The Ultimate Guide For Security Certifications
“I am the wisest man alive, for I know one thing, and that is that I know nothing.” Socrates
No matter how long have you been in the tech field, I am sure you still learn new things every day. There are millions of people discovering and trying new stuff and every second these trials adds new ways to make our lives easier so you need to have the concept of continuous education in your mind.
There is no path that everybody can take and reach the exact same results, it depends on who you are and what is your goal. Also, we can see different people coming from different paths reaching the same positions. The cybersecurity field has many specializations and it is your mission to find what are you passionate about. Depending on your current skills and your goal the path you will go through will differ.
Getting a certificate is important in the industry as it proves your skills for companies and keeps you updated with the latest new techniques. It is not too easy to choose a suitable certificate to take which is why in the following article, we will discuss the requirements to start your first certificate, how to choose your security certifications, and what are the best paths for security certifications in 2022.
Essentials before your First Certification
Well, it depends on your background, maybe you are already familiar with Linux operating system and web development so you don’t have to study them again. It is also fine if you are coming from a non-technical background but it will take you some time to learn the basics that we will discuss.
Networks
Learning networks is a fundamental thing whatever the specialization you will go through, CompTIA network+ certificate is beginner-friendly and will help you understand how the networks work. It contains all the basics you need as a beginner. As a cybersecurity enthusiast, most of your work will be against network testing vulnerabilities so you need to be comfortable with the basic concepts of networks.
There are other security certifications for Networks that are going more deeply in topics but they will not be mandatory as a beginning. Also, N+ discusses the concepts from a neutral perspective and not for a specific vendor.
Linux Operating System
Linux operating system is an open-source operating system and has dozens of distributions, it is an operating system like Windows and macOS, but it is easier to use and most tools, frameworks, courses are using it. Also, networks you will come across will most probably have Linux machines so you need to be familiar with them.
Well, actually you can learn Linux without getting a certificate. There are a lot of great books that can put you on the right track like “Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali”. But if you want to get a certification you can check the CompTIA Linux+.
You can start with any distribution you want, however, we recommend Ubuntu because it will help you install tools yourself and if you are coming from another operating system (i.e Windows) it will be a smooth transition. After that, you can work on any other distribution; they are all almost the same.
We have a section on our platform that can help you boost your Linux skills, you check it here.
Programming
It has been so important to be comfortable with at least one programming language, you can learn any scripting language and I recommend python and bash. Their syntax is easy to understand and will help you write your own tools.
You may also need to learn other web development languages (i.e: HTML, javascript, PHP, MySQL) to understand the web application you are going to test. we recommend participating in programming competitions like google kick start here. You can also practice on platforms like hacker rank and codeforces.
And if you are interested in reverse engineering specializations you can learn low-level languages like C and assembly. It is also important to look at code and find the vulnerabilities in it which is called white-box testing. In our premium package, we have a section for it called secure code review, you can check it here.
Security Fundamentals
After having the previous fundamentals, you need to utilize them from a security perspective, in other words, you understand Linux configurations and file systems so you can detect miss-configurations later and so on.
We have the proper section that is developed for this purpose, you can check our Free Introduction to Cybersecurity course here which includes lessons discussing the basics and challenges to test your understanding.
Now, at this point, you should have found out what field you like the most. Here is a simple figure showing our Fundamentals courses and you can check them here.
How do I get Security Certification?
The following figure summarizes the basics you need before starting looking for your first cybersecurity certificate.
Now, as we have covered the basics, your next step should be to get an entry certificate that can help you get a job in the industry, usually, the company offering the certificate has a study course that should qualify you to pass this exam.
We will discuss what security certificate you should get first and it will depend on your specialization.
What Security Certification should I get First?
In recent years, a lot of new security certifications show up and they are all good but here are our recommendations, you can start with CEH or Security+ and we are going to discuss them in this section:
Certified Ethical Hacker (CEH)
This can be your first certificate in the industry as it covers a lot of security basics, discusses used definitions, and introduces some attacks. Usually, it is one of the certifications required from companies if you are applying for an entry-level job. At least having the certificate will allow you to apply for jobs and get interviews for a junior position.
CompTIA Security +
The same case as CEH, it tests your knowledge and can also get you an interview for an entry job, you can check it here.
eJPT
The eLearnSecurity Junior Penetration Tester will be a great start especially if you are into the penetration testing field, it covers a lot of penetration testing basics and will help you build your methodology.
Recently, the course material has become free and you can start it now from here. The exam is hands-on so it will boost your skills from the technical side. This certificate is recommended by a lot of security professionals in the field if you are a beginner.
Also, you need to test your methodology on your way to preparing for the exam, so you can practice on Beginner-friendly platforms like CyberTalents and TryHackMe.
What is the Best Cybersecurity Certification Path?
Any company has its own roadmap introducing their security certifications, the content is almost the same but the difference is the way showing it and the exam style.
In the following section, we will show the companies’ roadmaps. It is not mandatory to choose one path and follow it all, you can make a mixture between them depending on your goal, it will be helpful to be aware of all exam styles.
eLearn Security
You can check their training paths here, they have paths for network pentester, advanced pentester, incident responder, and purple team member path.
Offensive Security
You can find their certifications here, offensive security is the creator behind the most famous Linux distribution for cybersecurity which is Kali Linux. Their security certifications are highly recommended However it is a bit expensive. They are providing certifications for penetration testing which include the most famous certificate which is OSCP, web application pen-testing, exploit development, and security operations.
SANS
Sans has great courses discussing the concepts in deep detail, they have different paths for penetration-testing, incident response, and monitoring.
You need to know each one has his own path so you don’t need to follow somebody's path or some company roadmap. But here is our updated recommendation for the offensive roadmap, you can add or remove things depending on your goal and comfort.
For the incident response path, you should have a mixture of experience between digital forensics and reverse-engineering, you can check the eLearn path here.
And as we have mentioned before, you can see the prerequisite for a certificate before applying for it. We have an article discussing what is required to apply to malware analysis jobs, you can check it here. And note that you will know your own path once you start.
Can you Learn Cybersecurity with no Experience?
Although it will help at the beginning it doesn't really matter, a lot of security professionals are not coming from an IT background at all. All you need is to utilize your efforts in the right direction and be patient then enjoy reaping your efforts.
Top Security Certifications you should have in 2022
This year has begun with a lot of important events regarding security certifications as OSCP has changed the exam approach to focus on the active directory topic more which is a good thing because the active directory is a thing you will come across a lot when you are facing real networks.
Offensive Security has made a lot of changes regarding all paths by adding updated materials and retiring old ones. Also, the PNPT has found its way in the industry to be recommended by a lot of security professionals as it covers a lot of topics that do not exist in certificates with the same budget.
So yes! In 2022, the previously mentioned certifications are still recommended, but keep in mind that you need to practice and try harder to sharpen your skills.
Check this article to know what companies consider when selecting job candidates.