The World According to Mitch

I have been security-minded for most of my adult life. Whether or not I have always lived it is another matter, but I have learned my lessons and have done my best to continually improve.

While I have been taking IT certification courses and exams for nearly twenty-five years, it was only in 2022 that I sat my first cybersecurity exam. I have not looked back, and since then I have passed ten exams with the word Security in the title. Well… nine, really… but the tenth was a prerequisite for another cybersecurity certification so I count it. Until a couple of years ago, when asked what I do for a living I would answer that I was an IT Professional. Now I tell people that I consult in and teach cybersecurity.

Until a year ago I only held cyber certifications from CompTIA and Mile2.  It was only when a learning partner that I do a lot of teaching for said ‘Hey Mitch, how would you like to take some ISC2 courses so you can eventually teach them?’ that I finally recognized that just as in security technologies, vendor heterogeneity in certifications is a very good idea… especially since I have been focusing so heavily on cybersecurity these last few years.

I took the CCSP (Certified Cloud Security Professional) course first but shortly thereafter I found out about the ‘One Million Certified’ promise for the CC cert (Certified in Cybersecurity) and decided to sit that exam first. I spent a weekend going through the material and then sat the exam on Wednesday… nearly two weeks before I was scheduled to sit the CCSP exam. I did not find it to be a very challenging exam… but then, I’ve been teaching most of this stuff (and at a higher level) for years… why would I be challenged by it?

Since sitting that exam I have taught twenty-four classes. Only one of those classes was a CC class. I have told every student in twenty-three classes about the free ISC2 CC training and exam voucher. I have no idea how many of those students have followed through, but I have told them that the $50 AMF (Annual Maintenance Fee) for ISC2 is absolutely worth the money… especially if they are trying to embark upon a new career in cyber, or are refocusing their IT career that way. ‘Yes, you are sitting CompTIA Security+ this week and passing the exam will give you a great CompTIA cert. The CC gives you a great ISC2 cert, and membership in a completely information-security focused organization.’

I joke with them that CC is a gateway cert… like your first hit of a drug that a dealer gives you for free, once you try it you are going to want more and more. Unlike the drugs, the more certifications you have, the more you will want… and the better off you will be. Hey, in 2001 when I signed up for my MCSE classes I was under the misguided impression that I would pass those seven exams and I would never need to take another one. Just look at how that worked out (113 exams later).

Certified in Cybersecurity is a gateway cert to cybersecurity, but if you are already involved (even tangentially) in the IT field then it is a gateway cert into ISC2. I make sure that every one of my students – whether I am teaching them Security+, SecurityX, A+, or Microsoft Endpoint Administration – hears about it. Why? Because I tell my students that there are two ways of doing IT: my way, and the wrong way. In 2025 if you are an IT Pro at any level and you are not doing things securely then put away the computer and open a hotdog stand. We don’t all need to be CISSPs… but there is absolutely no reason in the world for any IT Professional to not have their CC.

By the way… looking at the gateway cert analogy: I took the CC exam in November. Since then I have achieved two more ISC2 certifications – CCSP in January, and CISSP (Certified Information Systems Security Professional) in August. They were much more difficult and much more advanced, but I want to keep going. I want more! My next ISC2 cert? I know what it will be, but I will share it only once I earn it. Also, please be aware that while the CC exam voucher is free through this program, the CCSP exam costs USD$599, and the CISSP is USD$749. With that said, those certifications truly increase your value in the job market.

Conclusion

Cybersecurity is everyone’s business and it is everyone’s responsibility. In your organization, the CISO (Chief Information Security Officer) might be the one who is ultimately responsible for data security, but if any employee compromises that security they will likely first be assigned education and learning, and for subsequent they can expect disciplinary action up to and including dismissal for cause. It is up to all of us to ensure that our systems are safe and secure. We cannot simply expect our people to know how to do that, so education is the key. For IT Professionals this course and the associated certification are a great way to ensure they learn what they need to learn the right way, and by passing the exam they will have demonstrated that they understand the concepts.