Matt Zbrog
In 2023, there were 2,365 cyberattacks with 343 million victims. 2023 saw a 72 percent increase in data breaches since 2021. A data breach costs $4.45 million on average. Just as worryingly, only half of US businesses surveyed in the same year had a cybersecurity plan in place. Experts forecast that the number of cyber-attacks will continue to rise in the coming years, growing in scale, complexity, and severity; the need for expertly trained cybersecurity professionals will grow in parallel.
According to the Bureau of Labor Statistics (BLS 2024), cybersecurity (information security analysis) is one of the fastest-growing fields, projected to grow 32 percent between 2022 and 2032, adding 53,200 jobs. It’s also a high-paying industry: the median salary for information security analysts is $120,360 annually.
Compared to other high-paying professions, the educational requirements for cybersecurity professionals are cheaper and shorter in duration: Many can start in this career with only a bachelor’s degree and advance further through cybersecurity certificates and certifications.
Cybersecurity certificate programs are housed within traditional universities and represent the completion of a designated sequence of courses in cybersecurity. The specific nature of those courses and the quantity will vary from program to program.
Certificate programs can be offered at the undergraduate or graduate level. The former will likely cover cybersecurity fundamentals, while the latter will focus on a specific cybersecurity niche. Applicants can be either IT professionals looking for specialization or non-IT professionals looking to upskill in cybersecurity basics.
Certificate programs can range from a few days to a few months. Holding a cybersecurity certificate is rarely required for a cybersecurity job, but it can demonstrate competency in one or more specific areas that employers value and help prepare one for cybersecurity certification.
Cybersecurity certifications are offered by independent organizations outside of the traditional education system and do not require the completion of any coursework. Certifications are meant to assess the abilities, knowledge, and skills an applicant already has.
To earn a professional certification, applicants must pass an exam or exams; as such, the certification process itself may only last a few hours, but preparation beforehand can take weeks or months. Those who hold certifications must also maintain them over time, often by earning a certain number of continuing education units (CEUs). Some cybersecurity certifications are considered industry standards, and it’s not uncommon for employers to request them from job applicants.
The bottom line: Cybersecurity certificate programs are educational programs for early- to mid-career professionals to gain either fundamental or specialized cybersecurity knowledge in a structured and certified way; cybersecurity certifications are an industry-standardized, exam-based way for IT professionals to prove the cybersecurity skills they already have.
Stanford Online offers an online advanced cybersecurity certificate program designed for IT professionals and taught by world-class faculty from Stanford University. Students will learn to develop solutions that protect data, information, and communications from data corruption, customer lifecycle disruption, and unauthorized access; find vulnerabilities in their organization and design more secure systems; prevent common cybersecurity attacks; apply principles of secure coding; and create company policies that follow regulatory compliance and protect customer data.
The program consists of one required course and five electives. The required course includes foundations of information security. Electives include using cryptography correctly; writing secure code; exploiting and protecting web applications; mobile security; and network security. It is recommended that students in this certificate program have a bachelor of science in computer science or a background in cybersecurity.
Harvard Extension School offers an online graduate certificate in cybersecurity for mid-career professionals. Students will build a robust understanding of information security systems, and how to interact with and communicate about those systems and their threats.
The program consists of two required courses and two electives. Students can choose from core courses that include communication protocols and internet architecture; networking at scale; networks and cloud security; and cybersecurity: intrusion, hacking, and detection. The pool of electives is deep, with options including artificial intelligence, the internet-of-things, and cybersecurity; cloud architectures, security, and governance; fundamentals of the law and cybersecurity; networks and cloud security; and fundamentals of cloud computing and open AI with Microsoft Azure.
Most students in this program are already employed full-time, but there are no requirements beyond being comfortable with technology, technical terms, and technical documents.
Hosted by the Bowers College of Computing and Information Science at Cornell University, eCornell’s online cybersecurity certificate gives students practical literacy in cybersecurity. The program includes the following courses, taken sequentially: systems security; authenticating machines; authenticating humans; discretionary access control; mandatory access control; and enforcement mechanisms and strategies. Each class has under 35 students and generally requires five to eight work hours per week.
While not a strict requirement, students will feel most comfortable if they have some familiarity with programming and operating systems.
UCLA Extension offers an online certificate in cybersecurity for IT professionals looking to advance their understanding of cybersecurity. Students will learn the basics of cybersecurity and gain hands-on experience with OSI stack security, hacking methodologies, penetration testing, and defensive strategies.
The program consists of four required courses: fundamentals of cybersecurity; information systems infrastructure security management; network, operating system, and database security; and a cybersecurity lab in defensive tools. Students will graduate with an understanding of the concepts needed for top cybersecurity certifications.
CompTIA’s Security+ certification is one of the most widely recognized in the industry. It validates the basic skills necessary to work in cybersecurity. It is the only entry-level cybersecurity certification that emphasizes hands-on skills and adapts to the latest trends and techniques in the industry.
Candidates for the Security+ certification are recommended to have two years of IT experience and a Network+ certification from CompTIA, but neither is a strict requirement. The 90-minute qualifying exam includes multiple-choice questions and performance-based items. Knowledge domains include general security concepts; threats, vulnerabilities & mitigations; security architecture; security operations; and security program management & oversight. Exam fees total $404.
CompTIA also offers more advanced certifications, such as:
Certified Ethical Hacker (CEH)
The EC-Council, the world’s largest certification body for information security professionals, offers the Certified Ethical Hacker (CEH) certification for IT professionals interested in penetration testing. Those who hold CEH certifications understand the latest commercial-grade hacking tools and techniques. Applicants must have two years of experience in information security and have graduated from EC-Council training modules.
The four-hour CEH exam includes 125 multiple-choice questions across the following areas: information security threats and attack vectors; attack detection; attack prevention; procedures; and methodologies.
Those who hold the CEH certification may advance to the level of CEH Practical and then CEH Master.
The EC-Council also offers advanced certifications in the following areas:
Certified Information Security Manager (CISM)
Hosted by the Information Systems Audit and Control Association (ISACA), the Certified Information Security Manager (CISM) certification is designed for IT professionals looking to solidify their management and leadership experience. Applicants will need at least five years of experience in a managerial role related to cybersecurity.
The 150-question certification exam is split into four areas: information security governance; information security risk management; information security programs; and incident management.
ISACA also offers other cybersecurity certifications, such as:
Certified Information Systems Security Professional (CISSP)
The International Information System Security Certification Consortium, also known as (ISC)², offers the Certified Information Systems Security Professional (CISSP) certification for experienced cybersecurity professionals seeking to advance their careers. Applicants will need at least five years of experience in at least two different areas of cybersecurity.
The three-hour, 100- to 150-question qualifying exam covers eight domains: security and risk assessment, asset security, security architecture and engineering, communication and network security, identity and access management, security assessment and testing, security operations, and software development security.
(ISC)² also offers other advanced certifications, such as:
Matt Zbrog
Matt Zbrog is a writer and researcher from Southern California. Since 2018, he’s written extensively about the increasing digitization of investigations, the growing importance of forensic science, and emerging areas of investigative practice like open source intelligence (OSINT) and blockchain forensics. His writing and research are focused on learning from those who know the subject best, including leaders and subject matter specialists from the Association of Certified Fraud Examiners (ACFE) and the American Academy of Forensic Science (AAFS). As part of the Big Employers in Forensics series, Matt has conducted detailed interviews with forensic experts at the ATF, DEA, FBI, and NCIS.