Security

What CISO certifications are the most important to have?

New research from security vendor Digital Guardian found that on average, the CISOs and security managers for Fortune…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

100 companies hold an average of 2.86 technical certifications, with CISSP being the most popular of the common CISO certifications. What are some other CISO certifications that should be considered? And should that average be higher for top CISOs?

Certifications alone do not prove someone is qualified to perform the role of a CISO. There are plenty of individuals who hold several cybersecurity certifications but lack the personal qualities, communication skills, technical skills or work experience required for the CISO or cybersecurity professional position. However, this does not mean cybersecurity certifications are not important. By passing these examinations, the holders of cybersecurity certifications have demonstrated that they have the foundational knowledge and Common Body of Knowledge required for a CISO. Without these certifications, it is not likely that the CISO candidate would get the opportunity to demonstrate his other qualities and experience. The same could be said for higher education degrees.

Digital Guardian reported in 2016 that 53 of the Fortune 100 CISOs held the CISSP certification and 22 held the CISM. The top five certifications held by Fortune 100 CISOs include CISSP, CISM, ITIL, CISA and CRISC. ISACA’s “State of Cybersecurity: Implications for 2016” report issued in March 2016 states that “the 2015 respondents [461 cybersecurity professionals] reported that lack of hands-on skills is the most important factor in judging a candidate not qualified for a position. The second most frequent reason for not considering a candidate qualified is lack of a certification.” This means that if the candidate did not have a cybersecurity certification, he was not even considered for the job.

The Fortune 100 CISOs have an impressive list of credentials, but CISOs outside of that list both from private and public companies have an equally impressive list. However, there are exceptions to every rule. There are CISOs that do not have a CISSP or CISM; there are those that do not have graduate level degrees or even undergraduate level degrees in cybersecurity or CIS; and there are those that were assigned the CISO position with little knowledge in cybersecurity. But all have one thing in common: they hold a position within a company that allows them to set the direction, program, deployment and maintenance of information protection. How well they achieve that is eventually determined by their tenure.

In the ISACA State of Cybersecurity report, the question was asked “What are the most significant skills gaps you or your organization sees among today’s cybersecurity/information security professionals?” Of the 842 respondents to this survey, 75% indicated ability to understand the business, 61% indicated communication skills and 61% said technical skills were all lacking in the industry.

The most effective complement of CISO certifications includes the CISSP, CISM or CISA, and CPA or MBA. The technical SANS certifications are also an option for CISOs, but the combination of cybersecurity and the business certifications or degrees is a powerful combination.

Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)

Next Steps

Find out how CISOs should handle cyberextortion attacks

Learn how an external CISO hire can overcome new job challenges

Discover how to fix the cybersecurity skills shortage


Dig Deeper on Security Industry Certifications

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever’s puzzling you.





Source link

Tags

About the author

GG

Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *