Cybersecurity isn’t just a career path; it is an essential skill that everybody should be proficient in. While you may decide the best course of action is to outsource your IT and cybersecurity management to a contractor or even hire a dedicated in-house employee, you can take steps to help your pre-existing employees gain professional cybersecurity skills. Not only does this help foster a better culture of cybersecurity, but it also helps your employees become more independent in their IT and cybersecurity literacy.
Suppose your small business employs a highly social and collaborative work environment. In that case, you can pursue these benefits by offering advanced cybersecurity training and education in exchange for benefits such as pay raises or overtime. This can be beneficial to everyone; your employees can gain professional training and credentials, and you get the benefit of more self-sufficient employees in regard to workplace cybersecurity.
Below are some of the best cybersecurity certifications and training sources to consider.
CompTIA Security+
The gold standard of cybersecurity certifications, CompTIA's Security+ certification is a standout on any resume. The Security+ is a prerequisite for jobs working with cybersecurity in the Department of Defense. Obtaining the Security+ proves that an individual has a thorough grasp of cybersecurity concepts and can apply them to real-world scenarios in a workplace. Employees in a small business who have tech-focused roles could pursue the Security+ to become qualified to aid their workplace with cybersecurity needs. If you are a business owner who cannot financially justify hiring an in-house IT/Cybersecurity person, but you still have important digital assets to look out for, you could design a program for different in-house employees to pursue the Security+ at the company's expense, along with incentives like pay raises. The result could be a workplace full of employees with professional cybersecurity knowledge as a secondary skill, regardless of their main role in the business. At the end of the day, the cost of implementing this would be lower than paying an in-house person or contractor for full-time services.
I recommend a number of training resources for preparing for the Security+. After reviewing this framework in full, you should have a pretty good grasp of major cybersecurity topics. However the curriculum for Security+ goes deeper, and you will get a much more comprehensive education on the inner-workings of topics.
Mike Chapple's Security+ Study Guide is probably the most accessible and thorough review of the topics on the Security+. Not only do his training books explain topics well, but they also contain practice quizzes to help get in the mindset of answering CompTIA-style questions.
If you prefer interactive learning over reading, then I highly recommend Jason Dion's Udemy course for Security+. Dion provides in-depth explanations and is easy to follow, even for those with limited prior experience in IT or cybersecurity.
In addition to the practice questions provided in the Chapple book and Dion course, you can seek out full length practice exams online. Many of them require payment, but you can hunt for free ones. Just ensure that they are from a legitimate and reputable source before you pay for any. If you want free practice exams, I recommend using CertPreps Practice Exams. Just be aware that the site requires you to create an account.
ISC2 Certified in Cybersecurity (CC)
Another entry-level cybersecurity certification, the ISC2 Certified in Cybersecurity, is an excellent choice for individuals seeking to enhance their resume with cybersecurity knowledge. The CC exam is similar to the Security+, but the ISC2 style of exam is a bit different than the CompTIA. Not only can you purchase vouchers for the CC exam, but you can also purchase a bundle that includes a full training course with the voucher. If you want to use a different source for preparation, you can use training websites like Udemy for the course and just purchase the voucher from ISC2. As mentioned, the CC exam is very similar to Security+ and hits on most of the same topics. If you have employees currently taking Security+ training, they could likely use that training as preparation for both exams. Not only would they have the opportunity to get two reputable cybersecurity certifications, but you as the business owner would only have to pay for one training course.
Vendor Specific Certifications
Most mainstream information technology vendors offer training and certifications that are focused specifically on the different pieces of technology they offer. For example, if your business utilizes Microsoft Azure and 365 for identity and access management and/or cloud computing services, you could have employees who regularly use and manage those resources take the Microsoft training and go for the certifications. Microsoft training is free through Microsoft Learn, and the certification vouchers are quite inexpensive compared to CompTIA or ISC2. If you use Microsoft Azure or Microsoft 365 at all in your environment, your workforce may benefit from the Microsoft Certified: Azure Fundamentals and Microsoft 365 Certified: Fundamentals training and certs. More cybersecurity-focused options include the Microsoft Certified: Security, Compliance, and Identity Fundamentals and the Microsoft Certified: Identity & Access Administrator Associate.
Google also offers several certifications that could be useful if you have a Google-dominant business environment. The Google Cybersecurity Professional Certification is a good certification that would be an excellent entry-level credential to have with Security+ and/or ISC2 CC. The training is available for free through Coursera. Google also offers a number of other IT related certifications, such as the Google IT Certification and Data Analytics Certification.
It is ultimately up to you on which specific skills and vendors you want your workforce to be educated on. Regardless, creating incentives for employee training and certifications can greatly expand the security of your workforce and allow employees to pick up some extra roles. This will foster a smooth workplace and allow the employees to add a few more professional credentials to their resume.
