A question that I get from time to time from upcoming cybersecurity professionals is:
"What certification should I do to get my first job in cybersecurity?".
There is no cybersecurity certification that will instantly land you a job in cybersecurity. As cliche as it may sound, practical knowledge and experience will always come first and will become very apparent if you know what you say you do during the interview stages for your next role.
However, that doesn't mean certifications aren't worth taking. There are several options that you can take to learn the fundamentals of networking and cybersecurity whether you are looking to get into blue-team or red-team operations.
CompTIA Network+
While not strictly a cybersecurity certification, CompTIA Network+ is crucial for understanding the underlying infrastructure that cybersecurity protects. It focuses on foundational networking concepts, including network topologies, protocols, troubleshooting, and security best practices. This knowledge is essential for anyone who wants to understand how cyberattacks can exploit network vulnerabilities. CompTIA has eLearning options on their website and content can also be studied from resources such as Udemy or Pluralsight.
CompTIA Security+
Considered an industry standard, CompTIA Security+ validates foundational cybersecurity knowledge across common security domains. It covers a wide range of topics, including threats and vulnerabilities, cryptography, access control, risk management, and incident response. This certification is a valuable stepping stone for entry-level positions and can be a prerequisite for other advanced certifications. CompTIA offers multiple resources for studying for the exam including study guides and other on-demand material. People wishing to seat for this exam can also find full-fledged courses covering the exam syllabus on platforms such as Udemy or Pluralsight.
Certified Ethical Hacker (CEH)
EC-Council's Certified Ethical Hacker (CEH) certification focuses on the mindset of an ethical hacker. It teaches you to think like an attacker by exploring common attack vectors, penetration testing methodologies, and vulnerability assessments. This hands-on approach provides valuable insights into how to identify and mitigate security risks. EC-Council offers official training on their website with frequent promotions and bundles. While there is no official training, there are a few resources on Udemy and Pluralsight that cover similar concepts and techniques and also include some similar lab formats.
GIAC Security Essentials Certification (GSEC)
The GIAC Security Essentials Certification validates a practitioner's foundational knowledge across key cybersecurity domains. It goes beyond basic terminology and concepts, demonstrating a solid understanding of security principles, practices, and technologies relevant to various IT roles. Compared to the other certification options above, GIAC certifications are by far the most expensive when it comes to training and certification costs, however the content in the official SANS Institute training is considered by many to be the gold standard.
HackTheBox
While HackTheBox is not a certification per-se I wanted to give it an honorable mention. HackTheBox is a great resource, primarily for red teamers such as penetration testers or bug bounty hunters, to practice ethical hacking in a lab environment. It offers a gamified environment where users can test their penetration testing skills by solving challenges on virtual machines designed to simulate real-world security scenarios. HackTheBox provides a safe and legal space to practice hacking techniques, allowing users to learn from their mistakes without causing harm. The platform also offers a variety of learning resources, including write-ups and walkthroughs for retired machines, helping users to understand the vulnerabilities they are exploiting.
HackTheBox also offers an Academy portion of their website, where you can purchase courses aligned with specific skills or job paths such as a SOC Analyst or Penetration Tester.
HackTheBox is a great resource for beginners to get some experience in their portfolio.