The cybersecurity industry in the Netherlands is booming, thanks in no small part to the National Cyber Security Agenda, the country’s far-reaching strategy for responding to cyberthreats. To fill the educational needs of this growing field, certifications are more important than ever to demonstrate that applicants have the highly specialised skills needed to hit the ground running in a new security job and keep cyberattacks at bay.
There is a broad range of cybersecurity IT jobs in The Netherlands. The job platform Security Talent, operated by The Hague Security Delta public-private alliance, found that in 2020, 57% of job postings were in the cybersecurity field. Cybersecurity roles were also at the top of the list of emerging jobs in the Netherlands in 2020 according to LinkedIn and the World Economic Forum.
Various initiatives are aiming to reduce the shortage of cybersecurity professionals in the Netherlands. One such programme, put together by training company Vijfhart IT Opleidingen and security certification body EC-Council, uses self-paced learning application iLearn.
Industrywide, 63% of cybersecurity professionals are currently pursuing or planning to pursue industry-related certifications, according to the 2021 Cybersecurity Workforce Study by (ISC)². It pays to get certified: The workforce study found that certifications can increase the average cybersecurity salary by almost €16,000 (US$18,000) — a wise investment, with most exams costing only a few hundred euros.
With more than half of European companies sponsoring industry certification programmes for employees, boosting your skills and your salary is a no-brainer.
Here are the top certifications for cybersecurity professionals in the Netherlands, based on a review of requirements and sought-after skills listed in job postings.
Certified Information Systems Security Professional (CISSP)
CISSP is the most in-demand certification for mid- and high-level cybersecurity jobs in the Netherlands, and a crucial step for security professionals to advance their career. The exam, which is administered by (ISC)², demonstrates the ability to design, execute, and oversee cybersecurity programmes. Candidates are tested on their knowledge of security operations, assessment and testing, and security architecture.
Before taking the exam, you must have five years of work experience (including paid internships and part-time roles) in at least two of the following areas: security operations, security and risk management, security architecture and engineering, security assessment and testing, software development security, identity and access management, communication and network security, and asset security. If you've completed a degree in computer science, one year of the 5-year work requirement is waived.
Exam fee: €665
Expiration: three years
Systems Security Certified Practitioner (SSCP)
IT professionals that are working directly with a company’s security systems and tools can achieve SSCP accreditation, which covers the foundations of how to design, build, and implement security systems. Unlike CISSP, which is targeted at the processes associated with security management, SSCP was designed for technical practitioners who handle access controls, network and communications security, monitoring, and incident response.
(ISC)² requires that applicants must have at least a year of paid, full-time work experience in one of SSCP’s domains, including areas of knowledge such as cryptography or systems and application security.
Exam fee: €230
Expiration: three years
Certified Information Security Manager (CISM)
CISM is one of the most well-known certifications in the field of cybersecurity, focused on security strategy and management. It tests professionals’ understanding of enterprise-level security system management, risk management, governance, and incident response. While CISSP was designed for a wide range of professionals in both technical and managerial roles, CISM is more specialized, aimed at information security managers, CIOs, data governance managers, information security directors, and IT managers.
Candidates must have at least 5 years of work experience in information security management, 2 years of which can be general information security work. Up to two years of the requirement can be substituted for a graduate degree in the field or a related certification like CISSP. The certification also requires continued education in the field, a total of 120 CPE credits over the course of 3 years.
Exam fee: €850
Expiration: three years
CompTIA Security+
For those who are starting out their career and are looking for practical foundational approaches to security, CompTIA Security+ is a practical beginner-level certificate. Passing the exam is beneficial for DevOps developers, IT auditors, security analysts, IT project managers, and cloud engineers. The exam tests foundational knowledge of security regulations and skills like risk assessment, responding to security incidents in accordance with current laws and regulations, and monitoring hybrid environments such as cloud and IoT.
CompTIA recommends the exam for applicants with one to two years of work experience in an IT or cybersecurity role. Professionals can choose between two exams: SY0-501, which tests the ability to implement systems on secure networks and applications, and SY0-601, which evaluates the ability to analyse security in an enterprise environment.
Exam fee: €335
Expiration: three years
CompTIA Advanced Security Practitioner (CASP+)
CASP+ takes a deeper dive into system security than the Security+ certification, evaluating professionals’ ability to execute security protocols in complex situations and environments. Training courses cover enterprise security architecture and integration, as well as advanced training in risk management. While CompTIA Security+ tests knowledge of cybersecurity frameworks, regulations, and policies, CASP+ targets advanced practitioners who implement those solutions. Critical thinking skills are key for CASP+: Applicants must be able to interpret data to predict cybersecurity needs for enterprises, integrate cloud technologies into security architecture, and conduct detailed risk analysis.
The programme is aimed at security and network engineers, IT analysts, and information assurance analysts with at least 10 years of IT administration experience and five years of security experience.
Exam fee: €400
Expiration: three years
GIAC Certified Incident Handler (GCIH)
When security attacks occur, executives are most concerned with minimising the fallout as much as possible before too much damage has occurred. GCIH focuses on defence and response: How can cybersecurity professionals react quickly and decisively when threats arise, and what kinds of traces do attackers leave behind? GCIH is targeted at system administrators, incident handlers, and first-responder security professionals who want to evaluate their ability to take on realistic threats that they face in their daily work. The programme teaches candidates how to identify hackers that already have access to the cloud or network, defend against covert tools, and protect against endpoint, network, password, and web application attacks.
Exam fee: €930
Expiration: four years
Certified Ethical Hacker (CEH)
Unlike the GCIH certification, which focuses on defence against security risks, CEH emphasises offensive security techniques like hacking strategies. Rather than focusing on preventative techniques like firewall security, CEH requires candidates to (legally) attack systems the way that malicious hackers do to identify vulnerabilities. By understanding the tools and techniques that hackers use, security professionals can understand exactly how attackers gain and maintain access and cover their tracks. The exam evaluates knowledge of penetration testing, threat vector identification, vulnerability analysis, and system hacking.
Entry-level candidates can choose to take a CEH course online or at an accredited training centre, and professionals with more than two years of work experience can apply to self-study for the exam.
Exam fee: €850
Expiration: three years
Certified Cloud Security Professional (CCSP)
As cloud technology continues to transform the way that we work and manage huge amounts of data, advanced cloud security skills are in high demand across the Netherlands. CCSP extends cybersecurity tools and techniques to a cloud environment, measuring the candidate’s ability to implement security architecture, comply with regulatory frameworks, and ensure cloud data, platform, and application security.
Another option for cloud security professionals is the Cloud Security Alliance Certificate of Cloud Security Knowledge (CCSK). Unlike CCSP, which is a certification, CCSK is a certificate, offering proof of the completion of the specialised training course. CCSP, by comparison, offers membership access to (ISC)², which is currently the largest global cybersecurity association.
Professionals that can benefit from CCSP certification are cloud computing analysts, cybersecurity administrators, systems engineers, and cloud engineers, architects, and administrators. CCSP candidates are required to have five years of work experience in the IT field and at least three years working in IT security, including a year working in the six cloud security domains covered by the exam. Those who received the CCSK certificate can substitute the course for a year of work experience.
Exam fee: €530
Expiration: three years
Offensive Security Certified Professional (OSCP)
Penetration tester is one of the fastest growing jobs in the Netherlands. Companies are prioritising the identification of channels and systems that are most vulnerable to cyberattacks, and the pentest market is predicted to grow to €265 billion by 2026. The OSCP exam will test the applicant’s ability to exploit and compromise systems and complete advanced pentest reporting after confronting each challenge. Like CEH, OSCP focuses on offensive tactics for addressing security risks: Applicants will attempt to hack into an unknown and isolated network, gain access, then carry out a series of attacks over the course of 24 hours.
In addition to penetration testers or ethical hackers, network administrators are also likely to hold OSCP certification. There are no work experience requirements, but Offensive Security recommends that candidates have knowledge of Linux, Perl, Python, and Bash before taking the exam.
Exam fee: €700
Expiration: does not expire
Certified Information Systems Auditor (CISA)
Many large companies solicit the help of third-party cybersecurity auditors in order to conduct detailed and comprehensive reviews that can save organisations from devastating cyberattacks. Cybersecurity auditors provide a crucial service for enterprises, analysing the efficiency of protocols and making informed recommendations on how to keep companies secure. CISA is perhaps the most well-known cybersecurity auditing certification, and tests on the candidate’s ability to assess vulnerabilities, protect company assets, make security systems compliant, and execute security controls.
Auditors need to have at least five years of work experience in IT or information systems audit, assurance, control, or security within the last 10 years. Candidates with a two- or four-year degree can reduce the work experience requirement by up to three years.
Exam fee: €670
Expiration: three years
GIAC Security Essentials Certification (GSEC)
Security and operations professionals, forensic analysts, cybersecurity auditors, and penetration testers can benefit from the highly specialised curriculum associated with the GSEC, which tests hands-on practical knowledge related to cybersecurity.
Unlike the CISSP, which covers cybersecurity knowledge in a much broader scope, GSEC focuses on specific topics such as Windows security infrastructure, malicious code and exploit mitigation, log management and SIEM, AWS fundamentals, and data loss prevention. Companies that request GSEC certification usually have an immediate need for cybersecurity professionals to understand these topics for their day-to-day tasks. There are no experience-related requirements to attempt the exam, but as the most expensive certification on this list, taking a GSEC course at a training centre would be a worthwhile investment.
Exam fee: €1,500
Expiration: four years