While trying to determine my next certification pursuit, I found a useful (in my opinion) data site. It shows a breakout of a collection of popular certs (Security+, CIPP, GIAC, CISSP, CISA, CISM), the number of certification holders for each, and the number of job openings requesting that particular certification:
For instance, at the national level it shows 76,413 CISSP certificate holders and 72,700 job openings requesting that certification. To me, that would indicate that the certification rate is keeping pace with the industry demand.
For CISM however, it shows 12,428 certificate holders and 23,932 job openings requesting that certification. In my mind, that would seem to indicate that if one is pursuing certifications to remain marketable and employable (such as myself), the CISM would be a wise investment as demand seems to outpace supply.
What do you think? Filtering the results to just my state showed a similar pattern.
P.S. For my fellow grizzled and cynical IT veterans, I would like to mention the fact that I have no affiliation, vested interest, or benefit from the site mentioned above. Prior to 9:00 a.m. EST on 2/26/18, I had never heard of the above site.
(Edited: Title changed during editing and I didn't catch it until now).
Thanks for the heatmap link! Really cool site that I had never heard of either...
I'm currently seeking work with my CISSP out of state (Florida- I'm located in Indiana currently) and this really helps to see what the market is like where I'm looking (and where I'm at). It pretty much validates that I should be looking to move to a different state as Indiana doesn't have much of a demand for cybersecurity compared to other states.
Thanks for the heat map link! Really cool site that I had never heard of either...
I'm currently seeking work with my CISSP out of state (Florida- I'm located in Indiana currently) and this really helps to see what the market is like where I'm looking (and where I'm at). It pretty much validates that I should be looking to relocate to a different state as Indiana doesn't have much of a demand for cyber-security compared to other states.
It is a very interesting page, thank you. One question I have in reading the stats they present is: Does the 76K job openings only represent the job openings? Meaning, of the 72K CISSP holders, I would think that the vast majority of them is employed (as I am). Most in a position that requires CISSP. So are they saying that there is another 76K positions vacant that need to be filled? If so, then CISSP is clearly the way to go with many more vacancies.
That is correct. I think the only group that could have any level of success finding out how many certificate holders were gainfully employed would be the certification groups (i.e. ISC2). I'm not aware of any surveys they've done, but that would be great information to have.
I used this information to try and find out what certs would improve my marketability (hopefully) based on unmet demand. My logic may be flawed, but my thought process was that if there are a large number of unfilled positions looking for a certain cert, that would be a good cert to focus on.
That's a very interesting resource. In my state, it looks like the CompTIA Security+ is way over-subscribed, but it could be that it's an entry level certificate with many holders moving on to other certifications afterwards.
Thank you for sharing this link! It would be interesting to know how the data was collected. Sometimes job posting would mention certification as "preferred" and not explicitly required. Sometimes certification could also be mentioned along with other certifications (ie "must have one or more of the following: CISSP, CISM, PMP "(yes I've seen postings like that)). So the holder/opening ratio may not be indicative of market saturation but rather it would hint at brand awareness of employers and job seekers. If a lot of organizations recognize, respect and have demand for professionals with given certification, then they will advertise for it via job opening (thus increasing job market for cert). If professionals are aware and respect certain industry certification,they will attempt to earn it and then include it within their job hunting profile (thus becoming part of potential candidate pool). So, from provided data I would say that CISM is less known than CISSP and so less companies ask for it (24k vs 72k). From professional side it may be valued less than CISSP (only about 12k candidates chose to pursue it vs 76k that hold CISSP certification. And some of those people might have both!). Security+ is considered to be great entry-level certification and is relatively easy to achieve (that's probably why there are 164k Security+ certified professionals).