The Case for Cybersecurity Certifications

How can you enhance your security career prospects? What are the top cybersecurity certifications and why do they help? Are employers requiring security certifications? To answer these questions and much more on cybersecurity certifications, I turned to Jay Bavisi, who is a top global expert on cybersecurity certifications and the founder and president of the EC-Council Group.

by / January 14, 2018
Mr. Jay Bavisi, credit EC Council

I often get asked, “How can I get into a hot cybersecurity role?” Or what is the best way to advance my career as a security professional? Or, what steps would you recommend for my son or daughter or friend who hopes to enter the cyberworkforce?

The answers to these important questions (and many more) almost always include a discussion on professional cybersecurity certifications.

There are many certification options and possibilities, so I turned to a recognized global expert to help dive into this topic deeper as we head into 2018. Specifically I am very honored to interview Mr. Jay Bavisi for this blog.

Jay Bavisi is the award-winning founder and president of the EC-Council Group, a global leader in cybersecurity education, training, publishing, events and professional cybersecurity certifications. He was the Cyber Security Professional of the Year during the Cyber Security Malaysia - Awards, Conference & Exhibition 2015 and 2016, and a board member of the Department of Homeland Security/National Security Agency’s CISSE Colloquium in the U.S. 

Jay was named as the keynote speaker for the National Initiative for Cyber Security Education (NICE) Conference in Columbia, Md., which was a White House initiative under President Obama. He was the chairman of the Hackers Panel at Infosecurity Europe, opening keynote for Info Security Mexico 2016, the closing keynote speaker for ITWeb Security Summit in South Africa, the combined keynote speaker for Techno Security/Hacker Halted USA and Keynote for IDC Security in Finland and many others. 

Jay has appeared regularly on major international television shows and print media, including CNN, CNBC and Fox News. World-class reporters like Wolf Blitzer of CNN sought Jay’s views in The Situation Room, and his views have also been sought by publications like Time, The Washington Post, The Herald Tribune, The Wall Street Journal, The Gazette and The Economic Times. His views were also featured by ABC News, USA Today, The Christian Science Monitor, Boston and Gulf News.

On a personal level, I met Jay at the EC Council’s Global CISO Forum in Atlanta in 2015, and his passion and expertise on all things cyber was evident from our first discussion.

For some more background, the International Council of E-Commerce Consultants, also known as the EC-Council, is the world’s largest cybersecurity technical certification body. They operate in 145 countries globally and are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), EC-Council Certified Security Analyst (ECSA), Certified Chief Information Security Officer (C|CISO), Licensed Penetration Tester (Master) Exam, and several others. The EC-Council has trained and certified more than 200,000 information security professionals globally that have influenced the cybersecurity mindset of countless organizations worldwide.

Interview with Jay Bavisi, Founder and President of the EC-Council Group

Dan Lohrmann (DL): How important is it to be certified in today’s world?

Jay Bavisi (JB): We live in a rapidly advancing world, where progress in technology often outpaces the speed at which we come to terms with it. In such a chaos, quality skill-based certifications can offer stability. For an employer, it offers stability in setting a quality benchmark; for an individual, certifications serve as a self-assessment tracker, which acts as a parameter to map their skill levels against those of the world.

We often hear a lot of debate of "college degree versus skill," and I believe skill-based certifications are a neutral answer to them. For a simple reason that it not only builds a skill, but also offers a chance to showcase that skill to the world with evidence.

DL: Which countries do you think will be needing more cybersecurity-trained professionals than others?

JB: With the global Internet penetration exceeding 51 percent, we can easily account for about 3.9 billion people around the world who are vulnerable to some form of cybersecurity threat. Technically speaking, each country with an existing economy, sensitive public data and a commitment to protecting their citizens and/or organizations against cyberthreats will be needing more and more cybersecurity-trained professionals.

We’re fast approaching a time where the world will be known more as a global village than be addressed by the confinements of our geographies. The fact that ransomware malware could attack 150 countries is a testament to the imminent cyberthreats looming over our heads, independent of the nationalities we belong to.

DL: Who would be more qualified to deal with a cybersecurity challenge? A person with experience but no certification or another with certification but little experience?

JB: The more qualified person will be the one with the necessary skill and tact. While neither experience in the field nor certifications in one’s kitty assure these qualities, we at EC-Council ensure that we also provide iLabs along with our certification courses. These are cyber exercises that are run in a controlled environment, with the objective of training them to real-world challenges.

To build the requisite skills for such challenges, we also offer specialized certifications like the LPT (Master) certification, which is a one-of-its-kind certification, as it is an 18 hours exam that is conducted in a fully proctored environment, online!

This is the world’s first fully proctored online penetration testing certification. This methodology substantiates the credibility of any LPT (Master) certified individual, in their skills to deal with a real-world cybersecurity challenge.

DL: Could any certification be classified as more employer friendly than the other?

JB: Employers would always be looking for certain skills pertaining to a respective certification. With that context, if a certification can assure quality to an employer, then it can be considered employer friendly.

There are however some certifications like EC-Council Certified Ethical Hacker (CEH), which is often used as a benchmark or an important selection parameter for cybersecurity jobs by various organizations across the globe. Employers and certification bodies share a symbiotic business relationship; if one doesn’t appreciate or live up to the standards of the other, then this relationship fails.

DL: What is the future of cybersecurity certifications globally?

JB: It’s a widely known fact that collectively we’re facing a dearth of cybersecurity professionals, with the projected shortfall being 1.5 million IT security professionals by 2019. Organizations and governments alike are fast waking up to this reality, and the importance of cybersecurity certifications is felt more than ever.

This also puts a moral responsibility on the shoulders of us, cybersecurity certification bodies, to update our courses to provide value to the millions who trust us with their careers.

I foresee a rise in innovation, in teaching cybersecurity material worldwide. An example being our LPT (Master) Certification, which is a fully proctored exam. For individuals with geographic and time-management constraints, we also offer iLearn (online self-paced) and iWeek (online instructor led) forms of learning to deliver maximum value to our customers.

DL: Are people more accepting of cybersecurity certifications today than they were a few years back?

JB: With rampant malware attacks, threats of a cyberwar and increasing chaos in the global politics serving as rude reminders to the disastrous potential of cyberthreats — even worse — of cyberterrorism, we see a lot more individuals, organizations and governments partaking in cybersecurity training programs. The world around us is fast realizing that to beat cyberthreats, we need the right technology and the right people.

DL: Why would one get a C|CISO certification versus a CISSP?

JB: The world today needs the right people to protect organizations from cyberthreats. The need in corporations is for CISOs to have a strong balance of business acumen and technical knowledge that comes from professional training.

While CISSP is a globally renowned executive certification, C|CISO takes the skill level one notch higher as it presents the perfect blend of technical expertise and management acumen. The perspicacity that an organization can expect from a C|CISO certified executive is the distinctive factor here.

The C|CISO program teaches how to make information security an enhancement to the organization. In my opinion therefore, C|CISO certification is the progressive level after one completes a CISSP certification to be indispensable to one’s respective organization.

DL: I’d like to thank Jay for taking the time to provide us with a great picture of the value brought by professional cybersecurity certifications. I certainly wish Jay and the entire EC-Council Group all the best for 2018 and beyond.

Here is a brief Fox Business video clip of Jay from 2011 where he discusses ethical hacking.

You can learn more about EC-Council Group certifications at: www.eccouncil.org.

 Closing Thoughts

I mentor several new security professionals as well as newer CISOs and other government technology professionals. Without exception, current and planned professional certifications is one of the first topics that I discuss with both men and women who are trying to grow and advance professionally in their area of expertise.

I became C|CISO certified while I was chief security officer (CSO) in Michigan, and most successful cybersecurity professionals that I know have one or more cybersecurity certifications. There are some people who downplay the importance of professional certifications. A decade ago, I was on the fence regarding the importance of being certified in various professional cybersecurity areas, as opposed to technical undergraduate degree or a master’s degree in information assurance and/or other credentials. 

Nevertheless, I now think the cybersecurity community expects to see certifications from new professionals and many leadership roles require one or more cybercertifications. Like a quarterback who lacks certain skills (in U.S. football), not having the appropriate certification may not always disqualify you, but it will certainly hamper your career growth prospects. I keep my C|CISO certification active, and I encourage others to do likewise.

Most important, being an active participant in the cybersecurity industry and professional certified community will enable many good things to happen and will help you grow in your security career.

Is it time for you to get a professional certification?