3 key certifications to have on your CV for incident response specialists

Published on: 2 Sep 2022

When it comes to defending businesses against cyber attacks, prevention is always better than cure. But smart firms recognise that in today's world, this alone isn't enough. Criminals are always looking for new ways to get around defences, and it may only take one previously unknown vulnerability - or one careless employee - to open the door for them.

Therefore, effective incident response plans are a must-have for any cyber security team. And to build, maintain and enact these contingencies, professionals with particular skills and experiences in this area are in high demand among employers.

Individuals in these teams may have a wide range of responsibilities, from monitoring systems for intrusions to liaising with other departments and producing post-incident reports. Therefore, if you are looking for a new role in this area, you'll need to be able to show recruiters proof of your capabilities.

Jay Bavisi, president of the EC-Council Group, explains: "Organisations are looking for professional incident handlers and response personnel who can prepare security policies and plans to tackle incidents with efficacy in time-constrained scenarios in order to reduce the impact of incidents."

One of the best ways to demonstrate this is by having one or more relevant industry qualifications. There are a range of options to choose from when it comes to incident response certifications, so it's important you have the ones that are most in-demand among employers.

Here are three that should provide a boost to the CV of anyone looking for cyber security incident response jobs.

1. EC-Council Certified Incident Handler

The EC-Council is one of the industry's most respected providers of cyber security education, and its Certified Incident Handler (CIH) course is specifically tailored to post-breach responses. It will provide a grounding in all stages of how to handle cyber security incidents in order to ensure that organisations can effectively identify, contain, and recover from an attack.

Candidates are expected to have at least one year's experience in the cyber security sector before they take the final exam and become certified. However, those who don't have this can still attempt the qualification if they have completed an accredited course. These offer an intensive training programme that provides students with hands-on experience of real-world scenarios, covering concepts including planning the incident handling response process and recovering assets after a security breach. 

This therefore makes it an attractive option for those who are relatively new to the industry who are looking to build their CV.

2. GIAC Certified Incident Handler

Another highly-regarded specialist course, the Global Information Assurance Certification (GIAC) Certified Incident Handler covers cyber crime investigations, how to identify and close hacker exploits and the type of tools they use. As well as dedicated incident responders, the course is aimed at network and system administrators, security architects and others who will be expected to be on the front line in the event of a breach.

Like the EC-Council CIH, candidates are required to take a single exam in order to earn this qualification. This consists of 106 practical questions that require students to demonstrate the knowledge of real-world tasks that mimic specialised job roles and are essential parts of any incident management strategy.

3. Certified Information Systems Security Professional

While specific certifications will be invaluable, candidates need to demonstrate they have a broad range of skills, so more general qualifications are also highly useful. The Certified Information Systems Security Professional (CISSP), provided by (ISC)2, is one of the most sought-after certifications in this regard, and includes a thorough overview of incident management and response. This breaks down the process into eight distinct steps, which are:

  1. Preparation
  2. Detection
  3. Response
  4. Mitigation
  5. Reporting
  6. Recovery
  7. Remediation
  8. Lessons Learned

CISSP is not an entry-level course. Those taking it are expected to have at least five years' experience in the sector, ideally across two or more cyber security disciplines. However, if you're looking to take the next step into more senior incident response roles, this could be an essential element for your CV.

Learn more about cyber security incident management jobs or browse our latest vacancies today to find your next role.