Pursuing a cybersecurity certification is a wise career investment for today's security professionals. Cybersecurity certifications validate the skills needed for the more than 300,000 unfilled security jobs in the United States and 1 million open positions globally. In addition to job security, a certification can be a tool for a lucrative career path, including median earnings of more than $95,000 per year with just three to four years of experience.
With a low demand of qualified candidates and a high supply of jobs, current and aspiring security professionals who take ownership of professional development will be rewarded with significant career mobility, stability and freedom.
7 Steps to Making the Case for Cybersecurity Certifications
While organizations are aware of the risks of the security skills gap, convincing your boss to pay for a cybersecurity certification can be less simple. As noted in the 2018 Trends in Cybersecurity: Building Effective Security Teams report, 78 percent of firms with internal skill rely on third-party security organizations, even though the majority feel this solution is too expensive.
Even with a lack of cybersecurity skill at your organization, you could still face barriers to receiving support. To get financial backing for your professional development goals, you may need to make a clear case for the value of cybersecurity certifications.
1. Understand the Barriers to Getting Your Cybersecurity Certification Paid For
The severity of the cybersecurity skills gap is likely to put security pros at an advantage for gaining support for training and certifications. Going back to the 2018 Trends in Cybersecurity report, just 27 percent of large organizations feel their current security posture is “completely satisfactory,” and that number falls to 14 percent among small organizations.
While 72 percent of organizations believe securing operations is an internal function, few have mature or defined processes for professional development. Your boss is likely aware that improving internal skill is critical but may have little idea of where to start or which cybersecurity certifications to support.
Understanding existing barriers is an advantage for making a strong case. If your organization lacks defined processes for professional security development, you may need to present research on the most valuable and up-to-date certifications.
A lack of professional development culture could necessitate making a case for how quickly the field of security is changing or the internal skills gaps.
Finally, if your barriers are related to a limited security budget, you may be best served by focusing on the financial benefits of certification. Training could provide opportunities to automate aspects of security operations or reduce costly reliance on third-party tech contractors.
2. Research What Cybersecurity Skills Are in Demand
Be prepared to explain the link between cybersecurity trends, emerging threats and gaps in your skill set or the capabilities of your cybersecurity team. At least 3 out of 10 organizations detailed in the 2018 Trends in Cybersecurity report believe they need “significant improvement” in the following areas:
- Vulnerability knowledge
- Incident detection and response
- Educational ability
- Risk management
- Penetration testing
Prepare to demonstrate a clear link between the skills covered by cybersecurity certifications, performance in your current role and how these factors will impact your organization’s risk posture. By creating a link between in-demand skills, the strategic goals of your business and your chosen path for certification, you can illustrate value.
Build your case further by selecting certifications that not only test your knowledge but also assess your skills. The certifications along the CompTIA Cybersecurity Career Pathway are performance certifications, which means they require you to put your knowledge to work by completing hands-on tasks related to cybersecurity jobs.
3. Rate Your Current Skills and Show How Cybersecurity Certifications Will Improve Them
Be prepared to address how cybersecurity certifications can improve performance in your current role and address weaknesses in the organization. Extend this analysis to the security team's short-term goals to tell a compelling story. For example, if gaps in your analytical skills are a barrier to using more security metrics, training for cybersecurity certifications and getting certified could teach you how to use tools to better measure risk and performance.
Back up your objective ratings with data to successfully make your case. Use tools such as CompTIA CertMaster Practice to assess your knowledge level and identify opportunities for improvement. Objective practice tools like these can also help you figure out how long you will need to prepare for an exam.
4. Calculate the Cost of Getting Certified
Be prepared to provide a realistic and comprehensive estimate of certification costs to your boss, including the exam fee, coursework and training materials. Unless you plan to study during work hours, it's probably not necessary to calculate the cost of time spent preparing for the certification exam; however a transparent estimate of time is vital to show that you've prepared carefully and considered the impact. Finally, offer a comparison of alternatives in terms of both price and value.
If budget could be an issue, be prepared to explain the return on investment (ROI) through direct cost savings or risk avoidance:
- Avoiding a data breach
- Preventing downtime
- Improved continuous improvement
- Better compliance audit results
5. Focus on Your Employer and Team
As you craft the perfect email, presentation or talking points, remember to emphasize how getting certified will benefit cybersecurity at your organization. Focus on your employer and specific business impacts, such as configuring a new threat detection tool that creates more efficient threat detection processes.
“Your best chance of successfully persuading your boss is to demonstrate a hard return or improvement in a … business issue that needs to be addressed,” David Intersimone of Evans Data Corporation told Dice Insights.
If your cybersecurity team is significantly understaffed, present solutions for the time getting certified may take you away from your job. You could schedule your exam week between major security initiatives or train a more junior employee to take over several of your tasks during exam preparations.
6. Pitch Carefully
The perfect pitch is an emotionally compelling story backed by data. If you’re going to talk to your boss, practice your pitch in front of your mentor or friends to ensure you’ve addressed all possible objections.
Whether you’re delivering your pitch verbally or in writing, tailor it to your organization and be prepared to address the following:
- How you will apply the certification in the near term
- How long it will take you to train and prepare
- Key performance indicators for measuring success
- How much the certification will cost
Download our letter to your boss template to get started.
7. Put Knowledge to Work
If you succeed at convincing your boss to support your pursuit of a cybersecurity certification, it’s time to deliver results. Use your new knowledge to improve security, and establish metrics to demonstrate the impact of training on key performance indicators such as risk, process efficiency or cost. Share the knowledge you’ve gained by mentoring junior employees and aspiring security professionals.
By measuring success and driving continual improvement, you’ve created an impact on your career and your organization’s cybersecurity posture. More importantly, you’ve demonstrated integrity and leadership skills.
Unlocking the Value of Cybersecurity Certifications
It's nearly impossible to predict tomorrow's cybersecurity trends. While it's unclear how threats will evolve, organizations are worried about their internal capacity to respond to vulnerabilities. Professional development and cybersecurity certifications prepare the workforce for the risks of today and the future.
The severity of the security skills gap puts cybersecurity professionals at an advantage for making a case for professional development. By demonstrating how training and certifications can improve your performance and reduce risk at your organization, you can craft a compelling pitch to your boss.
Learn more about the CompTIA Cybersecurity Career Pathway.