According to Dice, the job search site, certain certifications increase technology professionals’ salaries at all experience levels.
After surveying nearly 17,000 techies, Dice found that the following certifications draw the most additional dollars (no particular order):
PMP – Project Management Professional
MCSE – Microsoft’s Certified Systems Engineer
A + – CompTIA’s technical-support hardware support
CCNA – Cisco Certified Network Associate
MCP – Microsoft Certified Professional
Network + – CompTIA network technician
CISSP – ISC2’s Certified Information Systems Security Professional
MCSA – Microsoft Certified Systems Administrator
ITIL – IT Infrastructure Library technical management
Security + – CompTIA’s security analyst
A couple of my observations:
- Dice Learning offers training for all these certifications, which might be why they didn’t provide links back to the organizations that issue the certifications (like I did).
- Don’t assume that the issuing organization is the best way to get trained for the certification. In addition, the issuing organization’s book/study materials are usually not the best ones on the market (but usually the most expensive).
- More of the certifications are vendor-neutral and apply across all operating systems, applications, etc.
- I rarely see the MCSA, MCP, or ITIL letters behind anyone’s name, but ITIL appears to be on the rise.
- I was surprised that no UNIX/Linux certification made the list.
- I was NOT surprised that CISA did not make the list. It isn’t technical, and auditors are sometimes paid less than those with other certs. See Where is the IS in CISA?
- I was NOT surprised that CIA did not make the list either. See CISA vs. CIA Certification.
Personally, I have not found any correlation between my CISSP certification and increases in salary. All the increases were due to my accomplishments, not the certification. The certification helped me achieve in some areas, but I did not see it as a major factor in my success.
What I have seen my CISSP badge do is open doors and close deals. My certification was a major reason I was offered my last two jobs.
Keep in mind that most certifications complement your current knowledge; if you don’t have some current knowledge, the certification won’t be as helpful. I already had years of IT and security experience when I got my CISSP, but I still learned a lot.
On the other hand, I was once forced to hire a paper-certified, but unknowledgeable MCSE who could not map a network drive on her first day on the job. She left within the year and is now in a different line of work entirely.
Passing the exam <> knowledge and ability.
Please share your experiences regarding certifications!
—
Compare this list with the Top 10 IT Jobs.
See also:
ITauditSecurity 
When I worked for a company 10 years ago before the dot com bust, I got a raise for each certification I received, up to two per year. This is when I worked and gained my A+, CCNA, Sun Certified Systems Administrator and other certifications. At my current employer, there is not really any incentive to get my CISSP as it doesn’t come with increase in pay, so I would have to do the research, pay the $500 test exam out of pocket for only adding the initials at the end of my name in email.
In many cases certifications help if you are looking for a new position at another company and aren’t as beneficial if you plan on staying put in my experience.
LikeLike
Dragon Blogger,
I agree. Certs are most helpful when you’re new to a field or specific area, or looking for work. Thanks for stopping by.
LikeLike
hi I am interested in getting into IT auditing. I don’t have a strong it background, and I tried getting a job as an accountant to no avail. For someone like me, what would you recommend in terms of getting the CISA. What jobs should i apply for? What certifications should i get before getting the cisa? Should i do the cisa then apply for jobs.
LikeLike
HI Kane,
I would start studying for the CISA first. Get Shon Harris’ CISA book and read it and see if you really want to do IT auditing.
If you have no audit background and little IT background, you probably won’t get an IT auditor job without the CISA, so get that first. That’s all the certification you need to get started.
Please also read my reply to Nick (see link below). While he has more experience than you, most of my comments to him still apply to you, particularly regarding how to go about finding an IT auditor job. My reply to Nick is here: http://wp.me/pxLr8-1OL
Also read all my CISA posts at https://itauditsecurity.wordpress.com/2013/04/02/master-list-cisa-articles/
I wish you the best. Let me know what you decide to do.
LikeLike
Pingback: Top 7 Reasons for Security Certification | ITauditSecurity
I think certification helps you to end up at the interview table only :) . If you are working in the same company then certifications are 90% irrelevant.
LikeLike
Usman,
Thanks for your input. If you mean in terms of dollars, I mostly agree. However, if you’re moving to a different department, it can increase the salary (especially if you got the cert in the past year) and be a differentiator if everything else is equal (which I admit it often isn’t).
Also, you can learn a bit from studying for the cert, just as you should from CPEs after the cert.
But even if the cert only helps in the interview, that’s enough reason to get one (or another one), especially in today’s job market.
LikeLike
My opinion is that certifications are really good only if you apply anything or most of the concepts behind it on daily or regular basis since hands on experience will carve that knowledge into your brain. I have worked as an hybrid Systems/Network admin for the last 16 years and spent my time gathering technical Microsoft, Cisco and Comptia certs and now decided to make a radical career change into Information Security Auditing. I had my experiences in auditing being the IT guy on the other side of the table with the Security Auditor in front of me asking for network account documents, backup logs, change management evidence, etc, etc. Now that I am actually being the Security Auditor I can only thank the hours I spent arguing back and forth with the auditor justifying the current IT management practices. Also being the internal auditor I work with the external auditor when he comes on a yearly basis and this allows me to learn a lot from this experienced professional. In other words experience complements certifications and if you do apply the certification concepts regularly then it is a good time for you to get certify. That is why I have started my way towards the CISA certification. And since I have enough IT management experience I will then go after the CISSP a case somehow similar to ITAuditSecurity’s experience.
LikeLike
Tony, you won’t have any problems with the CISA. And the CISSP should n’t give you too much trouble either.
Generally, certs make others think better of you, they open doors, and may increase your pay (particularly when changing companies). I agree, they are most beneficial when you have the wisdom and experience to go with it, but I’ve hired people that had the wisdom and experience, but no certs.
Depends on the hiring manager, and they tend to lean toward certs because it makes their job easier, even if it might hurt the company when a certed person can’t really do the job.
Certs can help a newbie get better, too. It’s a place to start. Thankfully, most certs have experience requirements.
Back to your experience, which is similar to mine…the best part is that the IT guys can’t put anything past you because you’ve been there, and know what you’re talking about.
Do what you can to train the other IT auditors…
LikeLike
Thanks for your feedback. Really appreciated. I agree with you. Like you mentioned certifications marks the path and take you through almost every possible scenario preparing you for the action when the time comes. And having being there even in a case study scenario gets you ready and is better than not knowing anything at all about the topic. On the other hand what I can do with my fellow auditors is teach them some Windows OS, VMWare, routing\switching\firewalls and tech stuff etc. in exchange of some auditing heads up. They are all already CISA, CISM, CRISC and CISSP…jajajaja I am the rookie…I probably past the interview because of my experience responding to SOX, FDA and ISO audits…
LikeLike
Tony,
Don’t assume just because they have certifications that they really understand IT, networks, security, applications, databases, etc. Certs are not knowledge and wisdom to apply that knowledge to the real world.
I keep beating the drum that many IT auditors really don’t understand IT or the architecture, hardware, and software on which it runs. Some do, and kudos to them.
The best way to determine this is to read their workpapers and see whether they missed anything, and whether they draw appropriate conclusions. Look at how they gathered the data and validated the population. That will be telling.
Either way, I think you’ll be fine.
LikeLike
I am a CPA, I have been working part time in my own practice while raising kids for the last 8 years. My last child is a senior in high school and I am ready to resume my career full time. I am interested in IT Auditing but have no experience. I am thinking of taking the CISA, then the CISSP. I am also considering doing a Masters degree in Information Systems, should be able to complete it in 18 months. Any advice?
LikeLike
Carmela,
Assuming you are comfortable with technology and love to learn constantly, your approach sounds solid. Unless you’re familiar with IT operations and technology, i would give yourself more than 18 months to do all of these.
If you pass the CISA, you could probably get a entry-level IT audit role, as the USA is desperate for more. Then keep studying for the CISSP and working on your Masters as you work.
Wish you the best, Mack
LikeLike
Carmela,
I actually have the same background/situation. I definitely agree with ITauditSecurity get the CISA and jump into an entry level.
I actually started as a Financial auditor that touched on a lot of ITGC. IT was really what I wanted. I also actually passed 1 part of the CPA but then decided not to go the Controller CFO route and wanted to make the switch to IT passed CISA and got the certification. Having a CPA and CISA is a great combo to have esp for a publicly traded company looking for internal auditors. I’m finally in the IT audit space now so I’d just encourage to keep going…you’ll get there.
ITauditSecurity – thanks for all of your blogs it was actually my guide when I switching to IT and def good info and tips. One particular post you made I remember liking a lot is those IT auditors who can’t document a good workpaper. Now that I’m on the IT side, I’ve definitely encountered people who claim has audit experience but can’t document anything correctly or also people who thinks they’ve had IT experience they can audit. By IT Experience, come to find out they’re just coordinating external audits or just limited to admin group and have done IT ops work but a narrow scope. :D
I’m off to my next adventure of CISSP just want more technical knowledge. Any thoughts and what’s next after CISSP? Maybe CEH or PCI certs?
LikeLike
Yo,
Thanks for chiming in and sharing your experience. You added a lot to the discussion.
Glad you like the blog, and even more happy it helped you as much as it did. It’s always glad to hear I can help others along. I sure stand on the shoulders of many others before me,
People view auditing kind of like technical writing. Because a people can write a sentence and ask questions, they think they can do it well. Writing clearly is a skill that has to be honed and practiced. Writing technical info clearly is even harder. Thanks for the chuckle.
CISSP shouldn’t be too hard for you. Did you see my post: CISSP isn’t as technical anymore?
If you want to staying in auditing, I would steer you toward learning data analytics. I haven’t found any courses, videos, or other resources to steer you to, but I sense that in 5-10 years, it will be a basic requirement of auditing.
Technical-wise, CEH would be interesting. I took a CEH class (not the official one), and it was all tools-related and how to use the tools rather than what causes the vulnerabilities and risk, how to exploit them, and gaining an understanding of the technology being exploited and how applications, databases, protocols, and networks work. That’s where I feel the real benefit is. If all you learn is tools, you’ll be out of date shortly.
Otherwise, you might consider understand *nix better or taking networking classes. Few auditors understand either.
Check back in and let me know how you’re doing. Cheers. Mack.
LikeLike
Mack,
I thought I’d check in with you. Thanks again for all of your post and guidance! Well, I finally got my CEH. I started on a path for CISSP but took a break since my long term goal is to get into pen testing. I’ve asked a couple of pen testers and highly recommended to go to the OSCP route then maybe CISSP down the road given it’s abt 1 mile wide and 1 inch deep. Have you seen much audit roles where there’s pen testing blend? I’m trying to figure out how to go about gradually make it into pen testing.
LikeLiked by 1 person
Yo,
Congrats on your recent achievement!
No, I haven’t seen many auditors doing pentesting, but I run into them occasionally. It is certainly not unheard of. Usually smaller companies. I wish you the best.
In case you missed it, I disagreed with your recent comments in New IT Auditor (and WannaBEs) Master List re: the accountant who wants to get more technical experience. I’d be interested in your reply in that post.
Just because I disagreed, that doesn’t mean I think you’re wrong. I have a different perspective and would like to learn more of your perspective on that issue.
Please feel free to disagree with me. I find those types of comments more enlightening that others, usually.
LikeLike
Thanks Mack. I appreciate it again. Also, thanks for the heads up on your reply. I’ll head over that section now and take a look. Hey – I appreciate discussions and healthy disagreements :) I know I’ve benefited very much seeing your perspective.
Yah seems to be a harder jump to make the switch to do pen testing. Lots of companies looking for a SOC experience or some sort of a form of help desk blended with security. At any rate, thanks for the insight.
LikeLiked by 1 person