Check out the most wanted cyber security training and see if  it matches you aspirations as your next cyber security training as a result from a recent study.

Last week I ran a survey asking this question:

“What kind of online training would you take next from the choices below”

  1. Ethical Hacking
  2. CISSP
  3. CRISC
  4. CompTIA Security+
  5. IoT Security

I was really impressive with the response to this survey as I was not expecting that much participation but I got so far 1,803 responses (comments), 539 likes, 227,808 views and the numbers are still growing.Would you be able to predict the result and figure out what it would be? Well the graphic below will tell you the answer to this question:

survey result

  1. CISSP with 34.4% of the votes
  2. IoT Security with 30.3% of the votes
  3. Ethical Hacking with 24.2% of the votes
  4. CRISC with 5.6% of the votes
  5. CompTIA Sec+ with 5.5% of the votes

But what does it really mean? I believe the majority of the participants on this survey is basically reflecting what the job market is asking in terms of required certifications for getting a job. I made other surveys in the past and even today, the CISSP is the top 1 required certification on most job descriptions for cyber security professionals (technical or non-technical roles). Because of that everyone wants to get CISSP certified to increase their chances to land a job in security if they are new or even grow on their career.

IoT in second place really shows that people are very aware of the boom on IoT everywhere, in our homes, business, startups, inside our organizations and everyone knows that those devices are been deployed to make life easy and cool,  but unfortunately the majority of time security is really a priority. Serious companies really implement security on IoT devices but we know they are just a few number compared with the large number of developers and companies that are building those devices.

Could also be that people are been asked to execute penetration testings on IoT devices for their employers but they don’t feel they have the necessary background or skills to do the job. Independently of the particular reason, this clearly shows that people are trying to get ahead of the curve and get ready.

Ethical Hacking is normally what people really want to do but still it’s on third place. This means that people will first prefer to have a CISSP to get a job and grow on career or learn something very new so they can be placed better on the market and if they have time, they will fill what they really need to know, take security with the eyes of the attacker to really protect the organization.

CRISC is a relatively new certification and I still believe it will grow in the list. For those who want to take a more business approach and less technical approach, CRISC is ideal. It complements well with CISSP and I personally believe that companies will have to adopt more and more advanced risk management approaches if they want to be succeed on cyber security. By the end of the they, we security professionals we are consulting the business for the organizations we work for and we have to let management knows exactly what are the risks they are taking and let them run the business. Risk management is a key area in any organization and should be central for all other cyber security divisions. A risk manager must know exactly what is happening on the operations, real threats, incidents that are happening to the company, what IT projects the company is implementing, what are the vendors that are been used, contracts being signed, be involved in mergers and acquisitions, and so on, helping with prioritization of security implementations, controls and even the security strategy. I personally don’t believe the CRISC certification will really help you do all of that but it is a grounding start for risk managers.

CompTIA Security + for me is more for those who want to move to security or start into the security field. The content of this certification is very broad but at the same time very basic. You are not also required to have 5 years of experience like CISSP requires. But this one make sense to be on the bottom of the list as I believe the majority of the survey participants are senior cyber security professionals.

Check out LufSec available online cyber security courses