• Disable User
  • Posts
  • Top 5 Cyber Security certifications and matching job roles

Top 5 Cyber Security certifications and matching job roles

Security like I'm five

Author

Disable User
December 20, 2022

In Security like I'm five I cover a broad range of security topics. I do all the hard work, and explain it to you in a practical matter, so that even a five year old would understand. Sort of.

In this post I'll be talking about certifications in Cyber Security, and what certification is best for which job role.

In this post

➡ What certification should you get?➡ Popular Cyber Security Certifications➡ A word of advise from ya boy.

reading time: 

What certification should you get?

The most asked question I see in Cyber Security related groups & pages is"what certification should I get?".While there is a lot of information to be found, I get why people seek guidance.There's not really one-ring-to-rule-them-all, and there's a lot of factors to take into account.

So it this article going to do what others could not? Doubtful. I'm good, but not that good.It is however going to be a bundle of information about the most sought-after and achieved certs.Bonus; I'll add a personal view of what a decent career path in CC could look like.

The degree-debate.

Something else I see trending nowadays is "sh*tting over degrees":"you'll learn more from certifications""a degree is waste of time, you'll get more from hands-on experience"

While I do not agree or disagree with any of those statements, I think there's one rule to live by*;

Whatever your opinion is on degrees, don't discourage others to get one.

*bonus tip: you can use this for everything in life.

While it is cool to hate on, and tell tales about billionaires who never finished school. For most people, it's a good idea to go to school and get a degree. Why? Because you learn a lot of basic stuff.What they can't teach you are things like business risk appetite and how to manage users. But what they will teach you is basic coding, network knowledge and other insights which will aid you in becoming a good security professional.

That being said, I never finished school. But I had NO IDEA what I was going to do with my life back then.If I had to do it all again, I'd finish school.

Popular Cyber Security Certifications

Security+ - the basics we all need.

What is it?The Security+ certification covers a wide range of topics, including network security, compliance and operational security, threats and vulnerabilities, application and data security, and access control and identity management.It provides a very well-rounded basic introduction into everything (cyber) security.

Potential job roles?Security EngineerSecurity AnalystWhat does it cost?Not taking study material into account, Security+ is the cheapest in the list. $370 for just the exam.There is a bundle included an exam retake and the official study book, for $565. I advise you to take that one.Exam retakes can be handy, certainly if it's your first time.Recommended study guides?Always use the exam outlines the vendor provides. Those are the one and only true source to the exam topics.Not saying it's easy, but it is basic. So you will probably manage with a good book and an online course.Non-sponsored recommends:CompTIA Security+ Study Guide: Exam SY0-601 - on Amazon or any other site that sells booksCompTIA Security+ (SY0-601) Complete Course & Exam - on Udemy.

CEH - the good guy hacker

What is it?CEH (Certified Ethical Hacker) is a professional certification for individuals who work in the field of ethical hacking. Ethical hacking, also known as "white hat" hacking, involves using the same methods and tools as malicious hackers, but in a legitimate ways in order to identify and mitigate vulnerabilities in computer systems and networks.If you're looking to pursue a technical career in Security, this would be a good next step after Security+.

Potential job roles?Security AnalystPen testerSOC operations engineer

What does it cost?Grab yourself a seat, 'cause this ain't cheap.$100 exam fee, and a whopping $1,199 for the exam voucher.

Recommended study guides?If you still have any money left after buying the exam voucher, EC Council offers a full training program.You can also find it through EC Council partners, which - depending on the partner -  is often cheaper. The training program comes with an exam voucher, and everything else you'll need.

CISSP - the golden standard

What is it?"A vendor-neutral certification that is recognized internationally as a standard of excellence in the field of information security."Aka, this is for the big doggs. Don't underestimate this one, it's the most respected certification in the field, with reason. Also, the requirements are quite steep.

To become a CISSP, an individual must have at least five years of cumulative, paid work experience in at least two of the eight domains of the CISSP Common Body of Knowledge (CBK). The eight domains of the CBK are:

  • Security and Risk Management

  • Asset Security

  • Security Engineering

  • Communication and Network Security

  • Identity and Access Management

  • Security Assessment and Testing

  • Security Operations

  • Software Development Security

So when you actually pass the requirements, there's the exam. The questions asked are multiple choice, but there is no wrong answer. Just least-right to most-right. You need to score well in all 8 domains. So during the exam it will constantly monitor your progress. If you give too much least-right answers on one domain, you'll fail and the exam is over.Let's imagine you passed it, then there's this:

"The CISSP certification is valid for three years, after which time individuals must complete continuing professional education (CPE) credits in order to maintain their certification."So yeah, worth it? Yes, very much. Hard? Also yes, very much.

Potential job roles?Security ArchitectSecurity ManagerCISOSenior Specialist What does it cost?$749, that's it.Recommended study guides?CISSP Certification: CISSP Boot Camp UPDATED 23 - on Udemy.The Official (ISC)² CISSP CBK ReferenceOfficial (ISC)² CISSP Study GuideOfficial (ISC)² CISSP Practice Tests - do these, a lot. For any security cert I'd say: get familiar with practice tests.

CISM - for the managers out there

What is it?CISM is quite the same as CISSP. Really? No.CISSP is a more general certification that covers a wide range of topics related to information security, while CISM is specifically focused on the management of information security within an organization. CISSP is geared towards technical roles, while CISM is geared towards management roles.To become a CISM, an individual must have at least five years of cumulative, paid work experience in information security management, with a minimum of three years of experience in the three domains of the CISM Job Practice:

  • Information Security Governance: Developing and maintaining an organization's information security policies, standards, and procedures.

  • Information Risk Management: Identifying, assessing, and managing information risks to the organization.

  • Information Security Program Development and Management: Developing and maintaining the organization's information security program.

The exam is also very different. ISACA (the company responsible for CISM) has a very weird way of asking questions.They do however use the same method as CISSP, with least-right to most-right answers.If you do the exam, make sure to read my recommendations on study guides.

Potential job roles?Security ManagerCISOSecurity ArchitectWhat does it cost?The exam itself costs $760 the first time. This includes checking your credits the first time. If you had this done before, for any other ISACA cert, you will "only" need to pay $575.There's also an annual membership fee of $50 you need to pay before you can do any exam.Recommended study guides?CISM Certification: CISM Boot Camp 2023 - on UdemyCISM Certification: CISM Domain 1 Video Boot Camp 2023 - see this as the holy CISM bible. Do the questions, get 80%, don't leave your house before you do.

So that's all for now... or is it?

I can't neglect the newest addition to the long list of certs. - Certified in Cybersecurity

What is it?Earlier this year, (ISC)² came out with Certified in Cybersecurity. A new "entry-level" certification. Although the term entry-level is to be taken lightly here. I'd scale it in the mid-range.See this one as CISSP-mini.The exam contains 100 multiple choice questions with a 2 hour maximum. And as with CISSP you have to score well for each domain.

  • Security Principles

  • Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts

  • Access Controls Concepts

  • Network Security

  • Security Operations

Potential job roles?Security EngineerSecurity Analyst

What does it cost?The beauty about this certifications is that is tied to an initiative to help get more people into Cybersecurity, free of (most) charge.

As stated on (ISC)²'s website:

"As part of our commitment to help close the workforce gap, our new global initiative, One Million Certified in Cybersecurity, is offering free Certified in Cybersecurity℠ (CC) Online Self-Paced Training and exams to the first million people entering the field for the first time."

So if you qualify for the above, it's free. Otherwise it's $199. Considering what you get in return, it's the best bang for buck certification there is.

Recommended study guides?The Complete Certified in Cybersecurity (CC) course ISC2 '23, on Udemy.I haven't done this one myself so I can't recommend any books I'm afraid.

A word of advise from ya boy.

Cyber Security is one of the professions where "Entry-level" doesn't mean zero experience and no relevant knowledge.

So where do you start if you really have no experience, and no knowledge?

Security+.

It's as easy as that. Security+ (possibly combined with Network+, same vendor) offers a lot. Basic IT knowledge, networking and a lot of basics in security.If you're looking to pursue a technical career or the complete opposite, Security+ will serve you.From there on out you can try and get an entry-level position somewhere, and find out what you like.

Also, don't forget there's a lot in a powerful resumé.Don't limit yourself to only name things you think are relevant.That job you had as a sous-chef for 4 years might not seem like something you'd mention on an interview for a security job.But maybe it shows that you can keep a cool head in a hot situation?

So the only questions that remains is:

How dope were the first Scary Movie films?

So, my 2 cents concluded. Hope I helped some of you get a clue for where to start, or continue.If you have any questions, feel free to hit me up!

Talk to you later!

Like what you read? Make sure to subscribe!