Certifications and Improving Your Knowledge and Credentials Relating to Technology, Cybersecurity, Privacy, and More
by John Bandler
Many wishing to better themselves wonder what training or certifications they should pursue. I have travelled that road myself (I am still on that journey) and have fielded many questions there and now put some of my guidance to writing here. Some of this is general to all, some specific to certain areas of learning and work.
Improving knowledge should never stop. That is an important philosophy for life (and my first pillar of cybersecurity). There are many excellent ways to improve knowledge that range from reading and self-study, to prep courses, to higher education. Additionally, many wish to boost their credentials, achieve certifications or degrees that set them apart from other employees or applicants. They could consider certifications, a stamp of approval and achievement by an organization that the holder has demonstrated certain knowledge and sometimes other attributes such as experience.
Do you need (or want) a certification?
We can all agree that improving knowledge is a good thing, but not everyone will agree that certifications (or specialized degrees) are always worth it. Certifications may not live up to all of the marketing hype, but I think they do demonstrate a certain degree of knowledge, effort, and dedication. I am proud of all my certifications, but I also take them with a grain of salt. For example, while I hold a number of highly technical certifications, I realize this doesn't make me equal in expertise to the many technical practitioners - including those who may not have any certifications. However, it enables me to have better and more productive conversations with these practitioners and experts.
I have enjoyed the process of earning various certifications. Scheduling the exam imposes a deadline, studying for the exam improves my knowledge, and passing the exam results in a sense of accomplishment and I can add the certification to my credentials.
Pursuing a certification is an investment of time and money. It will take time to study for and take the test, then to maintain the certification over the years. And it will cost money to study (study book and maybe a prep course), the exam will cost, and you will need to pay fees to keep your certification current.
For many people, certification exam study can be done with a respected study guide (without paying for a prep course). But some certifications are highly specialized or intense and a good study course can aid learning and improve chances of success. It depends on the certification and person.
Which certification should I pursue?
The first issue is the area you want to improve yourself in. For me, relevant areas included technology, cybersecurity (information security), privacy, fraud investigations, anti-money laundering, project management, and (my hobby) of horticulture and arboriculture. There are many other professions with their own relevant certifications.
The next step is a review of potential certifying organizations. The organization should be reputable, ethical, and with transparent and sound management processes for the organization in general and especially for the certification program. Generally, it is a plus for me if the certifying organization is a non-profit, but there are plenty of reputable for-profit organizations that offer certifications. The key is reputation plus sound management and practices.
Let’s Name Names
First, a disclaimer. This does not purport to be a thorough review of all certifications or organizations, just a summary of some based on my personal experience and opinions. I believe my opinions are unbiased, but I'll disclose that I have a number of positive relationships with many of these organizations and people within them. I speak at some organization events, write for some, and conduct some occasional training for some. I don't think any of that influences my opinion or this article, but rather is a reflection of my existing positive opinions.
Building a foundation for technology or cybersecurity
If you are you looking to build a foundation for technology or cybersecurity my first recommendation is CompTIA, the Computer Technology Industry Association, a non-profit organization serving the industry and those within it. Their certification and exam fees are relatively low and the process is simple. They offer certifications across the range of technology and security, and I hold a number of them (A+, Network+, Security+, Cloud+, Project+). CompTIA offers their own books and training, and so do many other vendors. I am a fan of study books by Mike Meyers at TotalSem.
There is lots of good free training out there too. Check out some of the online learning platforms and review their free offerings, including from Microsoft, Coursera, and Udemy.
Advanced certification in cybersecurity and information security
Looking for an advanced certification in cybersecurity? I am proud of my Certified Information Systems Security Professional (CISSP) certification from (ISC)², the non-profit International Information System Security Certification Consortium. This is a hard exam and the applicant must also demonstrate a number of years of certain experience and more. (ISC)² offers other certifications too.
Also consider certifications (and training) from The SANS Institute, and their GIAC (Global Information Assurance Certification) arm. For example, GIAC Certified Incident Handler (GCIH), GIAC Certified Penetration Tester (GPEN), and GIAC Critical Controls Certification (GCCC), as well as many others covering all aspects of cybersecurity, forensics, and more. Their training is excellent, but costly.
Also worthy of mention is ISACA, formerly known as the Information Systems Audit and Control Association, which offers a number of respected certifications including Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM). I am a member of ISACA and these have been on my “to-do” list, but I am not yet ready to expand my roster of organizations I have to recertify with.
Privacy
For a privacy certification, look to the International Association of Privacy Professionals (IAPP), starting with their Certified Information Privacy Professional (CIPP/US) certification, which covers a broad area of law, including both privacy and cybersecurity law. Privacy is a rapidly emerging field, with important connections to law and information security and governance. I have created a prep course for this CIPP/US certification through the InfoSec Institute.
Fraud investigations and anti-money laundering
My first certification ever was the Certified Anti-Money Laundering Specialist (CAMS) from the Association of Certified Anti-Money Laundering Specialists (ACAMS), who indicate they are the largest global membership organization dedicated to fighting financial crime. If you are in the financial industry or otherwise investigate crime, this is a good one to have. Over the years, ACAMS has allowed me to share some of my unique experiences with cybercrime and virtual currency.
Also consider the Certified Fraud Examiner (CFE) certification from the Association for Certified Fraud Examiners (ACFE). After twenty years in the criminal justice system, I thought I knew a lot, but studying for this helped me see what more I had to learn.
Horticulture and arboriculture
This section may seem like an outlier but it's my hobby and passion, and we all need plants and a healthy environment. Whether it is plants in your home, or your urban, suburban, or rural environment, it needs our help and knowledge.
If you reside or work in New York City, then consider the Citizen Pruner license from Trees New York, which will train and certify you to care for and prune street trees. Wherever you are, consider a Master Gardener certificate.
And, right now you could take five minutes to improve your knowledge of how to care for plants and trees by reading this short article I wrote on Tree and Plant Care, and then on Invasive Plants.
Higher learning and advanced education
This is beyond the scope of this article, but there are various degrees from colleges and universities relating to technology, cybersecurity, cybercrime investigation, and even generalize degrees that provide knowledge and skills relevant for those areas (reading, writing, thinking, etc.). I even teach some of these things at the undergraduate, graduate, and law school level. Higher education is an even greater investment of time and money, and beyond the scope of this article.
My certifications
Here are the certifications I studied for and passed. I started on this certification journey in 2014. Recently I have decided to pare back a little because the administrative time required is getting cumbersome for me. Each organization requires an account, a membership fee, renewals and each certification requires inputting continuing education and fees. I just spent hours uploading documentation for one of them through a cumbersome process -- not sure if I want to do it again next cycle.
- (ISC)² the International Information System Security Certification Consortium
- Certified Information Systems Security Professional (CISSP) from
- GIAC (Global Information Assurance Certification), part of The SANS Institute
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Penetration Tester (GPEN)
- GIAC Critical Controls Certification (GCCC)
- IAPP International Association of Privacy Professionals
- Certified Information Privacy Professional (CIPP/US)
- ACAMS Association of Certified Anti-Money Laundering Specialists
- Certified Anti-Money Laundering Specialist (CAMS) from ACAMS (Past)
- ACFE Association of Certified Fraud Examiners
- Certified Fraud Examiner (CFE)
- CompTIA, the Computer Technology Industry Association
- Project+
- Security+
- Cloud+ (somehow this one expired, while all the others stayed current)
- Network+
- A+
- Trees NY and New York City Parks
- Citizen Pruner (for NYC street trees)
- Licenses to practice law (requires law school, plus bar exam and admission to the bar)
- New York
- Connecticut
- District of Columbia
Your next steps
Your next steps can be as follows
- Decide how you want to improve your knowledge for your personal growth and career
- Decide if you want a certification (cost vs. benefit, etc.)
- Research and choose the certifying organization and certification
- Consider if you need to pay for a study course
- Buy a reputable study book
- Set the exam date (give yourself a deadline)
- Study regularly and thoroughly
- Take the exam and pass it the first time.
Conclusion and final disclaimer
I hope this has been helpful and informative. As mentioned earlier, this is based on my personal experience and opinion, is not intended as a comprehensive review of all options, and (of course) is not tailored to you. Choose what is best for you.
References and resources
- About the CIPP/US Certification and How to Study for It
- How to Learn and Study
- How to Take an Exam
- How to Write a Paper
- For more about my background and certifications, see my About page at https://johnbandler.com/about/
- Get a free 7 day trial at InfoSec Skills and see all of their certification prep courses, including my CIPP/US course, https://app.infosecinstitute.com/portal/skills/path/6155
- CompTIA, the Computer Technology Industry Association, https://www.comptia.org/certifications
- Mike Meyers' study guides https://www.totalsem.com/store/category/books/
- Microsoft's learning platform https://docs.microsoft.com/en-us/learn/
- Coursera https://www.coursera.org/
- Learning How to Learn with Barbara Oakley https://www.coursera.org/learn/learning-how-to-learn
- Udemy https://www.udemy.com/
- Certified Information Systems Security Professional (CISSP) certification from (ISC)², the International Information System Security Certification Consortium, https://www.isc2.org/Certifications/CISSP
- The SANS Institute, and their GIAC (Global Information Assurance Certification) arm, https://www.sans.org/cyber-security-courses/
- ISACA, formerly known as the Information Systems Audit and Control Association, https://www.isaca.org/credentialing/certifications
- Certified Information Privacy Professional (CIPP/US) certification from the International Association of Privacy Professionals (IAPP), https://iapp.org/certify/cippus/
- Certified Anti-Money Laundering Specialist (CAMS) from the Association of Certified Anti-Money Laundering Specialists (ACAMS), https://www.acams.org/en/certifications/cams-certification
- Certified Fraud Examiner (CFE) certification from the Association for Certified Fraud Examiners (ACFE), https://www.acfe.com/become-cfe-qualifications.aspx
- Citizen Pruner license from Trees New York, https://treesny.org/citizen-pruners-stewardship/
- Master Gardener certificate, start here https://ahsgardening.org/gardening-resources/master-gardeners/
- Tree and Plant Care, https://johnbandler.com/tree-and-plant-care/
- Students, Learning, and Teaching
- How to learn and pass your next certification exam, John Bandler, July 21, 2022, https://resources.infosecinstitute.com/topic/how-to-learn-pass-exam/
This article is hosted at https://johnbandler.com/certifications-improve-knowledge-credentials-technology-cybersecurity-more/ Copyright John Bandler, all rights reserved.
A version of this article is available on Medium.com, at https://johnbandler.medium.com/certifications-and-improving-your-knowledge-and-credentials-relating-to-technology-cybersecurity-9dcb417575be (though perhaps not kept as current).
Page posted 6/12/2021. Updated 02/10/2024.