Which exams and certs do I need to get my first job in cyber security?

I had the pleasure of attending the Cyber Security Expo event in London last week, which focused on information security recruitment and career development in the UK.  From the many IT professionals and students I spoke to, there was really only one question:

“Which exams and certs do I need to get my first job in cyber security?”

I of course replied, “Well, that depends!” and then proceeded to list many qualifications that include MTA, CCNA Security, CEH, GIAC, CISM and CISSP. After several rather detailed conversations, I decided to reply with a new and time-saving (for me, at least) question:

“Well, that depends! What are you doing now, and are you planning for a technical or management career in the future?”

While not mutually exclusive, it is important to understand the difference between training to become a technical manager and training to becoming an information security manager. A true information security manager of course needs a good level of technical comprehension, but needs to focus on qualifications that develop knowledge of planning, risk assessment, implementation, compliance, business continuity and incident management. A true technical manager will require a deeper knowledge of key technologies, threats and vulnerabilities, and a typical learning pathway will likely include obtaining qualifications from Microsoft, CISCO, EC Council, CompTIA, ISACA and (ISC)2.

For all concerned, I recommended that they consider the basic Microsoft and CISCO certs as essential and then choose an ‘intermediate’ qualification (technical or management) that bridges the gap to eventually studying for CISA, CISM and CISSP examinations.

The IT Governance Professional Certification Portfolio includes a range of training courses designed to meet the needs of infosec management and technical career development. CompTIA Security+ is the newest addition to this portfolio and delivers an intermediate and industry-recognised technical qualification. With knowledge domains that include network security, threats/vulnerabilities, application security and access control, CompTIA is vendor-neutral. Individuals with this certificate are employed by global organisations that include Apple, Dell, ARAMCO, Canon and HP.