😱 I made a mistake. The ISACA CISA does have years of exp as a pre-req. The CISA requires 5 yrs of work experience with a min of 2 with other substitutes. I was trying to give the GRC folks an option. I have the CISA, but got it years ago and never looked at pre-reqs because I was mid-career.
Hi Gerry. I threw $50 at you during the live stream, to get another question answered, but I just missed you 😆 I enjoy your channel and have pre-ordered your book, so you deserve it. You kind of downplayed the CCNA for security (recently bought a $1500 lab!)...If I'm new to the profession, wouldn't I start broad and focus as I learn what I like? So I was thinking CCNA (networking fundamentals), Cisco CyberOps (to show my interest in security), Microsoft Desktop, Server '16, and a Linux cert for basic sysadmin experience, and exploring bash, PowerShell, and Python. Are you suggesting cyber is mature enough to take basic/intermediate certs JUST related to security without necessarily having the above skills? Thanks again, I really appreciate what you're sharing with us! Take care
@@Jason-tq2jq Jason. sorry you dropped a super chat and I ended the broadcast. I really appreciate you supporting the channel with such a generous donation. Can you connect with me on LinkedIN and we can have a call. I'd like to answer your question and for your support I'd like to give you a more comprehensive, tailored answer. If you're not on LI, let me know and we can connect a diff way.
@@SimplyCyber I am on LI, just not active. I'll add you there and follow-up. I'm in Massachusetts, so same time zone if that matters at some point. Thx again.
Since CISA requires 5 years of exp like you said its not really an entry level cert. I already have my Sec+ what would be the next cert to get to get into GRC? Thanks for all you do
I think it's a disservice that our community is devaluing higher education. Much more retention of knowledge, access to labs, and "other" skills like technical writing, public speaking, business ethics, etc. elevate higher education above cramming for a cert imo. I do think you nailed when you spoke about the three leg approach. All of them have value.
i feel the value of the education isnt being devalued as much as the path of seeking higher education esp in our field. There is a lot of value in higher education but 4 years, $80k, and not guaranteed a job on the other end is a high risk to take on when there are other on-ramps with less risk.
@@SimplyCyber I get it. It's the ROI. Another point is, you can pivot to another field using the classes you already took. $80k is a steep price, but if you are aiming for the top and you know there will be splitting of hairs, you are going to look good with that MS or PhD compared to the competition. If you went to school for a high paying career, $80k will be paid off in no time. If not, bad investment.
I agree 100%. I have two masters and a phd and I have found it opens doors. You don't need them to get a job, but they will help you move around and also argue (whether right or wrong) for higher paying salary.
If an employer likes you and knows you can get the job done then you will get hired. Interview candidates without degrees get chosen over interview candidates with degrees ALL THE TIME. How you LEARN the material and HOW you communicate what you know to an employer is most important. Higher education is devaluing itself by not keeping up with the times. Self education is so accessible now a days cause of the internet. All those skills you listed can be learned without going to university. And now with everything being remote Why pay 8k for a zoom semester at a university when someone can take a udemy course from a IT professional for 30$ lol
Hey, Gerry. Do the eJPT and PNPT certs fill the same purpose, or are there notable differences between the two? As best I can tell they are both broad, good introductions to pen testing, but I am curious if, for example, one is very focused on X while the other covers a broader spectrum of X, Y, and Z.
Its a great question. I dont have the answer right now, but INE and Heath have both given me access to both for reviews. I just need to find the time. I could go through both and tell you (and everyone).
AZ-500 is amazing considering you can get online training from Microsoft for free. Microsoft is also offering a limited time offer for job seekers impacted by COVID-19 and students for online proctored exam for $15 which is a TREMENDOUS VALUE comparing to the regular $165 price!
There is the GRCP from OCEG and the CGRC from GRCG. I have no experience with either but they seem to be the only certs that attack GRC holistically. The Security+ is the basic, entry level cert, of which all security professionals should know the content. It's Sec 101. The exam covers GRC at a fairly high level but good enough for entry level. The CRISC is the gold standard, for better or worse, for risk management. It does require 3 years of experience but it's not as bad as the CISA, CISM, CISSP which require 5 years. You can always take the exam and still have 5 years to gain the experience needed to complete the cert. If you look through GRC job postings you will start to see some consistency is certs requested. GRCP, CCEP, ARM, CIPP/CIPM, CRMP, CRCMP, CRISC, CGEIT, CISA, CISSP, CISM. GRCP pops in most GRC positions I have seen posted so it may be worth looking into. Unfortunately GRC is still relatively new-ish; new enough to not have popular certs such as those put out by Isaca and (ISC)2.
Thanks a lot @@JimmyBeans84, I'll make sure to take Sec+ and will give a look to those other certs you mentioned. Might even take CRISC exam and then work the 3 years to acquire the exp needed for the cert.
@@JimmyBeans84 Great post Jimmy. Thanks for providing this and having quantifiable certs and years associated. Appreciate it. I remeber when the CRISC came out a few years back, but didnt take it. i was just about to sign up and take it just to knock it out and be able to tell folks in here about the CRISC, but its $760 for non-chapter members. YIKES! Maybe Ill find someone that has it and ask them. Whats up with $760?!
@@SimplyCyber I have both the CISM and the CRISC. ISACA, for all of the great content they have, sure know how to wring every last dollar out of people. I have an uncomfortable amount of certs. I am not good at a lot, but I am good at taking tests. That said, I still recommend everyone taking an ISACA exam get the Questions, Answers and Explanations database related to their exam. It is $400 for non-member; almost double the price I paid a few years ago. Absolutely crazy. Especially when considering the cost of the exam, like you said.
Is there a reason why you said Pnpt then ejpt? I want to do both and I’m currently working on my sec+. I just want to know if there is benefit in doing Pnpt before ejpt?
no Cysa+ is good too, but i chose these 5. CySA+ is good for entry level and (to me) compliments sec+ nicely. Sec+ is the theory/overall and CySA+ is more operational
Thanks again Gerald! Quick ? if you are not skilled in the area of pentesting but want to start a new career do you have to take the eJPT to build skills in order to pass the PNPT or more advanced pentest/cybersecurity certifications or skills? I only ask because I do not want to spend extra money on certifications that will become useless as I advance in this industry.
could take the PTS training from INE (which is free) and then the TCM training which isnt free and get PNPT. The PTS wouldnt be needed if you went this path, but since its free it would def help you prep for PNPT
Thank you as always for your contribution, Gary. Quick q: I am at the beginning of a Pentester career. Is the Network+ certificate a plus for me on the resume, or should I go directly for Sec+? Thank you
Personally, get the knowledge of a net+ but you dont need it. When you have a convo with someone hiring you they will ask questions that if you understand networking it will be obvious in your responses. Its almost implied that you understand fundamentals of networking to work on the operational side.
I have the ejPT, would you say that I am able to apply to jobs? When I look at the requirements I’m very intimidated as i don’t have degrees. I am just looking to break into infosec but after owning this cert for more than a year already I am thinking other certs might help. The sec+ specifically.
how bout this one with Urbane security. Found it in 5 minutes. doesnt require college, does require skills obtained and learned with eJPT. www.indeed.com/q-Junior-Penetration-Tester-jobs.html?vjk=76e296fd764dfbf0
😱 I made a mistake. The ISACA CISA does have years of exp as a pre-req. The CISA requires 5 yrs of work experience with a min of 2 with other substitutes. I was trying to give the GRC folks an option. I have the CISA, but got it years ago and never looked at pre-reqs because I was mid-career.
Hi Gerry. I threw $50 at you during the live stream, to get another question answered, but I just missed you 😆 I enjoy your channel and have pre-ordered your book, so you deserve it. You kind of downplayed the CCNA for security (recently bought a $1500 lab!)...If I'm new to the profession, wouldn't I start broad and focus as I learn what I like? So I was thinking CCNA (networking fundamentals), Cisco CyberOps (to show my interest in security), Microsoft Desktop, Server '16, and a Linux cert for basic sysadmin experience, and exploring bash, PowerShell, and Python. Are you suggesting cyber is mature enough to take basic/intermediate certs JUST related to security without necessarily having the above skills? Thanks again, I really appreciate what you're sharing with us! Take care
@@Jason-tq2jq Jason. sorry you dropped a super chat and I ended the broadcast. I really appreciate you supporting the channel with such a generous donation. Can you connect with me on LinkedIN and we can have a call. I'd like to answer your question and for your support I'd like to give you a more comprehensive, tailored answer. If you're not on LI, let me know and we can connect a diff way.
@@SimplyCyber I am on LI, just not active. I'll add you there and follow-up. I'm in Massachusetts, so same time zone if that matters at some point. Thx again.
Since CISA requires 5 years of exp like you said its not really an entry level cert. I already have my Sec+ what would be the next cert to get to get into GRC? Thanks for all you do
@@mikestubeviews9973 connect w me on discord at SimplyCyber.io/discord. Easier to tell you via dm
I am such a big Cyber Mentor fan! I've learned a ton from his courses, and he often tweets out discounts - he just tweeted a 50% coupon recently!!
Very helpful. I’m a PM without an IT background and so much of the technical stuff just goest over my head. This gave me some good ideas to research.
I think it's a disservice that our community is devaluing higher education. Much more retention of knowledge, access to labs, and "other" skills like technical writing, public speaking, business ethics, etc. elevate higher education above cramming for a cert imo. I do think you nailed when you spoke about the three leg approach. All of them have value.
i feel the value of the education isnt being devalued as much as the path of seeking higher education esp in our field. There is a lot of value in higher education but 4 years, $80k, and not guaranteed a job on the other end is a high risk to take on when there are other on-ramps with less risk.
@@SimplyCyber I get it. It's the ROI. Another point is, you can pivot to another field using the classes you already took. $80k is a steep price, but if you are aiming for the top and you know there will be splitting of hairs, you are going to look good with that MS or PhD compared to the competition. If you went to school for a high paying career, $80k will be paid off in no time. If not, bad investment.
I agree 100%. I have two masters and a phd and I have found it opens doors. You don't need them to get a job, but they will help you move around and also argue (whether right or wrong) for higher paying salary.
If an employer likes you and knows you can get the job done then you will get hired. Interview candidates without degrees get chosen over interview candidates with degrees ALL THE TIME. How you LEARN the material and HOW you communicate what you know to an employer is most important. Higher education is devaluing itself by not keeping up with the times. Self education is so accessible now a days cause of the internet. All those skills you listed can be learned without going to university. And now with everything being remote Why pay 8k for a zoom semester at a university when someone can take a udemy course from a IT professional for 30$ lol
Currently I am working on my AZ-500 after I finished my AZ-900 some weeks ago. :)
Nice! Solid! Lot of upside, free training, and very affordable cert exam. Best wishes Dr. Lemon.
I did that too... It is a hard cert and very wide.
@@stefanforest7582 Do you mean the 500?
@@DrLemon-em1ix yes AZ-500
Hey, Gerry. Do the eJPT and PNPT certs fill the same purpose, or are there notable differences between the two? As best I can tell they are both broad, good introductions to pen testing, but I am curious if, for example, one is very focused on X while the other covers a broader spectrum of X, Y, and Z.
Its a great question. I dont have the answer right now, but INE and Heath have both given me access to both for reviews. I just need to find the time. I could go through both and tell you (and everyone).
AZ-500 is amazing considering you can get online training from Microsoft for free. Microsoft is also offering a limited time offer for job seekers impacted by COVID-19 and students for online proctored exam for $15 which is a TREMENDOUS VALUE comparing to the regular $165 price!
Great point. People don't sleep on this sweet deal!
So there's no entry level certs for GRC folks then? I mean, I've looked for the CAPM but that's not Cyber related so I'm not sure.
Not that I"m aware of. Its a bummer because there could be a cyber risk analyst one for sure.
There is the GRCP from OCEG and the CGRC from GRCG. I have no experience with either but they seem to be the only certs that attack GRC holistically. The Security+ is the basic, entry level cert, of which all security professionals should know the content. It's Sec 101. The exam covers GRC at a fairly high level but good enough for entry level. The CRISC is the gold standard, for better or worse, for risk management. It does require 3 years of experience but it's not as bad as the CISA, CISM, CISSP which require 5 years. You can always take the exam and still have 5 years to gain the experience needed to complete the cert. If you look through GRC job postings you will start to see some consistency is certs requested. GRCP, CCEP, ARM, CIPP/CIPM, CRMP, CRCMP, CRISC, CGEIT, CISA, CISSP, CISM. GRCP pops in most GRC positions I have seen posted so it may be worth looking into. Unfortunately GRC is still relatively new-ish; new enough to not have popular certs such as those put out by Isaca and (ISC)2.
Thanks a lot @@JimmyBeans84, I'll make sure to take Sec+ and will give a look to those other certs you mentioned. Might even take CRISC exam and then work the 3 years to acquire the exp needed for the cert.
@@JimmyBeans84 Great post Jimmy. Thanks for providing this and having quantifiable certs and years associated. Appreciate it. I remeber when the CRISC came out a few years back, but didnt take it. i was just about to sign up and take it just to knock it out and be able to tell folks in here about the CRISC, but its $760 for non-chapter members. YIKES! Maybe Ill find someone that has it and ask them. Whats up with $760?!
@@SimplyCyber I have both the CISM and the CRISC. ISACA, for all of the great content they have, sure know how to wring every last dollar out of people. I have an uncomfortable amount of certs. I am not good at a lot, but I am good at taking tests. That said, I still recommend everyone taking an ISACA exam get the Questions, Answers and Explanations database related to their exam. It is $400 for non-member; almost double the price I paid a few years ago. Absolutely crazy. Especially when considering the cost of the exam, like you said.
Love your content ! Can you please show us how to secure our home network with a basic tool ! It will help us to build hands on skill!
Thats a fun idea. Let me think on how to best setup a show like that.
Is there a reason why you said Pnpt then ejpt? I want to do both and I’m currently working on my sec+. I just want to know if there is benefit in doing Pnpt before ejpt?
So what about the CYSA+, is it just chopped liver?
no Cysa+ is good too, but i chose these 5. CySA+ is good for entry level and (to me) compliments sec+ nicely. Sec+ is the theory/overall and CySA+ is more operational
Thanks again Gerald! Quick ? if you are not skilled in the area of pentesting but want to start a new career do you have to take the eJPT to build skills in order to pass the PNPT or more advanced pentest/cybersecurity certifications or skills? I only ask because I do not want to spend extra money on certifications that will become useless as I advance in this industry.
could take the PTS training from INE (which is free) and then the TCM training which isnt free and get PNPT. The PTS wouldnt be needed if you went this path, but since its free it would def help you prep for PNPT
Thank you kind Sir
my pleasure!
Thank you as always for your contribution, Gary. Quick q: I am at the beginning of a Pentester career. Is the Network+ certificate a plus for me on the resume, or should I go directly for Sec+? Thank you
Personally, get the knowledge of a net+ but you dont need it. When you have a convo with someone hiring you they will ask questions that if you understand networking it will be obvious in your responses. Its almost implied that you understand fundamentals of networking to work on the operational side.
@@SimplyCyber Thank you very much.
I have the ejPT, would you say that I am able to apply to jobs? When I look at the requirements I’m very intimidated as i don’t have degrees. I am just looking to break into infosec but after owning this cert for more than a year already I am thinking other certs might help. The sec+ specifically.
how bout this one with Urbane security. Found it in 5 minutes. doesnt require college, does require skills obtained and learned with eJPT. www.indeed.com/q-Junior-Penetration-Tester-jobs.html?vjk=76e296fd764dfbf0
Great video. Does AWS offer free online training like Azure 500?
aws.amazon.com/training/. Also freecodecamp on UA-cam has a lot
👍👍