Security professionals understand that certifications matter. Apart from a technical exam, there is no quicker way to gauge a person’s ability than to examine their certifications.
Despite this fact, security professionals tend to put off their own credentialing, consumed with the day-to-day work of their role. The latest data from Foote Partners may provide you with some healthy extrinsic motivation to finally pursue one.
Foote Partners calculated the pay boost provided by a wide range of IT certifications in its 2Q 2024 “IT Skills Demand and Pay Trends Report,” and what they found is that IT security certs in general are paying significant dividends these days — not surprising given that the demand for cybersecurity skills is on the rise.
Among IT security certifications, Foote Partners’ data shows that 12 IT security certifications in particular are peaking in value right now, delivering an average pay premium of 10% to 11% versus IT professionals without these certifications. The pay gains for these certs are on the rise, having increased in market value from between 10% to 43% versus six months prior.
These bumps in pay are no small increase, especially considering that some of the certifications, such as ISC2’s Security Management Professional, are geared toward leadership roles that already have higher base pay. IT professionals looking for faster career advancement, better roles and opportunities, and greater negotiating power would be wise to consider adding one of the following certs to their resume.
Cisco Certified Network Professional Security
Cisco offers a Cisco Certified Network Professional (CCNP) Security certification that focuses on security concepts and architecture, user and device security, network security, assurance, and cloud application management. While there are no prerequisites for the CCNP, in Cisco’s leveling professional-level certifications like this one are meant to build on associate-level certifications. Cisco advises that most candidates in the certification have between three to five years of experience in network security. By demonstrating expertise with this credential, graduates can succeed in numerous roles, including security engineer, security analyst, and network security engineer. This certification is valid for three years and can be renewed by retaking the exam before its expiration or by taking continuing education credits.
Training fees: Professionals can avail of instructor-led training from Cisco and accredited partners (prices vary), or a US$6,000 annual subscription to Cisco U All Access, which provides learning pathways for professional-level certifications.
Exam fees: Professionals must take a core exam for US$400, plus one of seven exams for a concentration area for US$300.
Average pay premium (per Foote): 11%
Market value increase (per Foote): 38%
Certified Cloud Security Professional (ISC2-CCSP)
International Information System Security Certification Consortium’s Certified Cloud Security Professional covers six domains pertaining to the cloud, including cloud architecture, data security, infrastructure security, application security, security operations, and even legal, risk, and compliance. The certification is thus ideal for cloud specialists, such as cloud architects, engineers, consultants, and administrators that need to secure an organization’s critical assets in the cloud. The multiple-choice exam is 125 questions and up to 3 hours long. Professionals with ISC2-CCSP must renew by taking 60 continuing professional education credits in security architecture every three years.
To qualify for the exam, you must have five years of relevant professional experience.
Training fees: Professionals can buy self-paced online training for the ISC2-CCSP for US$963.75, bundle it with an exam for US$1,562.75, or avail of third-party training.
Exam fees: Pricing for the ISC2-CCSP varies by region. In the United States, the ISC2-CCSP exam is US$599.
Average pay premium: 11%
Market value increase: 22%
Certified Forensic Computer Examiner (CFCE)
Administered by the International Association of Computer Investigative Specialists (IACIS), the Certified Forensic Computer Examiner program is notable for its unique two-part structure. Professionals must first pass a peer review where an assigned coach will guide them to complete four practical problems, taking up to a month if needed. After peer review, professionals proceed to the certification phase, which is itself subdivided into a hard drive practical problem and a 100-question exam that tests general forensic knowledge through true-false, fill-in-the-blank, multiple-choice, and matching questions. Professionals have up to 44 days to complete this second phase of the CFCE.
To qualify for the exam, you must:
- Complete 72 hours of training in digital forensics, a requirement that can be satisfied by taking the two-week IACIS Basic Computer Forensics Examiner (BCFE) training course.
- Agree to abide by the IACIS Code of Ethics and Professional Conduct and pass a background check.
Exam and training fees: The CFCE Certification Program is only US$750 if candidates do not need to enroll in the BCFE training course.
Average pay premium: 11%
Market value increase: 10%
GIAC Reverse Engineering Malware Certification (GREM)
GIAC offers a Reverse Engineering Malware Certification that covers malware analysis — including malicious executables, code, document files, and executables — and malware characteristics. GREM is aimed toward technologists who need to examine or reverse-engineer malware to protect these organizations through incident response, forensic examination, and Windows system administration. This target audience includes auditors, security managers and consultants, and network administrators. To obtain the GREM, professionals must pass a proctored exam of 66 to 75 questions that lasts between 2 to 3 hours. To keep the GREM certification active, professionals must take 36 continuing education credits over four years.
Training fees: GIAC offers live training for GREM in various cities around the world starting at US$8,525.
Exam fees: The GREM exam costs US$979 for every attempt.
Average pay premium: 11%
Market value increase: 43%
Certified Information Privacy Manager
Offered by the International Association of Privacy Professionals (IAPP), the Certified Information Privacy Manager (CIPM) teaches professionals how to develop a privacy program framework, create a privacy team, and collaborate and measure performance across the privacy program operational life cycle. With the CIPM, professionals can become an information privacy manager or take on other roles that involve privacy program administration. IAPP recommends taking at least 30 hours to study for the exam in any of its available study options. The multiple-choice exam consists of 90 questions and can be taken for up to 150 minutes. Upon earning the CIPM, professionals must take 20 continuing privacy education credits for every two-year certification term.
Training fees: IAPP offers online training for the CIPM for US$1,195, and also live online and in-person options.
Exam fees: IAPP members and non-members can take the CIPM exam for US$550.
Average pay premium: 11%
Market value increase: 25%
Certified Information Security Manager (CISM)
Information Systems Audit and Control Association (ISACA) administers the Certified Information Security Manager, which is geared toward IT security managers, especially those who want to move into leadership. The program focuses on four key domains: information security risk management, information security governance, incident management, and information security program. The curriculum notably includes cutting-edge technologies such as AI and blockchain, so that IT professionals can protect their organizations from evolving threats. The exam consists of 150 multiple-choice questions that professionals have 4 hours to complete. Like the CDPSE, professionals must maintain CISM through continuing professional education credits: 20 annually, and 120 over three years.
To qualify for the exam, you must have a minimum of five years of experience in information security, though an experience waiver is available for up to two years.
Training fees: ISACA offers multiple training modalities for the CISM, including an online review course (US$795 for ISACA members, US$895 for non-members), a database of questions (US$299 for members, US$399 for non-members), and a review manual (US$109 for members, US$139 for non-members).
Exam fee: The CISM exam costs US$575 for members and US$760 for non-members.
Average pay premium: 11%
Market value increase: 10%
InfoSys Security Engineering Professional (ISSEP)
ISC2 offers a certification as a InfoSys Security Engineering Professional, which was designed in partnership with the US National Security Agency (NSA). The ISSEP program is built around five domains: systems security engineering foundations; risk management; security planning and design; systems implementation, verification, and validation; and secure operations, change management and disposal. The program is thus targeted toward professionals like senior systems engineer, information assurance officer, and senior security analyst. The multiple-choice exam consists of 125 questions, which professionals have 3 hours to go through. Upon passing, professionals must recertify every 3 years through 60 continuing professional education credits in security engineering.
To qualify for the exam, you must have a minimum of seven years of experience in any of ISSEP’s five domains, or two years plus status as a Certified Information Systems Security Professional (CISSP).
Training fees: Professionals can buy self-paced online training for the ISSEP for US$733.75, bundle it with an exam for US$1,332.75, or avail of third-party training.
Exam fees: Pricing for the ISSEP varies by region. In the United States, the ISSEP exam is US$599.
Average pay premium: 11%
Market value increase: 10%
InfoSys Security Management Professional (ISSMP)
ISC2 also administers certification for InfoSys Security Management Professional. Designed for leaders like CIOs, CISOs, and CTOs, ISSMP focuses on governance, management, and leadership of information security programs. Leaders will master six domains, including soft skills such as leadership and business management, along with hard skills such as systems lifecycle management. The multiple-choice exam consists of 125 questions and a three-hour time limit. Professionals must recertify for the ISSMP by taking 60 continuing professional education credits specific to security management every 3-year term.
To qualify for the exam, you must possess a CISSP and two years of relevant experience, or seven years of experience in total.
Training fees: Professionals can buy self-paced online training for the ISSMP for US$733.75, bundle it with an exam for US$1,332.75, or avail of third-party training.
Exam fees: Pricing for the ISSMP varies by region. In the United States, the ISSMP exam is US$599.
Average pay premium: 11%
Market value increase: 10%
Cisco Certified CyberOps Professional
Cisco also offers a CyberOps Professional certification for professionals that want to demonstrate mastery in security fundamentals, techniques, processes, and automation to prevent cyberattacks, lead incident response, and handle cloud security. Although the CyberOps Professional certification has no formal prerequisites, Cisco notes that most candidates have three to five years of experience in enterprise networking. Professionals who obtain this certification can become a network security engineer, cybersecurity investigator, and incident manager. Like the CCNP, the CyberOps Professional certification is valid for three years and can be renewed through continuing education or retaking the exam.
Training fees: Professionals can avail of instructor-led training from Cisco and accredited partners (prices vary), or a US$6,000 annual subscription to Cisco U All Access, which provides learning pathways for professional-level certifications.
Exam fees: Professionals must take a core exam for US$400, plus one of two exams for a concentration area for US$300.
Average pay premium: 11%
Market value increase: 25%
InfoSys Security Architecture Professional (ISSAP)
ISC2’s InfoSys Security Architecture Professional is ideal for professionals in roles like system architect, business analyst, and system and network designer. The certification focuses on security architecture and spans six domains, including everything from security operations architecture and infrastructure security to identity and access management architecture. The exam for the ISSAP is the same format as others from ISC2, as is the renewal process for professionals who have already earned the certification.
To qualify for the exam, you must have seven years of relevant experience, or have a CISSP and two years of experience.
Training fees: Professionals can buy self-paced online training for the ISSAP for US$733.75, bundle it with an exam for US$1,332.75, or avail of third-party training.
Exam fees: Pricing for the ISSEP varies by region. In the United States, the ISSAP exam is US$599.
Average pay premium: 11%
Market value increase: 25%
Certified Data Privacy Solutions Engineer (CDPSE)
Developed by ISACA, the Certified Data Privacy Solutions Engineer program teaches privacy governance, privacy architecture, and data life cycle work to professionals interested in implementing comprehensive privacy solutions. The exam consists of 120 multiple-choice questions that professionals have up to 3.5 hours to complete. Upon earning their CDPSE, professionals must maintain the certification through 20 continuing professional education credits annually and at least 120 over a three-year period.
To qualify for the exam, you must have at least three years of experience in the field, and the ISACA does not accept experience waivers.
Training fees: ISACA offers multiple training modalities for the CDPSE, including an online review course (US$795 for ISACA members, US$895 for non-members), a database of questions (US$299 for members, US$399 for non-members), and a review manual (US$109 for members, US$139 for non-members).
Exam fees: The CDPSE exam costs US$575 for members and US$760 for non-members.
Average pay premium: 10%
Market value increase: 11%
EC-Council Certified Ethical Hacker (CEH)
In Certified Ethical Hacker, stylized by administrator EC-Council as C|EH, professionals learn the foundations of ethical hacking across 20 modules, beginning with footprinting all the way up to cloud computing and cryptography. The EC-Council recommends that professionals have at least two years of experience in IT security; those without it can prepare with its free Cyber Security Essentials series. In C|EH, professionals will learn how to conduct the stages of ethical hacking: reconnaissance, scanning, gaining and maintaining access, and covering tracks. The certification is ideal for cyber professionals that can benefit from ethical hacking, including cybersecurity auditor, warning analyst, solution architect, and more. The C|EH exam consists of 125 multiple-choice questions, along with a practical exam based on different scenarios.
Training and exam fees: CEH bundles their on-demand video course with a certification exam for US$799, and there are also live and hybrid options that also come with exam vouchers.
Average pay premium: 10%
Market value increase: 11%