What are the top cybersecurity certifications that you look for among hiring candidates? Which ones are good-to-have and which do you consider a must-have, if any?

1.2k views3 Comments

Head of Information Security in Services (non-Government), 1,001 - 5,000 employees
It depends on the role. CISM is good for leadership roles, CISSP for engineers and CISA for GRC type roles. CySA+ is a good SOC/entry level cert.
CISO in Government, 10,001+ employees
For junior analysts and engineers, we look for CySA+ and Security+ or equivalent. For senior analyst, SSCP and CEH are very desirable. And for management roles, CISM, CISA and CISSP.
CISO in Software, 10,001+ employees
I do not look for certifications, I look for experience and results.  I love when I can see examples of their work and skills: GitHub, blogs, documentation, repos, etc.

Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
40.7k views131 Upvotes319 Comments

Patch management: to reduce attack surface and avoid system misconfigurations39%

Malware and ransomware prevention: to protect endpoints from social engineering attacks58%

Malware and fileless malware detection and response: to protect against malicious software49%

Threat Hunting: to detect unknown threats that are acting or dormant in your environment and have bypassed the security controls33%

Not planning to change endpoint security strategy9%



Insider threats – rogue admins19%

Encrypting my data50%

Deleting my backup copies11%

Resident malware8%

Data theft – data exfiltration11%



1.6k views1 Comment