All These Letters Behind Your Name: Which Security/Privacy Certification Is Right for You?

If you consider yourself a security and/or privacy professional, and are interested in earning a professional certification, you have no shortage of options. In fact, dozens of certifications are available, which can make it tough to decide which is right for you.

To help guide you through the forest of options, We've provided a brief overview of certifications available through ISACA, the International Association of Privacy Professionals (IAPP), the International Information System Security Certification Consortium ((ISC)2), and the Compliance Certification Board (CCB).

IAPP Certification Director Doug Forman and (ISC)2 CEO David Shearer offered their thoughts on whether it’s worth your time and money to add some letters after your name. And, if so, which certifications you should pursue.

Why Should You Earn a Certification?

There are several reasons that tens of thousands of security and privacy professionals have earned professional certifications, including to:

• Show proficiency in a field
• Gain knowledge that will benefit his/her organization
• Increase salary or improve chances of promotion
• Enter a community of fellow professionals and peer networking opportunities

“Certifications represent a way for professionals to validate their knowledge in their field of study,” said David Shearer of (ISC)2. “Certification also provides human resources with a measure of skills related to the position for which they’re hiring and additional screening through the third-party organization that issued the certification.”

What’s the Difference Between Different Certifications?

Each certification is unique and may appeal to individuals who work in different fields, focus in different specialties, and have varying levels of experience.

In general, IAPP certifications appeal to a broad audience of people who consider themselves privacy professionals—including managers, consultants, and lawyers—across many business sectors. (ISC)2 certifications also appeal to a fairly wide audience, but the main focus is on IT, information security, and software engineering professionals. ISACA certifications focus on audits, security, governance, and risk. And CCB credentials are a little different because they specifically target professionals in the healthcare industry.

What Difference Does Having a Certification Make?

There is strong evidence that certifications make a very real difference in the careers of the people who earn them.

Doug Forman reported that IAPP’s most recent salary survey showed that privacy professionals with an IAPP certification make at least $20,000 more than people with no certification.

As further evidence of the power of certifications, the 2015 (ISC)² Global Information Security Workforce Study found that people with an (ISC)2 certification earn an average annual salary of U.S. $102,991—over $26,000 more than the average for those who do not hold an (ISC)2 certification.

Which Certifications Are Hot Right Now?

You might say that all security and privacy certifications are hot right now. IAPP has certified over 14,000 people since the early 2000s, and (ISC)2 has certified over 105,000 people worldwide with the Certified Information Systems Security Professional (CISSP) credential.

It’s likely that the popularity of these and other credentials will only increase, as suggested by (ISC)2’s 2015 Global Information Security Workforce Study, which estimated a global shortfall in the cybersecurity workforce of about 1.5 million people over the next five years.

Cloud security is expected to be an especially hot trend, leading respondents to Certification Magazine’s 2015 salary survey named (ISC)2’s Certified Cloud Security Professional (CCSP) credential as the number one certification they plan to earn in 2016.

Forman highlighted two concentrations within the Certified Information Privacy Professional (CIPP) program as being especially valuable right now: the CIPP/E exam, which tests privacy professionals’ knowledge of EU law, and the CIPP/US that covers private-sector law in the U.S. “With today’s international business climate and the heightened focus on the security of personal data transferred overseas, these two certifications are especially important,” he said.

Writing on the ISACA Now Blog, Derek Duval, owner of Duval Search Associates, described ISACA’s Certified Information Systems Auditor (CISA) credential as a “must-have,” adding that when interviewing, “one of the first things I ask new candidates is ‘Do you have the CISA?’ If not, I want to know why not. If not, I ask, ‘When do you plan to get it?’”

ISACA Certifications

• Certified Information Systems Auditor (CISA) is a world-renowned standard of achievement for professionals who audit, control, monitor, and assess IT and business systems.

• Certified Information Security Manager (CISM) is for professionals who design, build, and manage enterprise IT security programs. It’s a leading credential for information security managers.
• Certified in the Governance of Enterprise IT (CGEIT) is for a wide range of professionals to recognize knowledge and application of enterprise IT governance principles and practices.
• Certified in Risk and Information Systems Control (CRISC) links IT risk management to enterprise risk management and positions IT professionals to become strategic business partners.
• Cybersecurity Nexus – CSX Certificate and CSX-P Certification are performance-based certifications that show recipients know the latest cyber security standards.

IAPP Certifications

• Certified Information Privacy Professional (CIPP) was the first professional certification offered in information privacy. It shows that a professional understands the laws, regulations, and standards of privacy in a given jurisdiction or discipline. The four CIPP concentrations are:
  • Canada (CIPP/C)
  • Europe (CIPP/E)
  • U.S. government (CIPP/G)
  • U.S. private sector (CIPP/US)
• Certified Information Privacy Manager (CIPM) is the only certification in privacy program management and teaches how to manage privacy in an organization.
• Certified Information Privacy Technologist (CIPT) is for professionals in the IT, security, or engineering space who want information on how to manage and build privacy requirements and controls into technology.

(ISC)2 Certifications

• Certified Information Systems Security Professional (CISSP) recognizes information security leaders with the knowledge and experience to design, develop, and manage the overall security posture of an organization.
• CISSP Concentrations: CISSP Concentrations recognize CISSPs who expand their knowledge into specific subject matter areas such as architecture, engineering, and management.
• Certified Cloud Security Professional (CCSP) recognizes knowledge and competency in applying best practices to cloud security architecture, design, operations, and service orchestration.
• Systems Security Certified Practitioner (SSCP) recognizes practitioners in information security or IT operational roles with hands-on, technical skills to implement, monitor and administer IT infrastructure in accordance with information security policies and procedures that ensure data confidentiality, integrity and availability.
• Certified Authorization Professional (CAP) recognizes the key qualifications of managers responsible for authorizing and maintaining information systems.
• Certified Secure Software Lifecycle Professional (CSSLP) recognizes the key qualifications of developers building secure software applications.
• Certified Cyber Forensics Professional (CCFP) recognizes cyber forensics professionals with the knowledge and experience in forensics techniques and procedures to support investigations.
• HealthCare Information Security and Privacy Practitioner (HCISPP) recognizes the key qualifications of healthcare information security and privacy practitioners with the knowledge required to successfully implement, manage, or assess security and privacy controls for healthcare and patient information.

CCB Certifications

CCB certifications are designed specifically for professionals in the healthcare industry. All the certifications focus in general on recognizing knowledge of regulations and compliance processes to assist the healthcare industry in understanding and addressing legal obligations and operating effective compliance programs.

• Certified in Healthcare Compliance (CHC)
• Certified in Healthcare Research Compliance (CHRC)
• Certified in Healthcare Privacy Compliance (CHPC)
• Certified Compliance & Ethics Professional (CCEP)
• Certified Compliance & Ethics Professional-International (CCEP-I)

So, Which Certification Is Right for You?

If you want to further your knowledge and your career, a professional certification from these and other providers is certainly worth considering. Which credential is best for you depends on your specific job and goals, but as you can see from the CIPP/US after my name, I’m a strong believer in the value of adding some hard-earned letters after your name.