Choosing a Security Certification

Last week I realized how valuable certifications are in the information security industry. Most security jobs now-a-days require them or value them in choosing a candidate.

When I first started my search looking for a certification to start with, I thought “might as well start on the CISSP”. It is the gold standard in information security. Why should I work my way up, spending hours studying and preparing for smaller tests when I could knock it all out with the big one. That was until I started reading up on it.

After watching YouTube videos and testimonials on the internet, turns out the CISSP is the gold standard for a reason. With a pass rate of only 20% - the test takes 6 hours (or at least that is how much time they give you) and covers 8 domains. I think the YouTube video that really convinced me it wasn’t the test for me was one outlining the study routine of someone who “barely passed”. The YouTuber said they spent over 6 hours per day studying on the weekdays and between 8-10 hours on the weekend.

Simply put, I just don’t have the time to take something like that on right now. Right now, spending an hour at the gym after work is required. After making dinner and walking the dog, I have about 2 hours per night I can dedicate during the week to studying. On the weekends, I work on the house I am flipping at least 8 hours per day Saturday and Sunday. Once the house is complete later this year, I could dedicate more time.

Given the amount of time I have to spend on an effort like this, I needed to look at smaller certifications. Not only would the certification be something I could add to the resume, it would sharpen domains that I have little experience with in preparation for a bigger test (like the CISSP).

After a few hours of research, I slimmed it down to three “entry-level” certificates: SSCP, Security+, and CEH. Same thing here, I downloaded the material I could find on the web around what I’d be learning, watched YouTube videos, and even took some practice tests to get a feel for what kind of questions they would be asking.

They all seem great, but given the domain coverage and popularity, I’m going to start with the Security+ cert. I think I will go back and get the SSCP after (mainly because I think staying with certs in ISC2 will get me ready for the CISSP in the future).

I added some information that I found in my research for you to use in your own selection. I’ll report back on how I’m going to study for this cert.

Sources:

• https://www.isc2.org/Certifications/SSCP

• https://resources.infosecinstitute.com/certification/certified-ethical-hacker-ceh-certification-overview-of-domains/

• https://www.comptia.org/certifications/security

• https://www.youtube.com/watch?v=9Ci8QPpKXzQ&ab_channel=JonGood

• https://www.youtube.com/watch?v=O2VstOGBHbU&ab_channel=ILikeToHackThings