The Top 10 Cybersecurity Certifications in 2022

In Skillsoft's 2022 IT Skills and Salary Report, 66 percent of IT decision-makers reported that their organizations were struggling with skills gaps, driven largely by the difficulty of recruiting and retaining qualified talent and the rapid pace of technological change today.

While any IT skills gap can spell trouble for a company, cybersecurity skills gaps are particularly worrisome. A lack of qualified cybersecurity talent can leave an organization exposed to cyberattacks that can have disastrous repercussions for their reputations, operations, and bottom lines. According to a report from IBM, the average U.S. data breach costs a company $9.44 million in terms of lost business, customer distrust, remediation, and potential legal penalties.

Staggering figures like that explain why cybersecurity certifications are particularly in demand among employers today. While employers value all kinds of IT certifications, certification is especially important in cybersecurity. Even by IT standards, cybersecurity is a particularly challenging field requiring significant expertise. Cybersecurity professionals are locked in an arms race with hackers and other adversaries. They must always be up to date on the latest technologies and techniques to defend their organizations against ever-escalating threats. That's why organizations are willing to pay a premium for cybersecurity certifications: They prove that their people have the skills they need to protect the company's most valuable assets.

How much of a premium are companies willing to pay? According to the 2022 IT Skills and Salary Report, IT professionals with non-cybersecurity certifications earn an average salary of $64,311, while those with cybersecurity certifications earn an average salary of $72,444. That's a difference of roughly $8,000, or about 12%.

Of course, some cybersecurity certifications are more in demand than others — and thus, they garner even higher salaries for their holders. Using data from our 2022 IT Skills and Salary Report, we've compiled a list of the top 10 cybersecurity certifications with the highest average salaries in North America.

The Highest-Paying Cybersecurity Certifications in North America

Offered by ISACA, a global professional association dedicated to IT governance and cybersecurity standards, CRISC validates a cybersecurity professional's enterprise IT risk management expertise. CRISC is a comprehensive certification covering everything from strategic abilities like building company risk profiles to technical skills like designing and implementing appropriate security controls.

CRISC holders tend to be highly credentialed, tenured individuals. According to Skillsoft's 2022 IT Skills and Salary Report, professionals with CRISC certification have an average of nine certifications overall, and 68 percent serve in managerial roles.

According to ISACA, CRISC is best-suited for mid-career professionals in IT/IS audit, risk, and security careers. Earning CRISC certification requires three years of working experience in IT risk management and IS control roles. In addition, candidates must pass the CRISC exam, which covers four domains: governance, IT risk assessment, risk response and reporting, and information technology and security. The exam costs $760 for non-ISACA members and $575 for members.

Take the Next Step

Prepare for the CRISC exam with our CRISC Prep Course.

ISACA's CISM certification is designed for cybersecurity professionals who are ready to make the leap to the management level. As such, it requires extensive experience in designing and managing secure information systems. CISM holders don't just have the technical expertise to create and implement effective security controls — they also think strategically, ensuring security tools and processes are aligned with broader business goals.

CISM requires significant experience: at least five years in an information security management capacity. However, certification candidates can waive up to two years of required experience if they possess certain ISACA-approved certifications. The CISM exam covers four domains: information security governance, information security risk management, information security program, and incident management. The exam costs $760 for non-ISACA members and $575 for members.

Take the Next Step

Prepare for the CISM exam with our CISM Prep Course.

Offered by (ISC)², CISSP is a comprehensive certification that validates a professional's ability to design, implement, and manage a cybersecurity program. CISSP is also one of the most common cross-certifications held by the cybersecurity pros we surveyed for this list, which speaks to how broadly valuable CISSP expertise is in the cybersecurity field.

CISSP focuses on knowledge and skills in eight domains, collectively known as the "CISSP Common Body of Knowledge (CBK)":

1. Security and risk management
2. Asset security
3. Security architecture and engineering
4. Communication and network security
5. Identity and access management (IAM)
6. Security assessment and testing
7. Security operations
8. Software development security

Given its broad coverage, CISSP has been likened to earning a master's degree in IT security. CISSP also complies with the U.S. Department of Defense (DoD) Directive 8570.1, meaning the DoD recognizes it as a certification that proves the holder has mastery of certain critical cybersecurity principles and practices.

To earn CISSP, professionals must pass an exam ($749) covering the eight domains of the CISSP CBK. Candidates also need a minimum of five years of paid work experience in at least two of the eight CBK domains. A four-year degree or additional (ISC)²-approved credential can count for one year of experience.

Don't have the requisite experience just yet? You can still take the exam. If you pass, you'll earn the Associate of (ISC)² certification, and you'll have six years to gain the work experience you need to become fully CISSP-certified.

Take the Next Step

Prepare for the CISSP exam with our CISSP Prep Course.

ISACA's CGEIT is a framework-agnostic certification dedicated to enterprise IT governance. CGEIT holders have proven their expertise in optimizing IT investments, managing enterprise risks, and aligning IT with the overall goals and mission of the business. CGEIT is specifically for those cybersecurity professionals aiming to join the ranks of the C-suite, so it's little surprise that 73 percent of CGEIT holders work in management roles.

CGEIT certification requires five or more years of experience advising or overseeing enterprise IT governance. Candidates must also pass the CGEIT exam, which covers four domains: governance of enterprise IT, IT resources, benefits realization, and risk optimization. As with other ISACA certifications, the CGEIT exam costs $760 for non-ISACA members and $575 for members.

Take the Next Step

Prepare for the CGEIT exam with our CGEIT Prep Course.

Google Cloud is one of the most widely used enterprise cloud platforms, so it's unsurprising to see Google Cloud - Professional Cloud Security Engineer certification in such high demand. This certification validates a professional's mastery of cloud security technologies and topics like identity and access management, incident response, and regulatory compliance. While the certification focuses on cloud security in the context of Google Cloud, many of the best practices it covers are equally applicable in other cloud environments — as evidenced by the fact that many holders of this certification are also certified in AWS.

To earn Google Cloud - Professional Cloud Security Engineer certification, candidates must pass an exam that covers domains like configuring cloud access, managing cloud operations, network security, compliance, and data protection. The exam costs $200. While there are no prerequisites, Google recommends that candidates have at least three years of relevant experience, including a year of experience with Google Cloud.

Take the Next Step

Prepare for the Google Cloud - Professional Cloud Security Engineer certification with our Cloud Career Journeys, a fully guided experience that ensures learning happens in the most effective sequence and format.

Like Google Cloud, AWS is a widely used enterprise cloud platform, so it makes sense to see the AWS Certified Security - Speciality certification ranking right behind Google's own cloud security certification on our list. The AWS Certified Security - Speciality certification covers key cloud security skills and knowledge like disaster recovery, patch management, security management, encryption, access control, and more. This certification also validates more high-level strategic expertise, like a professional's ability to balance cost, security, and complexity when implementing security controls.

According to AWS, the best candidates for this certification already work in security roles and have at least two years of experience working with AWS workloads. Additionally, AWS recommends five years of IT security experience and a working knowledge of AWS security services and features. The exam costs $300.

Take the Next Step

Prepare for AWS Certified Security - Specialty certification with our recommended AWS courses.

Control Objectives for Information and Related Technologies, or "COBIT," is an agile, business-focused IT governance framework created by ISACA. The COBIT Foundation certification covers fundamental IT governance principles like meeting stakeholder needs, aligning IT goals with strategic business objectives, and designing holistic governance systems that meet an organization's unique needs.

Many COBIT 5 Foundation holders work in leadership roles like IT management, business management, and even regulatory roles. There are no prerequisites for the COBIT 5 Foundation certification, which makes it a good fit for those professionals beginning their journeys into IT governance. Candidates will need to pass a comprehensive exam that covers a wide variety of domains, like governance system components, performance management, designing a tailored governance system, and more. The exam price ranges from $175-275 depending on whether candidates take the test online or in person.

(It's worth mentioning that the COBIT 5 Foundation certification focuses on COBIT 5, the 2012 version of the framework. ISACA updated the framework in 2019. The new COBIT 2019 version covers many of the same topics as COBIT 5, with some additions to reflect the state of enterprise IT today.)

Take the Next Step

Prepare for the COBIT 5 Foundation exam with our COBIT Beginner course.

As the name suggests, ISACA's CDPSE is for professionals focused on data privacy. Software engineers who build privacy solutions, developers concerned with data privacy in their products, and data scientists who work with sensitive data are all good candidates for CDPSE. That's because CDPSE covers both the technical side of designing secure technologies and the ethical and legal side of using data responsibly. Given the increasing threat of data breaches — and the complicated landscape of data privacy regulations organizations must follow today — it's easy to see why CDPSE certification is in high demand.

The CDPSE exam costs $760 for non-ISACA members and $575 for members, and it covers three domains: privacy governance, privacy architecture, and data lifecycle. Furthermore, candidates need at least three years of work experience in at least one of those domains.

Take the Next Step

Prepare for the CDPSE exam with our CDPSE Exam Guide.

ISACA's CISA certification is widely considered the standard for validating an IT professional's expertise in auditing and securing information systems and IT infrastructure. Particularly well-suited for entry-level and mid-career professionals, CISA certification focuses on key information security concepts like privacy by design, regulatory compliance, and risk management.

CISA candidates will need at least five years of experience in IS/IT audit, control, assurance, or security, with experience waivers available for up to three years. The CISA exam, which costs $575 for ISACA members and $760 for non-members, covers five domains: information systems auditing processes; IT governance and management; information systems acquisition, development, and implementation; information systems operations and business resilience; and protecting information assets.

Take the Next Step

Prepare for the CISA exam with our CISA Prep Course.

Offered by EC-Council, the CEH certification is one of the most in-demand certifications in cybersecurity — even the U.S. Department of Defense requires certain employees to hold it. As the name suggests, CEH certification focuses on the skills cybersecurity professionals need to evaluate systems, find vulnerabilities, and mitigate risk. CEH holders are typically trained in penetration testing, red teaming, threat hunting, and similar methodologies.

CEH is one of the pricier certifications, with the exam costing $1,199, plus a $100 application fee. However, it's also recognized as the go-to certification for white hat hackers, and many professionals find the cost worthwhile. EC-Council recommends that candidates have at least two years of IT security experience before taking the exam. Candidates lacking that experience can still apply to take the exam — they just have to attend an official EC-Council training course first.

Take the Next Step

Prepare for the CEH exam with our CEH Prep Course.

Certifications are an important way for professionals to prove they have the skills they need to succeed in cybersecurity, but they're also valuable to employers beyond hiring qualified employees. Earning certification helps a professional build new skills and sharpen existing ones, making them even more effective in their roles.

In other words, certifications are sources of real, concrete value for organizations. More than 96 percent of the IT managers surveyed for the 2022 IT Skills and Salary Report said certified staff added value to their organizations. Forty-five percent said certifications boost productivity, and 44 percent said certification helps employees better meet client requirements.

That, ultimately, is why employers are willing to pay more for certified talent: There is a real, measurable return on the investment.

Hiring employees with certifications can help organizations close their skills gaps, but so can offering employees learning and development opportunities that help them earn and maintain certifications. After all, IT certifications in general — and cybersecurity certifications in particular — can become outdated as technology evolves. Connecting employees with continuous upskilling and reskilling programs can help them keep their certifications up to date — and make sure a company's skills gaps stay closed.