In my previous blog post, I set out our recommendations for starting out on your cybersecurity journey dealing with the fundamental skills required to become a cybersecurity professional. In this post, we start to look at specifically cybersecurity-focused certifications.

In the world of cybersecurity, obtaining certifications is one way to demonstrate your knowledge and expertise in the field. There are many different types of certifications available, but they can generally be divided into two streams: technical certifications and management and governance certifications. In this post, we will focus on management and governance certifications that are specifically geared toward cybersecurity professionals.

Although management and governance certifications require some technical knowledge, they tend to focus more on the business side of cybersecurity. Professionals who hold these certifications often work in management positions and are responsible for overseeing cybersecurity functions within an organization. These professionals tend to be paid more than technical cybersecurity professionals, as their roles require them to interact with business units to align cybersecurity with the organization's goals. This means these certifications are more widely recognized by non-cybersecurity personnel and the value the holders of these certifications bring is easier for them to identify and this, fair or not, translates into higher pay. 

Here are some of the top cybersecurity management and governance certifications recommended by Jumping Bean:

1. Certified Information System Security Professional (CISSP): Offered by the International Information System Security Certification Consortium (ISC)², the CISSP certification is globally recognized and covers eight domains related to cybersecurity management. These domains include security and risk management, asset security, communication and network security, identity, and access management, security assessment and testing, security operations, software development security, and security architecture and engineering.

2. Certified Information System Auditor (CISA): This certification, offered by ISACA, is designed for professionals interested in auditing, control, and security of information systems. It covers topics such as information system auditing, governance, risk management, and information security management.

3. Certified Information System Manager (CISM): Also offered by ISACA, the CISM certification is designed for professionals interested in cybersecurity management roles. It covers topics such as information security governance, risk management, incident management, and program development and management.

4. Certified in the Governance of Enterprise IT (CGEIT): This certification, also offered by ISACA, is designed for professionals who are responsible for managing and governing enterprise IT. It covers topics such as IT governance frameworks, strategic alignment, and value delivery.

5. PECB 27001 - ISMS: This certification, offered by the Professional Evaluation and Certification Board (PECB), focuses on the implementation and management of an Information Security Management System (ISMS) based on the ISO/IEC 27001 standard.

6. PECB 27002 - Controls: This certification, also offered by PECB, focuses on implementing and managing information security controls based on the ISO/IEC 27002 standard.

It's important to note that these certifications have prerequisites and require ongoing education and recertification to maintain their validity. As with any certification, it's important to consider your career goals and choose a certification that aligns with those goals. In our next post, we will cover recommended technical certifications for those who prefer technical work.