According to the Cyber Edge group's 2022 Cyber Threat Defense Report, employers interviewed indicated that certifications in cloud security and software security as shown below are in top demand. These certifications would include the Certified Cloud Security Professional (CCSP) and Certified Software Security Lifecycle Professionals (CSSLP). According to the trends I've been tracking on Indeed from employer job postings it appears however, the certification trends posted in employer job openings have the CISSP followed by ISACAs Certified Information Systems Auditor (CISA) as the top certifications. CCSP and CSSLP are among the lower ranked advertised certifications for employer job openings. Maybe the new trend hasn't caught on yet with employer job advertisements?
Thanks for sharing these stats - Im shocked that CEH is still kicking around. The people posting the Job descriptions must have no idea how worthless that cert is.
Not to besmirch the EC Council but yeah, its been very hard to take this cert seriously since its inception.
To be honest with everyone, I really don't look at certs as a part of my criteria at all but a "nice to have" only.
I've been working with cloud environment on the periphery (one foot in, one foot out) for several years (mostly system security configuration, logging, auditing, etc.), but I've managed to not be the "hands on guy" since I still run enterprise security programs, operations, and risk management activities. We're making a big push to retire many of our legacy on-prem systems and have adopted a cloud first strategy, so I'm going to take advantage of the free CCSP self-training and exam voucher being extended to me since the HCISPP certification is being retired. IMO, everyone should have an industry and vendor cloud certification these days. So I'm going to knock-out the CCSP and two for Azure/M365. Your mileage may vary.
CISSP - still the Gold Standard and always in demand
CCSP - best vendor agnostic cloud security certification IMO with steady grown in demand
Security+ - decent entry level demand
Microsoft Azure Security - we're Azure/M365 so a demand for our company (I'm sure AWS and Google security would be in demand for those agencies using these cloud platforms
PenTest+/OSCP - we require our PenTesters to be certified, and we're trying to place one within the Internal Audit team, and eventually when I get the budget to stand-up a Red Team (from audit not having to hire external pentesters)
CEH/SSCP/CISM - not an increase in demand from my neck-of-the-woods
ISC2 recently renamed the Certified Authorization Profession (CAP) certification to Certified Governance, Risk and Compliance (CGRC) and changing some of the focus away from FISMA and towards GRC. Don't get me wrong, I've held the CAP since 2008 when it was known as the Certification and Accreditation Profession (CAP) but it's gotten almost zero respect outside of a small Government FISMA community. Offhand, I'm thinking it will be much more in demand or, at least, compliment the CRISC certification.