Clarification: PNPT is not better/harder than OSCP generally speaking. It was put up a tier for sanity's sake because it beats out a few of the tier one offense certs.
@@heberjulio6303 I'd personally go CPTS or OSCP instead of eCPPT. For eWPTX I'd instead go OWSE. But the exams differ from one another, so you'll gain useful knowledge from anyone of them. INE isn't referenced much in job listings too, something to keep in mind
I had something like a job interview; they called me, asked me a few questions, and now I start my training on Thursday and Friday. I'm only temporary for two weeks. Is that normal for an IT position?
What I understand here : "pass all these certs and gather all this knowledge and once you're able to confidently hack into the pentagon from your local Starbucks in less than 2 hours you'll be able to be hired in a junior analyst role" This is depressingly accurate man 😅 Now back to the grind !
Spend a year studying what you need to know in order to work as IT Support/ Helpdesk technician. Spend a year working as a IT Support/ Helpdesk technician. Get a Sysadmin/ Network admin/ Cloud admin role. Spend at least 2 years working as Sysadmin/ Network admin/ Cloud admin role. After all of that, spend a year studying for DevOps engineer/ Cloud engineer/ Data engineer and do your best to obtain some of those roles, because with your experience, you have 10 times better chances to find DevOps engineer/ Cloud engineer/ Data engineer role than any Cybersecurity role, you'll have 30% higher salary working any of these roles than working any of Cybersecurity roles, and your job will be 10 times less stressful than working any Cybersecurity role. You're welcome!
Certainly an option, although I question the 10 times better chances odds 😅I'm personally trying to get into cloud and get away from IR and analyst work.
@@madhatistaken I would say it greatly depends on where you're from. I'm from Europe. Maybe I went too far with "10 times", but in Europe, there's certainly much higher demand for DevOps engineers, Cloud engineers or Data engineers than for absolutely any Cybersecurity role.
Never thought i'd be able to say this, but I finally landed my first job in cybersecurity as a security engineer! No significant experience or education. It's hard to get recognized, but if you really want it you can do it!
Hey congrats on your achievement. Could you please tell me what certs helped you out at least share a bit of your road-map that got you the job. I'm just starting out and I have no idea what to do, so your experience will be a lot of help. Thank you!
@SacredRoute2Hell Sure! I'll try to keep it concise :) I’ve always wanted to work in IT, but I never really knew what direction to take - until I discovered cybersecurity. It was the perfect mix of my interests. My background was in customer service and retail, which I honestly never liked, but it kept me afloat after moving out on my own at 17. At 29, I was diagnosed with AUDHD, which helped me understand why I’d been feeling stuck. From there, I decided to pursue something I loved, and my drive has been huge ever since. To be honest, I’ve had some luck along the way, mostly from meeting new people in the field. So, my #1 tip is: networking. I know socializing isn’t easy for everyone, but I promise (most) geeks are happy to welcome you. Even if you feel like you don't fit in. :) I was happily surprised by the amount of help I received after making my goals known. I joined DIVD (Google it, we're fun :) ) to learn and participate in their projects. Volunteering is always a big plus on your resume, especially when it’s directly related to the job you’re aiming for. It was also a great way to meet helpful people. I also volunteer for a “female speaker only” cybersecurity conference to show support for their cause. As a group, they organize meetups on various security topics, which I often join. Again, I met a lot of great people there, and you get to attend talks by professionals and chat with them afterward. Through my new network, I managed to get a free voucher for the Security+ exam along with study materials. This was a rare opportunity, but freebies and discounts for courses are often available if you’re active in a few groups. Last summer, I decided to start applying for jobs, following the 60% rule: if you meet at least 60% of the requirements, apply! (Women especially tend to apply only when they meet 90%, but 60% is good enough.) I was open in my resume and motivational letters explaining my career switch and emphasized what I was learning. I also listed a few courses on my resume and briefly explained what I was learning in each (e.g., TryHackMe Blue Teaming paths, Google Cybersecurity Professional, Security+). Eventually, I got called in for a few interviews and unexpectedly ended up landing the job I wanted the most. We got along really well and I’ve been working there since September. Already finished a SANS course, with plans to take the exam soon. So yeah, I didn’t have any certifications at the time of the interview - only the honest intention to get them. I realize this feels like a bit of a fairytale story. I'm not sharing this to downplay the struggle others face daily, finding a job. I honestly don’t know how I got this lucky, and I’m anxiously waiting for the twist, lol. But persistence, networking, and a willingness to learn made a huge difference for me. Hope this helps, and lots of luck! :)
These roadmap videos are gold!! I like all the new cert options too (not all CompTIA, ISC and SANS). As a career pentester, I appreciate these greatly (the humor is icing on the cake) :) Thanks Mad Hat!!
Yo there i got an offer for compTIA pentest+ and security+ certs, im network security engineering. I heard that compTIA certs dosent get much of an attention, would you recommend to apply for it ?
I ditched all of this crap (and I have half a dozen of the certs mentioned in the video) for a Project Coordinator role. I make decent money. Way less stress and instead of spending 24 hours a day in a dark room with a computer, just to keep up with the latest security iceberg, I actually have a life.
my love for cybersecurity at first two years was unstoppable, i got CCNA, MCSE, MTCNA, MTCWE, MTCEWE, MTCTCE, MTCSE, LPIC-1, Network+, Security+, A+ , CEH, along with a master degree at IT engineering, in my first two years and landed a job at isp and promoted several times but after 4 years i feel like im burned out struggling to finish oscp and i need my motivation back, make sure to not rush it like i did and actually enjoy the ride
@@madhatistaken yes your right, but sometimes our motivation disappears, that's why discipline is the life saver to consistenly continue our journey when our motivation temporarily disappeared.
Great advice on the GIAC certs. I have 3 of them - GCDA, GCFA and GCIH - and they have helped my get jobs the most out of all my certs, but I would NEVER pay for them out of pocket. Only take them if you get a scholarship or your employer will pay.
Yay!!! WGU Mentioned. :). I think the first path is the best for newbies especially if you throw in a CCNA or even an AWS or Azure cloud certification. Good stuff! I am going to make this my go to video when recommending what path people should follow. :)
I love this road map bro …. Really appreciate the thought you put into this as someone who’s started but got too much information from all over the place, got frustrated and distracted…. pivoted to something else …. Now I’m back studying and my advice for anyone just starting out like myself …. Find the point on this list where you are … screenshot that tier, save this video, finish your certs on that level and then come back when you’re ready to level up
From all those certifications. I have Google cybersecurity, Certified in Cybersecurity (Only the coursera course, not the certification), Comptia Security+, BTL1 and HTB CDSA. now i am looking for a SOC analyst job in my country, Dominican Republic. Best regards
I’m lucky enough to start an SOC I role next month at an MSSP. I have about 10 months experience as an IT support specialist at an MSP, three years as a web developer before that. Got the trifecta and started applying like crazy after I got sec+, and I am a year away from graduating from WGU…..Just make sure you are doing everything you possibly can - get certs, work on a degree (really doesn’t matter what the degree is, but having it be IT, software, or cybersecurity related would be to your benefit) and get relevent experience and NETWORK…. So many people I meet in IT, especially the young twenty something’s, don’t network and burn bridges - especially the ones at my old job who have been sitting there complacent for three years.
A slight clarification is needed, if one were to reach god-level, you qualify more than any junior security analyst job. Writing your own exploits/malware and deliver to endpoints, you can qualify for any Senior or Principal Red Team Engineer job or could literally become a consultant and advise Fortune 500 companies on red teaming or cybersecurity best practices
Watching this video as a beginner in cybersecurity, it gives me confidence and more motivation to keep going. Im now on Layer 2/3 of the iceberg (did CompTIA Sec+ first and working on getting Net+, whoops) and its really motivating getting the reasurance that im on the right path.
It's been rough trying to find a Cyber job. I've been in IT for 5 years now (Service Desk to Desktop Engineer) in an enterprise setting with A+, Net+, Sec+ and the Google Cybersecurity cert. My resume isn't complete ass but I have gotten little to no responses to any applications. It's frustrating to say the least but I'm gonna keep tryin'. Your videos help bring back motivation to keep learning. Appreciate it man, and best of luck to anyone else out there looking to achieve.
these comments are scaring the fuck out of me. i'm passionate about cybersec but after reading some of these comments it feels like im going to get fucked in the ass by unemployment.
Recommend local security meet meetups so that you can network. Check to see if your city hosts a Bsides conference. Definitely recommend going to the conference if there is one. Really good opportunity to network.
@@eps24 if u dont mind me asking, do you have any advice? because i geniunely do not have an idea how to get into the field. i've been binging those 12+ hours vids discussing cybersec, those college classes they upload here in yt, i've also been trying to learn networking through those long ass videos, and tinkering with hackthebox. im a mess currently
im just now getting into security and gotta say im addicted 😂 i slept for 5 hours last night, woke up and immediately started learning again, shits like crack, only problem for me is money. If i can get a job that pays more ill probably try to collect all the certs
@@MrsMadHat That is true. my brother just did his CompTIA Security+ after 1 year of being a security analyst without a security background. His company trained and paid him for the cert.
Awesome video and explanations. Love the humor thrown in generously throughout. I've been in IT for a very long time mostly working with data and databases. A long time ago (around 15 years) I took the wee-baby Security+ mainly to get a raise (acquired right as grandfathering was about to end). I did some practice exams for the CISSP and also have no trouble with those thus far. I can pick up on programming pretty well but never figure out what to work on to practice my skills (Python, C derivatives, etc.) so those skills are stalled currently. I enjoy challenges so I'll check out the array of paths you have listed here. Thanks!
Thank you for the great video! 😄 I'm currently in my second year of a cybersecurity program at a community college. I don’t have any prior IT experience, but I’m working on breaking into the field. Right now, I’m trying to get an entry-level IT help desk position to get started. I’ve earned the Google Cybersecurity Certificate and the AZ-900 certification, but I’m finding it really hard to land a job. The market seems very competitive, and everywhere I apply, they end up hiring someone with prior work experience. I hope you can one day create a roadmap for landing that first IT job, with advice on certifications, projects, and other steps that might help! 😊
Sounds like you're on the right track. Keep up the learning grind and you'll land that IT job and cybersec in time. Maybe one day I can make a manic IT roadmap/project video.
The Cybersecurity job market is absolutely disgusting. I thought for sure finishing my Bachelor's in Cybersecurity I'd be able to find at least a Junior level position... Nope. 13 Months and 700 applications later I'm honestly debating applying for McDonald's. Anyone watching this video should do themselves a favor and find a new profession. Let the digital world burn as they focus on candidates with good popularity scores instead of knowledge.
I feel your pain - I too graduated with a bachelors in cybersec thinking the same. I took a job as a tier 1 tech for 1.5 years before buckling down and applying to thousands of jobs before finally getting 1 super entry level job that paid quite low. It's easier if you try network with people, but purely applying to jobs is brutal. If I were you I'd try to land anything technical while continuously applying. It's tough but worth it if you're considering retail/fast food (which I also did for 4+ years)
@@madhatistaken I follow your videos pretty closely, I took a note from you and accepted a dead end Help-Desk job in the meantime. Thanks for doing what you do!
@@madhatistaken People focus on getting this certificates to much. At the end of the day, it all comes down to problem solving skills and who do you know in the industry that can help you land a job. Sure, you feel accomplished when you do it all by yourself, but if you know someone from cyber security events and IRL networking, why not ask for help. Also it helps a lot if you participate to competition as a student, that's how you get yourself on the spot light. Because no one will ever come to your house offering a job, you sometimes just have to go out there and prove yourself.
The best cybersecurity engineers I knew had above-average skills but nowhere near greybeard levels. They succeeded because they understood the big picture and core business logic. Being able to custom tailor TCP packets with scapy or hping3 to avoid firewall detection via threshold for malformed packets is nice, but ultimately doesn't bring in a company sustainable revenue for their entire client portfolio. They had the insight or atleast aptitude of a CISO to understand how businesses work in general. Is your next engagement close to the fiscal year end? Great. Exploiting potential employee layoffs with spoofed emails is an amazing tactic to gain a foothold. Technical skills don't get you in the door. They only prevent you from getting kicked out.
The problem here is that you didn't take the internship, because that's what they look for anyway, pure work experience. Your degree was supposed to be the Gateway to that internship. Of course they going to pick the person with experience. It's not the only way to gain experience from, but it's the fastest one, and you just didn't realize it
Thanks for this, I have a job interview for a Red Team Security Engineer in 2 days and now feel severely unprepared... Jokes aside, it's crazy what you can do with work experience and very little certifications. I'm surprised you put CISSP on the same level as Security+. I have a Security+ and am studying for my CISSP because CompTIA certs are dookie. (The job market quite literally doesn't care about them) That being said, once I put CISSP (In Progress) on my resume, I started getting responses. I think this is a result of ATS but still, this industry is going through hell with HR brain rot. This is a fantastic overview of certification paths! Love the video, you some how made IT/Security certs interesting which is a huge task on its own but also made it very informative.
I am currently waiting to hear back on my first step into security. Your videos have helped motivate me to get my resume out there! (currently in networking)
The fact that CISSP requires a 4 year experience in the field as a prerequisite for getting the certification and it can only land you an "junior" job is why I am considering becoming a farmer
CISSP is NOT a junior cert, it was pretty bone headed of him to level it as the same as Sec+. CCNA is way more difficult and in-depth than Sec+, and CySA is more intermediate. Don't think I particularly agree with his rankings on alot of these certs.
@efnick96 From a learning standpoint it can be studied for and passed by anyone from no experience to senior level experience. Obviously easier the more experience you have. For someone with years of IT experience it can help land a cybersec position but i wouldn't say it can "only" land you a junior level one - but it would certainly help land the junior role alot more than the other certificates in that tier.
I know this is an informative/entertaining kind of video, but I see a couple of wrong things that need clarification. First, CySA+ and CISSP shouldn't be in the conversation of entry-level certs, particularly the CISSP that requires you to have 4-5 years of experience. Even if you pass the test (hard to do without exp), you cannot show it in your resume until you get the experience. Then, besides the fact that anything past OSCP shouldn't be in an entry-level conversation, this video gives the impression that red team/offensive security is the end goal of cybersecurity. Cybersecurity is much broader than that. When talking about entry-level stuff, I think we should limit to what can get you into an entry SOC, GRC, or IAM role. Offensive security roles have the highest rewards because they include the highest risks; the impact of a pen test going wrong can take a company down. As such, you really don't want someone without experience performing potentially disruptive activities in your enterprise, and that's for the entry-level guy's safety too. Nothing beats experience when you are looking for your first cyber role. The helpdesk does IAM, provides early steps for incident response, etc. If you pivot into sys admin you do vulnerability management and work with AD. Web devs understand web apps, which helps a lot in becoming a pen tester. Anyway, nice video on a complex topic!
Being firmly in Category 2 of your system I am starting with Security+, but beefing it up with Hackthebox training and some personal projects. Eventually I'll probably get CEH and Linux+ to work on Network security OR add an AWS cert. This was interesting!
what really makes the difference is the networking experience if you are going for red team .. try to focus on networking then operation systems then programing
I'm trying to pivot from software development to security, so far its been super fun. Initially i started down this path to help me write more secure code, to see things from a different perspective, but now it seems like this is much more my speed. will report back after a year of study and see how things change.
Great video! I wouldn't include CISSP however as it does require 5 years or 4 years of experience directly already achieved in a security role for the pure reason of providing employers with prerequisite canadite narrowing done for them. Associate of CISSP is valid however.
The way I’ve decided to go is I’m going for an associates since ever since Trump got elected college tuition has dropped drastically the university right up the street from my house. They lower tuition by 40% per year so I’m gonna go to the associates degree route when I get enough credits i’m transferring my degree over to SANS and finishing my degree there, I spoke with them the other day long story short they have two programs I can either come out with four of the most prestigious cyber security certifications a person can get or I can stay at Sam’s and finish my bachelors and come out with nine then I’d only have to take one more Sans certs to have the golden goose of all cyber certs
You can't learn what you need to know in college... So how does one learn? One figures it out. In the words of OffSec- "try harder". I think many of us just like confronting seemingly insurmountable challenges... figuring it out is the fun part.
I've realized that you can't just hop into cyber security. You need to have relative IT experience. Especially being a systems administrator. Having the base level of IT will help you once you move to cybersecurity
Ctfs are the way to go. Running through a bunch of certs doesnt teach enough about actually attack systems. Said as someone who passed the OSCP, lots of ctf experience will get you hired
Jesus, OSEE to get a junior position is wild xD Great video, though! By the way, I recently landed a soc analyst position after getting the OSCP, PNPT, and BTL1. Now, I’m focusing on expanding my knowledge with more tools and cloud technologies, to aim for senior positions or even engineering roles. I'm currently considering splunk certifications or the SC-200, what do you think?
i think splunk certification is better option. it will make you better in the blueteam daily task and even you can become cybersecurity engineer specialized in Splunk, the SIEM tool leader in the industry. Best regards
@@josemmm11 Hey Jose, thank you for the advice! I already started their free content and I'm currently waiting for my company approval to get the cert. Wishing you a great weekend!
PNPT and OSCP for a SOC position imo is an overkill. You could literally be a Pentester right now. Also SC-200 only makes sense if the company you're working now uses all Microsoft 365 security stack.
@@fernandoc8876 I was applying to pentest positions as well, and those certs were a way to get some interviews (no prior IT xp). I was thinking about SC-200 because the majority of the clients I'm with use Sentinel and MDE xD
Would recommend Splunk certifications more. SC-200 is nice, but it's not that glamorous - it's worth if your company uses Azure products plus if they are in partnership with MS and all certs are free. Plus, I'd definitely try cloud certs - they are always worth plus recruiters look for them.
i m taking a different approach. i am going for red teaming at first because i belive it is better to know how to attack before learning how to defend. i m 2 months in, i ve don the google cybersecurity cert for the basics, the TCM's PJWT for webtesting, now trying to get my first bug bounties for experience. next on my list are eJPT and then OSCP. P.S I am learning Python and doing CTF's challenges from various companies at the same time too.
Another entertaining but amazingly educational cybersecurity learning content! Are you looking into doing a content about what you think of GRC certs and roles like CISM, CISA, etc.? Thanks!
Watching this video "For the people that were really good at math and science, here is the madhat road map" Guess I'm taking that, I already got my CCNA and starting with a major company December 2nd as a Networking Engineer. Almost pro hacker rank on HTB and plan to transition to Cyber Security eventually.
I'm a current System administrator, I had goals of becoming a security analyst but I've since gone a different route due to the over saturation of the market. There's so many jobs out there to apply for, but always 100's of applicants on every single job posting. I still have fun dabbling in pentesting, and I have quite a few cert's related to cybersecurity so maybe one day I'll find my way to an analyst position. Who knows 🤷♂🤷♂
But I don’t understand, I thought CISSP could only be done if you have 5 years of experience in cybersecurity and can get an endorsement. Can we still get the certificate if we’re just a beginner?
How does his videos bring back motivation?!!! Im totally crushed. I had hope but considering i need to study 24/7 for long years to get a junior job is way too depressing i cant handle this... Wth bro...
Cool , now I need to just pass the pre assessment tests to get into wgu…. Pry won’t happen because I am slow lol but this was my dream job to do cybersecurity.
Clarification: PNPT is not better/harder than OSCP generally speaking. It was put up a tier for sanity's sake because it beats out a few of the tier one offense certs.
What about eCPPT from INE? And eWPTX (updated to 2024)?
@@heberjulio6303 I'd personally go CPTS or OSCP instead of eCPPT. For eWPTX I'd instead go OWSE. But the exams differ from one another, so you'll gain useful knowledge from anyone of them. INE isn't referenced much in job listings too, something to keep in mind
I had something like a job interview; they called me, asked me a few questions, and now I start my training on Thursday and Friday. I'm only temporary for two weeks. Is that normal for an IT position?
@@CharlieKelly-ub5qw No that is pretty weird.
@@22ae13 Yeah, I didn't go to it or even open the email they sent me. I contacted their HR and found out the company doesn't exist.
What I understand here : "pass all these certs and gather all this knowledge and once you're able to confidently hack into the pentagon from your local Starbucks in less than 2 hours you'll be able to be hired in a junior analyst role"
This is depressingly accurate man 😅
Now back to the grind !
I agree.
The IT world desperately needs to unionize
and they also cost a shitload of money :)
Spend a year studying what you need to know in order to work as IT Support/ Helpdesk technician. Spend a year working as a IT Support/ Helpdesk technician. Get a Sysadmin/ Network admin/ Cloud admin role. Spend at least 2 years working as Sysadmin/ Network admin/ Cloud admin role. After all of that, spend a year studying for DevOps engineer/ Cloud engineer/ Data engineer and do your best to obtain some of those roles, because with your experience, you have 10 times better chances to find DevOps engineer/ Cloud engineer/ Data engineer role than any Cybersecurity role, you'll have 30% higher salary working any of these roles than working any of Cybersecurity roles, and your job will be 10 times less stressful than working any Cybersecurity role. You're welcome!
are you serious?
@@chocolate-u9h Yes.
Friend, I'm starting that today. Cheers!
Certainly an option, although I question the 10 times better chances odds 😅I'm personally trying to get into cloud and get away from IR and analyst work.
@@madhatistaken I would say it greatly depends on where you're from. I'm from Europe. Maybe I went too far with "10 times", but in Europe, there's certainly much higher demand for DevOps engineers, Cloud engineers or Data engineers than for absolutely any Cybersecurity role.
Never thought i'd be able to say this, but I finally landed my first job in cybersecurity as a security engineer! No significant experience or education.
It's hard to get recognized, but if you really want it you can do it!
Congratz on the new cyber gig!! 🥳🥳 🥳
Hey congrats on your achievement. Could you please tell me what certs helped you out at least share a bit of your road-map that got you the job. I'm just starting out and I have no idea what to do, so your experience will be a lot of help. Thank you!
@SacredRoute2Hell Sure! I'll try to keep it concise :)
I’ve always wanted to work in IT, but I never really knew what direction to take - until I discovered cybersecurity. It was the perfect mix of my interests. My background was in customer service and retail, which I honestly never liked, but it kept me afloat after moving out on my own at 17. At 29, I was diagnosed with AUDHD, which helped me understand why I’d been feeling stuck. From there, I decided to pursue something I loved, and my drive has been huge ever since.
To be honest, I’ve had some luck along the way, mostly from meeting new people in the field. So, my #1 tip is: networking. I know socializing isn’t easy for everyone, but I promise (most) geeks are happy to welcome you. Even if you feel like you don't fit in. :) I was happily surprised by the amount of help I received after making my goals known.
I joined DIVD (Google it, we're fun :) ) to learn and participate in their projects. Volunteering is always a big plus on your resume, especially when it’s directly related to the job you’re aiming for. It was also a great way to meet helpful people.
I also volunteer for a “female speaker only” cybersecurity conference to show support for their cause. As a group, they organize meetups on various security topics, which I often join. Again, I met a lot of great people there, and you get to attend talks by professionals and chat with them afterward.
Through my new network, I managed to get a free voucher for the Security+ exam along with study materials. This was a rare opportunity, but freebies and discounts for courses are often available if you’re active in a few groups.
Last summer, I decided to start applying for jobs, following the 60% rule: if you meet at least 60% of the requirements, apply! (Women especially tend to apply only when they meet 90%, but 60% is good enough.) I was open in my resume and motivational letters explaining my career switch and emphasized what I was learning. I also listed a few courses on my resume and briefly explained what I was learning in each (e.g., TryHackMe Blue Teaming paths, Google Cybersecurity Professional, Security+).
Eventually, I got called in for a few interviews and unexpectedly ended up landing the job I wanted the most. We got along really well and I’ve been working there since September. Already finished a SANS course, with plans to take the exam soon.
So yeah, I didn’t have any certifications at the time of the interview - only the honest intention to get them. I realize this feels like a bit of a fairytale story. I'm not sharing this to downplay the struggle others face daily, finding a job. I honestly don’t know how I got this lucky, and I’m anxiously waiting for the twist, lol. But persistence, networking, and a willingness to learn made a huge difference for me.
Hope this helps, and lots of luck! :)
@@madhatistaken thanks man! Your video's were a big help. Funny yet informational - top tier!
@@SacredRoute2Hell not sure where my comment went, but i'll circle back to check if I need to repost k ✌️
These roadmap videos are gold!! I like all the new cert options too (not all CompTIA, ISC and SANS). As a career pentester, I appreciate these greatly (the humor is icing on the cake) :) Thanks Mad Hat!!
Yo there i got an offer for compTIA pentest+ and security+ certs, im network security engineering. I heard that compTIA certs dosent get much of an attention, would you recommend to apply for it ?
Good no-bs advice. Straight to the point, and good detail of what to do in which area.
I ditched all of this crap (and I have half a dozen of the certs mentioned in the video) for a Project Coordinator role. I make decent money. Way less stress and instead of spending 24 hours a day in a dark room with a computer, just to keep up with the latest security iceberg, I actually have a life.
but do you have to...talk to people 😨
Looking for a similar development on my end, any coursework or certs you would recommend to end up as an project. Mng.?
Lower ceiling
Lolz @@madhatistaken you got it
Go get the CAPM and then PMP and write us in the morning…two years from now
my love for cybersecurity at first two years was unstoppable, i got CCNA, MCSE, MTCNA, MTCWE, MTCEWE, MTCTCE, MTCSE, LPIC-1, Network+, Security+, A+ , CEH, along with a master degree at IT engineering, in my first two years and landed a job at isp and promoted several times but after 4 years i feel like im burned out struggling to finish oscp and i need my motivation back, make sure to not rush it like i did and actually enjoy the ride
What about CCNP?
don't relie on motivation, consistency is more important.
@@wolfgangrussel5250 But you need motivation to start being consistent...or something like that 💚
@@evilmortyofficial CCNP is more attuned to a career path in networking imo
@@madhatistaken yes your right, but sometimes our motivation disappears, that's why discipline is the life saver to consistenly continue our journey when our motivation temporarily disappeared.
Most transparent, real, and hilarious roadmap, plus links to resources! Great work, thanks!
Great advice on the GIAC certs. I have 3 of them - GCDA, GCFA and GCIH - and they have helped my get jobs the most out of all my certs, but I would NEVER pay for them out of pocket. Only take them if you get a scholarship or your employer will pay.
Perfect timing. I just passed my cysa+ and I wasn’t sure what I want to do next. I love you bro
Yay!!! WGU Mentioned. :). I think the first path is the best for newbies especially if you throw in a CCNA or even an AWS or Azure cloud certification. Good stuff! I am going to make this my go to video when recommending what path people should follow. :)
💚💚💚
Thanks for posting this! This is really helpful!
I love this road map bro …. Really appreciate the thought you put into this as someone who’s started but got too much information from all over the place, got frustrated and distracted…. pivoted to something else …. Now I’m back studying and my advice for anyone just starting out like myself …. Find the point on this list where you are … screenshot that tier, save this video, finish your certs on that level and then come back when you’re ready to level up
From all those certifications. I have Google cybersecurity, Certified in Cybersecurity (Only the coursera course, not the certification), Comptia Security+, BTL1 and HTB CDSA. now i am looking for a SOC analyst job in my country, Dominican Republic.
Best regards
Awesome work getting all those certs! Best of luck in your job search 💚
how is your job hunting
@ i Am looking for a remote or hybrid Job , still hunting .
Best regards
I’m lucky enough to start an SOC I role next month at an MSSP. I have about 10 months experience as an IT support specialist at an MSP, three years as a web developer before that. Got the trifecta and started applying like crazy after I got sec+, and I am a year away from graduating from WGU…..Just make sure you are doing everything you possibly can - get certs, work on a degree (really doesn’t matter what the degree is, but having it be IT, software, or cybersecurity related would be to your benefit) and get relevent experience and NETWORK…. So many people I meet in IT, especially the young twenty something’s, don’t network and burn bridges - especially the ones at my old job who have been sitting there complacent for three years.
Saved your video in my database for those that are in need to know this information and haven't figured it out yet. Ty!
Same
A slight clarification is needed, if one were to reach god-level, you qualify more than any junior security analyst job. Writing your own exploits/malware and deliver to endpoints, you can qualify for any Senior or Principal Red Team Engineer job or could literally become a consultant and advise Fortune 500 companies on red teaming or cybersecurity best practices
sarcasm bro
hands down you have the best channel in this way of explanation
Watching this video as a beginner in cybersecurity, it gives me confidence and more motivation to keep going. Im now on Layer 2/3 of the iceberg (did CompTIA Sec+ first and working on getting Net+, whoops) and its really motivating getting the reasurance that im on the right path.
Kinda funny how different the cert paths can be I just started with CCNA
gotta love the humor from Mad Hat - never felt a single moment of boredom.
It's been rough trying to find a Cyber job. I've been in IT for 5 years now (Service Desk to Desktop Engineer) in an enterprise setting with A+, Net+, Sec+ and the Google Cybersecurity cert. My resume isn't complete ass but I have gotten little to no responses to any applications. It's frustrating to say the least but I'm gonna keep tryin'. Your videos help bring back motivation to keep learning. Appreciate it man, and best of luck to anyone else out there looking to achieve.
these comments are scaring the fuck out of me. i'm passionate about cybersec but after reading some of these comments it feels like im going to get fucked in the ass by unemployment.
Recommend local security meet meetups so that you can network. Check to see if your city hosts a Bsides conference. Definitely recommend going to the conference if there is one. Really good opportunity to network.
@@eps24 luckily im still in hs, but its a scary thought that by the time i graduate college cybersec becomes oversaturated and i might not get a job
@@eps24 if u dont mind me asking, do you have any advice? because i geniunely do not have an idea how to get into the field. i've been binging those 12+ hours vids discussing cybersec, those college classes they upload here in yt, i've also been trying to learn networking through those long ass videos, and tinkering with hackthebox. im a mess currently
@@eps24 I will definetly check that out. Thank you for the advice.
im just now getting into security and gotta say im addicted 😂 i slept for 5 hours last night, woke up and immediately started learning again, shits like crack, only problem for me is money. If i can get a job that pays more ill probably try to collect all the certs
Sometimes you can get a job that will pay for your certs too 😊
@MrsMadHat that would be amazing
After watching "the substance" I can confirm this shit IS "my substance"
@@MrsMadHat That is true. my brother just did his CompTIA Security+ after 1 year of being a security analyst without a security background. His company trained and paid him for the cert.
what resources are you using to learn?
Awesome video and explanations. Love the humor thrown in generously throughout. I've been in IT for a very long time mostly working with data and databases. A long time ago (around 15 years) I took the wee-baby Security+ mainly to get a raise (acquired right as grandfathering was about to end). I did some practice exams for the CISSP and also have no trouble with those thus far. I can pick up on programming pretty well but never figure out what to work on to practice my skills (Python, C derivatives, etc.) so those skills are stalled currently. I enjoy challenges so I'll check out the array of paths you have listed here. Thanks!
Great video! Well done. Reminds me of a podcast that Selenium Group did, a cyber company, had great content like this! Keep it up.
Thank you so much! You don't know how easy your making it for us! Especially in a world like Cybersecurity
Thank you for the great video! 😄 I'm currently in my second year of a cybersecurity program at a community college. I don’t have any prior IT experience, but I’m working on breaking into the field. Right now, I’m trying to get an entry-level IT help desk position to get started.
I’ve earned the Google Cybersecurity Certificate and the AZ-900 certification, but I’m finding it really hard to land a job. The market seems very competitive, and everywhere I apply, they end up hiring someone with prior work experience.
I hope you can one day create a roadmap for landing that first IT job, with advice on certifications, projects, and other steps that might help! 😊
Sounds like you're on the right track. Keep up the learning grind and you'll land that IT job and cybersec in time. Maybe one day I can make a manic IT roadmap/project video.
Damn homie, I’ve been here since 9k you’re at 97k now - congrats! 🎉
Thank you! Two years went by just like that 😅
@ been working in a soc now for one, got a promotion within 6 months 😎
Nice work! Hope you continue to advance in your career 💚
@@madhatistaken same to you brother! And the income from this must be decent, no?
@@madhatistaken do you have a discord server where you are able to chat?
The Cybersecurity job market is absolutely disgusting. I thought for sure finishing my Bachelor's in Cybersecurity I'd be able to find at least a Junior level position... Nope. 13 Months and 700 applications later I'm honestly debating applying for McDonald's. Anyone watching this video should do themselves a favor and find a new profession. Let the digital world burn as they focus on candidates with good popularity scores instead of knowledge.
I feel your pain - I too graduated with a bachelors in cybersec thinking the same. I took a job as a tier 1 tech for 1.5 years before buckling down and applying to thousands of jobs before finally getting 1 super entry level job that paid quite low. It's easier if you try network with people, but purely applying to jobs is brutal. If I were you I'd try to land anything technical while continuously applying. It's tough but worth it if you're considering retail/fast food (which I also did for 4+ years)
@@madhatistaken I follow your videos pretty closely, I took a note from you and accepted a dead end Help-Desk job in the meantime. Thanks for doing what you do!
@@madhatistaken People focus on getting this certificates to much. At the end of the day, it all comes down to problem solving skills and who do you know in the industry that can help you land a job. Sure, you feel accomplished when you do it all by yourself, but if you know someone from cyber security events and IRL networking, why not ask for help. Also it helps a lot if you participate to competition as a student, that's how you get yourself on the spot light. Because no one will ever come to your house offering a job, you sometimes just have to go out there and prove yourself.
The best cybersecurity engineers I knew had above-average skills but nowhere near greybeard levels. They succeeded because they understood the big picture and core business logic. Being able to custom tailor TCP packets with scapy or hping3 to avoid firewall detection via threshold for malformed packets is nice, but ultimately doesn't bring in a company sustainable revenue for their entire client portfolio. They had the insight or atleast aptitude of a CISO to understand how businesses work in general.
Is your next engagement close to the fiscal year end? Great. Exploiting potential employee layoffs with spoofed emails is an amazing tactic to gain a foothold. Technical skills don't get you in the door. They only prevent you from getting kicked out.
The problem here is that you didn't take the internship, because that's what they look for anyway, pure work experience. Your degree was supposed to be the Gateway to that internship. Of course they going to pick the person with experience. It's not the only way to gain experience from, but it's the fastest one, and you just didn't realize it
Thanks for this, I have a job interview for a Red Team Security Engineer in 2 days and now feel severely unprepared...
Jokes aside, it's crazy what you can do with work experience and very little certifications. I'm surprised you put CISSP on the same level as Security+. I have a Security+ and am studying for my CISSP because CompTIA certs are dookie. (The job market quite literally doesn't care about them) That being said, once I put CISSP (In Progress) on my resume, I started getting responses. I think this is a result of ATS but still, this industry is going through hell with HR brain rot.
This is a fantastic overview of certification paths! Love the video, you some how made IT/Security certs interesting which is a huge task on its own but also made it very informative.
GREAT video (as always)!!!! Sincerely appreciate the humor and honesty. Apparently, though, the sarcasm went WAY over the heads of many on here
The information and production value put into this video is worthy of a Oscar!
I am currently waiting to hear back on my first step into security. Your videos have helped motivate me to get my resume out there! (currently in networking)
I swear every time you drop a new video it inspires me to get a new cert
Great video and content. Thank you Mad Hat. Hope you have a great new year.
Great roadmap and fantastic editing sir!
The fact that CISSP requires a 4 year experience in the field as a prerequisite for getting the certification and it can only land you an "junior" job is why I am considering becoming a farmer
Which is precisely why it’s not a junior cert
LOL
CISSP is NOT a junior cert, it was pretty bone headed of him to level it as the same as Sec+. CCNA is way more difficult and in-depth than Sec+, and CySA is more intermediate. Don't think I particularly agree with his rankings on alot of these certs.
@eros4510 pretty bone headed to assume I meant it was a junior level certificate - never said that lol
@efnick96 From a learning standpoint it can be studied for and passed by anyone from no experience to senior level experience. Obviously easier the more experience you have. For someone with years of IT experience it can help land a cybersec position but i wouldn't say it can "only" land you a junior level one - but it would certainly help land the junior role alot more than the other certificates in that tier.
This video has no business being this hilarious. Great content.
Thank you, I am looking to get my foot into security and the way you presented it is nice and reassuring. I will follow your advise and deliver 💪
1:43 I have that poster on my wall :D got it as a birthday present, personalized with my name on it, pretty awesome.
God man, love the edits on these videos!!!!
This vid is gonna be a banger, well done MH 😮💨😎
🫡💚
Thank you sensei for all the wisdom.
I know this is an informative/entertaining kind of video, but I see a couple of wrong things that need clarification. First, CySA+ and CISSP shouldn't be in the conversation of entry-level certs, particularly the CISSP that requires you to have 4-5 years of experience. Even if you pass the test (hard to do without exp), you cannot show it in your resume until you get the experience. Then, besides the fact that anything past OSCP shouldn't be in an entry-level conversation, this video gives the impression that red team/offensive security is the end goal of cybersecurity.
Cybersecurity is much broader than that. When talking about entry-level stuff, I think we should limit to what can get you into an entry SOC, GRC, or IAM role. Offensive security roles have the highest rewards because they include the highest risks; the impact of a pen test going wrong can take a company down. As such, you really don't want someone without experience performing potentially disruptive activities in your enterprise, and that's for the entry-level guy's safety too.
Nothing beats experience when you are looking for your first cyber role. The helpdesk does IAM, provides early steps for incident response, etc. If you pivot into sys admin you do vulnerability management and work with AD. Web devs understand web apps, which helps a lot in becoming a pen tester. Anyway, nice video on a complex topic!
Being firmly in Category 2 of your system I am starting with Security+, but beefing it up with Hackthebox training and some personal projects. Eventually I'll probably get CEH and Linux+ to work on Network security OR add an AWS cert. This was interesting!
Amazing video man! Thank you. Useful & hilarious. All props to you.
Got a sys admin role cause of your content previously, W.
I got the Sec+ before I learned Networking now im working back and studying for the Net+. Im working in a IT Support as well
LOL "THe more you f**k around, the more you're gonna find out!" 12:50 -> I love your vid-snips!!! Made me laugh out loud!🤣
what really makes the difference is the networking experience
if you are going for red team .. try to focus on networking then operation systems then programing
the quality spike from 2 years ago to this is insane
The most valuable video ive ever seen!
Great Stuff as always Sir!
I love you for making this video content!
I'm trying to pivot from software development to security, so far its been super fun. Initially i started down this path to help me write more secure code, to see things from a different perspective, but now it seems like this is much more my speed. will report back after a year of study and see how things change.
Replying so I can see your thoughts in a year
Even I'm also trying to pivot from software development to Pentesting...
Let me know what resources you are using.
Thanks
Great video! I wouldn't include CISSP however as it does require 5 years or 4 years of experience directly already achieved in a security role for the pure reason of providing employers with prerequisite canadite narrowing done for them.
Associate of CISSP is valid however.
Came here to say this
Nice video summary, thanks a lot!
The display bike example got a chuckle out of me😂
The way I’ve decided to go is I’m going for an associates since ever since Trump got elected college tuition has dropped drastically the university right up the street from my house. They lower tuition by 40% per year so I’m gonna go to the associates degree route when I get enough credits i’m transferring my degree over to SANS and finishing my degree there, I spoke with them the other day long story short they have two programs I can either come out with four of the most prestigious cyber security certifications a person can get or I can stay at Sam’s and finish my bachelors and come out with nine then I’d only have to take one more Sans certs to have the golden goose of all cyber certs
You can't learn what you need to know in college... So how does one learn? One figures it out. In the words of OffSec- "try harder". I think many of us just like confronting seemingly insurmountable challenges... figuring it out is the fun part.
I've realized that you can't just hop into cyber security. You need to have relative IT experience. Especially being a systems administrator. Having the base level of IT will help you once you move to cybersecurity
I like how C is at the bottom.
But where is Reverse Engineering? At the crushing, freezing oceanic abyssal depths is where.
😂😂my class in college on C and machine code was too much for my feeble mind
Pentesting looks like hell. I'm too lazy to use Google and they want documentation when I just wanna escalate the matter and go on nap break.
Once you obtain the OSCP, after obtaining some blue team certs, you can land a job. Anything above OSCP is overkill for landing your first job.
Ctfs are the way to go. Running through a bunch of certs doesnt teach enough about actually attack systems. Said as someone who passed the OSCP, lots of ctf experience will get you hired
Awesome info!!! The memes are legendary 🤣🤣🤣
you are pretty awesome bruh i cant lie good looks twin
A CISSP is def not required for a junior role, the certificate is aimed towards people with years of working experience.
Agreed, that's why it's on the "mad hat" roadmap hehe I've found after taking the exam it's like security+ but bigger and more manager-esque
Very informative video on the cybersecurity roadmap
my cybersecurity GOAT
Jesus, OSEE to get a junior position is wild xD Great video, though! By the way, I recently landed a soc analyst position after getting the OSCP, PNPT, and BTL1. Now, I’m focusing on expanding my knowledge with more tools and cloud technologies, to aim for senior positions or even engineering roles. I'm currently considering splunk certifications or the SC-200, what do you think?
i think splunk certification is better option. it will make you better in the blueteam daily task and even you can become cybersecurity engineer specialized in Splunk, the SIEM tool leader in the industry.
Best regards
@@josemmm11 Hey Jose, thank you for the advice! I already started their free content and I'm currently waiting for my company approval to get the cert.
Wishing you a great weekend!
PNPT and OSCP for a SOC position imo is an overkill.
You could literally be a Pentester right now.
Also SC-200 only makes sense if the company you're working now uses all Microsoft 365 security stack.
@@fernandoc8876 I was applying to pentest positions as well, and those certs were a way to get some interviews (no prior IT xp). I was thinking about SC-200 because the majority of the clients I'm with use Sentinel and MDE xD
Would recommend Splunk certifications more. SC-200 is nice, but it's not that glamorous - it's worth if your company uses Azure products plus if they are in partnership with MS and all certs are free. Plus, I'd definitely try cloud certs - they are always worth plus recruiters look for them.
Passed the Sec+ today! Excited to not have to study for a few months 😂
love the content i can listen to this all day long without getting bored :D :D :D
i m taking a different approach. i am going for red teaming at first because i belive it is better to know how to attack before learning how to defend. i m 2 months in, i ve don the google cybersecurity cert for the basics, the TCM's PJWT for webtesting, now trying to get my first bug bounties for experience. next on my list are eJPT and then OSCP. P.S I am learning Python and doing CTF's challenges from various companies at the same time too.
Great video, Sir.
I feel immense grief just imagining the biggest tech iceberg.
I trust this channel blindly because it has fun music
Another entertaining but amazingly educational cybersecurity learning content! Are you looking into doing a content about what you think of GRC certs and roles like CISM, CISA, etc.? Thanks!
Now I feel like finished my A+ and starting THM jr pe test was not the way to start my journey.
Im at php right now, its tough. I'm trying to learn mySQL this year. Its a lot of fun trying to figure out how sites work
Watching this video "For the people that were really good at math and science, here is the madhat road map"
Guess I'm taking that, I already got my CCNA and starting with a major company December 2nd as a Networking Engineer. Almost pro hacker rank on HTB and plan to transition to Cyber Security eventually.
Curious you mention CCD, yet it's not in the description links.
i like the last roadmap, but how do we finish that roadmap if it is also expensive hahahaa. at least for me
As soon as I heard your voice it is going to be education humor sarcasm all wrapped in one LOL
Maybe passing OSEE will finally get me into tier 1 help desk!
I'm a current System administrator, I had goals of becoming a security analyst but I've since gone a different route due to the over saturation of the market. There's so many jobs out there to apply for, but always 100's of applicants on every single job posting. I still have fun dabbling in pentesting, and I have quite a few cert's related to cybersecurity so maybe one day I'll find my way to an analyst position. Who knows 🤷♂🤷♂
I feel that. Was super disheartening to realize that after grinding Google cyber, sec+ and THM level 1.
@@BackpackGringo Yeah all that glitters is not gold unfortunately. Keep going man, are you working in IT yet?
Hey mate love your content. Can you one on the lesser known but probably most important cyber role: Security Awareness Lead?
I'm going to have my focus on certifications like CISSP and OSCP. HTB & THM certifications and other related popular cybersec learning platforms
But I don’t understand, I thought CISSP could only be done if you have 5 years of experience in cybersecurity and can get an endorsement. Can we still get the certificate if we’re just a beginner?
Where would you put the CC cert on the roadmap part of the video? Easy or Medium?
thanks man it was really helpful
at 31 is there even a point to starting all this? feels like it's too late...
Next icebergs will be more about security engineering, architecture, management and leadership positions (opinion)
I just start with MITRE and boy, it's a gigantic icebereg. Not to mention YARA, CLI,, I barely touch the tip.
God damn every warcraft joke hits too close to home
How does his videos bring back motivation?!!! Im totally crushed. I had hope but considering i need to study 24/7 for long years to get a junior job is way too depressing i cant handle this... Wth bro...
Cool , now I need to just pass the pre assessment tests to get into wgu…. Pry won’t happen because I am slow lol but this was my dream job to do cybersecurity.
Clear, Funny, Fluent and Lok'tar Ogar
lol I have the PNPT and I’m studying for the CISSP. I’m going in the wrong direction!
And the path to knowing how to hack and protect, in a individual way?
Look like a lot of money is needed. My plan:
-PJPT
-CCNA
-Splunk
-CPTS / OSCP
-Coding