Friday, March 13, 2015

Do Employers Care About Technical Certifications for Security Management Roles?

This question came to me from a Security Recruiter Blog follower.

Do Employers Care about Technical Certifications for Security Management Roles?  Is CEH, CCNA, CCNP, GSEC, EnCE valuable?

When I have Manager, Director, CISO / CSO roles on my desk, more often than not, these roles do not require the technical certifications you mentioned above.  More often, these roles request a CISSP, CISA and/or CISM certification.

In addition to one or more certifications like the CISSP, CISA or CISM, more often than not, Manager, Director and “C” level roles I work on require a 4 year college degree.  While Computer Science or Information Systems degrees are frequently preferred, when someone has 10 or more years of professional experience, the specific kind of degree one has generally becomes less important.

The further your career progresses in an upward direction, the more important it is that you can demonstrate an understanding of how the business you’re working in operates.  As you move closer to the CISO / CSO level, knowledge gained from an MBA program becomes important and often times desirable when I recruit at that level.

Getting back to your original list of certifications, may I suggest that when someone wants to stay in a hands-on Engineer or Architecture role, the CEH, CCNA, CCNP, GSEC, EnCE and other technical certifications become valuable to demonstrate that a candidate has depth of experience in deeply technical topics.'s Security Recruiter Blog