A question that I get from time to time from upcoming cybersecurity professionals is:
"What certification should I do to get my first job in cybersecurity?"
There is no certification that will instantly land you a job in cybersecurity. As cliche as it may sound, practical knowledge and experience will always come first and will become very apparent if you know what you say you do during the interview stages for your next role.
However, that doesn't mean certifications, or their classes, aren't worth taking. There are several options that you can take to learn the fundamentals of networking and cybersecurity whether you are looking to get into blue-team or red-team operations.
CompTIA Network+
While not strictly a cybersecurity certification, CompTIA Network+ is crucial for understanding the underlying infrastructure that cybersecurity protects. It focuses on foundational networking concepts, including network topologies, protocols, troubleshooting, and security best practices. This knowledge is essential for anyone who wants to understand how cyberattacks can exploit network vulnerabilities. CompTIA has eLearning options on their website and content can also be studied from resources such as Udemy or Pluralsight.
CompTIA Security+
Considered an industry standard, CompTIA Security+ validates foundational cybersecurity knowledge across common security domains. It covers a wide range of topics, including threats and vulnerabilities, cryptography, access control, risk management, and incident response. This certification is a valuable stepping stone for entry-level positions and can be a prerequisite for other advanced certifications. CompTIA offers multiple resources for studying for the exam including study guides and other on-demand material. People wishing to seat for this exam can also find full-fledged courses covering the exam syllabus on platforms such as Udemy or Pluralsight. The Security+ is often listed as a preferred qualification on many job postings.
Certified Ethical Hacker (CEH)
EC-Council's Certified Ethical Hacker (CEH) certification focuses on the mindset of an ethical hacker. It teaches you to think like an attacker by exploring common attack vectors, penetration testing methodologies, and vulnerability assessments. This hands-on approach provides valuable insights into how to identify and mitigate security risks. EC-Council offers official training on their website with frequent promotions and bundles. While there is no official training, there are a few resources on Udemy and Pluralsight that cover similar concepts and techniques and also include some similar lab formats. The CEH is often listed as a preferred qualification under specific job listings.
GIAC Security Essentials Certification (GSEC)
The GIAC Security Essentials Certification validates a practitioner's foundational knowledge across key cybersecurity domains. It goes beyond basic terminology and concepts, demonstrating a solid understanding of security principles, practices, and technologies relevant to various IT roles. Compared to the other certification options above, GIAC certifications are by far the most expensive when it comes to training and certification costs, however the content in the official SANS Institute training is considered by many to be the gold standard. The GIAC GSEC along with its more advanced certifications such as the GCIH are often listed on many job listings, but are often the most difficult to acquire from both a academic and financial standpoint.
HackTheBox
While HackTheBox is not a certification per-se I wanted to give it an honorable mention. HackTheBox is a great resource, primarily for red teamers such as penetration testers or bug bounty hunters, to practice ethical hacking in a lab environment. It offers a gamified environment where users can test their penetration testing skills by solving challenges on virtual machines designed to simulate real-world security scenarios. HackTheBox provides a safe and legal space to practice hacking techniques, allowing users to learn from their mistakes without causing harm. The platform also offers a variety of learning resources, including write-ups and walkthroughs for retired machines, helping users to understand the vulnerabilities they are exploiting.
HackTheBox also offers an Academy portion of their website, where you can purchase courses aligned with specific skills or job paths such as a SOC Analyst or Penetration Tester. They also have their own certifications where you can show off your achievements.
Overall, HackTheBox is a great resource for beginners to get some practical experience in their portfolio.
Conclusion
There are many more certifications and courses which I have not mentioned above that are also big players in the cybersecurity space, however I wanted to touch on the ones that are the most accessible by beginners in my own personal experience.
I hope that the list above gives anyone who is in the process of finding or advancing their career in cybersecurity some guidance into finding the knowledge they need to succeed in their next position.