What are the top cybersecurity certifications that you look for among hiring candidates? Which ones are good-to-have and which do you consider a must-have, if any?

1.6k views3 Comments

Sort by:

CISO in Software2 years ago

I do not look for certifications, I look for experience and results. I love when I can see examples of their work and skills: GitHub, blogs, documentation, repos, etc.

CISO in Government2 years ago

For junior analysts and engineers, we look for CySA+ and Security+ or equivalent. For senior analyst, SSCP and CEH are very desirable. And for management roles, CISM, CISA and CISSP.

Head of Information Security in Services (non-Government)2 years ago

It depends on the role. CISM is good for leadership roles, CISSP for engineers and CISA for GRC type roles. CySA+ is a good SOC/entry level cert.

Content you might like

CISO here at a large enterprise—between NIS2, DORA, the Cyber Resilience Act, and growing internal pressure around shadow AI and ransomware response, it feels like we’re constantly balancing compliance overhead with real operational risk. What’s the one thing you’re losing the most sleep over in 2025?

How have you dealt with employee pushback on the addition of new controls, especially for monitoring? Do you address their concerns around privacy, etc, proactively to get their buy-in?

To simplify your IT, do you expect all the security controls (CASB, ZTNA, SEG and SWG) delivered by the same vendor?

Yes, I am looking at consolidating multiple vendor solutions81%

No, I am fine with managing multiple vendors18%

Are you using any of these tactics to foster a growth mindset among your employees? (Pick all that apply to your org)

Regular training and upskilling programs39%

Encouraging cross-functional projects63%

Mentorship and coaching initiatives38%

Recognition and rewards for continuous learning20%

Other (explain in a comment)2%

View Results

What steps do you typically take when you notice a security team member becoming less and less engaged? How do you approach them to diagnose/address the issue?

What are the top cybersecurity certifications that you look for among hiring candidates? Which ones are good-to-have and which do you consider a must-have, if any?

Sort by:

Content you might like

How have you dealt with employee pushback on the addition of new controls, especially for monitoring? Do you address their concerns around privacy, etc, proactively to get their buy-in?

To simplify your IT, do you expect all the security controls (CASB, ZTNA, SEG and SWG) delivered by the same vendor?

Are you using any of these tactics to foster a growth mindset among your employees? (Pick all that apply to your org)

What steps do you typically take when you notice a security team member becoming less and less engaged? How do you approach them to diagnose/address the issue?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go