107,396

Another project management-related certification, Certified Scrum Master is focused on software (application) development.

Scrum is a rugby term; it’s a means for restarting a game after a minor rules violation or after the ball is no longer in play (for example, when it goes out of bounds). In software development, Scrum is a project management process that is designed to act in a similar manner for software (application development) projects in which a customer often changes his or her mind during the development process.

In traditional project management, the request to change something impacts the entire project and must be renegotiated – a time-consuming and potentially expensive way to get the changes incorporated. There is also a single project manager.

In Scrum, however, there is not a single project manager. Instead, the team works together to reach the stated goal. The team should be co-located so members may interact frequently, and it should include representatives from all necessary disciplines (developers, product owners, experts in various areas required by the application, etc.).

Where PMP tries to identify everything up front and plan for a way to get the project completed, Scrum takes the approach that the requirements will change during the project lifecycle and that unexpected issues will arise. Rather than holding up the process, Scrum takes the approach that the problem the application is trying to solve will never be completely defined and understood, so team members must do the best they can with the time and budget available and by quickly adapting to change.

So where does the Scrum Master fit in? Also known as a servant-leader, the Scrum Master has two main duties: to protect the team from outside influences that would impede the project (the servant) and to chair the meetings and encourage the team to continually improve (the leader).

Certified Scrum Master certification was created and is managed by the Scrum Alliance and requires the individual to attend a class taught by a certified Scrum trainer and to pass the associated exam.

7. Citrix Certified Enterprise Engineer (CCEE) – $104,240

The CCEE certification is a legacy certification from Citrix that proves expertise in XenApp 6, XenDesktop 5, and XenServer 6 via the Citrix Certified Administrator (CCS) exams for each, the Citrix Certified Advanced Administrator (CCAA) for XenApp 6, and an engineering (advanced implementation-type) exam around implementing, securing, managing, monitoring, and troubleshooting a complete virtualization solution using Citrix products.

Those certified in this area are encouraged to upgrade their certification to the App and Desktop track instead, which focuses on just XenDesktop, taking one exam to become a Citrix Certified Professional – Apps and Desktops (CCP-AD). At this point though, the CCEE is available as long as the exams are available for the older versions of the products listed.

8. Citrix Certified Administrator (CCA) for Citrix NetScaler – $103,904

The CCA for NetScaler certification has been discontinued for NetScaler 9, and those with a current certification are encouraged to upgrade to the new Citrix Certified Professional – Networking (CCP-N). In any case, those with this certification have the ability to implement, manage, and optimize NetScaler networking performance and optimization, including the ability to support app and desktop solutions. As the Citrix certification program is being overhauled, refer to http://training.citrix.com/cms/index.php/certification/ to view the certifications available, upgrade paths, etc.

9. Certified Ethical Hacker (CEH) – $103,822

The International Council of E-Commerce Consultants (EC-Council) created and manages CEH certification. It is designed to test the candidate’s abilities to prod for holes, weaknesses, and vulnerabilities in a company’s network defenses using techniques and methods that hackers employ. The difference between a hacker and a CEH is that a hacker wants to cause damage, steal information, etc., while the CEH wants to fix the deficiencies found. Given the many attacks, the great volume of personal data at risk, and the legal liabilities possible, the need for CEHs is quite high, hence the salaries offered.

10. ITIL v3 Foundation – $97,682

IT Infrastructure Library (ITIL®) was created by England’s government in the 1980s to standardize IT management. It is a set of best practices for aligning the services IT provides with the needs of the organization. It is broad based, covering everything from availability and capacity management to change and incident management, in addition to application and IT operations management.

It is known as a library because it is composed of a set of books. Over the last 30 years, it has become the most widely used framework for IT management in the world. ITIL standards are owned by AXELOS, a joint venture company created by the Cabinet Office on behalf of Her Majesty’s Government in the United Kingdom and Capita plc, but they have authorized partners who provide education, training, and certification. The governing body defined the certification tiers, but they leave it to the accredited partners to develop the training and certification around that framework.

The Foundation certification is the entry-level one and provides a broad-based understanding of the IT lifecycle and the concepts and terminology surrounding it. Anyone wishing for higher-level certifications must have this level first, thus people may have higher certifications and still list this certification in the survey, which may skew the salary somewhat.

For information on ITIL in general, please refer to http://www.itil-officialsite.com/. Exams for certification are run by ITIL-certified examination institutes as previously mentioned; for a list of them, please refer tohttp://www.itil-officialsite.com/ExaminationInstitutes/ExamInstitutes.aspx.

11. Citrix Certified Administrator (CCA) for Citrix XenServer – $97,578

The CCA for XenServer certification is available for version 6 and is listed as a legacy certification, but Citrix has yet to announce an upgrade path to their new certification structure. Those with a CCA for Citrix XenServer have the ability to install, configure, administer, maintain, and troubleshoot a XenServer deployment, including Provisioning Services. As the Citrix certification program is being overhauled, refer tohttp://training.citrix.com/cms/index.php/certification/ to view the certifications available, upgrade paths, etc.

12. ITIL Expert Certification – $96,194

The ITIL Expert certification builds on ITIL Foundation certification. It is interesting that ITIL Expert pays less on average than ITIL Foundation certification. Again, it’s likely the salary results may be somewhat skewed depending on the certifications actually held and the fact that everyone who is ITIL certified must be at least ITIL Foundation certified.

To become an ITIL Expert, you must pass the ITIL Foundation exam as well as the capstone exam, Managing Across the Lifecycle. Along the way, you will earn intermediate certifications of your choosing in any combination of the lifecycle and capability tracks. You must earn at least 22 credits, of which Foundation accounts for two and the Managing Across the Lifecycle exam counts for five. The other exams count for three each (in the Intermediate Lifecycle track) or four each (in the Intermediate Capability track) and can be earned in any order and combination, though the official guide suggests six recommended options. The guide is available at http://www.itil-officialsite.com/Qualifications/ITILQualificationScheme.aspx by clicking on the English – ITIL Qualification Scheme Brochure link.

13. Cisco Certified Design Associate (CCDA) – $95,602

Cisco’s certification levels are Entry, Associate, Professional, Expert, and Architect. Those who obtain this Associate-level certification are typically network design engineers, technicians, or support technicians. They are expected to design basic campus-type networks and be familiar with routing and switching, security, voice and video, wireless connectivity, and IP (both v4 and v6). They often work as part of a team with those who have higher-level Cisco certifications.

To achieve CCDA certification, you must have earned one of the following: Cisco Certified Entry Networking Technician (CCENT), the lowest-level certification and the foundation for a career in networking); Cisco Certified Network Associate Routing and Switching (CCNA R&S); or any Cisco Certified Internetwork Expert (CCIE), the highest level of certification at Cisco. You must also pass a single exam.

14. Microsoft Certified Systems Engineer (MCSE) – $95,276

This certification ranked number 14 with an average salary of $95,505 for those who didn’t list an associated Windows version and $94,922 for those who listed MCSE on Windows 2003, for the weighted average of $95,276 listed above.

The Microsoft Certified Systems Engineer is an old certification and is no longer attainable. It has been replaced by the Microsoft Certified Solutions Expert (yes, also MCSE). The Engineer certification was valid for Windows NT 3.51 – 2003, and the new Expert certification is for Windows 2012. There is an upgrade path if you are currently an MCSA or MCITP on Windows 2008. There is no direct upgrade path from the old MCSE to the new MCSE.

15. Citrix Certified Administrator (CCA) for Citrix XenDesktop – $95,094

The CCA for XenDesktop certification is available for versions 4 (in Chinese and Japanese only) and 5 (in many languages including English). Those with a current certification are encouraged to upgrade to the new Citrix Certified Associate – Apps and Desktops (CCA-AD). In any case, those with this certification have the ability to install, administer, and troubleshoot a XenDesktop deployment, including Provisioning Services and the Desktop Delivery Controller as well as XenServer and XenApp. As the Citrix certification program is being overhauled, refer to http://training.citrix.com/cms/index.php/certification/ to view the certifications available, upgrade paths, etc.

Rounding Out the Top 25

A few popular certifications just missed the Top 15 cut due to a low total number of responses or an average (mean) pay just outside the threshold. Due to their popularity, I have included them for informational purposes.

Certification	Average Pay
CISSP: Certified Information Systems Security Professional	$114,287
MCSE: Microsoft Certified Systems Engineer 2003	$94,922
RHCSA: Red Hat Certified System Administrator	$94,802
VCP-DCV: VMware Certified Professional – Data Center Virtualization	$94,515
JNCIA: Juniper Networks Certified Internet Associate	$94,492
MCTS: Windows Server 2008 Applications Infrastructure Configuration	$91,948
MCITP: Enterprise Administrator	$91,280
CCNP: Cisco Certified Network Professional	$90,833
WCNA: Wireshark Certified Network Analyst	$88,716
CCNA R&S: Cisco Certified Network Associate Routing and Switching	$81,308

Conclusion

If you’re looking to improve your skills (and your pay!), consider adding one or more of the certifications above. Consider your current skill set and see if a related skill or a management skill may help power your career to the next level. For example: If you already know storage or networking, consider a certification in virtualization. Or, break out of your technical track into a management track by taking ITIL or PMP training and getting certified in one of those areas.

About the Author

John Hales, VCP, VCP-DT, VCAP-DCA, VCI, is a VMware instructor at Global Knowledge, teaching most of the vSphere classes that Global Knowledge offers, including the View classes. John is also the author of many books, including involved technical books from Sybex, exam preparation books, and many quick reference guides from BarCharts, in addition to custom courseware for individual customers. His latest book on vSphere is entitled Administering vSphere 5: Planning, Implementing and Troubleshooting. John has various certifications, including the VMware VCA-DCV, VCA-DT, VCA-Cloud, VCP, VCP-DT, VCAP-DCA, VCI, and VCI Level 2; the Microsoft MCSE, MCDBA, MOUS, and MCT; the EMC Storage Administrator (EMCSA); and the CompTIA A+, Network+, and CTT+. John lives with his wife and children in Sunrise, FL.

[Source: GlobalKnowledge]