By John Hales, Global Knowledge VMware, SDN and SoftLayer instructor, A+, Network+, CTT+, MCSE, MCDBA, MOUS, VCP, VCAP, VCI, EMCSA
Which mainstay certifications should be in your list of credentials? What's the next up-and-coming certification? This article will help you answer both questions by providing a review of the 15 top-paying certifications. I've provided a brief description of each, as well as the average salary each certification commands based on the 2016 IT Skills and Salary Survey conducted by Global Knowledge in the fall of 2015. Since the survey was distributed nationwide, variations exist based on where you work, your years of experience and the type of company you work for.
Top 15 Methodology
To qualify for this year's list:
A certification had to have at least 100 survey responses to ensure that the data was statically accurate. The affiliated certification exam had to be available as of the writing of this article.
Some certifications may pay more than those listed but were excluded from this article due to a low number of survey responses or lack of future availability.
Amazon Web Services' baseline certification, AWS Certified Solutions Architect - Associate, debuted in mid-2013 and is intended for individuals with experience designing distributed applications and systems on the AWS platform. The AWS Certified Solutions Architect - Associate certification exam addresses a range of topics, including designing on AWS, selecting the appropriate AWS services for your situation, ingress and egress of data to and from the AWS, estimating AWS costs and identifying cost-control measures.
Since the release of the AWS Certified Solutions Architect - Associate certification, AWS has rolled out four additional certifications, including the AWS Certified Solutions Architect - Professional. According to this year's salary survey responses, each of the five AWS certifications brings in an average salary of more than $100,000, but the others did not meet the minimum number of responses needed to make our list. Based on the number of companies moving to the cloud and the growth of AWS, I would certainly expect to see a few more AWS certifications on next year's list.
Similar to the way that CompTIA manages the A+ and Network+ certifications, the nonprofit group ISACA, which formerly stood for Information Systems Audit and Control Association but now is an acronym only, offers the CRISC certification.
Designed for IT professionals, project managers and others whose job it is to identify and manage risks to IT and the business through appropriate information systems (IS) controls, CRISC certification, introduced in 2010, covers the entire life cycle, from design to implementation to ongoing maintenance. It measures two primary areas: risk and IS controls. Similar to the IS control life cycle, the risk area spans from identifying and assessing the scope and likelihood of a particular risk to monitoring for it and responding to it if/when it occurs.
More than 18,000 people worldwide have earned this credential. Because of the demand for professionals with these skills and the relatively small supply of those who have them, CRISC is the second highest-paying certification on the list year.
To obtain CRISC certification, you must have at least three years of experience in at least two of the four areas that the certification covers, and you must pass the exam, which is only offered twice a year. In addition, continuing education credits are required each year to maintain your certification. This is not a case where you can just take a class and get certified. Achieving CRISC certification requires ongoing effort and years of planning.
ISACA also created the CISM certification. It's aimed at management more than the IT professional and focuses on security strategy and assessing the systems and policies in place more than it focuses on the person who actually implements those policies using a particular vendor's platform.
More than 27,000 people have been certified since its introduction in 2002, of which 23,220 are currently certified, making this a highly sought-after area with a relatively small supply of certified individuals. In addition, the exam is only offered three times a year, making taking the exam more of a challenge than with many other certifications. It also requires at least five years of experience in IS, with at least three of those as a security manager. Your experience must be within the 10 years before taking the exam or five years after passing it. In addition, continuing education credits are required each year to maintain your certification. As with CRISC, requirements for CISM certification demand effort and substantial planning.
Offered by the International Information Systems Security Certification Consortium (ISC)2, CISSP is designed to provide vendor-neutral security expertise similar to the certifications that ISACA offers. Launched in 1994, CISSP consists of an exam based around eight areas in computer security, including security and risk management, communications and network security, software development security, asset security, security engineering, identity and access management, security assessment and testing, and security operations.
CISSP candidates must have at least five years of full-time experience in at least two of the eight areas tested. If you don't have the work experience, you can still earn an Associate of (ISC)2 designation while working toward the full certification.
CISSP certification has a broad focus, covering many different areas in a single certification. There are nearly 104,000 CISSPs worldwide, with approximately two-thirds of them in the United States. To remain certified, CISSPs must earn Continuous Professional Education (CPE) credits every year.
The fifth highest-paying and the first that is business-related instead of technical-related, the PMP certification was created and is administered by the Project Management Institute (PMI®) and is the most recognized project management certification available. There are more than 658,000 PMPs worldwide.
The PMP certification exam tests five areas relating to the life cycle of a project: initiating, planning, executing, monitoring and controlling, and closing. PMP certification validates expertise running any kind of project and is not specialized into sub types, such as manufacturing, construction or IT.
To become certified, individuals must have 35 hours of PMP-related training. In addition, those who have less than a bachelor's degree must have 7,500 hours of project management experience, while those who have a bachelor's degree or higher need 4,500 hours. To maintain PMP certification, continuing education credits are required each year. PMP certification is another that requires years of planning and effort.
CISA certification is ISACA's oldest, dating back to 1978, with more than 115,000 people certified since its inception. Of those, 78,640 are still certified. CISA certification requires at least five years of experience in IS auditing, control or security, in addition to passing an exam that is only offered three times per year. Maintaining CISA certification means earning continuing education credits each year.
CISA certification is usually obtained by those whose job responsibilities include auditing, monitoring, controlling, and/or assessing IT and/or business systems. It is designed to test the candidate's ability to manage vulnerabilities and propose controls, processes, and updates to a company's policies to ensure compliance with accepted IT and business standards.
CCIE Routing and Switching is one of the highest-level certifications available. Only the Cisco Certified Architect is higher, and it is aimed more at networking designers and architects than implementers and troubleshooters as this CCIE is. As such, CCIE Routing and Switching is the highest-paying Cisco certification on this list. With this certification, along with an associate-level and two professional-level certifications, Cisco has the most certifications in the top 15 this year. There are other CCIE tracks-collaboration, data center, security, service provider and wireless-and all command a similarly high salary, but none of the others met our list's requirement to have at least 100 survey responses.
Unlike most Cisco certifications and many others at this level, there are no formal prerequisites for CCIE Routing and Switching in terms of training or certification. You simply must pass a written exam and then pass an eight-hour hands-on, in-person lab exam. Cisco currently operates 10 CCIE lab exam locations around the world-two are in the United States.
Topics covered on the two exams include technologies used in Layers 2 and 3, security, VPNs, and infrastructure services such as Quality of Service (QoS), Dynamic Host Configuration Protocol (DHCP), and Simple Network Management Protocol (SNMP).
CCIE Routing and Switching is considered an industry-leading networking certification. There are only about 27,000 CCIEs in routing and switching in the world, and about a quarter of them have not met the recertification requirements, so professionals with this level of expertise are in higher demand and, therefore, command a higher salary.
Though associate-level Cisco certifications have been around a very long time, the data center certification track that includes CCNA, CCNP and CCIE levels were introduced in 2012. The track is aimed at data center technologies, such as networking (especially with Nexus physical and virtual switches), storage (especially converged storage involving Fibre Chanel over Ethernet [FCoE] and standard network traffic on the same network infrastructure and cards), compute (primarily around Cisco's UCS technologies), virtualization and various network services, such as global and local load balancing.
Achieving CCNA Data Center certification requires passing two exams. The first is focused primarily on the networking aspects, especially the Nexus technologies, including configuring and verifying their operation, VLANs, coming up with an IP address scheme, etc. The second exam covers primarily unified computing (UCS setup and configuration), virtualization (server and device virtualization and the Nexus 1000V virtual switch), and storage networking (including FCoE, SAN connectivity, zoning and Virtual Storage Area Network [VSAN]). Together these two exams verify familiarity with a large portion of common data center technologies implemented by Cisco.
Due to the broad nature of this exam and the widespread use of Cisco technologies, this is a great place for those interested in data center administration to begin certification.
CCDP is a professional-level Cisco certification-that's the level between the entry-level associate tracks and the expert level that we covered in the previous two certifications. Professional-level certification tracks show a greater depth and specialization in certain topics than the associate-level ones. CCDP certification is designed for senior-level architects who want to design more advanced network topologies and services. There are three exams required for this certification-two are focused on implementation (routing and switching) and one on architecting. The two implementation exams are required for this certification, as well as for the CCNP Routing and Switching certification.
Topics covered on the implementation exams include the technologies associated with switching (discovery protocols, trunking, spanning tree, LACP, etc., including the security features available at this layer) and routing (TCP versus UDP operation, frame relay, subnetting, DHCP, routing protocols, including features and limitations, VPN technologies, and the security options at this layer). In addition to the practical implementation details, CCDP validates knowledge of designing for proper and optimal use of the protocols covered on the implementation exams, as well as high availability, small and large multisite campus networks, edge connectivity with other networks, designing for the large data center, using network virtualization technologies, and much more on the security of all of the above.
This combination of design and implementation skills is what makes this certification more challenging to achieve.
The International Council of E-Commerce Consultants (EC-Council) created and manages CEH certification, which is aimed at security officers and auditors, site administrators, and others responsible for network and data security. The exam is designed to test a candidate's abilities to prod for holes, weaknesses and vulnerabilities in a company's network defenses using techniques and methods that hackers employ. The difference between a hacker and a CEH is that a hacker wants to cause damage, steal information, etc., while the CEH wants to fix the deficiencies found.
CEH exam topics include scanning networks, malware threats, session hijacking, denial of service, social engineering, hacking wireless networks, hacking mobile platforms, cryptography, cloud computing, and evading IDS, firewalls, and honeypots.
Given the many attacks and great volume of personal data at risk and the legal liabilities possible, the need for CEHs is quite high, hence the salaries reported.
Six Sigma is a process of analyzing defects-that is, anything outside a customer's specifications-in a production/manufacturing process, with a goal of no more than 3.4 defects per million "opportunities" or chances for a defect to occur. The basic idea is to measure defects, analyze why they occurred and then fix the issue(s). There is a Six Sigma process for improving existing processes and a slightly modified version for new processes or major changes. Motorola pioneered the concept in the mid-1980s, and many other companies have since followed their examples to improve quality.
Unlike most of the other certifications on this list, Six Sigma Green Belt is not IT-specific. Instead it's primarily focused on manufacturing and producing better quality products. No standards organization owns it, and there is no standard certification exam. In fact, some organizations can certify an individual for simply taking a course or participating in a project. Many university and for-profit groups offer training.
Since no organization owns Six Sigma certification per se, the specific skills and number of levels of mastery vary depending on the organization or certifying company. Entry level is typically Green Belt, progressing to Black Belt and Master Black Belt.
CCP-V is a newer certification from Citrix that replaced Citrix Certified Enterprise Engineer (CCEE) certification, which was retired in November 2014. Focused on XenDesktop 7, CCP-V requires that candidates have already earned Citrix Certified Associate - Virtualization (CCA-V) certification. CCA-V certification covers the basics of managing, maintaining, monitoring and troubleshooting, while CCP-V certifies that candidates can deploy applications and virtual desktops using a variety of Citrix technologies, primarily XenDesktop 7, as well as some aspects of XenServer and NetScaler. CCP-V certification is valid for three years.
The fourth Cisco-related certification and the sixth security-related certification on this year's list is CCNP Security. Achieving CCNP Security certification requires that you have achieved CCNA Security or any CCIE and that you pass four security implementation exams covering secure access, edge network security, secure mobility and threat control.
The Implementing Cisco Secure Access Solutions (SISAS) exam focuses primarily on identity management, including 802.1x, RADIUS, LDAP and BYOD issues, as well as threat defense, including the Cisco TrustSec architecture used in a wide variety of Cisco products from switches to routers to wireless access to firewalls.
The Implementing Cisco Edge Network Security Solutions (SENSS) exam covers firewalls, Layer 2 security, Cisco network device hardening, Cisco Security Manager, NetFlow, logging and virtualization/cloud security.
The Implementing Cisco Secure Mobility Solutions (SIMOS) exam covers remote access and site-to-site VPNs in detail, as well as common encryption and hashing algorithms and PKI.
The Implementing Cisco Threat Control Solutions (SITCS) exam covers a wide range of cisco security devices, the role of Intrusion Prevention Systems (IPSs), and how to design secure Web, email, and general application solutions.
As you can see from the exams, the expertise required to achieve CCNP Security certification is quite broad, covering a wide range of security-related topics at a practical implementation level. Networking security is already very popular and growing at a rate of five percent per year, and many of the areas inside security are growing much faster, including mobile security (18 percent) and cloud security (50 percent). This makes security a very good area for job growth and salary growth until the supply of and demand for certified security professionals is more in balance, which may take several years at least.
ITIL was created by England's government in the 1980s to standardize IT management. It is a set of best practices for aligning the services IT provides with the needs of the organization. It is broad-based, covering everything from availability and capacity management to change and incident management, in addition to application and IT operations management.
Formerly known as the IT Infrastructure Library, ITIL is composed of a set of books. Five books define the various project life cycle stages:
Service Strategy, where organizational and customer needs are determined and documented.
Service Design, where the defined service strategy gets turned into a plan for meeting those needs.
Service Transition, which covers how to add new services into an existing environment.
Service Operation, covering how to manage the deployed services.
Continual Service Improvement, which covers both incremental and major upgrades to the deployed services.
Over the last 30 years, ITIL has become the most widely used framework for IT management in the world. ITIL standards are owned by AXELOS, a joint venture company created by the Cabinet Office on behalf of Her Majesty's Government in the United Kingdom and Capita plc, and they have authorized partners who provide education, training and certification. The governing body defined the certification tiers, and they leave it to the accredited partners to develop the training and certification around that framework.
ITIL Foundation is the entry-level ITIL certification and provides a broad-based understanding of the IT life cycle and the concepts and terminology surrounding it. Anyone wishing for higher-level certifications must have ITIL Foundation first, so people may have higher certifications and still list this certification in the survey, which may skew the average salary somewhat.
The VMware Certified Professional (VCP) is VMware's oldest and former entry-level certification. As VMware's product portfolio has grown over the last several years, the company decided that a single certification was not sufficient. Now, VMware Certified Associate (VCA) is the entry-level certification, and several VCP tracks exist, enabling VCPs to specialize.
The only VCP track to break the top 15 this year-due to number of responses, not salary-is the Data Center Virtualization track, the largest and oldest of the VCP tracks. VCP-DCV certifies one's knowledge of and ability to perform basic deployment and administration of vCenter and ESXi.
According to VMware's policy established in 2014, in order to remain certified, every two years, VCPs must recertify on their current track, take an exam in another VCP track or take a higher-level exam. Also, with the release of vSphere 6, becoming certified requires two exams: a Foundations exam that applies to all tracks and a track-focused exam.
Honorable Mentions Based on Popularity
A few certifications stand out in our survey results for their popularity. Though ITIL Foundation is by far the most popular of the highest-paying certifications, it is still not as popular as the first four in the list below. In fact, nearly three times as many certified professionals reported holding at least one of the first four certifications below. That makes these ideal jumping off points for higher certifications and indicates that specializing in an area can help you stand out and increase your pay. This list also shows that, based on our salary survey responses, even entry-level certifications pay pretty well.
Popularity Certification Salary
1 A+ $72,546
2 CCNA Routing and Switching $79,942
3 Network+ $74,828
4 Security+ $81,467
5 CCNP Routing and Switching $95,881
Of this year's top-paying certifications:
All but two of the top 15 certifications pay $100,000 or more, and the two that don't are just a few hundred dollars shy.
Six are in security (2, 3, 4, 6, 10 and 13).
Three are in virtualization and cloud computing (1, 12 and 15).
Three are in business (5, 11 and 14).
Three are in networking (7, 8 and 9).
If you're looking to improve your skills and possibly your salary, check out the certifications I've covered here. Consider your current skill set and whether a related skill or a management skill may help power your career to the next level. For example, if you already know storage or networking, consider pursuing a certification in virtualization or cloud computing. Or, break out of your technical track and get on a management track by taking an ITIL or PMP course and getting certified in one of those areas.
About the Author
John Hales, VCP, VCP-DT, VCAP-DCA, VCI, is a VMware instructor at Global Knowledge, teaching most of the vSphere classes that Global Knowledge offers, including the vSphere and View classes, as well as cloud computing classes for IBM SoftLayer and AWS. Hales is also the author of many books, including involved technical books from Sybex, exam preparation books, and many quick reference guides from BarCharts, in addition to custom courseware for individual customers. His latest book on vSphere is entitled "Administering vSphere 5: Planning, Implementing and Troubleshooting." Hales has various certifications, including the VMware VCA-DCV, VCA-DT, VCA-Cloud, VCP, VCP-DT, VCAP-DCA, VCI and VCI Level 2; the Microsoft MCSE, MCDBA, MOUS and MCT; the EMC Storage Administrator (EMCSA); and the CompTIA A+, Network+ and CTT+. Hales lives with his wife and children in Sunrise, Florida.