Navigating the World of IT Security Certifications - Which Path is Best for Me?
A good friend of mine interested in infosec as a career asked me the other day, "What certifications should I get, and which do you have?" As an IT security professional with a few certs up my sleeve, this is by far the most common question I receive; "What path do I take?" This is a very good question; just take a look at this list of IT certifications. There's a LOT. Personally, I have the CEH, CNDA, and CompTIA's Security+, and I'm currently working towards the OSCP. However, this path is going to be quite different for nearly everyone, depending on both your desired career, and other circumstances such as time and money. I'm going to break it down the best I can in this blog to help those beginners navigate the sprawling world of IT certifications.
First, I want to address the topic of degrees versus certifications. Many undergrads/prospective students of information technology fail to understand that the IT industry today is driven more by experience and certifications than degrees. Here in the US, undergraduate and graduate degrees have become astronomically expensive. What most don't understand is, they can only get you so far in your career. Without real, hands-on experience, you're not going to go straight to the top by achieving an M.S. It will remove several years of required experience for you, but, if that's going to financially destroy you, I believe personally you should get your Associate's from a community college (or online), rack up certifications, and then start working. Save up, get experience. That will get you further than any degree.
I like to think of degrees as important stepping stones, or perhaps propellants for one's IT career. They are not a necessity, at least at first. Depending on how far you wish to go, and how long you're willing to work lower-level jobs, you will absolutely be able to achieve your dream job without astronomical debt.
At the same time, I don't want to discredit degrees. If you have the resources, they are absolutely worth the time and effort. The money aspect however is going to be completely subjective. I just want everyone to understand that you can excel in the information technology field without a B.S./M.S. Just be prepared to put in the time, do the grunt work, and save up, while maybe considering a degree for the future. Higher level jobs will require degrees regardless; but remember that sometimes, job requirements are actually recommendations. Degrees cannot replace experience and relevant certifications.
'Which cert is right for me?' 'Where do I start?' These are important questions that you have to ask yourself if you're serious about an IT career. There are a TON of options, but many are respected/recognized by more employers than others, and many are specific to single jobs. I have more knowledge in the security/general networking worlds than anything else, so I will focus on those career paths, and then provide guidance for others. First, let's start with the basics.
Start with CompTIA if you are totally new to information technology. If you want to take the route of a PC technician or something similar, get their A+ degree. It is widely recognized and respected. If you are chasing an associate's/bachelor's/or even a master's in a networking field and you don't have much experience, you will benefit most from the Network+. Likewise, if you are new to the security field and don't have any other certs/little experience, get the Security+. The Security+ and Network+ certifications are a bit tougher, but will get you great jobs in the industry. These are the best IT certifications to begin with and are typically considered more essential than degrees. I recall an old boss of mine turning down someone with a master's over someone who did not have a master's. The single reason? One had Security+ and a little experience. The other did not. These certificates are the real deal. If you're a real overachiever, you can go for the "triad," which is a common phrase for all three certs listed above (A+, Network+, Security+). This may not be totally necessary, but it will definitely put you ahead in applications. Also, having A+ and Network+ knowledge will make most of Security+ a breeze. You'll excel on the job without a doubt.
There are other great networking-related certs that I want to mention. Cisco is a widely-known company and has their own certs that are extremely well received in the community, namely the Cisco Certified Entry Networking Technician (CCENT), Cisco Certified Technician (CCT), and the Cisco Certified Network Associate (CCNA). I worked with a great analyst who had the CCNA. His technical knowledge was insanely impressive and he was the best coworker I've ever had. I wish I had asked for his other certs, I know he had at least three. At the same time, I have no idea if he had any degrees.
Before I start to list out the top certifications for today along with job examples, one more question; are you looking to do Department of Defense work one day? If so, they have their own lists of levels/requirements that define exactly what certification(s) you will need (click here for more info). For example, an IAT (Information Assurance Technical) Level II position would be available to you if you had a Security+. However, a Level III position would require a CISSP, and that could be a totally different career path (administrative rather than technical). This will all make much more sense once you get started in IT. Don't worry too much about what you'll need in the future, focus on what you need right now to make your next desired career move.
There are SO MANY career paths related to IT that I've decided to list the top 10 proctors of today's most desired certifications, their certifications, and an example job/scenario for each. This should make it much easier for you to find the certification you need, or simply discover the relationship between certs and different jobs. Outside of this list, and my opinions/experiences above, I highly recommend you go to LinkedIn/Indeed/ZipRecruiter, search for your dream job, and then google, "certifications for <insert dream job here>." Most importantly, find what works best for you and makes you feel best. Keep in mind this is just a high-level overview to help others make decisions and understand the relationships between jobs and degrees; do not use this as your sole resource for obtaining certifications. Also, I decided to leave out Microsoft, because there are too many to reasonably list without giving an overwhelming amount of information.
The format is going to be the following:
-Certification that they offer
-An example position that could utilize the given certification above.
-Adobe Certified Expert (ACE)
-Adobe Certified Associate (ACA)
-AWS Certified Cloud Practitioner
-AWS Certified Solutions Architect
-AWS Certified Developer
-AWS Application Developers
-AWS Certified SysOps Administrator
-AWS Systems Administrators
-AWS Certified DevOps Engineer
-Various AWS Engineer/higher-level positions
-Network Technician, SysAdmin, IT Specialist
-Network Engineer, Security Analyst, IT Manager
-Network Design/Support Engineers
-CCNP Routing & Switching
-Network Analyst/Engineer, etc
-PC Technician, General IT Support
-Network/Junior Network Admin
-Security Analyst, IT Security Staff
-Junior penetration tester, threat analyst
-Network Defense/Security Architect
-Information Security Officer, etc.
-IT Forensics, Analysts, various positions
-Information Systems Auditor
-IT Security Manager positions/Incident Response
-IT Risk Management/Threat/Vulnerability Assessment
-Various administrative roles in IT/IT Security
-Information Security Officers/high-level government IT positions
-Penetration Tester/Ethical Hacker
-Oracle DBA, Oracle database-related roles
-Database Administrator, high-level database management roles
Thanks for reading. I received a lot of love for my previous post about the CEH and I am thankful to give back even a little knowledge. I hope this helps someone make a decision, and as always, feel free to reach out with any questions. Everyone's path is going to be different, and everyone's going to give you a different opinion on which certification is better than another. Figure out your desired path, write down your desired certifications, make your goals tangible, and you can do anything. Good luck!