Cyber Security Certifications

[Hopalonghacksaw]

I have just recently got into cyber security and penetration testing as a hobby and it something I might look at for a job. I am just in high school so it would not be a big change if I decided not to pursue it. I have done some research about what you need to be qualified in the field and found that besides a computer related degree you want to have certifications.I have spent a decent amount of time just messing with Kali Linux and have a good knowledge of programming down. .I have tried the bug bounty thing and made a bit of money off of it but I just don't have the skills yet so I am wondering if it would be a good idea to pursue a certification of a any sort in hacking or penetration testing. I have heard about the CompTIA Pentest+ and Security+ certifications but they are not very hands on, I have also heard about the CEH Certification (Certified Ethical Hacker) and did not know if it was very hands on or not. I only have about $400 to spend right now so it would be great if it were close to that price. I have also read places that people thing certifications are just resume fillers and that they don't show real skill except for OSCP and other lab based tests.  For the future what degree would you recommend for cyber security. I have a goal of owning a penetration testing company at some point and don't know if I should also change the degree for like bushiness management or something similar. Any Input helps

[Phentos]

You're going to also want to brush up on your networking knowledge too. The Security+ exam has quite a bit of networking-based questions. I also highly recommend getting your A+ certification out of the way too, and possibly Network+ unless you're fully confident you can handle Sec+.

 

The Pentest+ could be more focused on the security aspect though, but I'm not sure if that exam requires any lower tier CompTIA certs like A+.

 

Employers care about technical certifications but they also tend to really want degrees too, not only Comp Sci but other STEM stuff as well (excluding medical). Prior experience can be used in lieu of a degree but you have to really show off your skills and be self-sufficient in your tasks (no googling ).

 

Source: Took Sec+ exam a year ago. Also working in the IT field.

[crotach]

I'm going down this path right now as a career change. I've always been interested in this, but somehow ended up in different roles.

 

ISC2 CISSP is very sought after certification, but this is not so technical and as a result not so hands-on. I have my certification exam scheduled for March.

 

I'm currently doing CCNA (Cisco Networking Academy) CyberOps and Security courses, both are good and there's some overlap between them so it makes sense to do both at the same time. 

 

I've done Digital Forensics and Information Security at Masters level last year with Open University, that was very interesting and Digital Forensics has more technical activities, but in general they're both at a higher level.

 

If you wish to stay on the technical side I think EC Council ETH (ethical hacking) is a better certification to pursue. That will be my next goal once I'm finished with CCNA.

[TacoSenpai]

Sec+ from CompTIA (I have one myself).  Not so much difficult as it is tricky but great foundation and place to start.  You will have to study and take practice test particularly if its your first cert you are going for I personally recommend Darrel Gibson.

 

http://getcertifiedgetahead.com/

 

CASP is the next natural step up from that and I haven't taken the exam though as you can imagine a bit trickier and tougher also offered through Comp TIA

 

CISSP is offered through ISC^2.  This is the one to go for...eventually.  I'm sure you know and have heard that its a tough exam.  From what I understand in recent years its been changed to be an adaptive test and will ask more questions from a domain if it sees you getting those ones wrong.  Haven't taken or studied for it myself here is some more information on it as of 2017.

 

https://www.certmike.com/cissp-changes-adaptive-testing/

[rcmaehl]

Security+ will get your foot in the door but I woudn't take the test unless you can also pass the A+ and Net+. Afterwards getting security clearance will semi-easily get you into contract netsec work. Just be advised security clearance is a MULTI MONTH process and any provable lie will get you disqualified in an instant. 

[TacoSenpai]

3 minutes ago, rcmaehl said:

Security+ will get your foot in the door but I woudn't take the test unless you can also pass the A+ and Net+. Afterwards getting security clearance will semi-easily get you into contract netsec work. Just be advised security clearance is a MULTI MONTH process and any provable lie will get you disqualified in an instant. 

Yeah certs aside.  When coming to any clearances don't lie about anything.  Its implied but part of the process is that they are testing how exploitable you are and if you are honest about stuff whether its say (a addiction you got treatment for or previous money problems) then its no longer a secret that can be exploited.

 

Bottom line just be honest.

[Hopalonghacksaw]

Ok thank you all for the recomendations. I will definetly start with the basics before I move on. I will probably do some online study guides for A+ and Net+ to start and go from there.