When reading job postings for your target career, you may often see that industry certifications are required, and this may be in addition to having a certain academic degree or years of experience. This is particularly true for cybersecurity positions with government contractors. There are dozens of certifications within the cybersecurity industry, so to better understand which certifications to pursue based on a target career or position, University of Maryland University College (UMUC) partnered with ICF International, a federal contractor with a large cybersecurity division, to deliver a webinar sharing their expertise on this complex topic.
A few questions addressed during the webinar include:
Q: Why are certifications required for so many cybersecurity positions with government contractors?
A: In 2008, the Department of Defense (DoD) developed Directive 8570, which helps ensure all DoD personnel and contractors are properly trained and educated to perform the duties required to be an Information Assurance professional. Many contractors are legally compelled to only have employees with specific certifications work on DoD projects. This depends on the contract and the job that the contractor is performing, but in short, Directive 8570 ensures all personnel working on a DoD project are qualified to do their jobs.
Q: How does a cyber professional learn what certifications are required for DoD jobs?
A: The DoD identifies the requirements for each cybersecurity and information assurance position, and these are outlined in the contracts that companies like ICF sign with the DoD. As a job seeker, you can see the required certifications listed in the position descriptions for each job. If you do not have these certifications and are unwilling to pursue them as a condition of employment, then you should not apply for that position.
Q: What are some of the certifications that are required for these jobs?
A: The 8570 requirements are available here. Security + is an important certification for most entry-level jobs in cybersecurity, but after obtaining this certification, cyber professionals should consider what career path they are pursuing. For example, if you want to be a network engineer, consider obtaining the CCNA certification after you receive your Security +. For information assurance professionals, consider CISSP or CASP.
Also, when you look at the 8570 document, you will see there are several job types:
- IAT is for technical-track positions.
- IAM is managerial-track positions.
- IASAE is for professionals performing system architecture and engineering job duties.
- CSSP are the requirements for Cyber Security Service Providers.
Knowing these job types can help you identify which certifications are most appropriate given your target career path.
Q: After getting a certification, what else do I need to know?
A: Once you obtain a certification, you must maintain your certification status by completing continuous learning and paying a regular fee to the certification organization. Some employers may help their employees by paying the recertification fees or providing support for the continuous education requirements. As the professionals with ICF recommended, cybersecurity and information assurance job seekers should consider asking in an interview about whether their target company supports employees’ recertification process, because this can be very expensive.
The requirements for recertification vary depending on the certification provider, and each have different requirements and fees. Conferences and annual week-long trainings are the most common and easiest ways for professionals to earn continuing education credits. If you are working on a contract that requires a certification, and you choose not to maintain your certification, you could be removed from that project.
In a competitive career field like cybersecurity, obtaining industry certifications is another way to differentiate yourself from the rest of the competition. IT professionals who hold required certifications are far more likely to get jobs within the DoD than those without them, and the DoD and its numerous contractors are a major employer of cyber talent. To learn more about this important topic and to view related resources, please click here for a recording of ICF’s webinar presentation.
Kristin Schrader is the Assistant Director of InternPLUS at University of Maryland University College. She has a background in human resources and has worked in career services at four universities. Most recently, she was the Lead Trainer in Europe for the U.S. Department of Labor Employment Workshop teaching transitioning service members about the civilian job search. Kristin is a proud military spouse and is passionate about helping others obtain their professional goals.