Foreword:
China's information security industry is booming, and the security talent team is constantly growing. Information security personnel have a lot of attention to personal career development and ability improvement. Demystifying "information security insider" for you in 3 minutes!
Cybersecurity is a "rich and promising" industry
According to the survey of the status quo of China's information security practitioners, the average annual salary of my country's information security practitioners is 153,000 yuan. This figure is not only higher than the average annual salary of employees in information technology-related industries in 2018 released by the National Bureau of Statistics of 142,000 yuan, but also much higher than the average salary of various industries in the society. The salary of information security practitioners is positively related to the number of years of employment. In other words, in the information security industry, there is no need to worry about age discrimination in the workplace, and the older you get, the more valuable you are.
If you are an information security practitioner, congratulations, your chosen industry is not only high-paying but also long-term engaged, it is a well-deserved "one of the best career choices." If you have not yet entered the information security industry, it is strongly recommended that you enter the industry immediately!
Despite pressure, career prospects are optimistic
The primary reason for information security practitioners to engage in security work is to be optimistic about their career development prospects. 42.9% of information security practitioners said that their work pressure is relatively high, but they are mostly optimistic about their career development prospects.
This is a very strange phenomenon: on the one hand, everyone is under a lot of work pressure, but on the other hand, they agree that information security is an industry with very good career development prospects. Why is this? In China, information security is a relatively new industry, and the industry is developing very rapidly, and the technology is rapidly updated and iterated. Practitioners must always update their knowledge and keep learning so as not to be abandoned by the fast-developing industry.
Vocational training is highly valued by practitioners
At present, when information security practitioners want to improve their security skills, about 70% of them choose vocational training, and a small number of people choose to learn by themselves. There is still a big gap between the capacity structure of the information security talent team and the needs of economic and social development and national security. In other words: if you choose information security, a rich and promising industry, vocational training will surely become your inevitable choice.
All-round shortage of talents, employers value certificates
At present, the overall situation of information security practitioners in my country is in an all-round shortage. The total number of information security personnel is insufficient. A large amount of information security work is completed in a "non-full-time" manner. There are talent gaps in various security roles. Information security qualifications have become an important indicator for employers to select talents...The information security professional holdings that employers value talents most. Among them, respondents from state-owned enterprises, scientific research institutes, party and government agencies and institutions, foreign-invested enterprises, and Hong Kong, Macao and Taiwan-invested enterprises have the highest recognition for the information security profession.
If you want to be engaged in the information security industry, but also want to enter a good company or company you like, you must get an authority certification certificate related to information security!
What certificates are necessary for information security practitioners?
1. CISP (National Registered Information Security Professional)
CISP security practitioners have basically heard about it. Domestic authoritative certification, and government background endorses the certification. If you want to work in the government, state-owned enterprises and key industries, and enterprises obtain information security service qualifications and participate in network security projects, this certification is very important. important. When you take the exam for CISP, the training organization will ask you whether you choose CISO/CISE, don't worry, these two are just the direction of the exam, and the certificates are issued by the evaluation center.
CISSP (Internationally Registered Information Security Specialist)
CISSP certification has a high reputation in the security industry, and the issuing agency is ISC. It is recognized that a certificate that is relatively difficult to test. It has high gold content, wide coverage, and many knowledge points. If you do not have relevant safety work experience, it will be very brain-burning to review it directly. The other is certification. Even if you want to get a certificate after passing the exam, you need five years of relevant work experience in at least two of the eight domains. This threshold is a bit high. However, if you have insufficient work experience, you can still take the exam. By maintaining your score, you can apply for certification until you have enough work experience.
CISA (International Certified Information System Auditor)
CISA is issued by ISACA, which also has CISM, CRISC, COBIT5.0 and other certifications. Let me talk about CISA first. This has already had a great impact in China. Students in school have begun to realize the importance of it to their job search. On the other hand, now everyone can look at the four major consulting, financial securities industry, it audit Posts or employees of the information technology department, including traditional auditors, are favored by CISA.
CISA, like CISSP, also requires 5 years of work experience, including at least 2 years of work experience in the audit/control field. The work experience is somewhat looser than CISSP. The academic deduction experience can be deducted for up to 3 years, and the results are valid for 5 years. So you can take the exam first and apply for the certificate later.
4. CISP-PTE (National Registered Penetration Test Engineer)
CISP-PTE certification is the first penetration test certification in China launched by Qi'anxin and China Information Security Evaluation Center in 2017. The National Information Security Evaluation Center issued a certificate and has the qualification to apply for security services. This certification has a great feature, that is, the exam is a practical operation, and the opportunity to test everyone's infiltration skills has come.
5. CISP-PTS (National Registered Penetration Testing Expert)
CISP-PTS penetration testing expert certification, officially launched at the end of 2018, Gu'an is the first institution in China to carry out CISP-PTS, and its gold content and difficulty are higher than CISP-PTE. In addition to having all the knowledge and capabilities required by CISP-PTE, CISP-PTS puts forward brand new requirements in terms of intranet security, database security, and middleware security; it pays more attention to cultivating learners' knowledge in the field of penetration testing. The breadth of the test (such as security issues involved in more types of databases and middleware), and more emphasis on testing learners’ mastery of the current mainstream penetration testing technology and the key professional level and proficiency of the implementation process. In terms of certification exams, CISP-PTS abolished multiple choice questions, and all exam questions are practical questions. CISP-PTS is currently the highest level certification in the field of national attack and defense penetration testing.
CISM (International Registration Information Security Manager)
The issuing authority of CISM is ISACA, which is the same issuing authority as CISA. This certification is comparable to CISSP, and the difficulty is even higher than that of CISSP. CISM is different from other information security certifications in terms of its experience requirements and its focus on the implementation of information security managers. Other information security certification focuses on specific technology, operating platform, or product information. Or work for the first few years of information security work. Only CISM is aimed at information security managers. The focus is no longer on individual technologies or skills, but on the information security management of the entire enterprise. CISM is aimed at individuals who manage and supervise the information security of enterprises. Many people may already hold relevant certifications in other fields. Because of the need to focus on management, work experience is relatively important, so CISM requires at least 5 years of experience in information security management, and the content of the exam is also concentrated on the daily work of information security managers.
Security+ (Information Security Technology Expert)
Security+ is a certificate issued by CompTIA, the American Computer Association. This certification mainly focuses on information security technology, and the learning content is relatively shallow. It is suitable for people who have just graduated or have little experience in the industry and need to switch to information security. This is a good stepping stone for those who want to enter the security industry, especially the recognition of this certification by foreign-funded enterprises. What is more attractive is that there are no requirements for work experience and academic qualifications for those who take the exam, which is a great learning motivation for many security enthusiasts.
8.ISO27001 Foundation certification
ISO27001 Foundation is a certification issued by APMG. As the most famous international standard in information security management—ISO/IEC 27001 (referred to as ISMS), it can guide our practical work. ISO 27001Foundation is a course set up to train and improve the information security management system (ISO 27001) builders, and pay more attention to the implementation, maintenance and optimization of the information security management system.
9.CCSK (Cloud Security Certification)
CCSK is certified by the Cloud Security Alliance (CSA). In 2011, the International Cloud Security Alliance officially launched the "Cloud Computing Security Knowledge Certification (CCSK)". After 5 years of development, CCSK has become one of the most authoritative certifications in the field of cloud security talents. Domestically, when cloud service providers or Anfu employees are working on cloud security projects, this certification can first give everyone a preliminary understanding of cloud security and bring necessary support to the project.
10. DevOps Master (the industry's top application actual combat certification)
The DevOps Master course is the highest level in the EXIN DevOps series of certification courses. EXIN DevOps Master is an advanced certification that combines principles, knowledge and practical skills. This enables them to introduce and promote DevOps in the organization to better manage the application and service life cycle, while promoting collaborative team collaboration. At the same time equipped with "Phoenix Project" sand table actual combat drill.
DevOps is mainly related to software development, but its principles are increasingly applied to all other processes. This makes the DevOps Master certification very attractive for IT professionals who want to expand their knowledge system and cover the latest development models of IT management. Application developers, product owners, agile Scrum managers, project managers, test managers, and IT service managers will all benefit from this certification.
11.Prince2 (Project management in a controlled environment)
Although Prince2's domestic familiarity is not as good as PMP, it is also project management. The difference between the two lies in theory and practice. Many people gnawed on PMP and turned to learn Prince2 again. Why? This is not a nonsense of the editor. Many students reported that PMP is too theoretical, and everyone does not use it in actual work; and compared to Prince2, PMP is only a junior project management certification, and those who hold a PMP certificate want to get higher Level project management certification is also to continue to take the Prince2 professional level certification.
Conclusion:
Some people may say that there are still some not listed, for example, PMP, ITIL, these are only listed here related to information security or network security, and complete project management, operation and maintenance and coordination should not be joined in the fun. Of course, these proofs are listed for everyone's needs and as a reference. The proofs are only necessary for theory. Only by combining theory with practice can we go further. Of course, it is still necessary to say that textual research is not necessary. No amount of evidence is as useful as a'technical' certificate. This is an indisputable fact. There are more opportunities to have true skills. There is no way, it is an illusion in itself to bridge the technological gap through textual research. However, it is always right to try to improve yourself.
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。