Just a decade after programmers developed the first computer worm and years before most people had access to the internet, cybersecurity was already a concern. The introduction of cybersecurity certifications followed closely behind.
By the mid-1980s, the industry had formed the International Information Systems Security Certification Consortium (ISC)², which began offering the Certified Information Systems Security Professional (CISSP) credential in 1994. From there, it snowballed.
Today, cybersecurity certifications flood the market, and those looking to further their careers often take advantage of the opportunities. The benefits for individuals working toward cybersecurity certifications are clear, but what about the organizations they work for? The answer lies in understanding how credentials apply not just to individuals, but to MSPs as a whole.
First Things First
Certifications fall into two basic categories: individual and organizational. The vast majority today are individual, vendor-neutral certifications, available from certification organizations like CompTIA, (ISC)², ISACA and GIAC.
Some of the most popular certifications include:
- CompTIA Security+
- CISSP
- Certified Cloud Security Professional (CCSP)
- Certified Ethical Hacker
- CompTIA Advanced Security Practitioner (CASP+)
- Certified Information Security Manager (CISM)
- Systems Security Certified Practitioner (SSCP)
- Certified in Risk and Information Systems Control (CRISC)
Certify Through Your Tech Stack
Major vendors also have their own security certifications. It may make sense for MSP practitioners to become certified in the technologies that make up their typical stack, noted Matthew Lang, director of the cybersecurity practice of the MSP arm of SVAM International. Certifications from vendors like AWS, Microsoft, Cisco, and Oracle can deepen expertise in an MSP’s tech stack.
Beyond individual expertise, a newer category of certifications takes aim at entire organizations.
Take the Global Technology Industry Association (GTIA) Cybersecurity Trustmark Program, which was built to certify MSPs. GTIA’s Trustmark is based on the Center for Internet Security’s (CIS) 18 critical security controls, as well as globally recognized frameworks. Together, they form a series of industry-accepted best practices for MSPs, explained Wayne Selk, GTIA vice president of cybersecurity programs and executive director of GTIA ISAO.
Wayne Selk
“We believe the Trustmark will help MSPs bring about a positive shift in their overall security culture and have a positive impact on their risk posture,” he added.
While GTIA’s Trustmark for now may be alone in addressing the cybersecurity needs specifically of MSPs, plenty of other organization-focused cybersecurity certifications can help MSPs. Typically, these are focused on specific vertical sectors.
For example:
- The Cybersecurity Maturity Model Certification (CMMC) program maps to the U.S. Defense Department’s information security requirements.
- HIPAA addresses healthcare-related concerns.
- GDPR focuses on the European Union’s privacy requirements.
Big Benefits for MSPs
Whether earned by staff or applied across the company, certifications translate into measurable business advantages. For example, ensuring that your organization is well-informed and fully certified provides critical confidence when seeking new business.
“Those certifications are the baseline that gives you confidence to go out there and say confidently that we’re going to run a program that will help you with your vulnerability management, or writing your policies,” Lang, who holds CISSP and CCSP certifications, said.
Matthew Lang
Along with boosting internal confidence, certifications enhance market reputation and reassure clients. If an MSP’s employee has gold-level certification, that demonstrates skill and shows the MSP is committed to investing in its employees.
Having a variety of certifications also can differentiate the MSP from its non-certified competitors. That can mean the difference between getting the sale and losing it.
An array of credentials also can help an MSP expand its service offerings.
“An MSP might be getting asked by its clientele whether it has expertise in a particular regulatory or compliance requirement. If they use that opportunity to get the staff certified in that area, they can help that client and enhance their overall service portfolio going forward,” Selk explained.
Networking, Hiring, and Compliance Edge
The benefits don’t stop with client confidence and new services. Pursuing certifications helps MSPs network better with peers, too. It can even help them find and hire experts who already hold the certifications the MSPs seek.
Earning certifications may just become table stakes for winning business or qualifying for cyber insurance. Some cyber insurers and potential customers are requiring MSPs to comply with frameworks like CMMC, SOC II, Cloud Security Alliance and the NIST Cybersecurity Framework.
Certifications make it easier for MSPs to comply with these frameworks. It also can prove compliance to insurers and customers.
Featured image: iStock
