Demand for cyber security skills is growing rapidly around the world. IT giant Cisco recently estimated there were around 1 million unfilled cyber security jobs in the world. Symantec estimates this number will increase to 1.5 million by 2019. And with the recent spate of large-scale ransomware attacks like WannaCry, this estimate may in fact be an underestimate of the demand for cyber security skills.
Fortunately, there are many great cyber security certifications available, and they are, generally, more affordable in South Africa than elsewhere in the world, and provide a solid basis for anyone looking to work abroad at some point.
“Given the massive shortfall between demand and supply of cyber security professionals in the labour market, it’s not surprising that many people are looking for the best way to take advantage of the lucrative opportunity. This is the birth of a whole new skills segment and in these early days, the first movers will be able to carve out careers that progress at an accelerated rate compared to the more established skill sets such as software developers, system administrators and database administrators,” says Mark Clarke at Jumping Bean.
“Given that the majority of those in the labour market will not have years of experience to fill their CVs, the best way to stand out from the crowd is with a security-related certification.”
Two of the most popular cyber security certifications are ECSA (EC-Council CertifiedSecurity Analyst) and CEH (Certified Ethical Hacker), both of which are available through Jumping Bean training centres.
But, before jumping in, it’s worth considering the differences between the two certifications and deciding which is the best fit for you.
CEH, or Certified Ethical Hacker, is one of the best known certifications from EC Council. Today’s cyber threats target a broad range of weaknesses in organisations and there is no one solution that reduces all cyber risks. IT security is about a lot more than setting up a firewall and hoping that nothing gets through. The problem is that cyber attackers are constantly looking for new ways to break into systems, and so cyber security staff need to think like a potential attacker and preempt attacks.
CEH equips security staff with the skills to think and act like a hacker. Successful CEH candidates will know how to use hacking techniques against wired and wireless networks, Web applications, Web servers and mobile platforms.
CEH candidates will also understand Trojan threats, denial of service attacks, SQL injection and other threats. They will also be able to perform penetration tests to minimise weaknesses in enterprise systems.
The CEH course includes a thorough introduction to ethical hacking and lessons on threat vectors and the available countermeasures. The course also covers the emerging areas of cloud and mobile hacking and provides candidates with the skills needed to combat Trojans, malware, backdoors and more, as well as mobile hacking.
ECSA, or EC-Council Certified Security Analyst, builds on the skills covered in the CEH certification.
The ECSA certification is aimed at information security analysts, network server administrators, risk management professionals and system administrators and equips students with a solid understanding of penetration testing methods as well as how to plan penetration tests and analyse the outcomes of those tests. The certification also teaches students how to document and write penetration testing reports.
The course includes a thorough introduction to security analysis and penetration testing methods, vulnerability analysis and internal and external network penetration tests. Students are also taught how to take over Web applications, databases, as well as how to analyse the security of mobile and wireless networks.
Students are required to pass both a performance-based test in which they must perform a penetration test and submit a written report, as well pass a written exam to gain the certification.