CySA+ is my next cert about 75% done preparing for it. Would like to go for GIAC digital forensics path but that is a bit out of the price range. I would definitely not turn down that training though if a company wanted to pay for it 😀
Awesome stuff! For SANS, I would also check out the Work Study program ( www.sans.org/work-study ) because you can get a huge discount by volunteering some of your time. I did the Work Study program twice and you can make really good connections through it.
Hello John I'm now pursuing 1. Certified Penetration Testing 2. Certified ISO 27001 Implementer Leader 3. Certified Digital Forensics Are they in high demand ??
A good way to determine how high the demand is for a certification is to go to a job posting website like Indeed and search for the certification. When you do that search, what results do you get for each certification?
I'm bummed out that I can't seem to find that image you use in your thumbnail anywhere. I looked around your site, in your eBook, and through the whole video. I'd like to see how you've ranked them all.
The thumbnail was for representation purposes and has no impact on how or where I rank certifications. With that being said you can find it on reddit ( www.reddit.com/r/cybersecurity/comments/e23ffz/security_certification_progression_chart_2020/ ).
Im gonna go for the CISCO CBROPS certificate, I get the official training through a free summer course in Sweden. Perks of free education right there:)
Hi jon, thanks for the information very helpful. So quick question. So am trying to go into cybersecurity but I know is not a straight path. So am thinking of network+, security+ AWS then CYSA. Do you think my pathway is good idea?. I will be watching your video on cybersecurity journey. Thanks
I think you absolutely have the right idea. Check out my Getting Started page ( www.jongood.com/getting-started/ ) because I provide a roadmap of skills and certifications in my free eBook.
Thank you and I’m glad you enjoyed the video! Sales for what? Every vendor has sales and sales engineering team so I would recommend looking at those job postings to see what they want. If you have a specific vendor in mind, just start going after every certification that they have.
Hello. Great content. I have recently landed a security job, moving from desktop support and application deployment/windows maintenance. My question is around the cloud certification. My organisation uses azure, purely for AD 365 authentication. I am soon to take the az-900 exam. As we use azure for 365 Auth, would it be beneficial to move onto ms-500, or continue the azure route and focus on the az-500? Thank you in advance.
It really depends on what your new job responsibilities involve. Each organization uses technologies like the cloud differently so you might get more value in your new role with ms-500. Given that you are going into a new role, I would recommend getting the most related certifications for that role first and then expanding.
I want to know which subject is better. At first tell us in details like what is Bsc in IT, what is software Engineering, what is web technology. To ur view suggest me which subject should i choose in these three.
Unfortunately degree programs typically vary by university/college/school so you will have to evaluate them on a case by case basis. IT degrees typically have a lot of infrastructure curriculum and Software Engineering / Computer Science degrees are going to be heavy on programming and usually math. Software Engineering / Computer Science degrees will be much more difficult to get through than an IT degree, so it's not uncommon for somebody to start in SE and then switch to IT.
Hi Jon, good day to you. Would you recommend me to go for CompTia Security+ as my first certificates to get an entry level job? I would like to work in cyber security industry but currently I have zero experience of that. And I would like to get CISSP in future as well
I recommend checking out my Getting Started page ( www.jongood.com/getting-started/ ) where I will give you a roadmap of skills and certifications to set you up for success.
I would skip all basic level Comptia certifications -- A+, Network+, Sec+. For entry level, go for the CCNA. After that, you can decide if you want to go for (a) CCNP security, (b) Cloud security certs for AWS, MS Azure, or Google, or (c) cyber security
Wish there was some assessment you could take to see where your knowledge is truly at. From there it would recommend the training to do. Example if you answered the questions correctly for the Security+ you might as well just do the CySA+.
That definitely would be nice and it would help to determine where you are at on knowledge. I've found that if I start looking at a certification that the sample questions indicate a lot about where I stand.
Hey Jon thank you for your guidance. Can you please make a video regarding the renewal of certifications. Secondly does having prior experience in bug bounty hunting makes completing a certification easier?
Unfortunately every vendor has a different process to renew certifications. I do have resources ( www.jongood.com/resources/ ) that will help you stay current and get continuing education credits though. Bug Bounty experience won't really help you on most certifications except potentially the practical ethical hacking certifications like the OSCP because they are hands on and require you to write a report.
The work experience is valuable if you can balance everything. At that point, finishing your degree is much more important than trying to squeeze in some work causing your degree to suffer. Worst case, I would try to get a summer internship or a job in the summer working in IT or Cyber Security (whichever you can land).
Here in india we can get CEH training+exam at 450$, so would u recommend going for that as my first certification or should go for Security+ only..??i'm from computer science background
If you are new to the field entirely, your first certification shouldn't really be a security certification because there is foundational knowledge you might not have. I recommend checking out my Getting Started page ( www.jongood.com/getting-started/ ) where I provide a roadmap of skills and certifications to set you up for success.
Great video! So im planning to change my career to cybersecurity, I have some experience with coding in Python and C++, so if I have the money would you recommend me to get the GSEC certification instead of the other ones?
Thank you and I'm glad you enjoyed the video. No question that GIAC certifications along with the SANS training is a fantastic way to improve your skills and knowledge. If it were me and I was committed to paying out of pocket, I might get one of the less expensive non GIAC certifications first and then pay for one of the more advanced GIAC certifications with SANS training. Don't get me wrong, the GSEC has a ton of great information but if I can only afford one, then I'm going to pay for training that is more specialized. You can also look into the Work Study program ( www.sans.org/work-study ). It's a great option to keep the costs down. The only downside is if you want a specific course, you might not get chosen for it.
Vendor specific certifications will almost never be at the top of the list for cyber security because it varies too much organization to organization. Fortinet certifications are going to be good in organizations that use Fortinet.
Penetration Testing isn't and probably will never be an entry level position for people brand new to the field because it relies on existing knowledge that most people get in previous jobs. With that being said, I am a fan of the eJPT and eLearnSecurity.
OSCP is sometimes considered an "entry level" certification for Penetration Testing which in itself isn't an entry level job in Cyber Security. Most people have had other IT and/or Cyber Security jobs before switching to become a Penetration Tester. Additionally, the true entry level certifications are ones that typically most people have the ability to pass on the first attempt where the OSCP has a high failure rate in general and especially on the first attempt.
No question there is a lot of overlap between the Security+ and SSCP. There are some situations where it makes sense to have one over the other (or both) but typically I recommend the Security+ over the SSCP based on the overall industry recognition of the certification.
I do not have the SSCP. At one point I was looking through the materials and considering taking the exam but I already had the CISSP and many other certifications so it wouldn't have been helpful for my career itself. Most people tend to pursue the Security+ versus the SSCP.
Entry level for Cyber Security and Entry level for technology jobs is always an interesting debate. From a Cyber Security standpoint, these are considered entry level, however if somebody is just starting in the technology field then I would recommend more foundational certifications (example: Network+). A good comparison is with Law Enforcement, where you start out as a uniformed officer (regular IT) and then might graduate to becoming a detective (Cyber Security).
@@JonGoodCyber I see your point, but in my experience, I would consider entry-level cybersecurity to be more along the lines of Network+, Security+, then moving into CEH and/or PenTest+. From there I would consider looking at the SSCP, which I think you mention, as well as the GISF - GIAC Information Security Fundamentals. As things become more role-based, I think you will see a lot more overlap of skills needed between IT and cybersecurity.
I agree that security tasks and responsibilities do overlap with traditional IT roles especially in smaller organizations. The industry as a whole doesn't really accept a job as Cyber Security unless the primary responsibility is security, which you aren't likely to have with just a Network+. I actually lay out a roadmap including the Network+ in my free eBook though because I do believe it's a good stepping stone. For the best certifications in this situation, I also consider the demand that shows up in job postings for security jobs.
@@JonGoodCyber oh sorry, well, I saw that there are two certifications with the same name as "Information Security Foundation" and I was in doubt because one is based on ISO 27001 which is codenamed ISFS "IEC ISO 27002" and the other S-ISF just that, and not shows if it has a basis, I read about both and I verified that the modules for study are identical, however I was in doubt if one is more complete than the other or has more value.
Degrees do not guarantee a successful career as there are plenty of people in the career field with unrelated degrees or no degrees at all. A computer science degree would certainly help if you were trying to go into an area like application security and there are other benefits to holding a degree however it's not a requirement in most situations.
@@JonGoodCyber I took copious notes on this video and plan on using it as a blue print to get my Cyber career off the ground! Thank you for these videos!
@@moyamorrison2807 the Network+ technically isn't a requirement for cyber security, however the knowledge that it covers is required to be successful so you might as well get the certification. The other problem with not having the certification is that you'll likely have a harder time getting your first job because it's more difficult to standout from your peers at that level without having "extras" like certifications. With all of that being said in relation to this video, the Network+ isn't considered an entry level cyber security certification...it's an IT certification.
Network Security Engineers typically come up through a networking background. That means you should be very focused on climbing the ladder either through Cisco certifications (CCNA > CCNP > CCIE) or through the comparable Juniper certifications. Once you get a solid networking foundation then start to add the same vendor's security certifications as well as others like Palo Alto.
Ethical Hacking in itself is not an entry level part of Cyber Security. As far as the CEH and Ethical Hacking goes, for most people it's probably not the best option in today's market like it was 10 years ago.
There is value in those certifications but they didn't make the list. Specifically the CEH requires experience or you have to take their course so it's not really even entry level. I'm not extremely familiar with the CSA given that it's pretty new but nobody else really knows about it either. Demand plays a huge role in certifications that you should pursuit.
It really depends on the situation, however Cisco certifications are definitely more prestigious than the comparable CompTIA certifications. I would honestly probably consider Cisco certifications to be more of a money grab because they require a lot more to remain active versus CompTIA which can be done by a lot of free resources.
As a student going for a future in cyber security this is an amazing resource for me. Thank you
You are welcome and I'm glad that you are getting value out of the content!
CySA+ is my next cert about 75% done preparing for it. Would like to go for GIAC digital forensics path but that is a bit out of the price range. I would definitely not turn down that training though if a company wanted to pay for it 😀
Awesome stuff! For SANS, I would also check out the Work Study program ( www.sans.org/work-study ) because you can get a huge discount by volunteering some of your time. I did the Work Study program twice and you can make really good connections through it.
Hello John
I'm now pursuing
1. Certified Penetration Testing
2. Certified ISO 27001 Implementer Leader
3. Certified Digital Forensics
Are they in high demand ??
A good way to determine how high the demand is for a certification is to go to a job posting website like Indeed and search for the certification. When you do that search, what results do you get for each certification?
Dude I’d watch your videos more if you were rocking some OG style sunglasses and bling. That would b awesome
Maybe one day!
I'm bummed out that I can't seem to find that image you use in your thumbnail anywhere. I looked around your site, in your eBook, and through the whole video. I'd like to see how you've ranked them all.
The thumbnail was for representation purposes and has no impact on how or where I rank certifications. With that being said you can find it on reddit ( www.reddit.com/r/cybersecurity/comments/e23ffz/security_certification_progression_chart_2020/ ).
Excellent info...thanks bro!!!
Any time!
Im gonna go for the CISCO CBROPS certificate, I get the official training through a free summer course in Sweden. Perks of free education right there:)
Awesome! Make sure to let me know how it goes.
Thanks for good advice!
Any time!
Hi jon, thanks for the information very helpful. So quick question. So am trying to go into cybersecurity but I know is not a straight path. So am thinking of network+, security+ AWS then CYSA. Do you think my pathway is good idea?. I will be watching your video on cybersecurity journey. Thanks
I think you absolutely have the right idea. Check out my Getting Started page ( www.jongood.com/getting-started/ ) because I provide a roadmap of skills and certifications in my free eBook.
Great info! Which certifications and/cloud platforms qualify you for entry-level sales?
Thank you and I’m glad you enjoyed the video! Sales for what? Every vendor has sales and sales engineering team so I would recommend looking at those job postings to see what they want. If you have a specific vendor in mind, just start going after every certification that they have.
just dropped a like a sub great content
Thank you for the support!
Hello Jon
Hope you are doing good.
Which Certification should I do first for a career start in cybersecurity?
I would recommend checking out my website ( www.jongood.com/getting-started/ ) where I provide a skills and certifications roadmap.
Hello.
Great content. I have recently landed a security job, moving from desktop support and application deployment/windows maintenance.
My question is around the cloud certification. My organisation uses azure, purely for AD 365 authentication. I am soon to take the az-900 exam. As we use azure for 365 Auth, would it be beneficial to move onto ms-500, or continue the azure route and focus on the az-500?
Thank you in advance.
It really depends on what your new job responsibilities involve. Each organization uses technologies like the cloud differently so you might get more value in your new role with ms-500. Given that you are going into a new role, I would recommend getting the most related certifications for that role first and then expanding.
@@JonGoodCyber thank you for your time
thanks man! it helps a lot! 👍
Glad it helped!
I want to know which subject is better. At first tell us in details like what is Bsc in IT, what is software Engineering, what is web technology. To ur view suggest me which subject should i choose in these three.
Unfortunately degree programs typically vary by university/college/school so you will have to evaluate them on a case by case basis. IT degrees typically have a lot of infrastructure curriculum and Software Engineering / Computer Science degrees are going to be heavy on programming and usually math. Software Engineering / Computer Science degrees will be much more difficult to get through than an IT degree, so it's not uncommon for somebody to start in SE and then switch to IT.
@@JonGoodCyber Thank u so much
Hi Jon, good day to you. Would you recommend me to go for CompTia Security+ as my first certificates to get an entry level job? I would like to work in cyber security industry but currently I have zero experience of that. And I would like to get CISSP in future as well
I recommend checking out my Getting Started page ( www.jongood.com/getting-started/ ) where I will give you a roadmap of skills and certifications to set you up for success.
I would skip all basic level Comptia certifications -- A+, Network+, Sec+. For entry level, go for the CCNA. After that, you can decide if you want to go for (a) CCNP security, (b) Cloud security certs for AWS, MS Azure, or Google, or (c) cyber security
Wish there was some assessment you could take to see where your knowledge is truly at. From there it would recommend the training to do. Example if you answered the questions correctly for the Security+ you might as well just do the CySA+.
That definitely would be nice and it would help to determine where you are at on knowledge. I've found that if I start looking at a certification that the sample questions indicate a lot about where I stand.
Hey Jon thank you for your guidance. Can you please make a video regarding the renewal of certifications. Secondly does having prior experience in bug bounty hunting makes completing a certification easier?
Unfortunately every vendor has a different process to renew certifications. I do have resources ( www.jongood.com/resources/ ) that will help you stay current and get continuing education credits though. Bug Bounty experience won't really help you on most certifications except potentially the practical ethical hacking certifications like the OSCP because they are hands on and require you to write a report.
Thank you for this review!
You are welcome!
thoughts on the IBM cyber security certification? Been thinking about doing that one
It's not something that really has a lot of buzz in the industry but any knowledge can be helpful.
I’m a cybersecurity major is it worth it for me to work on these during undergrad im currently a rising junior
The work experience is valuable if you can balance everything. At that point, finishing your degree is much more important than trying to squeeze in some work causing your degree to suffer. Worst case, I would try to get a summer internship or a job in the summer working in IT or Cyber Security (whichever you can land).
New year new cert to get within 3 months
Awesome and good luck!
Thanks, Jon.
You are welcome!
Here in india we can get CEH training+exam at 450$, so would u recommend going for that as my first certification or should go for Security+ only..??i'm from computer science background
If you are new to the field entirely, your first certification shouldn't really be a security certification because there is foundational knowledge you might not have. I recommend checking out my Getting Started page ( www.jongood.com/getting-started/ ) where I provide a roadmap of skills and certifications to set you up for success.
Yes !!! I am taking the SBT level 1
Excellent and make sure to let me know how it goes!
How is it?
@@tomeryaha6151 at the end I did not go for SBT 1. But I have heard great comments about it. There are many options for blue-team side now.
@@vak21 why didnt u?
Can you do a path for Cloud Security Engineer?
I will look at adding this!
Would u say it's possible to pass az500 with no professional azure experience but self study and hands on labs? I do have the az-900
Like most technology-based certifications, you should be able to pass given you study the correct material and get plenty of hands on labs.
Great video! So im planning to change my career to cybersecurity, I have some experience with coding in Python and C++, so if I have the money would you recommend me to get the GSEC certification instead of the other ones?
Thank you and I'm glad you enjoyed the video. No question that GIAC certifications along with the SANS training is a fantastic way to improve your skills and knowledge. If it were me and I was committed to paying out of pocket, I might get one of the less expensive non GIAC certifications first and then pay for one of the more advanced GIAC certifications with SANS training. Don't get me wrong, the GSEC has a ton of great information but if I can only afford one, then I'm going to pay for training that is more specialized.
You can also look into the Work Study program ( www.sans.org/work-study ). It's a great option to keep the costs down. The only downside is if you want a specific course, you might not get chosen for it.
Good stuff
Thank you and I’m glad you enjoyed the video!
Thanks Jon
You are welcome!
Hi, everyone. What about NS4 Fortinet Certification¡?
Vendor specific certifications will almost never be at the top of the list for cyber security because it varies too much organization to organization. Fortinet certifications are going to be good in organizations that use Fortinet.
thanks
You're welcome!
What about eJPT?
Penetration Testing isn't and probably will never be an entry level position for people brand new to the field because it relies on existing knowledge that most people get in previous jobs. With that being said, I am a fan of the eJPT and eLearnSecurity.
Isn't OSCP an entry level certification?
OSCP is sometimes considered an "entry level" certification for Penetration Testing which in itself isn't an entry level job in Cyber Security. Most people have had other IT and/or Cyber Security jobs before switching to become a Penetration Tester. Additionally, the true entry level certifications are ones that typically most people have the ability to pass on the first attempt where the OSCP has a high failure rate in general and especially on the first attempt.
The actual material for the Sec+ and SSCP are almost the same...
No question there is a lot of overlap between the Security+ and SSCP. There are some situations where it makes sense to have one over the other (or both) but typically I recommend the Security+ over the SSCP based on the overall industry recognition of the certification.
@@JonGoodCyber have you taken the SSCP yourself?
I do not have the SSCP. At one point I was looking through the materials and considering taking the exam but I already had the CISSP and many other certifications so it wouldn't have been helpful for my career itself. Most people tend to pursue the Security+ versus the SSCP.
These aren’t entry level.
Entry level for Cyber Security and Entry level for technology jobs is always an interesting debate. From a Cyber Security standpoint, these are considered entry level, however if somebody is just starting in the technology field then I would recommend more foundational certifications (example: Network+). A good comparison is with Law Enforcement, where you start out as a uniformed officer (regular IT) and then might graduate to becoming a detective (Cyber Security).
@@JonGoodCyber I see your point, but in my experience, I would consider entry-level cybersecurity to be more along the lines of Network+, Security+, then moving into CEH and/or PenTest+. From there I would consider looking at the SSCP, which I think you mention, as well as the GISF - GIAC Information Security Fundamentals. As things become more role-based, I think you will see a lot more overlap of skills needed between IT and cybersecurity.
I agree that security tasks and responsibilities do overlap with traditional IT roles especially in smaller organizations. The industry as a whole doesn't really accept a job as Cyber Security unless the primary responsibility is security, which you aren't likely to have with just a Network+. I actually lay out a roadmap including the Network+ in my free eBook though because I do believe it's a good stepping stone. For the best certifications in this situation, I also consider the demand that shows up in job postings for security jobs.
men whats a diference with S-ISF at ISFS ?
You are going to have to provide more information on what you are referencing.
@@JonGoodCyber oh sorry, well, I saw that there are two certifications with the same name as "Information Security Foundation" and I was in doubt because one is based on ISO 27001 which is codenamed ISFS "IEC ISO 27002" and the other S-ISF just that, and not shows if it has a basis, I read about both and I verified that the modules for study are identical, however I was in doubt if one is more complete than the other or has more value.
Do I need a comp sci degree to have a successful career in Cyber?
Degrees do not guarantee a successful career as there are plenty of people in the career field with unrelated degrees or no degrees at all. A computer science degree would certainly help if you were trying to go into an area like application security and there are other benefits to holding a degree however it's not a requirement in most situations.
@@JonGoodCyber I took copious notes on this video and plan on using it as a blue print to get my Cyber career off the ground! Thank you for these videos!
@@JonGoodCyber I am new to all of this. What path doesn't require you to have network +?
@@moyamorrison2807 the Network+ technically isn't a requirement for cyber security, however the knowledge that it covers is required to be successful so you might as well get the certification. The other problem with not having the certification is that you'll likely have a harder time getting your first job because it's more difficult to standout from your peers at that level without having "extras" like certifications.
With all of that being said in relation to this video, the Network+ isn't considered an entry level cyber security certification...it's an IT certification.
@@JonGoodCyber thank you for your response. I am currently studying for security +.
How to become a network security engineer?
Network Security Engineers typically come up through a networking background. That means you should be very focused on climbing the ladder either through Cisco certifications (CCNA > CCNP > CCIE) or through the comparable Juniper certifications. Once you get a solid networking foundation then start to add the same vendor's security certifications as well as others like Palo Alto.
@@JonGoodCyber what about Campatiya security + ?
CompTIA's Security+ is a good start to learning about security, but you aren't going to get a Network Security job without networking knowledge.
@@JonGoodCyber perhaps, lf I complete CCNA , CCNP , CCIE routing and switching with security + Can I get network security engineer job ?
That would definitely put you on the right path. I would also add at least Cisco security certifications at some point, most likely after the CCNP.
aint the CEH cert a good entry level option?
Ethical Hacking in itself is not an entry level part of Cyber Security. As far as the CEH and Ethical Hacking goes, for most people it's probably not the best option in today's market like it was 10 years ago.
How about CEH v11 and CSA v1 from EC-Council?
There is value in those certifications but they didn't make the list. Specifically the CEH requires experience or you have to take their course so it's not really even entry level. I'm not extremely familiar with the CSA given that it's pretty new but nobody else really knows about it either. Demand plays a huge role in certifications that you should pursuit.
Comptia is a money grab.
All certification vendors at the end of the day are a business, however it's companies that have led to the vendors making money.
@@JonGoodCyber i would rather get a cisco cert for same price as compia.
It really depends on the situation, however Cisco certifications are definitely more prestigious than the comparable CompTIA certifications. I would honestly probably consider Cisco certifications to be more of a money grab because they require a lot more to remain active versus CompTIA which can be done by a lot of free resources.