Some time ago, we talked about the cybersecurity skills gap, and the need to increase the cybersecurity workforce. We looked at how many cybersecurity positions are in high demand, how many of them are intermediate and advanced/managerial, and how security has now been ingrained into many IT roles that didn’t have these responsibilities in the past.
It’s clear that cybersecurity certifications are a logical step for those looking to improve their skills and further their careers in the industry.
In fact, based on our Twitter poll, 52.4% of people that have an information security certification did so in order to validate their skills.
Back then, we went over the top 5 best intermediate and advanced cybersecurity certifications, and now we’ll start with the basics and learn about the best foundational, entry level cybersecurity certifications. we’ve added a focus on the vendor-neutral ones, as they do offer the broadest knowledge for someone with little to no prior experience, as opposed to those that are vendor-specific.
The following list doesn’t have a specific rating system, but we did try to present them in the order in which it makes the most sense to take them, if you’re an absolute beginner in the security industry.
1. CompTIA Network+
If we’re really starting with the basics, CompTIA Network+ is the first entry we should visit. Networking is integral to information security, and this knowledge is invaluable for security professionals. So, if you want to kick start your career in cybersecurity, this is why starting with Network+ certification is a good choice. This certification, issued by CompTIA, is a great entry-level certification covering troubleshooting, configuring and managing networks.
A vendor neutral certification, Network+ will allow you to demonstrate the knowledge and skills to work with any network, regardless of the platform. You’ll show an understanding of networking concepts and the skills to implement them, as well as knowledge of security and common types of network attacks—while securing both wired and wireless networks, and using best practices to manage the network, implement policies and establish business continuity.
The topics covered in the Network+ certification are broad, but there are seven distinct domains you’ll find in the exam:
- Network technologies
- Network media and topologies
- Network devices
- Network management
- Network tools
- Network security
Network+ is a highly theoretically-oriented certification, and it puts an emphasis on having a broad knowledge of different networking concepts. It really is a great starting point for any beginner looking to get into entry-level roles such as system engineer, network support specialist, network analyst, and the like.
While security isn’t widely covered in Network+, it’s still a good start, especially as it being vendor-neutral allows you to focus on the more vendor-specific certifications later in your career, once you decide on a direction you want to take. And CompTIA Security+ is a logical next step.
2. CompTIA Security+
CompTIA Security+ is widely considered as one of the best introductory certifications available, and among the first that those starting out in cybersecurity should earn. It’s a vendor-neutral credential that’s been approved by the US Department of Defense and provides a decent ground knowledge of security skills.
Due to CompTIA Security+ being vendor-neutral, it answers a vast array of questions that covers a wide range of security-related skills, simulations and technical knowledge. Topics covered on the exam include threats, vulnerabilities and attacks; as well as identity and access management, security tools and technologies, risk management, secure application development, deployment, cloud, and virtualization concepts.
Even though it’s considered a certification earned by those holding entry-level roles, once completed, you’ll have the skills required to detect indicators of compromise; install and configure systems to secure applications, networks, and devices; install and configure identity and access services; utilize risk management and mitigation; and more. These skills and knowledge will help you kick start your cybersecurity career and aim for better paying roles in the future.
And what roles you will be able to work in after obtaining the CompTIA Security+ credential? Some of them are:
- Network Security Engineer
- Security Analyst
- Senior Technical Support Engineer
- Network Security Administrator
There are no strict requirements like the ones we explored in our previous post on intermediate and higher-level certifications, but CompTIA recommends obtaining the CompTIA Network+ cert and having two years of experience in a security-focused role.
If you’re just getting into the field and want a broad knowledge of security-related disciplines, hands-on knowledge, and the ability to propel yourself to a more intermediate role, CompTIA Security+ is a good foundational certification to build upon. We should note that this credential might have lost some of its fame in the industry, but it’s still a valuable asset in your work portfolio, if at least for demonstrating your security knowledge.
3. CEH: Certified Ethical Hacker
“To beat a hacker, you need to think like a hacker”.
This is one of the most well-known certifications out there, and one that’s directed towards those aiming for the position of a white hat—ethical hackers who are security professionals that possess the knowledge of the same tools and techniques as malicious crackers, and can find vulnerabilities in systems, assess their security posture and inform improved security policies in organizations.
CEH, or Certified Ethical Hacker, is not entirely an entry-level certification, and we do consider it more of an intermediate one. Issued by the EC-Council, it provides the training required to “get inside the belly of the beast”, in other words learn tactics, techniques and tools that malicious hackers use when trying to exploit network systems and in turn, know how to toughen the systems and improve your blue team skills.
This cert covers a broad area of hacking practices and types of cyber attacks (20 modules with 340 attack technologies used by cyber criminals). These include reconnaissance, network scanning, social engineering, DoS attacks, viruses, Trojans, SQL injection, session hijacking, pen testing, honeypots, cryptography, and much, much more. In addition, you will go through five phases of ethical hacking:
- gaining access
- maintaining access
- and covering your tracks
In contrast to CompTIA Security+ certification, there is a catch to pursuing the CEH credential: for you to attempt the CEH exam without going through the application process, you’ll need to attend official training. If you don’t, you’ll need at least two years of information security-related experience as well as an education in it.
Once credited as a CEH, cybersecurity professionals will be able to work on uncovering weaknesses and vulnerabilities in information systems, mitigate attacks and work on proactive defense strategies against malicious attackers, making them a very attractive asset to any organization.
Not to mention, it’s quite cool to be able to call yourself a certified hacker.
4. SSCP: (ISC)2 Systems Security Certified Practitioner
In our post on intermediate and advanced-level certifications, we talked about a couple of (ISC)2 certifications: Certified Information Systems Security Professional, or CISSP for short, and The Certified Secure Software Lifecycle Professional, or CSSLP. But (ISC)2 also offers entry-level security certifications that don’t have strict requirements, such as the (ISC)2 Systems Security Certified Practitioner, or SSCP.
The SSCP is a vendor-neutral and globally recognized certification which puts a focus on technical aspects of security. If you’re more hands-on with technical skills and practical knowledge on security, SSCP is the right choice for you. This certification is often pursued by those who hold or want to pursue positions such as system or network analyst or administrator, security analyst or administrator, network security engineer, system engineer, and other similar roles.
The SSCP covers a wide range of security topics, with 125 questions in the 7 domains of the common body of knowledge (CBK), which are:
- Access control
- Incident response and recovery
- Risk identification, monitoring and analysis
- Security operations and administration
- Network and communications security
- Systems and application security
These seven domains are also those in which candidates must have a minimum of one year in one or more of the domains in order to obtain the SSCP. If you’ve received a bachelors or masters degree in a cybersecurity field, you can get one year “off”. And even if you don’t have work experience or the specific educational requirements, you can still pass the exam and become an Associate of (ISC)2 and wait to get certified upon fulfilling the requirements.
While often compared with CISSP, SSCP is for those with a knack for more technical-oriented roles, and CISSP is geared towards managerial security positions. Also, CISSP is a higher-level certification, designed for skilled security professionals and with a stricter line of requirements, while SSCP is achievable even for those just starting out in building their cybersecurity career.
5. OSCP: Offensive Security Certified Professional
The Offensive Security Certified Professional, or OSCP, is one of the most recognized cybersecurity certifications focused on penetration testing. It’s not rare to see pen testing positions requiring you to possess the OSCP cert.
The OSCP is issued by the Offensive Security organization, and if you aren’t familiar with them, they’re the same organization that created Kali Linux. The OSCP is, as we mentioned, a very penetration testing-heavy certification, and Offensive Security considers it their foundational pen testing certification, intended for those wanting to advance their skills and career. It’s notoriously difficult, but it is a certification that security professionals who want to advance in pen testing/red teams should earn.
The requirement to obtain OSCP certification is that you need to complete their Penetration Testing with Kali Linux course—PWK—before being able to take the OSCP exam. Aside from that, there are no other requirements or needed experience, but they do recommend having fundamental knowledge of how networking works even before you take the PWK. Therefore it’s wise to take the Security+ or another introductory certification prior to this one.
Another recommendation is that you have a good understanding of how Linux works since their course material heavily relies on Linux, and also to be familiar with Bash scripting, whether with Python or Perl.
Some of the topics covered through their training that prepares candidates for the exam are:
- Passive information gathering: Google hacking, WHOIS enumeration, OSINT framework, etc
- Active information gathering: DNS enumeration, port scanning, SMB enumeration, etc.
- Vulnerability scanning: Nmap, Nessus, etc.
- Web application attacks
- Buffer overflows
- Working with exploits
- Client side attacks
- File transfers
- Antivirus evasion
- Privilege escalation
Once you complete the PWK, you’ll be ready to take the OSCP exam. This is a 24-hour exam and consists of a hands-on pen test in which you will need to submit a pen test report as part of the exam.
Once you’ve completed the exam and obtained the OSCP cert, you will have a proven skill in identifying and enumerating targets; conducting remote, local privilege escalation; client-side attacks, writing scripts and tools to use in penetration testing; and more that will help you step into the professional world of pen testing.
Honorable mention: GISF - GIAC Information Security Fundamentals
We talked about GSEC in our previous post about intermediate and advanced certification, and now we have another GIAC cert, but one that is aimed towards anyone new to cybersecurity as well as anyone who needs an introduction to security fundamentals. GIAC Information Security Fundamentals, or GISF, is an introductory vendor-neutral certification created for those wanting to start their career, with almost no prior knowledge and experience in cybersecurity.
The GISF is geared towards professionals with basic knowledge who are changing their careers to security, non-security managers, system administrators, and the like. The certification covers key security fundamentals including industry terminology, security policies and incident response.
As cited by the GIAC, the exact topics included in the exam are:
- Access controls
- Application security
- Numbering systems
- Network protocols
- Network threats and attacks
- Defense technologies and tools
- Risk management and security policy
- Securing systems from common threats
- Wireless security
While often paired with CompTIA Security+, the GISF certification is more challenging with less interest from employers than Security+; that’s why here it has earned an honorable mention. If you want to go in the direction of GIAC certification, after starting with the GISF you can continue on to the GSEC.
Getting certifications as you progress in your knowledge, skill level and job position is a great way to solidify your expertise and showcase it to employers. You can decide to take them all, or take just one—at the very least it’s a way to continue learning throughout your career. But it’s important to not treat certifications as a substitute for formal education and work experience (although CISSP has now been granted a qualification level equal to that of a master’s degree throughout Europe).
All three are important, but not necessary. Remember, you get to decide on the direction in which you can, and want, to go.
Harden your cybersecurity defences by detecting critical exposed data in your online assets. Discover unseen areas of any online infrastructure: IP blocks, domains, DNS records, SSL certifications and more. Our passive intelligence tool, SurfaceBrowser™, gives you all of that in one unified web interface. Contact our sales team to learn more.