Welcome to this week’s edition.

Every few weeks I get the same question and honestly, I ask myself the same thing too:

“Which certification should I get next?”

The answer is probably not the one certification vendors want to hear.

The 2026 job market is very different from the market many people entered just a few years ago.

Companies are becoming more selective.

AI is reshaping entire job functions.

Hiring managers increasingly care about demonstrated skills, not just certification collections.

But certifications are not dead.

They can help you get noticed, pass HR filters and get you the interview.

But they are no longer enough to get the job by themselves.

Some certifications are still highly valuable.

Some are useful only at specific career stages.

And some have already become little more than expensive LinkedIn badges.

After reviewing job postings, speaking with recruiters, interviewing for cloud security and AI security roles myself & watching current hiring trends, here is how I would approach certifications in 2026.

Let’s get into it ~

One of the biggest misconceptions in cybersecurity/tech is that certifications are mandatory.

The data says otherwise.

According to a Programs.com analysis of 2,694 cybersecurity job postings from April 2026:

That means roughly three out of four cybersecurity job postings never mention a certification at all.

This does not mean certifications are useless.

A certification can help you get attention & the interview, don’t forget that.

It can help your resume pass a first screen. If you & another applicant have the same experience, the certification will decide who gets the interview at the end.

The actual hiring decision usually comes down to something else:

If I had to pick one certification that continues to dominate security hiring, it would be CISSP (For Cloud CCSP).

Among all cybersecurity certifications mentioned in job postings:

An interesting finding:

Approximately 70% of all job postings mentioning certifications include CISSP.

This is why CISSP remains the gold standard for:

If your goal is senior security positions, CISSP remains one of the strongest investments available.

Cloud adoption is not slowing down (Even with EU sovereignty).

Neither is cloud security demand.

The ISC2 Certified Cloud Security Professional (CCSP) continues to be one of the strongest cloud-focused certifications because it teaches architecture, governance, compliance, operations and security design rather than product-specific implementation.

Unlike AWS or Azure exams, CCSP remains vendor-neutral.

This makes it particularly valuable for:

Many cloud security job descriptions indirectly map to CCSP knowledge areas even when the certification itself is not explicitly listed.

Cloud certifications still dominate technical security hiring.

The cloud market remains heavily concentrated around:

For technical roles, practical cloud certifications still provide significant value.

My recommendations:

This is where things get interesting.

AI security is growing rapidly.

According to Stanford HAI's AI Index 2026:

However:

AI security certifications themselves rarely appear in job descriptions.

What appears instead?

If you want to enter AI security, I would focus on frameworks before collecting AI certifications.

The most important ones are:

These frameworks help you understand the actual problems companies are facing.

Can you explain prompt injection?

Can you threat model an AI agent?

Can you secure a RAG pipeline?

Can you identify AI supply chain risk?

Can you explain excessive agency?

Can you map AI risks to governance controls?

That is what’s important right now.

AI security is moving too fast for one certification to cover everything perfectly.

So learn the frameworks, build real projects & understand the AI risks (Supply Chain Risks like LiteLLM is a disaster currently).

I recently asked multiple recruiters a simple question:

The answer was almost always:

When I pushed further and asked:

The answer became much more interesting.

Several recruiters said:

Projects, internships, open-source work and CTF participation often count as experience in practice.

Especially when candidates can explain:

Many hiring managers care far more about this than another certification.

AI governance certifications can be useful, but only if they match your target career path.

Examples include:

These make sense if your goal is:

But be careful.

The AI governance market is growing, but it is still smaller than cybersecurity.

Many AI governance roles are also looking for privacy professionals, lawyers, compliance specialists, auditors and risk managers.

That does not mean technical people cannot enter.

They absolutely can.

But the strongest profile is someone who can combine technical security knowledge with governance, risk, privacy and regulation.

That combination is rare. → And rare combinations are valuable.

If you're entering AI security today:

More information here: https://www.practical-devsecops.com/certified-ai-security-professional?fpr=rami56

One of the better hands-on AI security certifications currently available.

Strengths:

Weaknesses:

Still, for someone starting from zero, it provides a strong overview of the AI security landscape.

The most valuable certification in 2026 is still the one that supports the work you actually want to do.

For cloud security, certifications like CISSP, CCSP, AZ-500 (SC-500) and AWS Security Specialty continue to provide significant value.

For AI security, frameworks are more important than certifications.

Trust me on this, you will see in some years why. MITRE ATLAS, OWASP LLM Top 10, NIST AI RMF and AI threat modeling knowledge are appearing more frequently than any AI-specific certification.

And regardless of which path you choose:

Build things!

Document what you learn.

Because in today's market, a strong project portfolio & being adaptable will often outperform a wall full of badges.

See you in the next one.

Check out my previous newsletter articles for more tips👇