Cybersecurity certifications, while offering a clear route to recognition and career advancement, have also become a subject of increasing scrutiny. As the industry grapples with a persistent talent shortage, the role of certifications in addressing this challenge is a complex issue.

Before exploring certifications, it is first important to understand the current cybersecurity workforce environment. According to the latest ISC2 Workforce Study, the “cyber skills gap” has surged by 19% in the past year, with an estimated 4.8 million more professionals now required to adequately secure organizations. Additionally, 67% of organizations report staffing shortages within their cybersecurity teams.

Faced with a challenging economic environment leading to layoffs, budget cuts, and hiring freezes, companies tend to focus on mid to higher-level security specialists. For example, the ISC2 survey found that over 30% of security teams have no entry-level professionals, and 62% of hiring managers prioritize mid- to advanced-level roles, leaving fewer opportunities for newcomers.

This environment has made it increasingly difficult for cybersecurity students and junior professionals to break into the industry.

In this highly competitive market, cybersecurity certifications have become a key deciding factor in determining who gets hired and who doesn't. However, they are not guaranteed tickets into the industry.

On the one hand, candidates must choose the certification that best fits the role they wish to fill in a sea of available options. On the other, employers are looking for well-rounded candidates who bring both certifications and practical, real-world skills to the table, meaning that certifications alone are often insufficient.

Infosecurity has investigated the role of certifications in modern cybersecurity careers.

Why Cybersecurity Certifications Still Matter

At cybersecurity events like Infosecurity Europe and others, it's not uncommon to hear the argument that companies should consider hiring cybersecurity professionals regardless of certifications. Experts argue that skills like problem-solving, creativity, and adaptability—often honed through experience rather than coursework—are just as important, if not more so, than formal qualifications.

However, speaking to Infosecurity, David Gadd, Director at cyber recruitment agency TechCyber Solutions, said this argument is pure wishful thinking and far from reality.

“Despite what you can hear in the alleyways of security conferences, since there are so many applicants in cybersecurity, companies increasingly use certifications as barriers to entry into cybersecurity roles,” he said.

The primary reason for this is that many companies, especially the largest ones, rely on applicant tracking systems (ATS), software applications using classifying algorithms enabling the electronic handling of recruitment and hiring processes.

“Most of the time, ATS are based on buzzwords,” Gadd explains. “These systems will look for the certification required for the job and maybe even the number of times you mention it in your application. If it doesn’t appear, the system may not even select your application for human review.”

LinkedIn’s “Easy Apply” system works on a similar approach.

“Take, for instance, ISC2’s Certified Information Systems Security Professional (CISSP), which requires five years of experience. A candidate who would have these five years – and perhaps more – but has not passed the CISSP would automatically not be selected,” Gadd continued.

According to recent studies, nearly 99% of all Fortune 500 companies use ATS platforms on a regular basis. Over two-thirds of large companies (70%) and two in ten (20%) small and medium businesses (SMBs) also rely on ATS to hire people.

Additionally, certifications remain highly valued in the cybersecurity industry, as highlighted by a November 2024 thread on X by Confidence Staveley, founder of the Cybersafe Foundation.

In the posts, Staveley shared the success story of Dzorgbenyui Dordor, a Foundation member.

Dordor recounted how her ISC2 certification helped her application to stand out while other projects she led got her the job.

“During my job interview, my ISC2 certification in cybersecurity got the attention of the interviewer. Additionally, I impressed them by explaining a project I worked on during the fellowship, particularly the process of creating an access control policy and its significance for organizations. This demonstration of my skills and expertise helped me secure my position,” Dordor said.