CySA+ is my next cert about 75% done preparing for it. Would like to go for GIAC digital forensics path but that is a bit out of the price range. I would definitely not turn down that training though if a company wanted to pay for it 😀
Awesome stuff! For SANS, I would also check out the Work Study program ( www.sans.org/work-study ) because you can get a huge discount by volunteering some of your time. I did the Work Study program twice and you can make really good connections through it.
Im gonna go for the CISCO CBROPS certificate, I get the official training through a free summer course in Sweden. Perks of free education right there:)
Hello John I'm now pursuing 1. Certified Penetration Testing 2. Certified ISO 27001 Implementer Leader 3. Certified Digital Forensics Are they in high demand ??
A good way to determine how high the demand is for a certification is to go to a job posting website like Indeed and search for the certification. When you do that search, what results do you get for each certification?
I'm bummed out that I can't seem to find that image you use in your thumbnail anywhere. I looked around your site, in your eBook, and through the whole video. I'd like to see how you've ranked them all.
The thumbnail was for representation purposes and has no impact on how or where I rank certifications. With that being said you can find it on reddit ( www.reddit.com/r/cybersecurity/comments/e23ffz/security_certification_progression_chart_2020/ ).
Thank you and I’m glad you enjoyed the video! Sales for what? Every vendor has sales and sales engineering team so I would recommend looking at those job postings to see what they want. If you have a specific vendor in mind, just start going after every certification that they have.
I want to know which subject is better. At first tell us in details like what is Bsc in IT, what is software Engineering, what is web technology. To ur view suggest me which subject should i choose in these three.
Unfortunately degree programs typically vary by university/college/school so you will have to evaluate them on a case by case basis. IT degrees typically have a lot of infrastructure curriculum and Software Engineering / Computer Science degrees are going to be heavy on programming and usually math. Software Engineering / Computer Science degrees will be much more difficult to get through than an IT degree, so it's not uncommon for somebody to start in SE and then switch to IT.
Wish there was some assessment you could take to see where your knowledge is truly at. From there it would recommend the training to do. Example if you answered the questions correctly for the Security+ you might as well just do the CySA+.
That definitely would be nice and it would help to determine where you are at on knowledge. I've found that if I start looking at a certification that the sample questions indicate a lot about where I stand.
Hello. Great content. I have recently landed a security job, moving from desktop support and application deployment/windows maintenance. My question is around the cloud certification. My organisation uses azure, purely for AD 365 authentication. I am soon to take the az-900 exam. As we use azure for 365 Auth, would it be beneficial to move onto ms-500, or continue the azure route and focus on the az-500? Thank you in advance.
It really depends on what your new job responsibilities involve. Each organization uses technologies like the cloud differently so you might get more value in your new role with ms-500. Given that you are going into a new role, I would recommend getting the most related certifications for that role first and then expanding.
Hey Jon thank you for your guidance. Can you please make a video regarding the renewal of certifications. Secondly does having prior experience in bug bounty hunting makes completing a certification easier?
Unfortunately every vendor has a different process to renew certifications. I do have resources ( www.jongood.com/resources/ ) that will help you stay current and get continuing education credits though. Bug Bounty experience won't really help you on most certifications except potentially the practical ethical hacking certifications like the OSCP because they are hands on and require you to write a report.
Hi Jon, good day to you. Would you recommend me to go for CompTia Security+ as my first certificates to get an entry level job? I would like to work in cyber security industry but currently I have zero experience of that. And I would like to get CISSP in future as well
I recommend checking out my Getting Started page ( www.jongood.com/getting-started/ ) where I will give you a roadmap of skills and certifications to set you up for success.
I would skip all basic level Comptia certifications -- A+, Network+, Sec+. For entry level, go for the CCNA. After that, you can decide if you want to go for (a) CCNP security, (b) Cloud security certs for AWS, MS Azure, or Google, or (c) cyber security
Hi jon, thanks for the information very helpful. So quick question. So am trying to go into cybersecurity but I know is not a straight path. So am thinking of network+, security+ AWS then CYSA. Do you think my pathway is good idea?. I will be watching your video on cybersecurity journey. Thanks
I think you absolutely have the right idea. Check out my Getting Started page ( www.jongood.com/getting-started/ ) because I provide a roadmap of skills and certifications in my free eBook.
Vendor specific certifications will almost never be at the top of the list for cyber security because it varies too much organization to organization. Fortinet certifications are going to be good in organizations that use Fortinet.
Penetration Testing isn't and probably will never be an entry level position for people brand new to the field because it relies on existing knowledge that most people get in previous jobs. With that being said, I am a fan of the eJPT and eLearnSecurity.
No question there is a lot of overlap between the Security+ and SSCP. There are some situations where it makes sense to have one over the other (or both) but typically I recommend the Security+ over the SSCP based on the overall industry recognition of the certification.
I do not have the SSCP. At one point I was looking through the materials and considering taking the exam but I already had the CISSP and many other certifications so it wouldn't have been helpful for my career itself. Most people tend to pursue the Security+ versus the SSCP.
OSCP is sometimes considered an "entry level" certification for Penetration Testing which in itself isn't an entry level job in Cyber Security. Most people have had other IT and/or Cyber Security jobs before switching to become a Penetration Tester. Additionally, the true entry level certifications are ones that typically most people have the ability to pass on the first attempt where the OSCP has a high failure rate in general and especially on the first attempt.
The work experience is valuable if you can balance everything. At that point, finishing your degree is much more important than trying to squeeze in some work causing your degree to suffer. Worst case, I would try to get a summer internship or a job in the summer working in IT or Cyber Security (whichever you can land).
Here in india we can get CEH training+exam at 450$, so would u recommend going for that as my first certification or should go for Security+ only..??i'm from computer science background
If you are new to the field entirely, your first certification shouldn't really be a security certification because there is foundational knowledge you might not have. I recommend checking out my Getting Started page ( www.jongood.com/getting-started/ ) where I provide a roadmap of skills and certifications to set you up for success.
Entry level for Cyber Security and Entry level for technology jobs is always an interesting debate. From a Cyber Security standpoint, these are considered entry level, however if somebody is just starting in the technology field then I would recommend more foundational certifications (example: Network+). A good comparison is with Law Enforcement, where you start out as a uniformed officer (regular IT) and then might graduate to becoming a detective (Cyber Security).
@@JonGoodCyber I see your point, but in my experience, I would consider entry-level cybersecurity to be more along the lines of Network+, Security+, then moving into CEH and/or PenTest+. From there I would consider looking at the SSCP, which I think you mention, as well as the GISF - GIAC Information Security Fundamentals. As things become more role-based, I think you will see a lot more overlap of skills needed between IT and cybersecurity.
I agree that security tasks and responsibilities do overlap with traditional IT roles especially in smaller organizations. The industry as a whole doesn't really accept a job as Cyber Security unless the primary responsibility is security, which you aren't likely to have with just a Network+. I actually lay out a roadmap including the Network+ in my free eBook though because I do believe it's a good stepping stone. For the best certifications in this situation, I also consider the demand that shows up in job postings for security jobs.
Great video! So im planning to change my career to cybersecurity, I have some experience with coding in Python and C++, so if I have the money would you recommend me to get the GSEC certification instead of the other ones?
Thank you and I'm glad you enjoyed the video. No question that GIAC certifications along with the SANS training is a fantastic way to improve your skills and knowledge. If it were me and I was committed to paying out of pocket, I might get one of the less expensive non GIAC certifications first and then pay for one of the more advanced GIAC certifications with SANS training. Don't get me wrong, the GSEC has a ton of great information but if I can only afford one, then I'm going to pay for training that is more specialized. You can also look into the Work Study program ( www.sans.org/work-study ). It's a great option to keep the costs down. The only downside is if you want a specific course, you might not get chosen for it.
@@JonGoodCyber oh sorry, well, I saw that there are two certifications with the same name as "Information Security Foundation" and I was in doubt because one is based on ISO 27001 which is codenamed ISFS "IEC ISO 27002" and the other S-ISF just that, and not shows if it has a basis, I read about both and I verified that the modules for study are identical, however I was in doubt if one is more complete than the other or has more value.
Network Security Engineers typically come up through a networking background. That means you should be very focused on climbing the ladder either through Cisco certifications (CCNA > CCNP > CCIE) or through the comparable Juniper certifications. Once you get a solid networking foundation then start to add the same vendor's security certifications as well as others like Palo Alto.
There is value in those certifications but they didn't make the list. Specifically the CEH requires experience or you have to take their course so it's not really even entry level. I'm not extremely familiar with the CSA given that it's pretty new but nobody else really knows about it either. Demand plays a huge role in certifications that you should pursuit.
Ethical Hacking in itself is not an entry level part of Cyber Security. As far as the CEH and Ethical Hacking goes, for most people it's probably not the best option in today's market like it was 10 years ago.
Degrees do not guarantee a successful career as there are plenty of people in the career field with unrelated degrees or no degrees at all. A computer science degree would certainly help if you were trying to go into an area like application security and there are other benefits to holding a degree however it's not a requirement in most situations.
@@JonGoodCyber I took copious notes on this video and plan on using it as a blue print to get my Cyber career off the ground! Thank you for these videos!
@@moyamorrison2807 the Network+ technically isn't a requirement for cyber security, however the knowledge that it covers is required to be successful so you might as well get the certification. The other problem with not having the certification is that you'll likely have a harder time getting your first job because it's more difficult to standout from your peers at that level without having "extras" like certifications. With all of that being said in relation to this video, the Network+ isn't considered an entry level cyber security certification...it's an IT certification.
It really depends on the situation, however Cisco certifications are definitely more prestigious than the comparable CompTIA certifications. I would honestly probably consider Cisco certifications to be more of a money grab because they require a lot more to remain active versus CompTIA which can be done by a lot of free resources.
@Jon Good Do you think I should study for the AWS Certified Security - Specialty certification if I don't have any experience with cloud services or should I start with the AWS Certified Cloud Practitioner? I'm looking to break into the Cybersecurity field as a Service Desk Tech and I am currently CompTIA Security+ certified. Thanks for all your help.
You can't really go from zero knowledge to having a security specialty without building the foundational knowledge first. I recommend getting: AWS CCP (optional but helpful) > AWS Solutions Architect (Associate) > AWS Security Specialty. You might also consider looking at the AWS Ramp-Up Guides ( aws.amazon.com/training/ramp-up-guides/ ). Service Desk Tech is more of an IT function than Cyber Security but wherever you can start to gain experience will help get you down the path to reaching your end goal.
