What are the Best Cyber Security Certifications for Beginners?
A lot of my students ask me which certifications they should take as they prepare to enter the field of cyber security. There are certainly a lot of certification options available, which can make this decision confusing to say the least. Because this is a such a common question, let’s take a look at the best cyber security certifications for beginners.
What are the best cyber security certifications for beginners? For most entry level people, the best cyber security certifications for beginners are the CompTIA Security+, CompTIA CySA+ and the Cisco CCNA Security certifications.
But just listing a few entry level cyber security certifications only tells half of the story. It doesn’t tell you how to get started, which one to take first, and doesn’t consider the massive amount of time and money it takes to pursue a certification. Because of this, I think the more important question is, what is the best cyber security certification PATH for beginners?
The best cyber security certification PATH for beginners
When we look at entry level cyber security certifications and which ones are a best fit on a certification path, there are a few factors and criteria that we want to consider. The best cyber security certifications for beginners will require the equivalent of two years or less of experience, cost less than $400 and only take one test to achieve. They also will not mandate a specific training be completed beforehand. Keep in mind that a number of exams require documented work experience in the cyber security field or a sponsorship from someone already in the field, so those would not qualify for entry level status either. We also want to choose a path that minimizes time and effort since our goal is to get certified and get hired quickly.
With these factors in mind, here is my view of the best cyber security certification path for beginners who are looking to enter field:
Step 1: CompTIA Network+ and/or Security+. CompTIA’s Network+ and Security+ are the first steps on our path to cyber security because they are highly recognized, only take one exam to earn, and do not have a minimum requirement of experience to qualify to sit for the exams.
You are probably wondering why I list two certifications in our first step and why they are listed as an and/or. Both the CompTIA Network+ and Security+ are listed because they have a great deal of overlap in content and preparing for one actually helps you prepare for both. If you choose to take both, take the Network+ first.
The Network+ covers basic computer networking concepts, such as routers, switches and protocols, and now has a great deal of network security content as well, such as cyber attacks and systems hardening concepts. The Security+ covers basic security concepts, such as cyber attacks and systems hardening, but also touches on network concepts such as routers and switches. See the point? It’s tough to talk about computer networks without also talking about security in our modern connected world, so there is now a good bit of overlap between the two exams. In fact, 20% of the Network+ exam is devoted to security concepts.
So, what should you do? If you already have strong networking knowledge and are pressed for time, you could just jump straight to the CompTIA Security+. I’ve had several students do that. I believe Security+ is more respected than Network+ and it is a true security certification. If you earn the Security+ first, many employers will probably assume you have the networking concepts down too.
If you are new to the cyber security field completely, going for the Network+ first would be helpful and a good use of time. It would also provide you with a solid foundation for your future certifications and your career. If you’re self studying and not enrolled in a training program, I think you definitely should go for the Network+ first just so you can build that foundational knowledge.
Step #2: Cisco CCENT and/or CompTIA CySA+. Two certifications in one step, again? Absolutely. Remember that the field of cyber security is very wide with lots of different domains and career options. Plus, we want and need flexibility since some of us made different decisions about the whether to sit for the Network+ exam in the first step.
Cisco CCENT is Cisco’s entry level “Cisco Certified Entry Network Technician” certification. It is not security based, but has a great deal of overlap with Network+, so if you are thinking of going into a career as a computer network administrator, network security analyst, or other computer networking-related career, and you have already studied and passed the Network+, the Cisco CCENT will be a relatively easy certification to pass. Plus, the CCENT sets us up for another potential Cisco security-based certification in the next step.
As a side note, I have seen the CCENT become more recognized and respected by employers as of late. Even employers that don’t use Cisco products recognize that your Cisco networking knowledge can be applied to their systems too. Keep that in mind as you move through our second step here.
CompTIA’s CySA+, which stands for Cyber Security Analyst, is a newer certification, and therefore is not as widely known or recognized. But it is developed and backed by CompTIA, which as a certification developer is widely recognized and has what probably can be considered the best suite of entry level IT certifications in the world. CompTIA places the CySA+ after Security+ on its track and suggests even more experience and knowledge as a prerequisite, so if you did well on the Security+, have continued to build your knowledge, and are becoming really passionate about the cyber security field, then sitting for the CySA+ would be a good idea. The CySA+ covers threat and vulnerability management and incident response-related topics that go beyond the Security+. It is a more challenging exam, so make sure you’re really ready for this one and that your knowledge is solid.
Step #3: Cisco CCNA Security and/or CompTIA PenTest+ or CASP. If you’ve made it to this point, you now have a number of certifications listed after your name and are probably qualified for an entry level position in cyber security. If you decide to continue on your certification journey, you should consider the three certifications listed in this step. The Cisco CCNA Security is pretty widely known and has a required prerequisite of CCENT, which you may have chosen to sit for in the second step. Our other optional certification exams at step #3 are the CompTIA PenTest+ and CompTIA CASP, also known as the CompTIA Advanced Security Practitioner. I like these exams for beginners because they are cost effective, require only one exam and do not require documented field experience. I recognize that there are other options at this level, such as the CISM (Certified Information Security Manager) offered by the ISACA organization, CEH (Certified Ethical Hacker) and SSCP (Systems Security Certified Practitioner), but these all either cost more than $400 or have some other prerequisite requirement that makes them a challenge for beginners and disqualifies them from our list.
Which exam or exams you choose to take at this step will really depend on your career goals and if your employer will pay for them. If you’ve worked through the three steps as outlined, you should have built up enough experience that working in the field should be a very real option for you, and you know enough about the field now that you can and should do your own due diligence on your certification path from this point on.
Good luck in your certification journey!
Should I take the CompTIA A+? The CompTIA A+ is still relevant, but takes two exams to complete and is aligned to computer technicians, so it matches to lower paid positions. It also is not a needed prerequisite for higher level certifications, so it can be bypassed for those pursuing a cyber security career.