How should I make sense of all these security certifications?

Security and privacy certifications do have value, but one has to be smart about them. Certifications have two primary sources of value: first, they signal your interest and commitment to a field. That signal can move your resume into the right pile. Second, some certifications also signal expertise in specific skillsets, but these are variable in quality and may be inapt for the career you want. One must choose carefully and this is difficult because there are many security certifications. This visualization plots over 300 certifications. Here’s a process for considering certifications:
  • Find people on LinkedIn who have the kind of career you want to pursue. Check whether they (or their direct reports) have certifications in privacy or security.
  • In your job search, how many job announcements explicitly list the certification you are considering?
  • From a straightforward economic perspective, one could simply compare the number of certificate holders with the number of jobs that seek that certificate. NIST’s Cyberseek presents this ratio with respect to CompTIA, GIAC, IAPP, and other popular certifications. 
Economics matter too. Certifications typically require an upfront enrollment fee and some kind of maintenance cost. Furthermore, you might have to take certification-specific training, because academic courses tend to focus on theory rather than praxis. Keep in mind that IAPP’s very popular certifications (CIPP/US, CIPP/E, CIPM or CIPT) are available at a substantial discount through the Privacy Pathways program. Berkeley is a member of the program. In 2020, the fee for Berkeley community members is  $140.