Certifications seem to be on everyone's mind nowadays, but why is that the case? After all, it's just some fancy piece of paper, right? As it turns out, certifications, while sometimes controversial, can play a massive role in your cyber security career. Throughout this blog post, we'll explore the ins and outs of certifications and what exactly they mean.
For many, certifications can be the doorway into a career in cyber security. Be it in the form of sequential training or landing your next role, certifications and their respective courses can match up with your experiences, proving to employers that you really know your stuff. While this can vary a bit, let's dive into the employer perspective to better understand what we're getting into.
Getting your First Certification
Have you ever looked at a cyber security job post and thought, wait, that's a ton of experience and requirements for even just an entry level job and I'm not even sure where to start? If so, first, you should absolutely check out the previous blog post in this series on getting into cyber security. You can find that post here! Secondly, the information provided here is incredibly valuable. Jumping between positions can be tricky at it's best and downright confusing otherwise. However, job posts can often provide many of the answers required in order to make this leap.
Often provided at the top of job listings, certifications, coupled with years of experience, can be found center stage. HR departments, those actually handling the hiring for companies, will work hand-in-hand with department managers to map out different certifications that they desire within their team. More than not, multiple similar certifications will be listed, creating a rather daunting list. Employers will often list multiple to allow variance within applicants, allowing us as job seekers to start plotting out our own training. While this may vary from employer to employer depending on the certifications they actually want, leveraging job postings in this manner can be incredibly affective in growing into the roles and goals you've set for yourself.
When to Get a Certification
Now I know what you may be thinking, it's a great idea to just start stacking certs on certs, making yourself appear larger than life on paper. Situationally, this might be a great idea, however, in general cert-stacking can be a tricky endeavor. Where possible, it's better to match your own personal experience with the certifications that you're seeking. This way, you create a sort of flip-flopping pattern wherein your experiences (such as having completed one of the learning paths on TryHackMe!) truly do add up to the certs you've obtained.
Career Path Specific Certifications
Before we continue, there's a common misconception that certifications are really only focused on the offensive side of things and that really cannot be further from the truth. As you advance in your own studies, you'll find that one area will often catch your interest more than others. Specialization is a natural part of advancing within your career and this is great for increasing your own skillset! Now, with regards to certifications, it's worth noting that this is where your own research can come into play. Once you know where you want to focus, searching around on the web and asking either your constituents or coworkers can be heavily beneficial to finding the right cert for you. Be it malware development, iOS forensics, or otherwise, there's likely a training path available for you!
The Two Major Reasons for Certifications: Education and Career Advancement
Let's take a step back now and refocus on how to know better what certifications to ultimately get. While I've alluded to this at points throughout this post, there are a few general rules of thumb for what certifications are ultimately going to be the most bang for you own buck. First, consider why you're seeking a certification. Let's delve into the two major reasons for certs: education and career advancement.
Getting a cert for the sake of learning? Awesome! Beyond just the quality of the content taught in the coursework, there isn't a lot to consider here. Generally speaking, while cost is a major factor, the biggest item you'll want to consider is the experiences others have had with whatever course you're pursuing. This is where asking around can provide some great insight and provide the determining information on if a cert is worth it in your use case.
What about if you're looking at advancing in your own career? Standardization and popularity of the certification in question can play a massive role for this reasoning. While asking employers in your area will often be the best point of reference, one of my favorite resources here is actually one put out by the United States Department of Defense. Keep in mind, it's advised to check your local government (or ask in the TryHackMe Discord community) for similar resources to this, however, the DOD 8570 baseline certifications list can provide an excellent starting point: https://public.cyber.mil/cw/cwmp/dod-approved-8570-baseline-certifications/ between recommendations and standardized lists like this, finding what certifications to get can be as easy as just a little bit of research.
Armed with your list of potential certifications, the next big item to cover is cost. While often times your employer will cover one if not multiple certifications throughout the year, individuals are typically not so lucky. When examining your next potential cert, the best descriptor to look at here often is bang-for-your-buck. Consideration of cost of additional prep materials and reviews of courses can provide timely guidance in this case.
How TryHackMe can Help
As you prepare for certifications, consider as well where TryHackMe (a free platform for learning cyber security at any experience level) can be of assistance! Not only is the community a great place to ask about certs in general, rooms on TryHackMe can provide amazing and either free or low-cost practice. Taking into account what each certification covers, it's very easy to match up different rooms within the Hackivities page with the topics you're ultimately studying. Not only does this provide excellent certification practice, rooms completed in this manner will often link to other resources and rooms, cementing your learning in real-world experience!
Certifications may not be the total picture to moving forward in infosec but they're a fantastic way to grow your own skillset. As you journey, be sure to tweet at TryHackMe if the training here helped land you a certification or even better, a full on job! We love to see members in the community grow and join in on the congratulations!