After a long discussion with friends, which certifications are useless / nice to have / usefull?
The most common ones I see on resumes and job boards are:
* **A+** | CompTia | Basics of IT/Networking | Good to have if you lack foundational experience, not important for InfoSec at all. You won’t find this on a CyberSecurity job posting.
* **Network+** | CompTia | Intermediate Networking | Covers all the important definitions and technologies around networking. Good to have for InfoSec if your networking knowledge is weak
* **CCNA** | Cisco | Intermediate Networking | Cisco’s version of a Net+ (Or maybe Net+ is CompTias version of a CCNA?). More difficult and technical than a Net+, specifically focuses on cisco devices but it well respected enough to carry as much weight, if not more, than a Net+.
* **Security+** | CompTia | Basics of CyberSecurity | Must have for almost every CyberSecurity role.
* **CEH** | EC-Council | Basics of Cybersecurity | See r/jokes. No really, this is a worse version of the Security+ but four times as expensive. Cool name, which is why a lot of newbies want it/get it. Only get it if your employer really wants it. Has nothing to do with “hacking” but your friends and family don’t have to know that, so you get to be the impressive guy at the next barbeque.
* **CySA+** | CompTia | Intermediate CyberSecurity (Threat hunting/analysis) | Great for people wanting to get more into forensic or Pentesting type role. A solid way to expand knowledge for red and blue team professionals
* **Pentest+** | CompTia | Intermediate CyberSecurity (Pentesting) | This is your “entry level” pentesting (Red Team) cert. It has good content, and even “Blue Team” professionals seek it.
* **CASP+** | CompTia | Intermediate/Advanced CyberSecurity | This is a good cert for getting advanced technical knowledge, and showing you have it. It sits somewhere between middle and high in terms of difficulty and content.
* **CISSP** | (ISC)^2 | Advanced CyberSecurity| Extremely difficult and highly respected cert that focuses more on managerial/administrative side of Cybersecurity but demands a solid understanding of the technical side. Requires 5 years experience to acquire along with passing the insanely hard exam. Dollar dollar bills coming your way if you get it, as it’s basically a six figure guarantee no matter where in the US you live.
* **OSCP** | Offensive Security | Advanced Pentesting | The CISSP of the pentesting certs. Insanely difficult, commands a lot of respect. The test is unusual in that it’s not an exam, but trial-by-fire; you have to crack five machines in 24 hours.
* **CISM** | ISACA | Advanced CyberSecurity (Compliance) | Similar to the CISSP minus all the technical stuff, and more narrow in scope. A good cert to have for compliance and risk managers that don’t necessarily need to have the depth of technical knowledge that a CISSP demands.
Your email address will not be published. Required fields are marked *
Save my name, email, and website in this browser for the next time I comment.
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Username or Email Address