The top 5 IT certifications that will increase your salary


By Alison DeNisco | July 24, 2017, 4:00 AM PST

7-8 minutes

While a candidate's experience trumps most other factors in an IT hiring manager's decision, certifications can offer less experienced job candidates a way to demonstrate their knowledge and skillset.

"It's a hot topic, as there is a shortage of skillsets needed in the marketplace," said Sean Dolan, CEO of Global Knowledge, an IT and business skills training firm. While putting credentials behind your name can be valuable to employers, "certifications tend to be a little one-dimensional," he added. For example, if a company is looking for a cloud security architect, that person would need several different certifications to demonstrate that they have the necessary skills.

Many companies are more interested in a candidate's ability to apply the knowledge signified by a certification, rather than the certification itself, Dolan said.

For example, on the development side, some companies might want a certified Java programmer, said Carter Lowe, enterprise technical recruiter at Mondo, a national staffing agency specializing in niche IT, tech, and digital marketing. However, others think that only amounts to passing a test, not a proven skillset. "Especially for developers and programmers, hiring managers just want to see the work itself," Lowe said. "Grit is more valuable than a certification."

SEE: CISSP: Certified Information Systems Security Professional Training (TechRepublic Academy)

However, the opposite may be true true for a systems engineer or a high-level support staff member, Lowe said. For more specialized IT positions, such as those working for the federal government, many employers require a set of certifications such as CompTIA's A+ or Network+, or ISC(2)'s Certified Information Systems Security Professional (CISSP).

"Certifications are just the entry game," Dolan said. "It shows you've got a commitment to command a certain language, for example, but it's not the be-all end-all. You want to make sure you're not just memorizing for a test, but are understanding the practicality of using it and applying it in a knowledgeable way."

When determining which certification to pursue, "it's smart to plan out what you are passionate about, and to have a learning path in mind," Dolan said. With companies iterating their platforms daily, it's helpful to understand product lifecycle and the value of the certification in the near future. For example, infrastructure certifications for some particular products are less popular now because many companies have outsourced that work to cloud providers. "Knowing the technology itself will help you decide on the certifications and learning paths that will be most important, like cloud, security, development, or software," Dolan said.

Here are the top five IT certifications that will increase your salary in 2017, according to Global Knowledge.

SEE: Project Management (PMP) Certification Training (TechRepublic Academy)

1. Certified in Risk and Information Systems Control (CRISC)

Average salary: $131,298

CRISC, offered by the nonprofit ISACA, is designed for IT professionals, project managers and others whose job it is to identify and manage IT and business risks through Information Systems controls. More than 20,000 people worldwide hold this credential, and 96% of those who have earned it keep it updated. As demand for professionals with these skills increases, CRISC is the highest-paying certification of the year, according to Global Knowledge.

2. Certified Information Security Manager (CISM)

Average salary: $128,156

CISM, also offered by ISACA, is aimed at management, focusing on security strategies and assessing systems and policies in place at a company. More than 32,000 people have earned the CISM certificate since it was introduced in 2002, so, like CRISC, it remains representative of a highly desired skillset that is in short supply.

With more information being stored in public clouds versus private data centers, it's no surprise that risk management, governance policy, and security are covered in the top two certifications, Dolan said.

3. AWS Certified Solutions Architect - Associate

Average salary: $125,091

The AWS Certified Solutions Architect associate level certification demonstrates expertise in designing and deploying scalable solutions on AWS. Only 10,000 people have earned this certification, and, given the popularity of the AWS platform, they can command a high salary.

"In the cloud, you want a solutions architect who knows how to put together not just the workload but an end-to-end solution," Dolan said. "[AWS Certified Solutions Architect] quickly became a top certification—you can't turn around without hearing about companies leveraging the cloud in terms of digital transformation."

SEE: IT Security CISA, CISSP & CISM Certification Training (TechRepublic Academy)

4. Certified Information Systems Security Professional (CISSP)

Average salary: $121,729

CISSP, offered by (ISC)2, is designed to demonstrate security expertise, including security and risk management, communications and network security, software development security, asset security, security engineering, identity and access management, security assessment and testing, and security operations.

Similar to CRISC and CISM, this security skillset is in high demand and will likely be so for the next several years. However, CISSP allows professionals to earn an associate credential while working on the required experience, rather than necessitating that they have the experience already. This makes it a valuable certification for those wanting to break into the security field, Global Knowledge noted. Nearly 111,000 people worldwide hold a CISSP certificate.

5. Project Management Professional (PMP)

Average salary: $119,349

PMP, offered by the Project Management Institute, is the most recognized project management certification. The PMP exam includes skills relating to the lifecycle of a project: initiating, planning, executing, monitoring and controlling, and closing. There are nearly 730,000 active PMPs worldwide, across a variety of industries. This certification has been in the top certifications list for many years, and will likely continue to hold a place there, Global Knowledge noted.

Follow-up items from NALDR

·  Short evaluation so you can share your thoughts about the event

·  Link to PDFs of all presentations (includes template for volunteer roles)

·  If you recorded it, please send your table’s Purpose & Promise video to Susan Birkholtz. If it is too large to email, you can upload it here.

·  Link to the Tweet Wall (#NALDR on Twitter and Instagram)

·  Photos & videos Kevin Cedeño (from Huntsville) took (includes his Big Jump video)

·  What’s App and LinkedIn groups, both created by Adnan Dakhwe (Silicon Valley)

Why Isn’t Two-Factor Authentication Adopted?

In the security realm, two-factor authentication is often seen as a godsend. It more thoroughly proves authenticity of the person making a request, because it requires more than just something a person knows, but also something a person has or is.

We should discuss the “password problem,” to better understand the need for two-factor authentication in the first place. Passwords technically prove authenticity because they are “something only you know.” Passwords require usernames–which seems like two unknown things at first–until you realize most usernames are public knowledge which eliminates them from the “secret” part of the equation. Now, the only part of the equation that is a secret is the password. Passwords could be adequate in a perfect world, where everyone creates strong, long, complex passwords, and never writes them down, but this rarely happens. Oh yeah, they shouldn’t be memorable, either. Are you starting to see the issue with passwords now?

Most passwords are weak, simple, and short. According to a recent article by the Telegraph (a UK-based new site) the top five most common passwords are: “123456,” “password,” “12345678,” “qwerty,” and “12345.” (If any of these are your password, you need to go change your password. Now!) This represents a huge problem in the world of security. Due to dictionary and brute force attacks, these passwords can be guessed in fractions of a second.

In order to increase security across the web a lot of service providers, especially for email, shopping, and banking, have been implementing two-factor authentication. These are services that typically require a higher level of authentication for their users, and for good reason.

But, even with this push towards better security, most people don’t know about two-factor authentication. Even if they do know about two-factor authentication, there are often other aspects that hold them back from enabling it on their accounts. These roadblocks are legitimate and stop people from protecting their accounts with two-factor authentication all the time. To prove that two-factor authentication still has roadblocks to overcome we will visit the process of how to enable two-factor authentication on three major service providers’ platforms and how to make the all-important app-passwords that most client software requires when two-factor authentication is enabled for an account.


Google is “the Internet” for many people. Google allows you to use their service without an account, but having an account enables so many extra features that users want such as  email, documents, photos, personalized search, and messaging–not to mention YouTube. If a person owns an Android phone, a Google account is also required. This is a double-edged sword in and of itself. Including the ownership of an Android phone, if someone gains access to a Google account through a weak password they also have a lot of control over your phone and complete digital life. That is why we begin with Google, since it is the one account that most people have that has the most control over their entire digital life.

Enabling Two-Factor Authentication

  1. Load Google’s dedicated landing page. You may be asked to login to your account.
  2. You will be presented with some benefits of enabling two-factor authentication. Just click Getting Started.
  3. Re-verify your account password.
  4. Input your phone number. Select call or text. Click Try it.
  5. Google will call or text you with a token. Type in the token and click Next.
  6. It will then ask you to verify if you want to enable two-factor authentication. Just click, Turn on.
  7. You are then presented with a configuration page. I highly recommend setting up a backup device and writing down the backup codes. (I have had to use them before.) You can also setup an alternative authenticator app or create a USB key.
  8. You’re done.

Create App-Passwords

Google already has a pretty good support page on how to generate an app-password, so I will just re-print that below. No need to reinvent the wheel.

  1. Visit Google’s App passwords page. You may be asked to sign in to your Google Account.
  2. At the bottom, click Select app and choose the app you’re using.
  3. Click Select device and choose the device you’re using.
  4. Select Generate.
  5. Follow the instructions to enter the App password (the 16 character code in the yellow bar) on your device.
  6. Select Done.


Yahoo! is still a hold-out for many people. Often, if someone does not use Google, the odds are good they use Yahoo! for their search and email needs. Yahoo! is where we see a lot of accounts attacked because of its popularity in the early days of the Internet and all of the dormant accounts they still maintain. They also seem to not believe in security the same way Google does, but they do have a help article on how to configure two-factor authentication, albeit it is a little vague.

Enabling Two-Factor Authentication

  1. Load Yahoo’s Account Information page.  You may be asked to login.
  2. On the left side menu select Account security.
  3. There are multiple configuration items, but slide the switch for Two-step verification.
  4. You will be prompted to input a phone number and select Text or Call.
  5. Input your token and select Verify.
  6. If the token is successfully verified you will be presented with an option to create app-passwords, otherwise you can skip this step.
  7. Done!

Create App-Passwords

  1. Once again, load Yahoo’s Account Information page. You may be asked to login.
  2. On the left side menu select Account security.
  3. Click Manage app passwords from the list of options.
  4. Click Select your app and click Generate.
  5. Copy your app-password and click Done.


The reason I chose Apple as the third platform to discuss is due to their sprawling digital footprint, combined with their services. Many people use only Apple products, which comprises a lot of their digital life, just like we discussed about Google earlier. Apple stores contacts, emails, photos, documents, and a lot more nowadays. Enabling two-factor authentication for their services is just as important as Google, if not more important, depending on if you live in Apple’s walled-garden.

Enabling Two-Factor Authentication

Prerequisite: Apple’s two-factor authentication seems to require at least one iOS or OS X device.


  1. Open the Settings app.
  2. Touch iCloud and then touch your Apple ID.
  3. Touch Password & Security.
  4. Touch Turn on Two-Factor Authentication.


  1. Click the Apple Menu (top-left)
  2. Click System Preferences.
  3. Click iCloud and then click Account Details.
  4. Click Security.
  5. Turn on Two-Factor Authentication.

Create App-Passwords

  1. Load the Apple Account page. You may be required to login.
  2. Under Security click Edit.
  3. Under App-specific passwords click Generate Password…
  4. Type in a chosen Label and click Create.
  5. Copy the App-password and click Done.

What are the roadblocks?

Going It Alone

A lot of people are unaware of these help pages or landing pages that I mentioned as the first step of most of these procedures. In the past, when I first started using two-factor authentication on these services I went in unaware of these pages as well. It was hard to find where to change two-factor authentication settings or where to create app-passwords. In following the help articles, the process is greatly simplified, but this is not the experience most people go through. In order to have more people enable two-factor authentication, services will have to make these features more prominent. As of this writing, these features are buried, compared to other security settings like changing a password. App-passwords tend to be even more hidden, although they is used more often than resetting a password or enabling two-factor authentication altogether. This also speaks more to marketability, which we discuss below.


For a lot of people, one of the reasons they do not want to enable two-factor authentication is that they do not fully understand it. This falls back to user education. These services that offer this protection for their accounts need to do a better job of informing the people that use their service of how it works, why they should use it, and even of the drawbacks of using two-factor authentication. In order for someone to make the right decision they need to be fully informed. Then, if they choose not to enable two-factor authentication it is not for a lack of trying to persuade and educate. If the risk has been conveyed clearly, it is then transferred to the user, should they not enable two-factor authentication. That may sound harsh, but it is the truth.


App-passwords somewhat fall back into the realm of misunderstanding, but it is also a problem all to itself. For example, if a person never uses client software, such as when using a banking website, a person might not ever experience using an app-password. The main issue with app-passwords is the fact they exist. This process can be mitigated by smart software developers that are able to build-in a two-factor authentication verification process into the way they add accounts, like Apple does when adding most accounts to their native Mail apps. But, for now, when using older software, app-passwords are a necessary evil.

Marketability of Security

Security can be used as a part of marketing. When security is marketed correctly it can also help raise awareness of two-factor authentication. A rising tide lifts all ships. Even if everyone else is “doing it,” it could still be presented to the mass public as a marketing device. Word of mouth is not enough when we are talking about services with hundreds of millions of users, if not billions of users, as in the case of Facebook. Were you aware that Facebook also offers a form of two-factor authentication? If not, do not blame yourself. Blame their marketing. You cannot enable something of which you are not aware.


Two-factor authentication is something that I believe everyone should have enabled. Even though it is a “headache” to use for some, the benefits far outweigh the hurdles that have to be overcome. I also believe that smart software developers can help alleviate the pain associated with using two-factor authentication with client software such as email. With time and innovation, combined with proper marketing, we can make accounts more secure across many different platforms. Most major providers already offer a form of two-factor authentication, you may just have to search for it. It is worth it! My most recent account for which I have enabled two-factor authentication is I did not know they offered it until just a few months ago. It just goes to show that two-factor authentication, while burdensome and hard to find, is a necessity for the safety of our always-online, digital lifestyles.