Privacy Needs Security, Security Needs Privacy
William O’Reilly
I. Introduction
Security Operations Centers (SOC) for enterprises across the country are in need of professionals. They need professionals to fill the roles that already exist, and they need to add roles to deal with the changing regulatory landscape. For an enterprise, the best practice is an investment in “people, process, and technology.[1] It is true that people are the most expensive part of an SOC.[2] However, the reason there is a shortage is not because enterprises around the US are skimping on their labor. There simply are not enough trained professionals. The training to be a cybersecurity professional is not easy, nor is it cheap. Enterprises are in danger from their absence of professionals, and it may be worth it for them to shoulder the cost of education and certification in pursuit of their goal of self-preservation. One cost the enterprise will have to face in hiring professionals is the establishment of career potential and pay There is also an ongoing cost for organizations that need to have instances of training to level up their employees over time.[4] Training also assists with retention of personnel, making it a necessary cost to the enterprise.[5] Finally, burgeoning privacy laws create burdens and liabilities that the SOC in its present form is only partially equipped to deal with. Fortunately, over 20% percent of enterprises plan to increase their investment in cybersecurity post breach.[6] That investment should include privacy professionals.
Potential employees have costs associated with education and skill development. The cost of training, education, and certifications can be a limit on professionals entering the cybersecurity industry. No SOC will have the same composition or volume, but most SOC services demand certain roles be filled by professionals with specific training. Legislation is also demanding those roles be filled.[7] Each of these professions has specific responsibilities, which require specific skills, and each of those skills can be represented through certifications.[8] Each of these certifications has a cost. Laying out this cost may illustrate one reason for the dearth in skilled professionals and may show an enterprise the value that a professional expects to get out of their investment.
II. Need for and Cost of Professionals
For an enterprise to staff a SOC, it could cost them over How many individuals hired for each role will vary, depending on which services are performed in-house and which are less important to the enterprise.[10] Other costs like renewing certifications and ongoing training and retention incentives exist, but are small compared to the risk of cyber-attacks. Cyber-attacks and legislative efforts to prevent those attacks are costs that enterprises should be afraid of.
The average cost of a data breach in 2024 is 4.88 million.[11] This cost is even higher for companies that have a shortage of skilled cybersecurity professionals, averaging $5.74 million.[12] 46% of those breaches involve customer personal data, and it can take almost 300 days to identify a breach.[13] Loss of data and damage to systems represent their own additional costs.enterprise will likely suffer a loss of trust after a breach.[15] This year, the costs to organizations from loss of business and failure of post-breach responses continued to grow.[16] An enterprise needs cybersecurity professionals to prevent these costs where possible. Cybersecurity compliance professionals are especially important, as there is a 20% increase in organizations that had to pay fines over $50,000.[17] These costs create demand for a SOC staffed by skilled professionals.
The cost of noncompliance is high. If an enterprise does business within a state or country that has a comprehensive privacy law, they are subject to costs if they breach those laws.[18] These laws are not uncommon. 20 states have passed or are considering privacy laws.[19] Many other nations have privacy laws as well.[20] Without professionals dedicated to understanding these overlapping conditions and working in concert with those managing policy and action within an enterprise, the costs will be high.
The first factor leading to dysfunction in a SOC is absence of educated personn People are a major pillar of the SOC.[22] The distance between adequate staffing and where the industry currently is was exacerbated by the pandemic.[23] For example, a study found that half of the surveyed cybersecurity professionals were reassigned to assist with tasks related to supporting remote work rather than security tasks while at the same time, cybersecurity incidents were increasing.[24] Before the pandemic, the industry was projected to be four million workers short.[25] This year, the cyber skills shortage has increased by 26.6%.[26] Overall 53% of businesses have a shortage of cybersecurity professionals.[27]
A SOC is interested in hiring professionals with a baseline of cybersecurity skills, a basic understanding of tools, and strong problem-solving skills.[28] These are the skills a SOC needs to support its enterprise or clients. They need professionals to provide the SOC services which include risk management, incident management, analysis, compliance, digital forensics, situational and security awareness, and research and development.[29] The SOC may demand competency and excellence, but enterprises have to balance the costs of cyber incidents with the costs of cyber professionals.
III. Proof of Skills
In order to gain the skills necessary to fill a role in the SOC, most people will use certifications. Some skills also come through college degrees and job experience. The certifications offered are incredibly diverse. An examination of over twenty-five of these certifications yields a useful but small insight into the options available. Some of these certifications can be grouped by the certifier, and they can also be grouped by the general skill set they require. Redundancy is necessary for some professionals; they may need multiple certifications in the same field.[30] By looking at the costs for each of these certifications or instructional tools, an enterprise can measure the cost to an individual.
Several certifications ensure skills in penetration testing. One of these is the Pen-200 certification which qualifies an individual as an Offensive Security Certified Professional (OSCP). The Pen-200 certification costs $1,649[32] Another offensive certification is the Certified Ethical Hacker (CEH) from the EC-Council, which can cost between $2,200 and $3,500 for training and the exam.[34] This certification is the baseline for many roles in the SOC.[35] To get to the exam you will need to have two years of professional experience or pay a $100 dollar fee and attend training or get a separate certification.[36] , and retakes cost $450.[37] The training can take 40 hours or more.[38] This comes out to about 5 days of work. As a companion to ethical hacking, penetration testing has several certifications. Such certifications include the Certified Penetration Tester (CPT), which costs about $499, and the Certified Expert Penetration Tester (CEPT), which costs the same.[39] InfoSec offers a 10 day boot camp to prepare for the CPT, [40] which entails about . For the Any boot camps or additional training adds cost to the certifications beyond the exam. This may be burdensome because penetration testing is not the only kind of certification required for any of the SOC roles.
The Certified Information Security Manager (CISM) exam can cost up to $760.[42] The certification offers professional advancement opportunities, and is useful for most SOC roles.[43] The preparation takes about 10 hours per topic of study; typically, this will come out to around 40-50 hours.[44] The Certified Information Systems Auditor (CISA) is 95% the same content as the CISM.[45] The exam takes about the same amount of prep time and also costs up to $760.[46]
The Certified in the Governance of Enterprise IT (CGEIT) certification is one of the most demanding certifications for governance.[47] It is designed for experts in IT to gain the knowledge necessary to avoid governance-related risks.[48] The cost for the exam is up to $760 with a mandatory , coming out to $810 overall.[49] This certificate requires five years of experience just to take,[50] and for some it takes about 5 months of studying for a couple hours each day with extra research on the weekends to score amongst the top test takers.[51]
The EC-Council has other certifications beyond just the CEH. It is an organization that provides a variety of well-regarded certifications.[52] Each of these must be purchased with live or on-demand training, with the on-demand training being much cheaper.[53] The EC-Council Certified Security Analyst (ECSA) certification qualifies an individual with a knowledge base for mitigating threats to networks and applications. This certification costs $999.[55] This certification is advanced, and may require other certifications, such as the CEH, before its completion.[56] An additional course is also required, which may take about 5 days, or 40 hours to complete.[57] EC-Council Certified Encryption Specialist (ECES) provides training on encryption technologies and best practiceshis certification costs $1,399[59] and takes 20 hours of preparation, at least.[60] EC Council Computer Hacking Forensic Investigator Certification certifies that the user is aware of and can use the tools to conduct forensic investigations. This certification’s lowest cost is $2,199.[62] The recommended course lasts 5 days or about 40 hours of work.[63] The EC-Council’s Certified Chief Information Security Officer certification aims to capture the volume of experience and skills required for that level of position.[64] This certification costs $2,499 at its cheapest.[65] [67]
Cisco Certified Network Associate (CCNA) is an entry level certification for IT professionals that will work with network hardware.[68] The certification costs only $300.[69] The exam requires more preparation because it expects entry level applicants. This study time is recommended to be 30 to 60 minutes a day for 26 weeks, so a minimum 91 hours.[70] The more advanced Cisco Certified Network Professional (CCNP) takes those skills to the next stage and costs $400 plus another $300 for a required specialization exam.[71] Even with the expectation that seasoned professionals are taking that exam, many still study for 30 minutes a day for up to 3 months, or about 45 hours.[72]
GIAC Certifications (previously Global Information Assurance Certification) is a company that provides several certifications aimed toward information security professionals.[73] They are associated with SANS institute which provides training for such.[74] All GIAC practitioner certifications cost $979, and all applied knowledge certifications cost $1299.[75] Some courses recommend about 60 hours of preparation for the various GIAC exams.[76] Preparation materials like courses can be expensive, and even a GIAC practice test costs over $400.[77] GIAC’s GPEN penetration certification is an applied knowledge certification and thus costs $949.[78] This requires a basic knowledge of TCP/IP and Windows and Linux command lines.[79] The training for this course is priced at $7,640.[80] GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), GIAC Security Leadership (GSLC), GIAC Certified Forensic Examiner (GCFE), GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM) all are practitioner exams as well, cost $949[81] each, and likely will demand the recommended 60 hours of prep.[82]
The most popular certification, and the most commonly required, is the Certified Information Systems Security Professional (CISSP). This exam costs $749 and takes between 30 and 60 minutes for 90 or more days to prepare; at least 45 hours total.[83] Its companion, CISSP Information Systems Security Management Professional (CISSP-ISSMP) adds management and other skills. It costs $599[84] and takes an additional three months or soof preparation.[85]
EnCase Certified Examiner (EnCE) certifies the holder in the use of Encases forensic tools. The exam costs $500 and requires a 64-hour training or a year’s worth of experience in the field.[87] A similar certification, Certified Computer Examiner (CCE) requires over a year of professional experience, but is a general knowledge certification for the forensic examination of computers.[88] It costs $400 and there is a boot camp option, but a self-study should last 3-6 months.[89] This comes out to about 45 hours. Certified Computer Forensics Examiner (CCFE) is an in-depth certification that does not require other certifications to attempt it, but it is recommended that an applicant have them.[90] With the requisite experience it is an additional 40 hours to prepare for the exam.[91] The exam costs $499.
CompTIA A+ is a general certification that tests knowledge on a variety of topics ranging from hardware to cloud computing.[93] The full exam costs $492.[94] The preparation time varies by experience, but with no experience it can take up to a year. It could be much less for an experienced professional.[96]
CompTIA Security+ tests the ability to identify and assess basic security threats.[97] It costs $392.[98] The preparation for Security+ varies, but 4-6 weeks.[99] It is the first step toward more advanced CompTIA security certifications.[100] One of those is the CompTIA CYSA+, which tests ability in the realms of detection, prevention, and response.[101] It also costs $392.[102] The preparation for CYSA+ takes about 3 months.
Another security focused certification is the SANS Security Awareness Professional (SSAP) which costs $599 and will likely take two full days or about 20 hours of preparation.[104] It works by communicating security awareness with different parts of the workforce.[105]Some roles may require a certification in DevOps.[106] Along with others in the industry, AWS and Microsoft Azure offer certifications.[107] They cost $300 and $165 respectively.[108] Both require extensive experience in automation,[109] and Microsoft’s certification requires other certifications first.[110] Based on the expected materials, a DevOps exam will likely take at least 45 hours of preparation.
Privacy professionals, and other roles within the SOC that deal with compliance, will need privacy certifications. Almost all of these come from the IAPP. These generally cost $550 for the exam, although the AI Governance Professional Certification costs more, at $799. A privacy professional will need to get more than one of these certifications if the enterprise they work for has business internationally or involves itself in AI.
Various vendors will distribute specific certifications in their tools. These can be expensive, but they usually require less time. A professional will benefit from certifications in software and hardware either in the tools their employer uses, or in the popular tools in their industry.[112]
Some of the roles require college degrees.[113] Those can be incredibly expensive but are also available at a lower cost from certain universities or with scholarships. Sometimes the general education that comes with a degree is sufficient but certain positions, such as cryptographer or cryptologist, require degrees in a specific subject.[114] The average cost of a bachelor’s degree is between about $10,000 per year for a public college and $42,000 per year for a private college.[115] Fortunately, there are many need-based scholarships available, often covering up to half of tuition.[116] Degrees take a lot of time to complete. Most colleges require 120 credit hours to graduate; the typical school would require[117] This comes out to 336 hours.[118] The colossal investment in a college degree is not necessary for some of the roles at the SOC but may be an avenue to obtain several certifications within a degree program.
IV. SOC Team Members
These certifications are not one-to-one with members of the SOC. Several different team members compose the SOC, and depending on the services offered and the clients’ needs, some team members will be duplicates.[119] By reviewing the skills required for each of these roles, the importance of the certifications and training becomes clear. These are not simple or easy jobs. Nor can any one person fill all of these roles in an enterprise of any size.
There is some overlap between the responsibilities of different positions. However, by analyzing the responsibilities of each role, it becomes clear that privacy concerns and compliance cannot just be taken on by any individual, and none are equipped to develop data subject request responses. Each role in the SOC fills a need, and there is a need for privacy professionals.
Security analysts take part in several different responsibilities needed to evaluate security measures and controls.[120] They will need to establish security plans and protocols, perform security assessments and recommend solutions.[121] The overall cost to be a security analyst comes out to be $13,481.[122] The compensation is $120,360.[123]
A penetration tester validates the vulnerabilities found by the assessment officers by using the tools an attacker would use.[124] They do this through penetration tests.[125] They need to be able to use specific tools to perform these tests.[126] They may also need to design their own tools or be called on to analyze the physical security of an enterprise or SOC.[127] The overall cost to be certified as a penetration tester comes out to $86,055.[128] The average compensation for such a position is usually $119,895.[129]
Assessment officers review policy, procedure and compliance for the SOC.[130] These skills are focused on operation, and the certifications required reflect that.[131] The overall cost to be certified as an assessment officer comes out to $86,055.[132] The average compensation for such a position is usually $127,725.[133]
One of the most intense roles the SOC requires is the incident responder. Their responsibilities would include rapid incident response to any security threat to IT systems.[134] Their role may also include penetration testing, network analysis and other responsibilities.[135] They have a high volume of certifications and the cost to become an incident responder falls around $87,426.[136] The average compensation for such a position is
A systems analyst is vital to the SOC. They process an enormous amount of data from various logs, security tools, and automated threat detection alerts.[138] The overall cost to be a certified systems analyst is the lowest of all the roles, sitting at only $6,627.[139] Generally, the compensation for the position is around $132,962.
A security administrator principally develops IT policies.[141] They will need to implement those policies throughout the enterprise.[142] They may also administer security controls when necessary to protect against vulnerabilities.[143] The cost to get the certifications necessary to be a security administrator totals about $84,550.[144] The compensation comes out to about $90,459.
A security engineer has a technically focused role similar to a security analyst.[146] They analyze the data from the security tools, but they also take part in incident response.[147] On top of that they may choose and review the security tools that a SOC uses.[148] This broad role costs about $86,587.[149] The compensation is, on average, $122,890.
Security Trainers implement the training programs developed by the security analyst and the assessment officers.[151] This involves discussions with leadership and employees.[152] The cost is usually $80,749.[153] The pay for that position is $58,171.[154]
Security Architects are high level employees with a few overarching responsibilities.[155] They are part of the incident response team, but they are also responsible for creating the structures and defenses for the security of an enterprise.[156] The various certs and prep for this role costs $89,933.[157] The average compensation comes to $149,349.
Cryptographers and cryptologists are incredibly important and unique among SOC members.[159] They require a degree in mathematics, and there are few certifications required.[160] The cryptologist analyzes the attacker’s encryption and develops stronger encryption for the data in the enterprise.[161] The cost to be a cryptologist is $83,598.[162] They are usually compensated at $135,000.[163]
A forensic engineer will need to collect digital evidence after a cyber incident.[164] The uses of the data include legal investigations, and internal reviews.[165] The forensic engineer may need to have legal knowledge in order to properly collect evidence.[166] The cost to become a forensic engineer may be $6,849.[167] This is the second lowest, and one of three that likely does not require a college degree.[168] Their average compensation is 139,368.[169]
There is the Chief Information Security Officer. They are likely responsible for organizing and hiring the SOC team.[170] They work with executive management to decide the acceptable risk for an enterprise.[171] The cost to get the certifications and education for a CISO is $87,156.[172] However, the compensation amounts to $245,194.
States continue to develop privacy laws, so having a privacy professional on the SOC is necessary. These professionals would assist with data retention and policy and create systems for resolving data subject requests without harming confidentiality, integrity, and availability. The cost for the certifications and education starts at $83,049.[174] The minimum hours for preparation is 426.[175] Many privacy professionals may get multiple privacy certifications for different regions around the world. The compensation is $111,007 on average.[176]
None of these roles are cheap to train. Each of them plays an important role in the SOC. Without any role the function of the SOC–and by extension the data and resources of an enterprise–is at risk.
V. Conclusion
The world needs Cybersecurity professionals. Enterprises need fully staffed SOCs. The cost to be a cybersecurity professional is not cheap and is not quick. The large cost per certification, coupled with the necessity to have multiple certifications and a degree to fill many SOC roles sets a significant barrier to entry for individuals hoping to start work or get on-the-job training. These professionals are often well compensated, and continuing their certifications may be supported by the enterprise, but that can only happen after that initial barrier is overcome. Growing danger of breach and legislative requirements create a need for privacy professionals to work closely with data security professionals. This is not a simple issue. Given the cost facing enterprises that do not have adequate security, it will be necessary for them to invest in the training and certification of cybersecurity and privacy professionals.
References
[1] Joseph Muniz, The Modern Security Operations Center 284 (Mark Taub et al. eds., 1st ed. 2021).
[2] Id.
[3] See id. at 285.
[4] IBM, Cost of a Data Breach Report 2024 36 (Ponam Institute, 2024).
[5] See Muniz, supra note 1, at 345.
[6] IBM, supra note 4, at 33.
[7] Secure Privacy, What is a Data Protection Officer and Do You Need One?, Secure Privacy Blog (Jan. 18, 2024), https://secureprivacy.ai/blog/data-protection-officer-guide.
[8] See Muniz, supra note 1, at 295.
[9] Security, “The economics of the security operations center: What’s the true cost?”, Security Magazine (Jan. 22, 2021) https://www.securitymagazine.com/articles/94413-the-economics-of-the-security-operations-center-whats-the-true-cost.
[10] See Muniz, supra note 1, at 324.
[11] IBM, supra note 4, at 5.
[12] Id. at 24.
[13] Id. at 6.
[14] Muniz, supra note 1, at 50.
[15] Id.
[16] IBM, supra note 4, at 11.
[17] Id. at 28.
[18] See, e.g., Adam Satariano, Meta Fined $1.3 Billion for Violating E.U. Data Privacy Rules, N.Y. Times (May 22, 2023), https://www.nytimes.com/2023/05/22/business/meta-facebook-eu-privacy-fine.html; Sara Merken, Sephora to Pay $1.2 mln in Privacy Settlement with Calif. AG Over Data Sales, Reuters (Aug. 24, 2022, 5:12 PM), https://www.reuters.com/legal/litigation/sephora-pay-12-mln-privacy-settlement-with-calif-ag-over-data-sales-2022-08-24/.
[19] Andrew Folks, US State Privacy Legislation Tracker, IAPP (July 22, 2024), https://iapp.org/resources/article/us-state-privacy-legislation-tracker/.
[20] Global Privacy Law and DPA Directory, IAPP, https://iapp.org/resources/global-privacy-directory/ (last visited Sep. 28, 2024).
[21] Muniz, supra note 1, at 41.
[22] Id. at 239.
[23] Kate Rogers & Betsy Spring, ‘We Are Outnumbered’ — Cybersecurity Pros Face a Huge Staffing Shortage as Attacks Surge During the Pandemic, CNBC (Sept. 6, 2020), https://www.cnbc.com/2020/09/05/cyber-security-workers-in-demand.html.
[24] Id.
[25] Id.
[26] IBM, supra note 4, at 5.
[27] Id. at 25.
[28] Muniz, supra note 1, at 239.
[29] Id. at 234.
[30] See id. at 293-315.
[31] See generally infra Appendix 1.
[32] What Is OSCP Certification and Is It Worth It? 2024 Guide, Coursera (Feb 27, 2024), https://www.coursera.org/articles/oscp.
[33] PEN-200 FAQ, Offsec, https://help.offsec.com/hc/en-us/articles/12483872278932-PEN-200-FAQ (last visited Oct. 25, 2024).
[34] Pricing, EC-Council, https://www.eccouncil.org/train-certify/certified-ethical-hacker-ceh-v12/ (last visited Oct. . 15, 2024).
[36] Michelle Moore, Is the CEH Certificate Worth It? [12 Points to Consider], Univ. of San Diego Online, https://onlinedegrees.sandiego.edu/ceh-certification/ (last visited Oct. 15, 2024).
[37] Id.
[38] Id.
[39] Rodika Tollefson, Top 10 Penetration Testing Certifications for Security Professionals (2023), Infosec (July 27, 2023), https://www.infosecinstitute.com/resources/professional-development/top-5-penetration-testing-certifications-security-professionals/#cpt.
[40] Id.
[41] Id.
[42] Chiradeep BasuMallick, CISM Certification: Exam Cost, Salary, and Jobs in 2022, Spiceworks (July 25, 2022), https://www.spiceworks.com/tech/it-careers-skills/articles/what-is-cism-certification/.
[43] Id; see also infra Appendix 1.
[44] Jeremiah Walker, How to Prep for the CISA and CISM: Everything You Need to Know, LinkedIn (Mar. 20, 2017), https://www.linkedin.com/pulse/how-prep-cisa-cism-everything-you-need-know-jeremiah-walker.
[45] Id.
[46] Id.
[47] What Are All Possible Costs Associated With Obtaining CGEIT Certificate?, UNICHRONE, https://unichrone.com/resource/cgeit-certification-cost (last visited Oct. 15, 2024) .
[48] Id.
[49] Id.
[50] CIO, “What is CGEIT? A certification for seasoned IT governance professionals” (Dec. 5, 2018) https://www.cio.com/article/222595/what-is-cgeit-a-certification-for-seasoned-it-governance-professionals.html.
[51] Jason Kang, CGEIT Preparation Tips and the Timelessness of Good Governance, ISACA (Sept. 24, 2020), https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2020/cgeit-preparation-tips-and-the-timelessness-of-good-governance.
[52] See generally EC-Council, https://www.eccouncil.org/ (last visited Oct. 15, 2024).
[53] See On-Demand Training, EC-Council, https://iclass.eccouncil.org/product-category/courses/?orderby=popularity (last visited Aug. 12, 2024).
[54] EC-Council, https://www.eccouncil.org/ (last visited Aug. 8, 2024).
[55] John Terra, The What, Why, and How of ECSA Certification, Simplilearn (Aug.. 13, 2024), https://www.simplilearn.com/ecsa-certification-article.
[56] Id.
[57] EC-Council Certified Security Analyst (ECSA), Nat’l Initiative for Cybersecurity Careers and Stud. (May 17, 2024), https://niccs.cisa.gov/education-training/catalog/institute-information-technology/ec-council-certified-security-analyst.
[58] See generally EC-Council, https://iclass.eccouncil.org/product/ec-council-certified-encryption-specialist-eces/ (last visited Oct. 25, 2024).
[59] See generally EC-Council, https://iclass.eccouncil.org/product/ec-council-certified-encryption-specialist-eces/ (last visited Aug. 12, 2024).
[60] EC-Council, https://www.eccouncil.org/train-certify/ec-council-certified-encryption-specialist-eces/ (last visited Aug. 12, 2024).
[61] EC-Council, “What is the Computer Hacking Forensic Investigator”, https://www.eccouncil.org/train-certify/computer-hacking-forensic-investigator-chfi/ (last visited Oct. 25, 2024).
[62] EC-Council, https://iclass.eccouncil.org/product-category/courses/?orderby=popularity (last visited Aug. 8, 2024).
[63] EC-Council, https://www.eccouncil.org/train-certify/computer-hacking-forensic-investigator-chfi/ (last visited Aug. 12, 2024).
[64] EC-Council, https://www.eccouncil.org/ (last visited Aug. 8, 2024).
[65] EC-Council, https://iclass.eccouncil.org/product-category/courses/?orderby=popularity (last visited Aug. 8, 2024).
[66] CCISO – Certified Chief Information Security Officer, Secure Ninja, https://secureninja.com/training-courses/cciso-certified-chief-information-security-officer.html (last visited Aug. 12, 2024).
[67] Why choose the CCISO | Certified Chief Information Security Officer course?, Learning People (last visited Aug. 12, 2024) https://www.learningpeople.com/uk/courses/cciso-certified-chief-information-security-officer/.
[68] Coursera Staff, What Is the CCNA? An Entry-Level Networking Certification, Coursera (Nov. 29, 2023) https://www.coursera.org/articles/what-is-the-ccna.
[69] Id.
[70] Mary Ann Richardson, How To Prepare For the CCNA Certification Exam, Spiceworks (Aug. 22, 2022) https://www.spiceworks.com/tech/it-careers-skills/articles/how-to-prepare-for-ccna-exam/.
[71] How CCNP Certification Can Benefit Your Career, CBTnuggets (July 18, 2023), https://www.cbtnuggets.com/blog/certifications/cisco/how-cisco-certified-network-professional-ccnp-can-benefit-your-career.
[72] Ross Heintzkill, Preparing for the CCNP Enterprise? Here’s How Long You Should Plan to Study for the 350-401 ENCOR Exam, CBTnuggets (Sept. 12, 2022), https://www.cbtnuggets.com/how-long-to-study/ccnp-enterprise.
[73] Learn More About GIAC, GIAC https://www.giac.org/about/company-info/?msc=main-nav (last visited Aug 3, 2024)
[74] Steven Bowcut, The Ultimate Pen Testing Certification Guide, Cybersecurity Guide (May 03, 2024), https://cybersecurityguide.org/programs/cybersecurity-certifications/penetration-testing/.
[75] Cybersecurity Certifications: Pricing GIAC, https://www.giac.org/pricing/ (last visited Aug. 13, 2024).
[76] GIAC – Firebrand’s Training for GIAC’s Penetration Tester, Firebrand, https://firebrand.training/dk/en/kurser/giac/penetration-tester-gpen-certificering (last visited Aug 3, 2024).
[77] Cybersecurity Certifications: Pricing, GIAC, https://www.giac.org/pricing/ (last visited Aug. 13, 2024).
[78] Steven Bowcut, The Ultimate Pen Testing Certification Guide Cybersecurity Guide (May 03, 2024), https://cybersecurityguide.org/programs/cybersecurity-certifications/penetration-testing/.
[79] Id.
[80] Id.
[81] Cybersecurity Certifications: Pricing, GIAC, https://www.giac.org/pricing/ (last visited Aug. 13, 2024).
[82] GIAC – Firebrand’s Training for GIAC’s Penetration Tester, Firebrand, https://firebrand.training/dk/en/kurser/giac/penetration-tester-gpen-certificering (last visited Aug 3, 2024).
[83] Jane Nam, Is the CISSP Certification Worth It? Requirements, Exam Costs, and Salary, Best Colleges
(Feb. 14, 2024) https://www.bestcolleges.com/computer-science/cissp-certification-costs-salary/#fn-6.
[84] ISC2 Exam Pricing, ISC2, https://www.isc2.org/register-for-exam/isc2-exam-pricing (last visited Aug, 13, 2024).
[85] See Jeff Root, Career Spotlight on the ISC2 CISSP-ISSMP Certification, iSecPrep (June 19, 2021), https://www.isecprep.com/2021/06/19/career-spotlight-on-the-isc2-cissp-issmp-certification.
[86] EnCase Certified Examiner (EnCE) Certification Program, Opentext, https://www.opentext.com/learning-services/learning-paths-encase-certifications (last visited Aug. 13, 2024).
[87] Id.
[88] ISFCE Training, International Society of Forensic Computer Examiners, https://www.isfce.com/training.html (last visited Aug, 13, 2024).
[89] Id.
[90] Certified Computer Forensics Examiner (CCFE) (Online), Findcourses.com, https://www.findcourses.com/training-supplier/corporate-college/certified-computer-forensics-examiner-ccfe-online-1417050 (last visited Aug. 13, 2024).
[91] Id.
[92] Fakhar Imam, CCFE Exam Overview: What To Expect, INFOSEC (Oct. 20, 2017), https://www.infosecinstitute.com/resources/other/ccfe-exam-overview-what-to-expect/.
[93] Cassandra Lee, How Much Does CompTIA A+ Certifications Cost?, StationX
(May 11, 2024), https://www.stationx.net/comptia-a-plus-certification-cost/.
[94] Id.
[95] Id.
[96] Id.
[97] Id.
[98] Id.
[99] Mark Gill, How Long to Study for Security+? A Comprehensive Guide, Comparitech (Feb. 19, 2024), https://www.comparitech.com/blog/information-security/how-long-to-study-security-plus/.
[100] Lee supra note 93.
[101] Id.
[102] Id.
[103] Ross Heintzkill, Preparing for CYSA+? Here’s How Long You’ll Need to Study, CBTnuggets (Aug. 31, 2024), https://www.cbtnuggets.com/how-long-to-study/cysa.
[104] Dark Reading Staff, SANS Launches Security Awareness Certification, Darkreading (May 31, 2019), https://www.darkreading.com/cyber-risk/sans-launches-security-awareness-certification.
[105] Id.
[106] Muniz, supra note 1, at 293-315.
[107] See AWS Certified DevOps Engineer – Professional, AWS, https://aws.amazon.com/certification/certified-devops-engineer-professional/ (last visited Aug. 13, 2024); Microsoft Certified: DevOps Engineer Expert, Microsoft, https://learn.microsoft.com/en-us/credentials/certifications/devops-engineer/ (last visited Aug. 13, 2024).
[108] Id.
[109] AWS Certified DevOps Engineer – Professional, AWS, https://aws.amazon.com/certification/certified-devops-engineer-professional/ (last visited Aug. 13, 2024).
[110] Microsoft Certified: DevOps Engineer Expert, Microsoft https://learn.microsoft.com/en-us/credentials/certifications/devops-engineer/ (last visited Aug. 13, 2024).
[111]Certification, IAPP Store, https://store.iapp.org/ (last visited Sep. 28, 2024).
[112] See Muniz, supra note 1, at 295.
[113] Id. at 293-315.
[114] Id. at 312.
[115] Emma Kerr & Sarah Wood, See the Average College Tuition in 2023-2024, U.S. News (Sept. 20, 2023, at 8:00 a.m.), https://www.usnews.com/education/best-colleges/paying-for-college/articles/paying-for-college-infographic.
[116] Id.
[117] See Robert Farrington, How Many Credit Hours Is Full Time for Students?, The College Investor (Mar. 13, 2024), https://thecollegeinvestor.com/42197/credit-hours-required-to-be-a-full-time-student/; Class-Time to Study-Time Ratio, Lumen, https://courses.lumenlearning.com/waymaker-collegesuccess/chapter/text-class-time-to-study-time-ratio/ (last visited Aug. 3, 2024).
[118] See Farrington, supra note 117; Lumen, supra note 117.
[119] Muniz, supra note 1, at 293-315.
[120] Id. at 295.
[121] Id. at 295.
[123] Occupational Outlook Handbook, Information Security Analysts, U.S. Bureau of Labor Statistics (May 2023), https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm.
[124] Muniz, supra note 1, at 296.
[125] Id.
[126] Id.
[127] Id.
[129]Penetration Tester, ZipRecruiter, https://www.ziprecruiter.com/Salaries/Penetration-Tester-Salary (last visited Aug. 13, 2024).
[130] Muniz, supra note 1, at 298.
[131] Id. at 299.
[133] Cyber Security Assessor average salary in the USA, 2024, Talent.com, https://www.talent.com/salary?job=cyber+security+assessor (last visited Aug. 13, 2024).
[134] Muniz, supra note 1, at 300.
[135] Id.
[137]Cyber Security Incident Responder Salary, ZipRecruiter, https://www.ziprecruiter.com/Salaries/ Cyber-Security-Incident-Responder-Salary (last visited Aug. 14, 2024).
[138] Muniz, supra note 1, at 303.
[140] Cyber Security Analyst Salary, ZipRecruiter, https://www.ziprecruiter.com/Salaries/ Cyber-Security-Analyst-Salary (last visited Aug. 14, 2024).
[141] Muniz, supra note 1, at 305.
[142] Id.
[143] Id.
[145] Cyber Security Administrator Salary, ZipRecruiter, https://www.ziprecruiter.com/Salaries/ Cyber-Security-Administrator-Salary–in-Maine (last visited Aug. 14, 2024).
[146] Muniz, supra note 1, at 306.
[147] Id.
[148] Id.
[150] Cyber Security Engineer Salary, ZipRecruiter, https://www.ziprecruiter.com/Salaries/ Cyber-Security-Engineer-Salary (last visited Aug. 14, 2024).
[151] Muniz, supra note 1, at 308.
[152] Id.
[154] Cyber Security Trainer Salary, ZipRecruiter, https://www.ziprecruiter.com/Salaries/Cyber-Security-Trainer-Salary (last visited Aug. 14, 2024).
[155] Muniz, supra note 1, at 309.
[156] Id.
[158] Security Architect Salary, ZipRecruiter, https://www.ziprecruiter.com/Salaries/Security-Architect-Salary#TableView (last visited Aug. 14, 2024).
[159] Muniz, supra note 1, at 311.
[160] Id.
[161] Id.
[163] Cryptographer Salary – How Much Can You Earn as a Cryptographer, Cyber Security Jobs, https://www.cybersecurityjobs.com/cryptographer-salary/ (last visited Aug. 14, 2024).
[164] Muniz, supra note 1, at 313.
[165] Id.
[166] Id.
[168] Id.
[169] Digital Forensics Engineer Salary, ZipRecruiter, https://www.ziprecruiter.com/Salaries/Digital-Forensics-Engineer-Salary (last visited Aug. 14, 2024).
[170] Muniz, supra note 1, at 314.
[171] Id.
[173] Chief Information Security Officer Salary in the United States, Salary.com (July 29, 2024), https://www.salary.com/research/salary/benchmark/chief-information-security-officer-salary.
[176] Privacy Professional, ZipRecruiter, https://www.ziprecruiter.com/Salaries/Privacy-Professional-Salary (last visited Sept. 28, 2024).
