Cyber security is no longer a niche—it’s a necessity. Widespread awareness of this emerged due to the rampant and constant spread of cyberattacks. There have been data breaches in financial institutions, SMS scams targeting individuals, and denial-of-service attacks on government websites.
So, skilled and certified cyber professionals are in demand. Additionally, specialisations within the field are becoming more defined.
Whether you're just starting out or looking to level up your career, choosing the right cyber security certification can be a game-changer.
But with hundreds of options available, where do you begin? What certification should you get for cyber security? In a recent webinar hosted by Lumify Work, cyber security experts Jeremy Daly, Louis Cremen, and Miraj Rajan unpacked the complex world of cyber certifications.
Customers often ask these questions. Through the webinar, we aim to help clarify these.
Which cyber course should I do or do next?
Are [x] & [y] courses the same?
What certifications do I need?
Do I have enough experience to do a specific course?
Does this help with PSPF/APRA/E8/CSF/ISM framework alignment?
Are you training in AI?
Watch the recorded session below or read the summary. You can also explore Cyber Security Courses and Certifications with Lumify Work. Contact your account manager today!
Here’s a breakdown of the key insights and practical advice they shared to help you navigate your certification journey.
Why Cyber Security Certifications Matter
Cyber security certifications are more than resume boosters—they’re a way to validate your skills, align with industry standards, and open doors to new opportunities. As Louis Cremen pointed out, certifications often bridge the gap between academic knowledge and real-world applications.
"Cyber security certifications have been one of the most sought-after aspects for trying to understand and baseline people's security knowledge and experience. Whereas, if you look at say, university degrees, they haven't caught up in the same way. So, a lot of HR managers, a lot of teams, a lot of people, are looking at certifications as Hey, this is how I can prove that I know this, or this is how I can learn this.”
Navigating the Certification Landscape
What is the best cyber security certification? The best ones are those that align with your role and pathway.
The cyber security certification ecosystem is vast and growing. Nearly 100 new certifications have emerged in the past four years alone. If you look at Paul Jerimy's Security Certification Roadmap, there are currently 481 cyber security certifications.
Louis, Jeremy and Miraj do not suggest you get all 481. Instead, Lumify’s approach is to align certifications with real-world roles and organisational needs.
In terms of which cyber security certification you should do next, Miraj adds that everything may not fit into your organisation's landscape or your personal career track. This is despite the existence of roadmaps.
"Say for example, if you pick up the CISM, then the next phase could be a CISA auditing track or you can even move on to governance track, you know."
Lumify Work offers vendor-neutral and vendor-specific training across various domains. We work closely with global, vendor-neutral security certification bodies, product vendors, and process vendors to deliver high-quality certification training courses. Based on these, we've identified 6 key pathways.
Key Cyber Security Pathways
Cyber Management
Governance, Risk, and Compliance (GRC)
Blue Team (Defensive Security)
Red Team (Offensive Security)
Cloud Security
Software Development Security
Choosing the Right Certifications in Cyber Security
Your path depends on your current role, experience, and career goals. According to Jeremy:
"Choosing a cyber security certification or going on certification pathways is almost like those old choose your own adventure books. There's different branches, different ways you can go depending on the different types of domains and skills that you want to learn across your career."
For Starters
Another common question is, "Which certification is best for cyber security beginners?" The team recommends you explore the following:
CompTIA Security+ – A foundational course praised for its breadth and practical labs.
Lumify Learn - Our sister organisation is an RTO that offers cyber security boot camp courses in ANZ.
For Analysts and Practitioners
For Risk and Audit Professionals
Miraj describes the CRISC certification as a way to learn risk management.
"If you're planning to dive into risk-related activities from an IT or cyber point of view, this is the way forward. It will guide you on the principles of risk management and how to look at the business. How do you map your risk management practices in line with the business or the team? That's the whole point."
For Leaders and Managers
Complementary Cyber Security Certifications
Some students ask whether some two courses are more or less equivalent. Others ask if they should take over the other. Or if they do both.
Many professionals pursue multiple certifications to deepen their expertise. For example:
CISSP + CISM for a blend of technical and managerial skills.
CRISC + CGRC for a comprehensive view of risk from both ISO and NIST perspectives.
On CRISC and CGRC (or ISC2's Certified in Governance, Risk and Compliance), Louis explains:
"The simplest way to put it is that CRISC really looks at risk management from an ISACA, but also from an ISO perspective. CGRC used to be called the CAP, and it used to be a very NIST risk management framework-focused course. And it's now a globally focused course, but its roots are still there in NIST. And ISM is linked to the NIST risk management framework as well. So, if you find yourself very NIST-aligned, CGRC is really good. If you find yourself ISO aligned, CRISC is really good. Again, both are really good courses; but they both approach risk in very different ways.”
Certification for Cyber Security Specialised Tracks
We have seen an increase in professionals upskilling their teams in the risk space as well as in the audit and compliance spaces. Specialisations are a common way to map out cyber security certifications.
Many enterprises are required to comply with or meet international standards, such as ISO 27001, as well as national standards, like those for becoming an IRAP assessor in Australia. We share some more specialised tracks and certifications you can explore.
Cloud Security Track
Software Development Track
CEH (Certified Ethical Hacker) – For understanding attack vectors.
AI and Emerging Tech Track
ISO/IEC 42001 Lead Implementer/Auditor – For AI management systems.
AI Security Professional (DevSecOps) – A hands-on, self-paced course.
ISACA Advanced in AI Security Management – Coming soon!
For Australian Professionals: IRAP Pathway
If you're aiming to become an Information Security Registered Assessors Program (IRAP) assessor, you’ll need cyber security certifications from two categories:
Category A: CISSP or CISM
Category B: CRISC, CISA, or ISO 27001 Lead Auditor
Feel free to contact our team to discuss similar requirements in New Zealand and the Philippines.
Final Thoughts on Cyber Security Certification
The field is dynamic, with endless opportunities. The key is to align your certifications with your career goals and organisational needs.
Explore Lumify’s authorised cyber security training and certification programs. Through Lumify Anywhere, we offer instructor-led courses in a classroom, private sessions and self-paced learning. Access our brochure to explore different cyber security certification pathways.
