When pursuing a career in cyber security, it can be helpful to understand the certifications which you will require for certain roles, and at different points in your career.
There are many cyber security degrees on offer throughout universities in the UK, and if this is of interest to you, then taking a look at the list of Academic Centres of Excellence granted by The National Cyber Security Centre may be a good place to begin. These universities have met tough standards to secure a place in the list, from publishing leading, impactful cyber security journal articles to a commitment to invest in cyber security research. Although a university degree is not always necessary for a cyber security role, undertaking a degree helps an individual to build transferable skills which are key in any workplace. This may include effective time management, good team-work skills, and the ability to form and present key arguments and ideas.
For some, gaining real-world experience may be more beneficial. This can allow you to obtain experience in- and understanding of- the field, as well as acquiring valuable contacts. Also, it may be easier to determine your preference of roles within the industry. However, every situation is different, and there is no ‘right’ way of getting into the field. Working in cyber security is not determined by a degree or lack of degree, so it is important to weigh up the pros and cons of each scenario based on your own personal needs and situation.
A beginner’s level certification which will help you to prove your cyber security skills is the Security+ certificate. This is regarded as the first certification you should look to earn when in pursuit of a cybersecurity career. The Security+ certification allows you to demonstrate the baseline skills required to undertake core security roles. This will include understanding of cryptography, risk management and security vulnerabilities, and places an emphasis on practical skills. With this certification, the candidate will be able to pursue roles such as Security Administrator, Systems Administrator, and Junior Penetration Tester.
To progress in a career in cyber security, there are a number of further certifications which you can acquire depending on your chosen role. The Certified Ethical Hacker (CEH) certification is to be taken by those with a minimum of 2 years as a security professional, or those with EC-council training. This certification is designed to prove a knowledge of ethical hacking methodology, which can be taken to be used in careers of network infrastructure and penetration testing. CEH certifications will cover social engineering, vulnerability analysis, cryptography and more.
Another certification which can help to progress a cyber security career is the Certified Information Systems Security Professional (CISSP) certification. This is aimed at security professionals with at least 5 years experience in two or more domains from a list of 8. This list includes: Security and Risk Management, Asset Security, Security Operations and more. The aim of this certification is to demonstrate a candidate’s ability to manage a security programme from design to implementation, and is accessible to those in positions such as Security Manager or Chief Information Security Officer.
At the advanced level, the Offensive Security Certified Professional (OSCP) certification focuses on penetration testing. The OSCP is aimed at security professionals, expected to have a solid understanding of TCP/IP networking, as well as knowledge of Linux, Bash scripting and more. The examination is a 24 hour lab test, looking to evaluate time technical skills and time management, through machine work, clear documentation of your process, and the submission of a final report.