In 2022, are cybersecurity accreditations enough to make a candidate stand out or improve their chance of being recruited?
In an overcrowded market, cybersecurity certifications can be incredibly useful, but both candidates and organisations cannot overlook both the practical and the soft skills that must be cultivated to succeed in this sector. In fact, a number of businesses say they have an endless pool of candidates that appear qualified on paper but are ill-prepared for when threats do strike or cannot properly communicate findings to various stakeholders.
The cybersecurity industry is demanding and high-pressured, and a certification alone is not enough to guarantee success. To be prepared for today’s climate, the curriculum of cybersecurity programmes must focus on real-life scenarios and prepare candidates for the skills to deal with the latest attacks.
Benefits of cybersecurity certifications
Certain credentials and degrees, respected by organisations and recruiters, can help job applicants stand out in a pool of candidates. In some cases, candidates have even successfully negotiated higher salaries as a result of their certifications.
Due to the ever-evolving cybersecurity landscape, training programmes (if chosen effectively) can prove to be useful for updating your existing knowledge and exposing yourself to new attacking and defensive techniques. Right now, cyber security skills are in high demand and for both beginners and advanced professionals, accredditions can help them continuously upskill along the way.
The skills-first approach
Some aspiring cybersecurity professionals can rush through certifications, and unintentionally neglect the curriculum itself which supports skills development. The need for immediate gratification and to essentially showcase a qualification on LinkedIn means that many are not ‘job-ready’.
That is not to say that those with cybersecurity certifications or qualifications should not be proud of their achievements, especially if they have gained valuable knowledge and experiences from the course they undertook. However, focusing on skills development, both hard and soft, ensures long-term career success. It also keeps beginners and advanced professionals ready for changing cyber threats. Instead of rushing to the finish line, candidates must focus on the practical skills they can learn along the way.
Choosing the right cybersecurity qualification
Picking the right course amongst a sea of certifications and qualifications can be difficult. The best place to start is determining whether a training platform or provider issues independently recognised certifications that are respected in the cybersecurity community. Reddit and other online forums are a great way of ascertaining how certain certificates are viewed in the industry.
Candidates must also consider the following factors when enrolling themselves into a cybersecurity training programme:
· Up-to-date training:
The curriculum should showcase how attackers operate in the current climate and how cybersecurity defences can be used to protect their organisation’s infrastructure.
· Hands-on approach:
Training must be practical rather than merely theoretical. Look out for course providers who offer hands-on experience that tackle real life situations.
· Outside-the-box thinking mentality:
There is no way to teach everything in the cyber domain or cover every aspect of a job description. However, the best training programmes teach students how to think outside-the-box. This encompasses both thinking creatively and finding innovative ways to solve some of the world’s biggest cyber problems. A candidate should be able to adapt what they have learned to different real-world scenarios.
· Focussed on methodologies:
Whilst I’d always recommend looking for practical training over theoretical, it is important to learn proven processes and methodologies related to the cyber world. Everything in the business world is based on well-structured methodologies; therefore, candidates must have exposure to this early on in their career.
· Realistic assessments:
Most cybersecurity certifications are in a multiple-choice test format, which doesn’t prepare you for real-world scenarios and actual problem-solving. For example, as a penetration tester on an engagement, you wouldn’t be provided with a series of correct answers to check. Hands-on exams that simulate real-life scenarios and test a diversity of skills are best placed to prepare you.
Focusing on skills-building is the key to succeeding in cyber and accreditations must be more than a piece of paper or a digital badge. You can’t defend against adversaries if you don’t know what you’re up against. That’s why certifications and accreditations must prioritise skills development, to ensure candidates are prepared beyond paper for the latest real world-threats.
Haris Pylarinos is the Founder and CEO of Hack The Box. With a vision to connect and upskill the cybersecurity community worldwide, Haris disrupted the industry by introducing Hack The Box to the world, and its innovative holistic 360º approach to cyber workforce development, assessment, and recruitment. n addition to his role at Hack The Box, Haris has over 15 years of experience and expertise in cybersecurity and systems engineering. He also possessed a strong background in Networking and Software Architecture.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.