IT Certification Options

PDF version of this report
You must have Adobe Acrobat reader to view, save, or print PDF files. The
reader is available for free

IT Certification Options

by Faulkner Staff

Docid: 00017989

Publication Date: 2205

Report Type: TUTORIAL


Technical certifications remain important to growing and sustaining a
career in information technology. Still, the effort and cost to earn and
maintain these credentials forces IT professionals to pursue only
certifications that will best support their career goals. One must also
consider the need to frequently update their certifications in areas like
mobile applications and cybersecurity while other areas become obsolete.
Moreover, companies that employ IT personnel prefer to exercise some
control over which certifications their staff members pursue. This
requires an understanding of what it takes to earn a particular
certification, the value of in-person and online training options, how
certifications are regarded within the industry, changes in the field, and
the return on investment.

Report Contents:

Executive Summary

[return to top of this

The market for IT professionals continues to expand. According to the US
Bureau of Labor Statistics, “employment in computer and information
technology occupations is projected to grow 13 percent from 2020 to 2030,
faster than the average for all occupations. These occupations are
projected to add about 667,600 new jobs. Demand for these workers will
stem from greater emphasis on cloud computing, the collection and storage
of big data, and information security. The median annual wage for computer
and information technology occupations was $97,430 in May 2021, which was
higher than the median annual wage for all occupations of $45,760.”1

Certified IT workers continue to land more jobs and command higher
salaries than do their non-certified peers. Certifications for widely used
platforms with strong marketplace prospects – such as those from
Microsoft, Cisco, and Oracle – remain among the most popular.

Faulkner Reports
Mentoring New Technical
Employees Tutorial

With so many people certified, however, the credentials have lost some of
their ability to distinguish one job candidate from another. In response,
requirements to pass certification tests have become greater, with an
increased emphasis on judging a candidate’s practical skills. Also,
Microsoft and other vendors continually revamp their certification
programs and often require recertification every few years.

Employment Prospects. Job seekers will typically find
that not being certified will exclude them from consideration, but having
a common certification will do little to help one stand out from other
candidates. Holders of higher-level certifications will, of course,
generally find their certifications doing more to distinguish them from
other engineers. 

Field-Specific Credentials: Security, Mobile, and Cloud
Security-related certifications are growing in
popularity and prestige. Some are specific to certain security platforms,
as are those from Cisco. Others, including the (ISC)2 Certified
Information Systems Security Professional, deal with security from a
vendor-neutral perspective. Mobile platform and cloud computing
certifications are also distinguishing new candidates in these fields.


[return to top of this

The costs and benefits of IT certifications can be looked at from both
the perspective of an individual person seeking career security and
advancement as well as from the perspective of an organization looking to
enhance the skill level of its staff.

Weighing Value. Tensions can arise between employees and
management over certifications. Management at times does not see the
return on investment in supporting career enhancing (and advancing) IT
training for staff who already meet their goals. IT personnel, on the
other hand, enjoy learning about new technologies and know that if they do
not continually update their certifications, their careers risk becoming

Certifications alone do not prove a person’s expertise. In some cases,
particularly for lower-level certifications, it is relatively easy to earn
a certification solely by studying exam-preps and taking practice tests
without gaining the skills needed to design, implement, and troubleshoot a
real-life network or server. Some industry observers argue that study aids
such as “brain dumps” and practice tests devalue IT certifications by
making it too easy to pass a test without acquiring applicable

One must also be careful to keep current, as some systems become obsolete
and IT vendors dissolve or are acquired by others, as was the case with
the end of Novell’s operation as an independent company.

Studying and Test-taking. There are many options for
study, from self-practice to online degree programs from accredited
universities. Organizations that sell practice tests base their questions
and answers on input from people who have already taken the test. Several
major vendors, such as Microsoft and Oracle, have their own online
courses. Most certification tests are administered by a third-party
organization, such as Prometric or Pearson Vue, which handle tests for a
wide variety of subjects.

Table 1 describes and analyzes the most common study options for IT

Table 1. IT Certification Study Options
Study Option Description Analysis
Study Kits
Self-study kits are offered for a
number of the major certification targets, like Microsoft and
Cisco tests. These can be obtained through the vendor,
universities and colleges, or book dealers. Kits range from
workbooks to PC-loadable software. The cost of these self-study
kits varies from minimal to several hundreds of dollars. 
While the cost for materials is
relatively low and time away from the job practically negligible,
self-study courses may be ineffective for some candidates. There
is no instructor to use as a sounding board, and there are no
classmates with whom to study. What someone gets out of such a
course is entirely dependent on his or her ability to manage the
time and labor needed to teach themselves. This option is
typically best for people who already have a strong background in
technology; it is not recommended for novices.
Generally, online courses are
considerably less expensive than traditional classroom-based
learning. Several of these courses are offered, or at least
authorized, by a number of the bigger certification organizations.
Some courses integrate the use of online videos, PDFs, CD-ROMs,
the Web, textbooks, Internet-based lab training, and message

Alternative training has become increasingly popular in the
last several years. Free- and low-cost websites such as Udemy
now offer video instruction, combined with downloadable PDF
workbooks, designed to prepare a user for the test.

Students in online courses have the
freedom to complete the course on their own time and, often, in
their own homes, which is valuable for people with full-time jobs.
As with self-study options, there is no instructor immediately
available. So, what students get out of such a course is again
largely dependent on their ability to manage their time and their
resourcefulness in finding answers to questions that come up
during the course. Not only will online training not provide
hands-on experience, but the time spent taking low-cost options
such as Udemy courses will be less valuable on future resumes,
particularly if the student never passes the related exam.

On the other hand, the flexibility of e-training can offer
employees an option they would not have in a traditional
classroom. Also, e-training considerably lowers the costs of
certification due to savings on travel expenses or time away
from work.

Colleges and Universities
Accredited universities now offer
online options for degrees, certification courses, and
combinations of the two. Some offer professor assistance. These
can be lower-cost than on-site learning. Several online
universities now offer the cost of certification test-taking as
part of tuition.

Some universities are beginning to host free MOOCs (massively
open online courses) that will no doubt expand to
certification-relevant topics.

Online-only diplomas from accredited
universities do not always hold the same prestige as on-site
degree completion. Still, the cost benefit is evident for those
pursuing a bachelors or masters degree in IT while simultaneously
studying for new certifications in targeted courses.

Classroom Programs
Classroom programs, such as those
offered by colleges and specialty computer education services,
abound. Some of these educators have even developed relationships
with companies such as IBM, Microsoft, Oracle, Sun, and others to
provide authorized certifications within the institution’s
Classroom programs tend to be thorough
and hands-on, but they are typically more expensive and take
longer to complete than do self-study and online options. These
courses can run several weeks or months. The advantage here is
that students usually need not take time away from the job because
the courses are commonly offered at night.

Further, the budget impact for the IT manager can often be
less than if daytime, vendor-provided seminars are selected.
Many companies offer tuition reimbursement to employees who
successfully complete courses that have a direct relation to
their work. More importantly for the IT manager, some companies
have this tuition reimbursement money in a different budget than
the IT department’s training budget. Therefore, training dollars
stretch much further if these courses are selected.

IT Certifications

[return to top of this

There is no shortage of IT certifications, just as there is no shortage
of university degrees. To get noticed, however, IT professionals should
consider selecting among the following ten high-profile certifications.
This is not to diminish other credentials – which can be added later – but
these ten are a good place to start.2

CompTIA Security+

Administered by the Computing Technology Industry Association (CompTIA),
the Security+ credential is often regarded as the first security
certification a cybersecurity professional should earn. The Security+ exam
is designed to ensure that certificate owners possess the practical
problem-solving skills required to:

  • Assess the security posture of an enterprise
    environment and recommend and implement appropriate security solutions.
  • Monitor and secure hybrid environments,
    including cloud, mobile, and IoT.
  • Operate with an awareness of applicable laws and
    policies, including principles of governance, risk, and compliance.
  • Identify, analyze, and respond to security
    events and incidents.

Security+ complies with ISO 17024 and approved by the US DoD to meet
directive 8140/8570.01-M requirements.

CISSP (Certified Information Systems Security Professional)

Administered by (ISC)2, formerly the International Information
System Security Certification Consortium, the CISSP credential is,
perhaps, the most highly acclaimed certification for information security
professionals seeking a better understanding of cybersecurity strategy and

Candidates must pass an exam and have at least “five years of cumulative,
paid work experience” in two or more of eight security domains. These
domains and their percent weight on the CISSP exam are as follows:

  1. Security and Risk Management – 15 percent
  2. Security Architecture and Engineering – 13 percent
  3. Communication and Network Security – 13 percent
  4. Identity and Access Management (IAM) – 13 percent
  5. Security Operations – 13 percent
  6. Security Assessment and Testing – 12 percent
  7. Software Development Security – 11 percent
  8. Asset Security – 10 percent

CISSP is DoD approved, complies with ISO 17024, and is the most required
security certification on LinkedIn.

CCSP (Certified Cloud Security Professional)

Administered by (ISC)2, the CCSP credential is ideal for
demonstrating that the certificate owner possesses the expertise and
experience to design, manage, and secure data, applications, and
infrastructure in the cloud.

Candidates must pass an exam and have at least “five years of cumulative,
paid work experience” in information technology, of which three years must
be in information security, and one year in one or more of six security
domains. These domains and their percent weight on the CCSP exam are as

  1. Cloud Data Security -19 percent
  2. Cloud Concepts Architecture & Design – 17 percent
  3. Cloud Platform & Infrastructure Security – 17 percent
  4. Cloud Application Security – 17 percent
  5. Cloud Security Operations – 17 percent
  6. Legal Risk & Compliance – 13 percent

The CCSP certification was introduced in 2015.

CEH (Certified Ethical Hacker)

Administered by the International Council of Electronic Commerce (or
E-Commerce) Consultants (EC-Council), the CEH credential is intended to
demonstrate a certificate owner’s proficiency in ethical hacking (also
called penetration testing). A Certified Ethical Hacker is a skilled
professional who identifies vulnerabilities in target systems, and employs
that knowledge – in the guise of a malicious hacker – to assess the
security posture of those systems.

CEH candidates must pass an exam encompassing the following nine domains:

  1. Information Security and Ethical Hacking Overview
  2. Reconnaissance Techniques
  3. System Hacking Phases and Attack Techniques
  4. Network and Perimeter Hacking
  5. Web Application Hacking
  6. Wireless Network hacking
  7. Mobile Platform, IoT, and OT Hacking
  8. Cloud Computing
  9. Cryptography

A candidate must have completed CEH training, or have two years of approved
work experience in information security.

CISA (Certified Information Systems Auditor)

Administered by ISACA, formerly the Information Systems Audit and Control
Association, the CISA credential is designed for IT/IS auditors, control,
assurance, and information security professionals.

Candidates must have five or more years of experience in IT/IS audit,
control, assurance, or security, and pass an exam encompassing the
following five domains:

  1. Information System Auditing Process – 21 percent weight
  2. Governance and Management of IT – 17 percent
  3. Information Systems Acquisition, Development and Implementation – 12
  4. Information Systems Operation and Business Resilience – 23 percent
  5. Protection of Information Assets – 27 percent

CISM (Certified Information Security Manager)

Administered by ISACA, the CISM credential is designed for those who
manage, design, oversee, and assess an enterprise’s information security

Candidates must have five or more years of experience in information
security management, and pass an exam encompassing the following four

  1. Information Security Governance – 24 percent weight
  2. Information Risk Management – 30 percent
  3. Information Security Program Development and Management – 27 percent
  4. Information Security Incident Management – 19 percent

AWS Certified Cloud Practitioner

Administered by Amazon, the AWS Certified Cloud Practitioner credential
is intended for anyone who has basic knowledge of the Amazon Web Services
platform. Before taking the 90-minute, 65-question qualifying exam,
Amazon recommends:

  • Six months of exposure to the AWS Cloud.
  • A basic understanding of IT services and their applications in the AWS
    Cloud platform.
  • A knowledge of core AWS services and their use cases, billing and
    pricing models, security concepts, and how cloud computing impacts a

Earning an AWS Certified Cloud Practitioner certification validates the
holder’s cloud fluency and foundational AWS knowledge.

CDPSE (Certified Data Privacy Solutions Engineer)

Administered by ISACA, the CDPSE credential enables enterprises to
identify technologists who are competent in:

  • Incorporating “privacy by design” into technology platforms, products,
    and processes.
  • Communicating with legal professionals.
  • Keeping the organization compliant, both efficiently and cost

To be eligible for certification, a candidate must have at least three
years of experience in the following domains:

  • Privacy governance
  • Privacy architecture
  • Data Lifecycle

Other requirements include:

  • Passing the CDPSE Examination.
  • Pursuing a program of Continuing Professional Education (CPE).
  • Adhering to a Code of Professional Ethics.

CCNP (Cisco Certified Network Professional) Enterprise

Administered by Cisco, the CCNP Enterprise credential prepares an IT
professional for today’s jobs in networking technologies. Unlike
most certifications, a successful candidate must pass two examinations:

First, the core exam, Implementing and Operating Cisco Enterprise
Network Core Technologies (350-401 ENCOR), focuses on an applicant’s
knowledge of enterprise infrastructure including dual-stack (IPv4 and
IPv6) architecture, virtualization, network assurance, security, and

Second, one of six concentration exams, either:

  1. Implementing Cisco Enterprise Advanced Routing and Services v1.0
    (300-410 ENARSI)
  2. Implementing Cisco SD-WAN Solutions (300-415 ENSDWI)
  3. Designing Cisco Enterprise Networks (300-420 ENSLD)
  4. Designing Cisco Enterprise Wireless Networks (300-425 ENWLSD)
  5. Implementing Cisco Enterprise Wireless Networks (300-430 ENWLSI)
  6. Automating and Programming Cisco Enterprise Solutions (300-435 ENAUTO)

Microsoft Certified: Azure Solutions Architect Expert

Administered by Microsoft, the Microsoft Certified: Azure Solutions
Architect Expert credential is intended for candidates with expertise in
designing cloud and hybrid solutions that run on Microsoft Azure,
including compute, network, storage, monitoring, and security.

Applicants should have advanced experience and knowledge of IT
operations, including networking, virtualization, identity, security,
business continuity, disaster recovery, data platforms, and
governance. In addition, they should have experience in Azure
administration, Azure development, and DevOps processes.

As a prerequisite for becoming an Architect Expert, a candidate must
first earn the Microsoft Certified: Azure Administrator Associate certification. An Administrator Associate applicant should have at least six months of
hands-on experience administering Azure, along with a strong understanding
of core Azure services, Azure workloads, security, and governance. In addition, an applicant should have experience using PowerShell, Azure
CLI, Azure portal, and Azure Resource Manager templates.

To be credentialed as a Microsoft Certified: Azure Solutions Architect
Expert, a candidate must pass Exam AZ-305: Designing Microsoft Azure
Infrastructure Solutions, which measures the test taker’s ability to
accomplish the following technical tasks:

  • Design identity, governance, and monitoring solutions.
  • Design data storage solutions.
  • Design business continuity solutions.
  • Design infrastructure solutions.


[return to top of this

Although certifications are sometimes retired, the overwhelming trend has
been and likely will continue to be toward increased options. There
are still numerous entry-level certifications, but many organizations have
made their higher-level certifications more difficult to achieve. As part
of this effort, organizations have also begun placing greater emphasis on
real-life skills rather than theoretical questions. These exams are
designed to mix traditional test questions with a newer style of question
that presents test takers with a mock interface and environment through
which they must perform simulated IT tasks. On a similar theme,
certifications such as the CISM require candidates to have a certain
amount of relevant work experience before becoming eligible to take their
respective exams.

Demand for IT skills continues to increase faster than other fields.
Security certifications, along with those certified in areas associated
with government compliance, will likely continue to be in strong demand in
the coming years.


[return to top of this

The goals of IT workers and the companies that employ them are not
necessarily at odds, but sometimes what is good for one is not good for
the other. The best certification strategy for an IT worker to follow may
be contrary to the best course for that person’s company. Understanding
the perspective of the other party can help in negotiations and can lead
to mutually beneficial approaches.

Regardless of which certification one is seeking, there are some
universal considerations to bear in mind: 

  • Be cautious of any school or training program that guarantees
    employment on completion of coursework or requires upfront payment of
    huge sums for tuition and fees.
  • When considering a certification program, ask for a list of recent
    graduates who can give positive references.
  • Fully understand any student loan contract, including provisions about
    what happens if the school closes its doors before delivering the
    promised training.
  • Check with placement agencies or an employer’s human resources
    department to find out what can be expected in the job market upon
    successful completion of a certification or training program.

Recommendations for IT Workers

While holding certifications does not equate to being qualified for a
job, employers are often unwilling to hire or promote candidates who lack
the relevant certifications, particularly when there are many prospective
employees with the right credentials. As new versions of products are
released, corresponding upgrades are made to the tests and certifications
for these products. Technology workers who do not upgrade their statuses
by taking tests for the new versions risk letting their certifications
lapse or become stale.

As for the monetary value of IT certifications, analyst Sarah K. White
observes that “IT certifications can boost your career, but it’s not
always easy to tell which certifications hold the most value for your
resume. Moreover, pay associated with any given cert fluctuates based on
business interest and the supply of IT pros who hold it.”3

Recommendations for Employers

Corporations. Employers often view staff certification
as a double-edged sword. On one edge, failing to support the efforts of
employees to learn technology can yield an inadequate staff and increase
turnover as IT personnel leave out of fear that they are stagnating in
their current positions. On the other edge, organizations that invest
hefty amounts in training and testing fees may find that the skills and
certifications that employees acquire do little to benefit the company,
and employees may use their new credentials as resume padding to seek jobs

Support for the continuing education of IT personnel is highly
recommended, as a stable and well-trained staff will help keep technology
up-and-running and will minimize expensive hiring and new-employee
orientation procedures. An organization’s environment and platforms should
determine which certifications employees are encouraged to pursue. Simply
put, Windows shops should support employee efforts to get Microsoft
credentials while discouraging pursuit of AWS certifications, for example.
There should still be some restraint on the amount of support given for
employee education efforts. Helping first-level technicians to gain
advanced certifications when there is not any room for advancement within
the company will only frustrate employees and may not even produce more
effective first-level technicians.

Professional IT Service Providers. Professional service
providers that generate revenue by billing out IT personnel need to be
mindful of the certification statuses of their employees. These businesses
rest the bulk of their reputations on the skills of their billable
employees, and certifications are a way to substantiate these skills for
potential clients. 

Value-added resellers (VARs). VARs – which sell products
from major vendors bundled with their own technical and consulting
services – have additional needs for certified staff. Software developers
and hardware manufacturers frequently require resellers to have personnel
certified in their products as a condition for being permitted to offer
those products. Having a certain number of certified personnel can bring
channel partners additional benefits, including sales leads, marketing
assistance, and training.


[return to top of this

[return to top of this

[return to top of this