NEWS + ADVICE
The Most Important IT Certifications for Security-Cleared Job Seekers
Certifications are big business and generate debate throughout the technical community. Like them or loathe them, they are a vital part of a robust career. They validate a body of knowledge, set a baseline of expected expertise to align with scope of work, and reflect a level of passion to remain relevant in a fluid technical landscape.
Federal procurements, including those in the Department of Defense (DoD) and Intelligence Community (IC) arenas, continue to call out specific Information Technology (IT) certifications as requirements for personnel. This trend has steadily increased in recent years and shows no signs of letting up. The type and diversity of the certifications reflects efforts on the part of the United States Government (USG) to modernize infrastructure and increase both the utility of its services and the security level of its enterprise systems.
Savvy professionals will help themselves both in terms of professional growth and earning potential by staying current on their technical certifications. There are too many skill stovepipes to offer a comprehensive list, but the following aligns with a number of core areas and trending requirements.
The complex world of IT makes it difficult and costly to certify in a broad range of disciplines. While a broad background of experience will always be noticed, specialized expertise is a necessity. For early-career candidates, A+, Network+, and Security+ certifications are solid foundations, but should be followed by higher-level certifications designed to develop as a Subject Matter Expert (SME).
Software Engineering certifications are not as commonly referenced in procurements, but as Oracle remains a USG mainstay it can pay dividends to be certified in recent versions. Similarly, the Oracle Certified Master Java SE 7 Developer (OCMJD) (formerly Sun Certified Java Developer) and Oracle Certified Master Java EE 6 Enterprise Architect (formerly Sun Certified Enterprise Architect) can be strong differentiators in software development. While the Master-level certifications are clearly the top performers, there are Associate and Professional-level certifications in each stovepipe that have value.
In the network engineering realm, the mainstays are Juniper and Cisco. The Juniper Networks Certification Program (JNCP) offers a number of specialized tracks, but the most notable and lucrative is likely the Juniper Networks Certified Enterprise Routing and Switching-Expert (JNCIE-ENT). By a narrow margin, Cisco certifications are called out in procurement documents more than Juniper, so the baseline Cisco certifications will continue to hold value: Cisco Certified Network Administrator (CCNA), Cisco Certified Design Associate (CCDA), and Cisco Certified Network Professional (CCNP). The pinnacle in the Cisco line is the Cisco Certified Internetwork Expert (CCIE). It’s difficult to achieve, but the depth of experience and knowledge it requires guarantees that those who possess it are truly experts in the field and will always be highly sought-after.
Cyber security is a broad arena, encompassing engineering and compliance efforts that impact every corner of the USG. Some will typify engineering work as Information Security (InfoSec) and compliance work as Information Assurance (IA); by any name, this work is impacted by the daily bombardment of data breaches and zero-day exploits across enterprise systems, so budgets in these disciplines continue to grow. The much-documented “talent gap” in Cyber Security offers excellent opportunities for professional growth. From a certification perspective, the DoD was at the forefront of codifying requirements for InfoSec and IA efforts with DoD 8570; it’s easy to find information on the specifics online and it’s mandatory information for anyone hoping to plan a thriving career in the space.
There are a broad range of GIAC certifications that hold value, but the Certified Ethical Hacker (CEH) designation is a solid start; it does not hold much sway among high-level practitioners, but it satisfies 8570 requirements on some programs and is relatively easy to achieve. Agencies across the DoD and IC are requiring higher percentages of staff to have either Certified Information Systems Security Professional (CISSP) – arguably the best overall InfoSec/IA certification – or Certified Information Security Manager (CISM) certifications, so anyone interested in the best roles in the InfoSec stovepipe will need one or the other.
Differentiators come along two primary tracks. The increased scope of recent data breaches has only increased the importance of robust penetration testing as a proactive security measure. Ethical hackers with either the GIAC (Global Information Assurance Certification) Penetration Tester (GPEN) or Offensive Security Certified Professional (OSCP) will continue to see their value increase and the difficult-to-obtain Offensive Security Exploitation Expert (OSEE) will reflect true SME status. From an IA perspective, being Certified in Risk and Information Systems Control (CRISC) and/or a Certified Information Systems Auditor (CISA) are notable value-adds.
There are also some vendors making significant inroads in the government space, so certifications reflecting expertise with their product line are of increasing value. A Palo Alto Networks Certified Network Security Engineer (PCNSE) is able to leverage expert knowledge in deploying, configuring, and troubleshooting complex security implementations. Splunk has become a tool of choice across many USG customers, so certifications in their product are also strong value-adds. In ascending order, The Power User, Administrator, and Architect certifications all add value to a professional profile. The top of the line in the Splunk arena is the Splunk Certified Consultant. There are relatively few people who hold the distinction, so its value is magnified.
On the management track, the Project Management Professional (PMP) is the gold standard. Customers in the Federal space specifically call it out consistently in procurements. The requirements for ongoing education and experience make it labor-intensive to maintain, but the value is undeniable. To a lesser degree, Information Technical Infrastructure Library (ITIL) v3 Foundation certifications and Six Sigma Green and Black Belts hold some value with federal customers. With the ever-increasing number of development projects based on Agile methodologies, the Certified Scrum Master (CSM) certification is also valuable on the management track.
The USG is not immune to the inexorable growth of Cloud Computing. While there are other contenders, Amazon Web Services (AWS) is the undisputed leader in the space at the moment and moving aggressively to maintain that title. The AWS certifications cover a core of disciplines within the platform: Certified Developer-Associate, Certified SysOps Administrator-Associate, and Certified DevOps Engineer-Professional. These are all strong options, depending on background and experience. The real money-maker for AWS is the Certified Solutions Architect-Professional. Achieving the Associate level is a prerequisite for obtaining the Professional designation, but this certification is rarified air and career gold for the holder.
Education and experience will always remain the foundations of a successful career, but certifications provide Federal customers with specific, codified validation of knowledge and expertise. Ongoing trends in procurement make it imperative for the career-oriented professional to obtain and maintain pertinent certifications to achieve their loftiest professional goals.
Doug Munro is Director of Recruiting at Veris Group, an industry-leading cybersecurity firm, trusted by Fortune 500 companies and Federal agencies to achieve immediate results and solutions to complex and ever-changing cyber challenges. Follow Doug on Twitter @RecruitCyberDC.This entry was posted on Friday, August 26, 2016 2:54 pm