With the New Year on the horizon, many IT professionals may be looking to improve their careers in 2025 but need direction on the best way. The latest data from Foote Partners may provide helpful signposts.Analyzing more than 638 certifications as part of its 3Q 2024 “IT Skills Demand and Pay Trends Report,” Foote Partners calculated the most valuable IT security certifications to pursue right now based on two dimensions. The first, the average pay premium, measures the difference in pay between IT pros with a particular credential and those without it. The second, market value increase, measures the increase in pay gains over the past six months.Together, average pay premium and market value increase can give cybersecurity pros a starting point in deciding which certification to pursue for more pay. Apart from considering their overall professional goals, security professionals should consider each certification’s training and exam costs, whether vendor-specific or vendor-neutral, and the lateral or vertical role opportunities it may open. The Global Information Assurance Certification (GIAC) offers the GAIC Security Leadership certification. This certification is ideal for managers and leaders in information technology, cybersecurity, and other related areas. The program covers technical and soft skills: It teaches candidates how to build a security program and master the management of teams, operations, processes, and lifecycle essential to its success. Topics run the gamut, including everything from cryptography and incident response to risk management and network security architecture. The remotely proctored exam consists of 115 questions, and candidates must successfully answer 70% to pass. Certificate holders must complete 36 CPE credits over four years to maintain their certification.Training fees: GIAC offers an on-demand, and in-person options are priced at local rates.Exam fees: Candidates must pay US$979 to take the exam and US$879 for any necessary retakes.Average pay premium (per Foote): 15%Market value increase (per Foote): 15%
Certified Data Privacy Solutions Engineer (CDPSE)
Developed by ISACA, the Certified Data Privacy Solutions Engineer program teaches privacy governance, privacy architecture, and data life cycle work to professionals interested in implementing comprehensive privacy solutions. The exam consists of 120 multiple-choice questions that professionals have up to 3.5 hours to complete. Upon earning their CDPSE, professionals must maintain the certification through 20 continuing professional education credits annually and at least 120 over a three-year period.To qualify for the exam, you must have at least three years of experience in the field, and the ISACA does not accept experience waivers.Training fees: ISACA offers multiple training modalities for the CDPSE, including an online review course (US$795 for ISACA members, US$895 for non-members), a database of questions (US$299 for members, US$399 for non-members), and a review manual (US$109 for members, US$139 for non-members).Exam fees: US$575, members; US$760, non-membersAverage pay premium (per Foote): 12%Market value increase (per Foote): 20%
GIAC Certified Incident Handler (GCIH)
GIAC also provides the GIAC Certified Incident Handler certification. This course is aimed at any professional involved in incident response, including first responders, security practitioners and architects, and system administrators. The program teaches candidates about incident handling, investigation, and common exploits and shows them hacker tools such as Metasploit and Netcat. Topics span the cybersecurity lifecycle, such as reconnaissance techniques, detection of covert communications, and network investigations. The format of the 106-question proctored exam considers the profession’s practical nature: It challenges candidates to demonstrate their abilities in a lab environment involving actual code and programs. As a practitioner certification, certificate holders must complete 36 CPE credits over four years.Training fees: GIAC offers an on-demand course in incident handling that costs US$8,525, as well as varying in-person and live online options.Exam fees: US$979, exam; US$879, retakesAverage pay premium (per Foote): 11%Market value increase (per Foote): 38%
Fortinet Certified Expert in Cybersecurity (FCX)
The Fortinet Certified Expert in Cybersecurity credential covers network security design, configuration, and troubleshooting from a vendor-specific lens. Certification consists of two components: a two-hour exam proctored online or onsite composed of 60 questions that assess Fortinet product knowledge across design scenarios, troubleshooting, and more; and a practical exam, in which candidates must complete 30 tasks across two sessions totaling nine hours. For either component, candidates only receive notification of passing or failure, with no further details. The FCX must be renewed every three years by passing both the written and practical exams. To qualify, you must have professional experience, but Fortinet Training Institute does not specify a minimum number of years.Training fees: FCX offers sample questions from the FCX written exam (candidates must log in for pricing details) and immersion through partners at different rates.Exam fees: US$400, written examAverage pay premium: 11%Market value increase: 22%
Offensive Security Exploitation Expert (OSEE)
OffSec’s Offensive Security Exploitation Expert is a vendor-specific certification, focusing on advanced Windows exploitation. As a penetration testing course, the material dives deep into topics such as advanced heap manipulations and disarming WDEG mitigations. Certificate holders can identify problematic code in Windows operating systems and develop exploits. For the practical exam, candidates must complete a comprehensive penetration test of software and create an exploit within a lab environment, all within 72 hours. To qualify, you must have experience debugging, developing Windows exploits, and using the following technologies: WinDBG, x86_64, IDA Pro, and basic C/C++ programming. OffSec recommends completing its 300-level certifications before OSEE, which it calls its hardest course.Training and exam fees: OffSec offers only instructor-led, in-person training. Enterprises should inquire for more information.Average pay premium: 11%Market value increase: 22%
Certified Information Security Manager (CISM)
Information Systems Audit and Control Association (ISACA) administers the Certified Information Security Manager, which is geared toward IT security managers, especially those who want to move into leadership. The program focuses on four key domains: information security risk management, information security governance, incident management, and information security program. The curriculum notably includes cutting-edge technologies such as AI and blockchain, so that IT professionals can protect their organizations from evolving threats. The exam consists of 150 multiple-choice questions that professionals have 4 hours to complete. Like the CDPSE, professionals must maintain CISM through continuing professional education credits: 20 annually, and 120 over three years. To qualify for the exam, you must have a minimum of five years of experience in information security, though an experience waiver is available for up to two years.Training fees: ISACA offers multiple training modalities for the CISM, including an online review course (US$795 for ISACA members, US$895 for non-members), a database of questions (US$299 for members, US$399 for non-members), and a review manual (US$109 for members, US$139 for non-members).Exam fee: US$575, members; US$760, non-membersAverage pay premium: 11%Market value increase: 10%
GIAC Network Forensic Analyst (GNFA)
The credential is aimed at forensic analysts, threat hunters, network defenders and engineers, and other security and IT professionals. The program focuses on network architecture, protocols, reverse engineering, and analysis, as well as encryption, encoding, and other forensic skills and tools. The proctored exam is available remotely from ProctorU or onsite through PearsonVUE and consists of 66 questions over three hours. Candidates must score 70%, and certificate holders must complete 36 continuing professional education (CPE) credits through activities such as work experience, community participation, and hands-on cyber ranges over four years to renew it.Training fees: GIAC offers on-demand and in-person options priced at local rates.Exam fees: US$999; retakes, US$899Average pay premium: 10%Market value increase: 43%
GIAC Cloud Security Automation (GCSA)
The GIAC Cloud Security Automation certification is ideal for professionals working with public-hosted clouds, such as developers, software architects, systems administrators, risk managers, and security consultants. The program covers fundamental DevOps and DevSecOps domains, such as configuration management, continuous security monitoring, data protection, and compliance. Like the GIAC GNFA, candidates can take the proctored exam onsite or online. The two-hour exam consists of 75 questions across 15 topical areas, such as automated remediation and container security, with a passing of 66%. As with other GIAC certifications, certificate holders must complete 36 CPE credits over four years to renew.Training fees: GIAC offers on-demand and in-person options priced at local rates.Exam fees: US$999; retakes, US$899Average pay premium: 10%Market value increase: 25%
Offensive Security Certified Expert (OSCE)
OffSec’s Offensive Security Certified Expert consists of three courses: Advanced Web Attacks and Exploitation, Advanced Evasion Techniques and Breaching Defenses, and Windows User Mode Exploit Development. The format for each course exam is the same: Candidates have 48 hours to compromise a given target using various techniques. No formal prerequisites exist for any of the three courses, though OffSec makes specific knowledge and skill recommendations for each. Candidates who complete the three courses and earn the OSCE also get a challenge coin symbolizing their expertise in offensive security.Training and exam fees: OffSec bundles each course with a certification exam for US$1,649, so the total cost for OSCE is US$4,947.Average pay premium: 10%Market value increase: 25%
AWS Certified Security Specialty
Given the popularity of AWS, the AWS Certified Security Specialty may be a wise investment. This vendor-specific certification focuses on data classifications, protection mechanisms, encryption methods, and secure internet protocols within the context of AWS Cloud. The certification is geared toward professionals who need AWS security expertise for roles in cloud architecture, networking, DevSecOps, and other areas. The 170-minute exam consists of 65 questions proctored online or onsite. Amazon recommends five years of IT security experience, two of which involving securing AWS workloads. Many candidates will have already completed AWS Certified Solutions Architect Associate or AWS Certified Solutions Architect before AWS Certified Security Speciality, according to AWS.Training fees: AWS offers an official practice questions, practice exam, and exam guide for free.Exam fees: US$300Average pay premium: 10%Market value increase: 11%
Certified Information Systems Auditor (CISA)
The Information Systems Audit and Control Association (ISACA)’s is geared toward IT auditors who wish to upskill or earn a pay boost. According to ISACA, 70% of CISA holders report on-the-job improvement, and another 22% receive a raise. The course covers five domains: IS auditing, implementation, and operations; protection of information assets; and IT governance. The four-hour exam consists of 150 multiple-choice questions, and candidates must earn 450 on ISACA’s scaled scoring system, with 800 representing a perfect score. To maintain their CISA, certification holders must take 20 CPE credits annually and 120 over three years through conferences, volunteering, on-demand learning, and other methods. To qualify, you must have five years of experience in IT or IS auditing, control, assurance, or security. You can apply for an experience waiver for up to three years.Training fees: ISACA offers four resources: an online review course for US$895, an annual subscription to a question bank for US$399, and a print or digital review manual for US$139. Discounts are available for ISACA members. Exam fees: US$575, members; US$760, non-membersAverage pay premium: 10%Market value increase: 11%
Check Point Certified Security Expert (CCSE)
Check Point Software Technologies’s Certified Security Expert teaches technical professionals who use Check Point’s cybersecurity products how to design, deploy, and upgrade their security environments. Topics include advanced deployments, security monitoring, and performance tuning. The hands-on certification consists of exercises that involve configuring a dedicated log server, customizing threat prevention, and monitoring policy compliance. Check Point offers a practice exam containing a 40-question subset of questions from the exam. The proctored exam is available in English, but its exact configuration is not publicly available. Certificate holders gain access to advanced product documentation and in-house experts, and the credential will always be linked to them, even if they move on from a sponsor organization.Candidates must have previous training or certification from Check Point Certified Security Administrator to qualify for the exam. Candidates should also have knowledge of Unix and Windows, certificate management experience, and system administration and networking, though Check Point does not state how these would be validated.Training fees: Check Point offers training in various modalities, including instructor-led online and onsite, for US$3,250.Exam fees: US$250Average pay premium: 10%Market value increase: 11%
CompTIA Advanced Security Practitioner (CASP)
CompTIA’s Advanced Security Practitioner, which will be rebranded to SecurityX after Dec. 17, 2024, spans four domains: security architecture, operations, engineering and cryptography, and governance, risk, and compliance. The program is ideal for advanced cybersecurity professionals, such as senior security engineers or architects who wish to progress toward better lateral or vertical opportunities, including CISO. The current 165-minute exam, set to expire upon CASP’s rebranding to SecurityX, consists of 90 multiple-choice and performance-based questions. Certificate holders must renew every three years with 75 continuing education units (CEUs) from CompTIA’s Continuing Education program. The certification carries a significant industry cache: It was developed in partnership with Target, GDIT, RICOH, and ExxonMobil and is approved by the Department of Defense to meet 8140.03M requirements. While there are no enforced prerequisites, CompTIA recommends 10 years of IT experience, with at least 5 years in security.Exam and training fees: CompTIA offers the exam for US$509. It also bundles the exam with a study guide, exam practice, and retake for US$955, or all those resources plus on-demand content and hands-on lab training for US$1,485.Average pay premium: 10%Market value increase: 11%
EC-Council Certified Chief Information Security Officer (C|CISO)
EC-Council has a Certified Chief Information Security Officer certification (C|CISO). The title of the certification may be misleading: It is not designed only for CISOs or those who aspire to that position. The C|CISO materials state that the program is ideal for over two dozen professionals, ranging from CEOs and managing directors to delivery managers and security auditors. Despite this breadth, candidates must still have five years of experience in each of the C|CISO domains, which include governance and risk management, information security core competencies, and more. This experience can overlap, and candidates can substitute some requisite experience with other credentials or advanced degrees. The two-and-a-half-hour exam comprises 150 questions across three levels: knowledge, application, and analysis. The certificate is valid for three years, and candidates must maintain it through continuing education requirements and a US$100 annual fee.Training fees: EC-Council offers a variety of training modalities, including on-demand, live in-person or online, and group options. The caveat is that interested candidates are invited first to inquire to obtain the price or a quote.Exam fees: US$100 application feeAverage pay premium: 10%Market value increase: 11%
EC-Council Certified Cloud Security Engineer (C|CSE)
Candidates for the EC-Council’s Certified Cloud Security Engineer will learn cloud platform security, including modules on cloud storage threats, pen testing, forensics, incident response, and business continuity planning. The program is cloud-agnostic, covering major providers such as AWS, Azure, and Google Cloud Platform, and will detail 44 of the latest technologies. C|CSE is targeted for professionals who deal with cloud administration, management, and operations who must also contribute to its security, such as network analysts, cybersecurity engineers, and cloud administrators. The four-hour C|CSE exam consists of 125 multiple-choice questions, with a 70% pass rate. To qualify for the exam, you must have two years of experience in InfoSec or take the EC-Council’s official training course. Training fees: C|CSE has a video course for US$718 and an on-demand course with a virtual lab environment for US$749.Exam fees: US$100 application feeAverage pay premium: 10%Market value increase: 11%
EC-Council Certified Threat Intelligence Analyst (C|TIA)
EC-Council’s Certified Threat Intelligence Analyst takes a holistic approach to addressing cyber threats, enabling candidates to identify threats, report on them, mitigate business risks, and implement advanced strategies. It is ideal for those who deal with cyber threats, such as cybersecurity engineers and analysts. The two-hour exam consists of 50 questions across eight domains, including threat intelligence, data analysis, and threat hunting and detection; candidates must score 70% to pass. To qualify, you must be an adult as defined by your local jurisdiction and have two years of experience in InfoSec or take EC-Council’s official training. Minors must have a letter of parental support and be enrolled in an accredited school.Training fees: C|TIA offers a video course for US$388 and an on-demand course with lab manual tools for US$250.Exam fees: US$100 application feeAverage pay premium: 10%Market value increase: 11%
Google Professional Cloud Security Engineer
Like other certifications from cloud vendors, the Google Professional Cloud Security Engineer certification focuses on Google Cloud Technologies. Candidates will be taught how to secure workloads and infrastructure on Google Cloud through modules focused on access management, data protection, secure communications, operations, and compliance. While there are no formal prerequisites, Google recommends candidates have three years of relevant experience, with at least one involving designing and managing Google Cloud solutions. Offered in both English and Japanese, the exam consists of 50 to 60 multiple-choice and multiple-select questions. Unlike other certifications, recertification for the Google Professional Cloud Security Engineer does not involve CPE. Certificate holders must retake and pass the exam 60 days before its two-year validity ends. Training fees: Google provides a 20-activity learning path for security engineers that is free, and candidates need only a Google account to sign up.Exam fees: US$200 plus applicable taxesAverage pay premium: 10%Market value increase: 11%
First seen on csoonline.com
Jump to article: www.csoonline.com/article/2144220/12-hottest-it-security-certs-for-higher-pay-today.html
