Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Newcomer I

What IT Security Certifications Are Growing As Desired By Employers

According to the Cyber Edge group's 2022 Cyber Threat Defense Report, employers interviewed indicated that certifications in cloud security and software security as shown below are in top demand.  These certifications would include the Certified Cloud Security Professional (CCSP) and Certified Software Security Lifecycle Professionals (CSSLP).    According to the trends I've been tracking on Indeed from employer job postings it appears however, the certification trends posted in employer job openings have the CISSP followed by ISACAs Certified Information Systems Auditor (CISA) as the top certifications. CCSP and CSSLP are among the lower ranked advertised certifications for employer job openings.  Maybe the new trend hasn't caught on yet with employer job advertisements?


Screenshot 2022-09-30 165112.png

Screenshot 2022-09-30 165910.png

20 Replies
Contributor III

Employers rarely know or care what specific area of cybersecurity is covered by a given certification. Most of the job descriptions that list CCSP or CSSLP put them in a laundry list of every related certification they happen to know of.

CISSP is special in this regard, in that it covers a bit of everything. A CISSP should have at least a minimal familiarity with anything.
Contributor I

Interesting stats and points of view. Thank you for sharing this information with us.




Thanks for sharing these stats - Im shocked that CEH is still kicking around. The people posting the Job descriptions must have no idea how worthless that cert is.

Advocate I

Not to besmirch the EC Council but yeah, its been very hard to take this cert seriously since its inception.


To be honest with everyone, I really don't look at certs as a part of my criteria at all but a "nice to have" only.


- B/Eads

Viewer II

Thank you for this statistics..
I'm transitioning to Cybersecurity and about to sit for my cert soon.

I just got a tip on the next path to take.
This is helpful.
Anyone willing to share more tips for a newbie like me I would appreciate.
Newcomer II

Expects CCSP is getting more popular than CEH very soon.

Community Champion

surely OSCP...? 😛
Newcomer III

I've been working with cloud environment on the periphery (one foot in, one foot out) for several years (mostly system security configuration, logging, auditing, etc.), but I've managed to not be the "hands on guy" since I still run enterprise security programs, operations, and risk management activities.  We're making a big push to retire many of our legacy on-prem systems and have adopted a cloud first strategy, so I'm going to take advantage of the free CCSP self-training and exam voucher being extended to me since the HCISPP certification is being retired.  IMO, everyone should have an industry and vendor cloud certification these days. So I'm going to knock-out the CCSP and two for Azure/M365.  Your mileage may vary.   

CISSP - still the Gold Standard and always in demand
CCSP - best vendor agnostic cloud security certification IMO with steady grown in demand
Security+ - decent entry level demand
Microsoft Azure Security - we're Azure/M365 so a demand for our company (I'm sure AWS and Google security would be in demand for those agencies using these cloud platforms
PenTest+/OSCP - we require our PenTesters to be certified, and we're trying to place one within the Internal Audit team, and eventually when I get the budget to stand-up a Red Team (from audit not having to hire external pentesters)

CEH/SSCP/CISM - not an increase in demand from my neck-of-the-woods
ISC2 recently renamed the Certified Authorization Profession (CAP) certification to Certified Governance, Risk and Compliance (CGRC) and changing some of the focus away from FISMA and towards GRC.  Don't get me wrong, I've held the CAP since 2008 when it was known as the Certification and Accreditation Profession (CAP) but it's gotten almost zero respect outside of a small Government FISMA community.  Offhand, I'm thinking it will be much more in demand or, at least, compliment the CRISC certification.  



Newcomer I

@SecQuinn please enlighten us