Red Hat tops list of hottest IT security certifications

Interest in IT security certifications is booming, as more U.S. companies tighten up the protection surrounding their critical network infrastructure and as a growing number of employees view security expertise as recession proof.

Interest in IT security certifications is booming, as more U.S. companies tighten up the protection surrounding their critical network infrastructure and as a growing number of employees view security expertise as recession proof.

Three of the top 10 IT certifications in terms of demand among U.S. employers are security related, according to Foote Partners, a consultancy that tracks IT employment trends. These include the Red Hat Certified Security Specialist – which ranks as No.2 on the Foote Partners list – as well as the CompTIA Security+ (No.3) and the GIAC Security Essentials Certificate (No.6).

"Throughout the whole recession, security [expertise] has done nothing but keep going up in value," says David Foote, CEO of Foote Partners. "Companies are realizing that there's no such thing as perimeter security. A lot of breaches are internal. It's a question of not just how do you prevent intrusions, but it's a question of how do you protect data."

Worries about security breaches are prompting companies to get more IT employees trained and certified in information security, Foote says. "Employees are looking at security certifications as career safety," he adds. "Security is a great long-term career move because there's a steady drumbeat of regulations and compliance."

Infosec certifications have been gaining popularity since 2005, when the Defense Department issued a directive known as 8570 that requires military employees, defense contractors and other federal employees involved with information assurance to have security credentials. As vendor-neutral certifications, both the CompTIA Security + and GIAC Security Essentials Certificate meet this mandate.

"We've had record months throughout the year, driven by the government sector. The Defense directive 8570 is having a significant impact," says Terry Erdle, senior vice president of skills certification at CompTIA. "We're seeing interest from federal government, state and local government, education, defense contracting and federal contracting."

The fastest-growing infosec certification is Red Hat's. Launched in 2006, this certification is aimed at senior network administrators and is designed to prove that a person has deep skills related to running Red Hat Enterprise Linux in a secure fashion.

"Between this time last year and today, the number of people who have passed [the Red Hat Certified Security Specialist] exam has grown by 70%," says Randy Russell, director of certification at Red Hat. "Clearly, something is happening with this particular credential."

To qualify for this certification, network engineers must first pass the Red Hat Certified Engineer test and then be trained as a Red Hat Certified Security Specialist. Engineers must pass three exams – in advanced networking security, Linux policy administration and directory services/authentication — in order to earn this credential.

Russell says more IT professionals and their employers are interested in this certification because they understand the security risks that exist today.

"Security has become something that is much more evident. Exploits have become well known. It has become more ingrained in the public mind, the corporate mind and the IT mind that security is not an add-on; security is something that is fundamental to your practices in your IT shop," Russell says.

Another driver is tighter federal regulations about data privacy and security dating back to the Health Insurance Portability and Accountability Act of 1996 for healthcare companies and the Sarbanes-Oxley Act of 2002 for public companies. Another compliance-oriented driver is the Payment Card Industry Data Security Standard, which launched in 2004.

"There is a growing regulatory environment that mandates certain kinds of security controls and oversight in an organization," Russell says. "A lot of organizations are really upping their game and looking for ways to meet those requirements through skills [acquisition.]"

Another fast-growing security certification is the CompTIA Security+, which is aimed at network administrators with at least two years of experience. The number of IT professionals taking this exam — which measures competency in system security, network infrastructure, access control and organizational security — is double what it was a year ago.

For employees, the impetus to pursue an infosec certification is not only job security but a pay increase. "We do see that there are some salary…advantages to getting certified," Erdle says, adding that IT professionals who have the CompTIA Security+ certification report pay raises as high as 5% to 7%.

Erdle says he expects CompTIA's Security+ to remain a hot certification because of the industry-wide push toward healthcare IT, mobility and cloud computing will require security, too. "You're going to see us start to add modifiers around cloud, [software as a service], health IT and green IT," Erdle says.

Also popular are the suite of 20 Global Information Assurance Certifications, which have demonstrated about 25% growth during the last year, according to Jeff Frisk, director of the GIAC Certification Program.

"The Foote Partner reports have listed the GIAC family of certifications as maintaining and growing in value…not only the value in how people are being compensated and promoted but also the value that it brings to an organization," Frisk says.

Most popular is GIAC's general-purpose Security Essentials Certificate, but other job-specific GIAC credentials such as GIAC Certified Incident Handler, GIAC Certified Forensic Analyst and GIAC Certified Intrusion Analyst are also in demand. Overall, more than 32,500 GIAC certifications have been awarded in the 10 years since the program began.

"Our certifications mesh very well with specific real-world job duties and job tasks," Frisk says. "If you're a chief information security officer, you're going to need risk analysts, incident handlers, firewall experts, intrusion detection people, Unix people, Windows people and forensic specialists. A lot of the value of our certifications…is that they qualify or validate that specific skill set."

All of the popular infosec certifications claim to measure the real-world skills necessary to protect systems, software and information from attacks. That's why the organizations offering these certifications — and selling the training necessary to prepare for them — say they are growing.

"Our certifications are harder to obtain, more relevant and more prestigious," Frisk says of the GIAC program. "It's not the easy way out. We do not rubber stamp people. You have to demonstrate skills to hold a GIAC credential…That's part of the reason that demand is up."

Join the PC World newsletter!

Error: Please check your email address.

Tags NetworkingsecurityFoote Partnersinfrastructure managementcomptiacareersRed HatIT managementmanagement

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Carolyn Duffy Marsan

Network World
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?