Certifications

While a college degree opens the most doors for career advancement, employers increasingly want to see certifications. This page contains my subjective evaluation of different certifications. There are hundreds of cybersecurity certifications, but I've focused on ones that I think will give you the most benefit for the investment of time and money.

Certification Prep

  • Take practice tests. Focus on the questions that you got wrong and dive deeper into those concepts. You might know something about a topic, but the certification exams will ask about a topic in a specific way. ExamCompass provides free practice tests.
  • Learn the acronyms. When taking certification exams, just knowing the acronyms will help you eliminate wrong answers.
  • Make flashcards. Use Anki or Quizlet.
  • Use services like tryhackme or hackthebox for hands-on, experiential learning. Doing hands-on exercises can often help learn concepts better than just reading books or watching videos.

Choosing Certifications Worth Pursuing

  • Stick with well-known certifications. An off-brand certification might teach you helpful content, but you might not make it past the Human Resources screening tools with an unknown certification.
  • Use the Department of Defense Approved 8570 Baseline Certifications as a guide for determining which certifications are well-known and respected.
  • Use the Cyber Seek Career Pathway to investigate certifications specific to your career interest. Certifications relevant to penetration testers will differ from managers.
  • Look at job postings for positions you want. If you see the same certification show up multiple times, it might be worth pursuing.

Getting Started

  • CompTIA A+. This certification prepares people for help desk work. It teaches foundational concepts of hardware and operating systems.
  • CompTIA Network+. The Network+ focuses on computer networking. If you have a strong grasp of computer concepts, you might skip A+ and go right to the Network+ certification.

University and Early Career

  • CompTIA Security+. This is the most universal, entry-level cybersecurity certification. Security+ covers a wide range of topics, so it helps you avoid blind spots. It also does not require work experience to take the certification exam. Security+ is the third certification in the "CompTIA trio." If you have the Security+, people will assume you know the content in the Netowrk+ and A+ certifications.
  • EC Council Certified Ethical Hacker (CEH). Many employers seek this certification for entry-level cybersecurity work. It is more tool-focused than Security+. But because of its focus on tools, some of the content gets dated quickly.
  • Cisco Certified Network Administrator (CCNA). If your focus is networking infrastructure, the CCNA is very well respected. Though it focuses on Cisco's hardware and software, the skills are relevant to any computer networking platform.

Once you have a job, your employer might pay the certification exam fees. Work with your supervisors to develop a training and certification plan.

During Your First Job

  • Certified Information Systems Security Professional (CISSP). If you plan to go the managerial route, earning this certification will open doors. This certification emphasizes process and managerial concerns. You need years of experience before you can sit for the exam. It is possible to site for the CISSP Associate before having the required work experience, but I'd recommend earning other certifications until you can sit for the full certification.
  • CompTIA PenTest+. This is CompTIA's alternative to the Certified Ethical Hacker. It is a good fit for people interested in penetration testing.
  • Offensive Security Certified Professional (OSCP). If you want to be an ethical hacker, get this certification. The certification exam requires that you exploit vulnerabilities and write reports. It is more challenging and respected than the PenTest+ certification.

Later

  • Seek GIAC certifications specific to your role. Your employer should pay for the training course and certification exams. These are quite expensive.
  • Certified Information Systems Auditor (CISA). If you're auditing systems, this may be required.
  • Just keep learning. Refresh your existing certifications. Ask your peers which certifications they are pursuing.