History of Cybersecurity Certifications

History for Cybersecurity Certifications

Cybersecurity is one of the fastest growing career fields in the world. Job seekers, career switchers, and hiring managers alike need a fast but rigorous way to qualify candidates for jobs. Certifications prepare cybersecurity specialists for jobs and help companies determine which candidates are best qualified for their open positions.

How are cybersecurity certifications different from degrees? 

Colleges and universities award academic degrees in cybersecurity or related fields. Typically, students earn an associate, bachelor's, or master's degree. An associate degree usually requires 60-75 hours with about 15-30 of those credits in the field. Bachelor's degrees often require 120-130 hours and may have a major in cybersecurity or a major in computer science with a specialization in cybersecurity. A master's degree typically requires 30-36 credits and may have extensive admissions requirements.

Certifications, on the other hand, are not awarded at the conclusion of an academic program. Instead, prospects have to pass a rigorous examination to earn their certificates. CompTIA, a private membership and education agency, now offers most of the recognized cybersecurity certificates. Typically, people earn certificates as a way to launch a career in cybersecurity without paying the high price tag and enduring long time frame of a degree. IT degree holders may also seek certification to demonstrate skills in new areas.

Why do cybersecurity certifications exist? 

Cybersecurity certifications move you into the infosec field quickly. An associate degree takes at least two years, a bachelor's degree requires four years, and a master's degree requires at least 18 months. That's full-time study. Certificates, however, may take only a few days or weeks to prepare for the exam. 

These certifications focus on granular knowledge and practical achievement. While an academic program may offer a broader and more theoretical foundation, certificates equip holders with immediately actionable knowledge. They are designed to be put into work as soon as possible.

Since experts expect unfilled cybersecurity job openings to top 3.5 million by 2020, certificates make it easier for the field to welcome new specialists. They allow hiring managers and human resource officers to screen applicants for infosec jobs. Plus, they open higher salary options to employees. 

What's the history of cybersecurity as a career field? 

The first hack can be traced back to 1903 when a magician hacked into a secure wireless telegraph. In the late 1930s, Polish and British computer specialists used early forms of hacking to crack the Nazi Enigma code. It wasn't until 1955, though, that the word "hack" would come to mean tampering with machines. And it was the late 1970s before malicious hacking of computers started to become a problem. From there, hacking accelerated in both sophistication and scope. Cybersecurity soon crystallized as a career field as black hat hacking became a corporate and national security concern. 

Timeline of cybersecurity certification history: 

  • 1967 - ISACA, previously known as the Information Systems Audit and Control Association, was founded.
  • 1982 - Association of Better Computer Dealers (ABCD) was founded as a membership organization.
  • 1989 - International Information Security Certification Consortium or (ISC)² was formed with the purpose of standardizing infosec certifications. 
  • 1990 - ABCD changes its name to Computing Technology Industry Association (CompTIA).
  • 1992 - CompTIA introduces vendor-neutral IT certifications.
  • 1994 - (ISC)² launches its most popular certification, Certified Information Systems Security Professional (CISSP). 
  • 2002 - 10,000th person receives CISSP certification.
  • 2002 - EC Council founded.

Today - International Council of E-Commerce Consultants (EC-Council), now the world's largest cybersecurity technical certification body, works in 145 countries. They own certificates like Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), EC-Council Certified Security Analyst (ECSA), Certified Chief Information Security Officer (C|CISO), and more. The EC-Council has trained and certified more than 200,000 people.

Who are some notable people in the history of cybersecurity?

As a career field, cybersecurity is home to some of the world's most intriguing people - good guys and criminals alike. Here are just a few of them:

Robert T. Morris, Jr. - In 1988, this Cornell student created the first computer worm. He received three years of probation, 400 hours of community service, and a fine of $10,050. Morris now serves as a professor at MIT. 

Jon Lech Johansen - A Norwegian reverse software engineer, Johansen has worked on numerous projects related to music and DVD licensing. He, too, has faced criminal charges.

Dr. Charlie Miller - A white hat hacker with a Ph.D. in mathematics, Miller may be best known for hacking into a Macbook Air in two minutes. He also hacked a Jeep as it was driving down the highway.

Many of today's leading cybercrime investigators and cybersecurity specialists hold the CISSP or other certifications. 

Can you cheat your way through a cybersecurity certification exam?

It should come as no surprise that some hackers try to cheat their way through cybersecurity certifications. The organizations offering certifications take allegations of cheating seriously. That's why these companies develop exams that are difficult for test-takers to manipulate. (ISC)² also requires that members and test takers sign their Code of Ethics.

According to Hord Tipton, CISSP-ISSEP, CAP, (ISC)² Executive Director, "There are recent reports of widespread cheating on certification exams in China, South Korea, and a few other countries...I stand with more than 100,000 others worldwide who are certified by (ISC)² and recognize that certification is a privilege that must be legitimately earned and maintained."

One way to ensure the legitimacy and value of your certification is to take exam training from a legitimate training organization such as Alpine Security.

How did cybersecurity certification testing evolve from paper-based tests to adaptive computer-based tests?

Cheating is just one reason that cybersecurity certification testing evolved from paper-based tests to computer-based tests and now to adaptive computer-based tests. Tipton says, "(ISC)² conducts psychometric and forensic analyses to validate ethical testing practices and exam results. Sophisticated scientific techniques are routinely applied through computer-based testing with controls inapplicable to paper-based exams, in highly secured testing centers with in-depth monitoring of all test subjects."

Not surprisingly, cybersecurity experts can control testing validity in a computer-based environment more closely than in a paper-based one.

Final thoughts.

The history and evolution of cybersecurity follows a logical path from war-time cryptographers in World War II to today's ultra-sophisticated white hat hackers who can hack into moving vehicles. Cybersecurity certifications are key to keeping the field open to new professionals and to maintaining high standards of excellence for infosec practitioners.