Certifications - Orion Cyber Knowledge Base

# Certifications Certifications are quickly becoming an acceptable alternative for college degrees in the cybersecurity industry. Certifications are commonly thought of to be a validation of a particular skill or skillset. There's often a lot of confusion around what certifications are "the best", what their purposes are, and whether or not they're worth the effort. Let's explore some of these questions more. ## What are the benefits of certifications? **Certifications can be a great way to show that you can perform a certain skillset, or that you have the required knowledge in a certain domain.** I feel that certifications serve a different purpose mid-late career vs in entry level positions. A lot employers seeking entry level talent look to certifications as one way of “safely” baselining an individual’s potential while also lowering the risk associated with hiring someone with less work experience and a less visible track record of value provided to a company. **Certifications provide a structured learning path, which can be hugely beneficial for beginners unsure of where to begin, ultimately helping to avoid "information overload".** When you first start learning cybersecurity, it can seem like an endless amount of information to consume. It's beneficial to stick with one topic or area and learn all you can about that one thing. Prioritize and take inventory of what you need to know for the role or objective you're trying to achieve. The general consensus, although not the *only* path, is to start your journey as a [cybersecurity specialist](https://www.cisco.com/c/en/us/products/security/what-is-a-cybersecurity-specialist.html#~become-a-cybersecurity-specialist) or [cybersecurity analyst](https://www.hackthebox.com/blog/what-is-a-soc-analyst). Even after narrowing it down to a specific area, if you're just starting out you still might not know what questions to ask or what skills you need to learn. While it's important to do your own research it can also be hugely beneficial early on to have a well-packaged learning track so that you can understand things more efficiently and learn which questions you _do_ need to ask. **Certifications are a lower cost alternative for traditional education.** With the cost of college education in the US quickly amounting to thousands or tens of thousands of dollars, cybersecurity certifications can often be obtained for a fraction of that price. For entry level, many certifications can often be found for under $500, and most are obtainable for under $1,000. **The time investment for certifications is often lower than completing a full degree program, and is often more flexible.** This is especially true for entry level certifications. Many entry level certifications can be completed within 3-6 months as opposed to the 2-4 years it takes to complete a degree program. **Certifications can act like a mini-degree.** Certifications are a commitment of time and a commitment to furthering education. Although they may not last as long as a 4-year degree to complete, they *do* show that you have the dedication and that you take your education in the field seriously. One reason employers often look for degrees when hiring is they're looking for a candidate's ability to stick with a task consistently and complete it. While it may not be quite as impactful as getting a full on degree, getting certified can help with checking that box. ## Which cybersecurity certification is "the best"? Which certification should I go for? There is no "*best*" cybersecurity certification. What's considered to be a good certification varies a lot based on person, role, and skill level. You first need to determine what field of cybersecurity you want to go into. Blue team – defensive? Red team – offensive? Penetration tester? SOC Analyst? GRC Analyst? Security Engineer? From there, you can drill down into what certifications industry professionals recommend, depending on your experience level and desired role. ## Are certifications required? The short answer is, it depends. If your goal is to obtain employment in the United States Government sector, it's very likely that you'll need some level of [[DoD 8570]] compliance. It's typically more of an organizational desire than a federal requirement if you're looking for a job in the private sector. When looking at a candidate, most companies will want to see at least Security+ or Security+ level knowledge as a minimum standard. ## A+, Network+, Security+, or IT role before cybersecurity? **I would recommend having prior experience in an IT role before getting into cybersecurity.** Is it required, though? No. If you skip having an IT role before your first cybersecurity position, you should make up for that knowledge gap through the use of a [[home lab]] or [[Cyber Range]]. Lots of people say if you don't have experience in an IT role before going into cybersecurity you will fail. There are numerous examples of people that completely bypassed an IT role and have been successful in cybersecurity. It would definitely be beneficial to be in a role like system administrator, network administrator or even help desk to gain an inside look into how enterprise environments operate. Again, not required. I would say it *is* absolutely required that you understand the fundamentals of how computers and networks work. Having an A+ level knowledge about computers and at least a Network+ level of knowledge about networking is very important for a cybersecurity role. You probably won't be able to get a position without it. This goes back to the argument of "how can you defend something you don't know about"? In regards to the hands on experience aspect, you can and should get hands on experience through building a [[home lab]] to simulate an enterprise network or Security Operations Center, practicing cybersecurity skills on cyber ranges like [Blue Team Labs Online](https://blueteamlabs.online/) or [TryHackMe](https://tryhackme.com/), and by taking practical, hands on cybersecurity certifications. [Security+](https://www.comptia.org/certifications/security) is a great baseline certification to get if you're just starting out, *and* if you already have an A+ and Network+ level knowledge. If you don't, I'd focus on those first. # Where can I find *reputable* information about certifications? Typically, you should take what vendors say about their own certifications with a grain of salt. There are some exceptions, once you know which ones mean what they say. Specifically, [TCM Security](https://tcm-sec.com/) is a very reputable certification and training vendor. Outside of vendors, there are places like Reddit and YouTube that oftentimes offer valuable feedback about what certifications are and *aren't* valuable to have. Again, take what "people on the internet" say with a grain of salt. Really pay attention to the *why* behind the advice they give. And are they giving any explanation at all? - Are they trying to be a '[[gatekeeper]]'? - Are they recommending it because they are somehow affiliated with the certification company? - Do they recommend a certification "because that's just what everybody else is getting"? - Are they recommending it because "that's just what you'll see on job postings"? All these questions need to be asked when evaluating whether or not you should aim towards a particular certification. While not the only place to get reputable information, the [Orion Cyber Discord](https://discord.io/orioncyber) server has a dedicated channel for discussion around which certifications are valuable as an entry level practitioner. > [!info] TLDR > Always ask *why* or *how* a certification will benefit you in the goals that you're trying to accomplish.