Security+, CISSP, CISM, GSEC, SANS — a veritable soup of acronyms. And all valuable certifications, depending on what aspect of cyber security you want to pursue. But like many fields, those most effective at thwarting threat actors are those who possess a blend of education and practical experience.

As Armor Chief Security Officer Jeff Schilling recently told CSO, “It’s always a red flag for me when I see a CV where a potential prospect has pages and pages of certifications listed, but no real work experience that leverages those certifications.”

CSO spoke with numerous cyber security leaders, most of whom agreed that the Certified Information Systems Security Professional (CISSP) is currently the leading option for information security because it requires a measure of practical experience to hold the distinction.

For those just starting out, introductory certifications exist that can provide the basis for navigating the threat landscape — as well as the cyber security job market.

“Security+ is still a great foundational certification for those entry-level security analysts,” Schilling explains to CSO writer Kacy Zurkus. “As a next step, we like to see our security analysts progress and get their Certified Ethical Hacker certification so they can learn the way threat actors think.”

With the number of cyber security jobs expected to grow 36.5 percent by 2022 and an ever-evolving threat landscape, there has never been a better, or more important, time to consider a career in cyber security. To capitalize on this growth, prepare to demonstrate continuous learning, both on and off the job.