Setting infosec certification goals:
A lot of people new to the field don’t know much about certifications. I see a lot of questions surrounding what certs are good for this cyber security, or what should my focus be for penetration testing. I always recommend that people start with the basics. It is important to build a foundation of knowledge. If you don’t know anything about computers and how they work, how can you secure them? This post will help you set realistic infosec certification goals.
Where to begin?
No matter what your end goal might be you should always start with the basics. I started my career by getting CompTIA certifications of A+ and Security+. A+ provides a solid foundation of knowledge to get your feet wet with important topics. Troubleshooting is one of the most underrated skills in IT and infosec. Learning the basic components of a computer are also vital to protecting them.
Security+ is the foundation certification in security. Studying for it introduces you to concepts such as vulnerability management, cryptography, access control, and compliance. Those categories will shape your career in security and understanding the basics of them are important. Having the Security+ certification opens doors for you in deeper security domains.
What about networking?
I am not a fan of the network+ certification. I feel that Cisco’s CCENT covers the basics of networking concepts better. It is not a bad cert, and having it can help you if you don’t want the CCENT. A lot of the Network+ concepts are covered again in Security+ like sub-netting, and basic routing and switching. A perfectionist with the money would get both, but that is redundant.
The CCENT and the Net+ both cover networking fundamentals. They both cover networking components, such as hubs, switches and routers. Learning how ARP tables and routing tables works is important for anyone trying to get into information technology or infosec. The CCENT will ask you to know some basic Cisco configuration commands.
Operating System certifications
Microsoft has a great entry-level program called Microsoft Technical Associate. You can get an MTA in various topics of interest, I got mine in server fundamentals. Vmware also offers their certification associate program. These two programs look great on a CV and are just as easy to pass. They are considered entry level and should be targeted after getting your foundations set.
When should I get these certifications?
Most people that ask me about infosec certifications are set on advanced ones like CEH or OSCP. Those certs are great but they require more advanced knowledge. Starting out, you should focus on passing one certification every 6 months to a year. Faster than that and you may not retain the knowledge you need to learn. Certifications are great, but retaining the information is more important to growing your career.
If you are a student in school, you should wait until you take the corresponding courses. When I was in school, I took one course for the A+ and passed the test. The next term I took the second test and received my certification. I did the same thing with my Security+. After taking my second windows server class, I passed my MTA as well. I wish I did the same for my Cisco certifications.
After you have the foundation certifications, you should look to the area you would like to specialize in.
If you enjoyed this article, please subscribe to be notified about the latest posts and comment below. Thanks for reading!