TechTernative

IT/Cyber Certifications for Aspiring Professionals

by

Joe Smith
in ,

If you have been around any IT/Cyber Professional, you have probably heard about certifications and how they can raise your market worth. If you are new to the world of IT/Cyber certifications are tests that certify your understanding about the X subject. In today’s market, it is tough to stand out from your peers, certifications are simply one way to stand out from others. “What certs are good?” “What certs should I start with?” “Are certs even worth it anymore?” These are all questions that are floating around the profession these days.

My answer: Yes, certifications ARE worth it, if you do them correctly. There are plenty of people with certifications tied to their name that do not actually know anything related to the topic. It is a pump and dump to pass the exam to say you have the certification. You want to HAVE the knowledge and be able to speak to MOST of it after the exam. Do I remember every single detail about all of the certifications I have? No, however, I remember most. If you are only taking the exam to get the cert I don’t think they are worth it because your lack of knowledge will be recognizable during an interview.

What certifications do I currently hold?

I have a few certifications left that I keep current. I gathered a lot of certifications early in my career and they are just too much to keep current. I have let about half of my certifications expire because I just don’t need all of them and I don’t WANT to spend the time renewing 15 certifications. I’m currently hold the following:

  • Azure Fundamentals
  • GSEC (GIAC Security Essentials Certification)
  • CCNA (Cisco Certified Network Associate)
  • CCNP Security (Cisco Certified Network Professional)
  • CISSP (Certified Information Systems Security Professional)

Top Entry-Level Certifications

Comptia Security+

Comptia is a pretty entry-level gold standard when it comes to certifications. They are vendor agnostic certifications, which is why a lot of people use them because it translates to more environments. It covers the basics of the environment not the products of the vendor.

There are other Comptia exams such as A+ and Network+. If you have no experience in anything computers then A+ is a good start. I’m assuming that you have some experience with computers. Network+ is a great basic exam but I think that enough of it is covered in Security+ that you may be able to skip Network+ and jump straight into Sec+.

Some topics covered:

  • Threats, Attacks, and Vulnerabilities
  • Architecture and Design
  • Implementation of Controls
  • Operations and Incident Response
  • Governance, Risk, and Compliance

Cost: $404

GSEC

GIAC is a top industry umbrella of certifications. They hold a lot of weight in the community. GIAC is also vendor agnostic. THEY ARE EXPENSIVE. The only reason I have a GSEC is because it was paid for. Otherwise, I was studying for the Sec+ exam and my company said “do you want to go to the GSEC bootcamp instead?” ABSOLUTELY! This is very similar to the Sec+ with additional hands-on learning that is focused on. They dive into a bit more of the how and not the what.

Some Topics Covered:

  • Network Security
  • Defense-in-Depth and Attacks
  • Threat Management
  • Cryptography, Risk Management, and Response
  • Linux Security
  • Windows Security

Cost: $979

CCCA (Cisco Certified CyberSecurity Associate)

Cisco is a world known company for networking and security. These are focused more on cisco products, which is why I try to steer people away from them a LITTLE. The core competencies are there just in the way of how Cisco does it. But, there is always good solid ground for everything.

Some Topics Covered:

  • Security Concepts
  • Security Monitoring
  • Host-Based Analysis
  • Network Intrusion Analysis
  • Security Policies and Procedures

Cost: $300

CCNA

This is an honorable mention. This is all around networking. Again, its cisco based but, it is VERY good to learn the basics from the networking starters of the world. Cisco really brought networking to the forefront over the last 40 years. The concepts are universal across networking.

Cost: $300

Intermediate and Advanced Options

Certified Ethical Hacker (CEH)

The CEH is here because it[ sounds cool. Really. ETHICAL HACKING!? Heck yeah! But, seriously I do know a few people with this certification, and they do pentesting and the cool stuff. I was studying this a little bit back in the Army days, but never went through with the exam. Just not my speed. But, if you are looking to break into blue team things, this is a great exam to understand the current landscape of hacking.

Topics Covered:

  • Information Security and Ethical Hacking Overview
  • Reconnaissance Techniques
  • System Hacking Phases and Attack Techniques
  • Network and Perimeter Hacking
  • Web Application Hacking
  • Wireless Network Hacking
  • Mobile Platform, IoT, and OT Hacking
  • Cloud Computing
  • Cryptography

Cost: 1199 + 100 Application fee

Cisco Certified Network Professional (CCNP) Security

This is the next level of Cisco’s exams. It goes Associate, Professional, and Expert. There are a few different Professional level Cisco exams, enterprise networking, Security, Cybersecurity, etc. The CCNP Sec is the one I currently hold so I am going to speak to it. The professional level cert consists of at least 2 different exams to get the cert. You need to pass the Core exam and then a specialty exam to complete the CCNP.

The core exam is very salesy. You cover all of the products and what they provide to the users and it was really just not great. 1 inch deep and 10 miles wide. The specialty exams are more specific but they do get into some really nit picky questions. Stuff that doesn’t matter when it comes to working in the real world. Cisco exams are tough exams because it covers stuff that… doesn’t matter much in the real world.

Exams:

  • Cisco Security Core
  • Cisco Security Firepower
  • Cisco Security Virtual Private Network
  • Cisco Security Identity Services Engine
  • Cisco Security Web Security
  • Cisco Security Email Security
  • Cisco Security Automation
  • Cisco Security Secure Cloud

Cost: ~$700  Core: $400 + Specialty: $300

Certified Information Systems Security Professional (CISSP)

The CISSP is one of those top-tier exams. I’m not sure I believe it. It is a good exam and it takes a bunch of time to study and learn it, but I am not sure it’s the BEST exam. It is globally recognized and has all of the buzzwords. There are requirements for this exam. You need to have 5+ years working in one of the core competencies. You can take the physical exam whenever you want. But you will not be granted the full certification until you have verified your 5+ years in the profession.

Topics Covered:

  • Security and Risk Management
  • Asset Security
  • Security Architecture and Engineering
  • Communication and Network Security
  • Identity and Access Management (IAM)
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security

Cost: $749 + $135 Yearly maintenance fee

Choosing the Right Certification

When it comes to choosing the right certification, you need to have some sort of idea of where you want to be in 5 years. Obviously, things change and they can change quickly. If you don’t know where you are going to be in 5 years, then just start with one of the basic certifications.

I would suggest to go with the Sec+, as it is my go-to for new professionals. I think it covers so much of the basics and it does not cost a lot of money. If your job is going to pay for the exam, I would stretch for the GSEC. It is much more in-depth than the Sec+ but the price point puts it behind Sec+ for the average person.

Ultimately, it comes down to knowing what you are interested in and where you are going to be. My path was GSEC à CCNA à CCNP Sec à CISSP.

Conclusion

Are Certifications worth it? In some ways they are. They do show that you are willing to take the time to learn and become better in your role. That is a huge plus when I talk to people. What are you willing to do on your own that will make you better? I appreciate those that take personal time to become better in their craft. Have I seen a crazy bump in opportunities and pay? Not really. Some places will say they value certifications but, I’m not sure they value them in the way everyone wants, more money. However, getting those certifications helped me LEARN what I NEEDED in order to step up and be a top employee.

I would always suggest if you can swing it, get the certification to hone your craft and knowledge.

Stay Curious. Stay Strong.

Joe

Remember to follow us on the following socials:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *