Benefits of Cybersecurity Certifications: An Interview with the EC-Council President

How can you enhance your security career prospects? What are the top cybersecurity certifications and why do they help? Are employers requiring security certifications? To answer these questions and much more on cybersecurity certifications, I turned to Jay Bavisi, who is a top global expert on cybersecurity certifications and the founder and president of the EC-Council Group.

I often get asked, “How can I get into a hot cybersecurity role?” Or what is the best way to advance my career as a security professional? Or, what steps would you recommend for my son or daughter or friend who hopes to enter the cyberworkforce?

The answers to these important questions (and many more) almost always include a discussion on professional cybersecurity certifications.

There are many certification options and possibilities, so I turned to a recognized global expert to help dive into this topic deeper as we head into 2018. Specifically I am very honored to interview Mr. Jay Bavisi for this blog.

Jay Bavisi is the award-winning founder and president of the EC-Council Group, a global leader in cybersecurity education, training, publishing, events and professional cybersecurity certifications. He was the Cyber Security Professional of the Year during the Cyber Security Malaysia - Awards, Conference & Exhibition 2015 and 2016, and a board member of the Department of Homeland Security/National Security Agency’s CISSE Colloquium in the U.S. 

Jay was named as the keynote speaker for the National Initiative for Cyber Security Education (NICE) Conference in Columbia, Md., which was a White House initiative under President Obama. He was the chairman of the Hackers Panel at Infosecurity Europe, opening keynote for Info Security Mexico 2016, the closing keynote speaker for ITWeb Security Summit in South Africa, the combined keynote speaker for Techno Security/Hacker Halted USA and Keynote for IDC Security in Finland and many others. 

Jay has appeared regularly on major international television shows and print media, including CNN, CNBC and Fox News. World-class reporters like Wolf Blitzer of CNN sought Jay’s views in The Situation Room, and his views have also been sought by publications like Time, The Washington Post, The Herald Tribune, The Wall Street Journal, The Gazette and The Economic Times. His views were also featured by ABC News, USA Today, The Christian Science Monitor, Boston and Gulf News.

On a personal level, I met Jay at the EC Council’s Global CISO Forum in Atlanta in 2015, and his passion and expertise on all things cyber was evident from our first discussion.

For some more background, the International Council of E-Commerce Consultants, also known as the EC-Council, is the world’s largest cybersecurity technical certification body. They operate in 145 countries globally and are the owner and developer of the world-famous Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (C|HFI), EC-Council Certified Security Analyst (ECSA), Certified Chief Information Security Officer (C|CISO), Licensed Penetration Tester (Master) Exam, and several others. The EC-Council has trained and certified more than 200,000 information security professionals globally that have influenced the cybersecurity mindset of countless organizations worldwide.

Interview with Jay Bavisi, Founder and President of the EC-Council Group

Dan Lohrmann (DL): How important is it to be certified in today’s world?

Jay Bavisi (JB): We live in a rapidly advancing world, where progress in technology often outpaces the speed at which we come to terms with it. In such a chaos, quality skill-based certifications can offer stability. For an employer, it offers stability in setting a quality benchmark; for an individual, certifications serve as a self-assessment tracker, which acts as a parameter to map their skill levels against those of the world.

We often hear a lot of debate of "college degree versus skill," and I believe skill-based certifications are a neutral answer to them. For a simple reason that it not only builds a skill, but also offers a chance to showcase that skill to the world with evidence.

DL: Which countries do you think will be needing more cybersecurity-trained professionals than others?

JB: With the global Internet penetration exceeding 51 percent, we can easily account for about 3.9 billion people around the world who are vulnerable to some form of cybersecurity threat. Technically speaking, each country with an existing economy, sensitive public data and a commitment to protecting their citizens and/or organizations against cyberthreats will be needing more and more cybersecurity-trained professionals.

We’re fast approaching a time where the world will be known more as a global village than be addressed by the confinements of our geographies. The fact that ransomware malware could attack 150 countries is a testament to the imminent cyberthreats looming over our heads, independent of the nationalities we belong to.

DL: Who would be more qualified to deal with a cybersecurity challenge? A person with experience but no certification or another with certification but little experience?

JB: The more qualified person will be the one with the necessary skill and tact. While neither experience in the field nor certifications in one’s kitty assure these qualities, we at EC-Council ensure that we also provide iLabs along with our certification courses. These are cyber exercises that are run in a controlled environment, with the objective of training them to real-world challenges.

To build the requisite skills for such challenges, we also offer specialized certifications like the LPT (Master) certification, which is a one-of-its-kind certification, as it is an 18 hours exam that is conducted in a fully proctored environment, online!

This is the world’s first fully proctored online penetration testing certification. This methodology substantiates the credibility of any LPT (Master) certified individual, in their skills to deal with a real-world cybersecurity challenge.

DL: Could any certification be classified as more employer friendly than the other?

JB: Employers would always be looking for certain skills pertaining to a respective certification. With that context, if a certification can assure quality to an employer, then it can be considered employer friendly.

There are however some certifications like EC-Council Certified Ethical Hacker (CEH), which is often used as a benchmark or an important selection parameter for cybersecurity jobs by various organizations across the globe. Employers and certification bodies share a symbiotic business relationship; if one doesn’t appreciate or live up to the standards of the other, then this relationship fails.

DL: What is the future of cybersecurity certifications globally?

JB: It’s a widely known fact that collectively we’re facing a dearth of cybersecurity professionals, with the projected shortfall being 1.5 million IT security professionals by 2019. Organizations and governments alike are fast waking up to this reality, and the importance of cybersecurity certifications is felt more than ever.

This also puts a moral responsibility on the shoulders of us, cybersecurity certification bodies, to update our courses to provide value to the millions who trust us with their careers.

I foresee a rise in innovation, in teaching cybersecurity material worldwide. An example being our LPT (Master) Certification, which is a fully proctored exam. For individuals with geographic and time-management constraints, we also offer iLearn (online self-paced) and iWeek (online instructor led) forms of learning to deliver maximum value to our customers.

DL: Are people more accepting of cybersecurity certifications today than they were a few years back?

JB: With rampant malware attacks, threats of a cyberwar and increasing chaos in the global politics serving as rude reminders to the disastrous potential of cyberthreats — even worse — of cyberterrorism, we see a lot more individuals, organizations and governments partaking in cybersecurity training programs. The world around us is fast realizing that to beat cyberthreats, we need the right technology and the right people.

For the rest of this interview, including a comparison between the CISSP and the C|CISO certifications, please visit the original blog at: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/the-case-for-security-certifications.html