top of page
DC Anderson

Top 5 Cyber Security Certifications for Beginners in 2021


User Studying on Computer

Technology certifications are a great way to get started in the industry. They provide the best bang for your buck in terms of education versus cost and many employers are starting to make hiring technology professionals more forgiving as the demand in the cyber security industry continues to increase. This means that if college isn't an option for someone who wants to get started, certifications offer the next best choice.

Fundamentals are the key One of the single best pieces of advice that I can provide to anyone who wants to get started in the Cyber Security industry is to learn the fundamentals of how technology works. No matter what trends or cycles occur, the fundamentals of TCP, routing protocols and other foundational components of technology have not changed for the better part of the last 40 years. Keeping in mind that software and even vendors change regularly, focusing on the core technical principles will provide the best results.


Top 5 Cyber Security Certifications for Beginners in 2021


The Top 5 Certifications to get started as a Cyber Security Beginner in 2021 are Linux+, Network+, Security+, CEH and the Associate of ISC2, which is the CISSP exam taken by a candidate who does not currently meet the experience requirements to earn a completed CISSP.


#5 - Linux + Cost: Starting at $319 Level of Difficulty (1-10): 4 Prerequisites: Experience with the Linux Operating System and the Bash Command Line Exam URL: https://certification.comptia.org/certifications/linux#exampreparation Overview: Linux + is a vendor neutral CompTia Certification that provides the basics of Linux Server administration. This certification will test your ability to use the command line interface and manage a Linux server for day to day operations. From a non security perspective, Linux is heavily used as web servers, on mobile devices, Internet of things devices and Virtualization. The exam objectives can be located here: https://www.comptia.jp/pdf/comptia-linux-xk0-004-exam-objectives.pdf What you need to study for the exam: Linux is open source and free to obtain so the only things you will need to learn are a computer and a Linux Installation, which makes the barrier to entry as low as it gets. Since Linux is free to use and open source, there are literally hundreds of different versions of it. I recommend CentOS to learn with as it is identical from a Kernel perspective to Red Hat which is what the vast majority of Enterprise businesses use. Another good version to learn is Ubuntu, although the syntax to do certain things will be different and exam will focus on CentOS. Why this Certification: Linux is used heavily in the Cyber Security World, more so than Windows is. As such, being comfortable with Linux and the bash command shell in particular will provide a large advantage. In addition, the ethical hacking or Pen Testing world frequently relies on Kali or Parrot Linux. Linux is also used quite frequently with mobile devices (Android is based off of Linux) so if your interest is with mobile application security, Linux is fantastic to have as a skill set. #4 - Network+ Cost: Starting at $319 Level of Difficulty (1-10): 3 Prerequisites: Experience with computer networking including configuration experience on Routers or switches is beneficial Exam URL: https://certification.comptia.org/certifications/network Overview: The CompTia Network+ is a vendor neutral certification that provides the foundation for the basics of computer networking. This certification will provide an introduction to core concepts such as TCP/IP, the OSI Model, Network topologies, the uses of switches, routers and security strategies used at the network level. The exam objectives can be found here: https://certification.comptia.org/docs/default-source/exam-objectives/comptia-network-n10-007-v-3-0-exam-objectives.pdf What you need to study: Any router or switch that you have available is useful but most of what you learn in this exam can be studied being using books, online training or YouTube. Another great option if you have it available to you is GNS3, which is a free program that can be used to simulate routers and firewalls (you will need image files of routers to use. Just Google this if needed). Cisco also makes a software program called Cisco Packet Tracer that is used in conjunction with their Cisco Network Academy, although this software is proprietary to that program. Another good study option is the Professor Messer Youtube channel located here: https://www.youtube.com/watch?v=LWJ8PHvAL6k&list=PLG49S3nxzAnnXcPUJbwikr2xAcmKljbnQ Why this certification: Computer networking is the circulatory system of the IT world and a must for the Cyber Security professional. All network traffic from the internet to the end point flows through the network and there are a vast array of attack vectors and mitigation factors to learn. For the absolute beginner, this is a great introduction. #3 - Security + Cost: Starting at $339 Level of Difficulty (1-10): 5 Prerequisites: Any Cyber Security Experience is useful as well as a reasonable degree of knowledge regarding networking and server administration Exam URL: https://www.koenig-solutions.com/CourseContent/custom//2020106445-CompTIASY0601Securityplus.pdf Overview: The Security+ is another CompTia certification that provides a very comprehensive introduction to the Cyber Security world. This exam provides a basic overview of a large array of Cyber Security topics such as Attacks, Risk Mitigation, Network Defenses, Cryptography and Security Tools. The Exam Topics can be located here: https://www.comptia.jp/pdf/Security%2B%20SY0-501%20Exam%20Objectives.pdf What you need to study: This exam doesn't require anything other than a computer and some study materials to pass as what you are learning is a huge volume of fundamentals regarding a rather large pool of topics, however having done some security work such as configuring Access Control Lists on a firewall or creating a DMZ on a network certainly helps. Something I absolutely recommend is to view all of Professor Messer's YouTube Channel videos for the Security+. He provides a very good training program free on YouTube located here: https://www.youtube.com/playlist?list=PLG49S3nxzAnnVhoAaL4B6aMFDQ8_gdxAy Why this certification: This certification is a baseline for many government based Security positions, often times holding this certification as a mandatory item for employment. But more importantly, this certification introduces most new candidates to a huge volume of security topics that are often foreign to a new Cyber Security student. The foundation of knowledge gained here is mandatory for a well rounded Security professional and is regarded as the most commonly searched associate level Security certification in the world today. #2 - Certified Ethical Hacker Cost: Starting at $1199 Level of Difficulty (1-10): 6 Prerequisites: A baseline knowledge of Kali Linux and the process of Pen Testing is very helpful here but the course is designed for the entry level security professional Exam URL: https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/ Overview: The Certified Ethical Hacker exam is an entry level certification designed to provide the means to understand the world of Penetration Testing from a practical and use case standpoint. This exam covers the means to understand the process of a pen test from the scope of work, the recon phase through the enumeration and exploitation phase. The exam covers all sorts of attack vectors and tools used to perform those attacks. This is a comprehensive exam and requires hands on use of a variety of those software packages to understand how to do the work. Of all the certifications I am listing in this article, this is the one I am least enthusiastic about. This exam is one that many pen test and vulnerability assessment jobs have listed on the application as a requirement but many in the industry utterly detest this exam. A better certification for hands on keyboard practical hacking assessment is the OSCP but this isn't what I would classify as an entry level certification. As such, I still stand by the CEH for true beginners. What you need to study: EC Council recommends taking their training before attempting this exam, which may be a good idea if you can afford it. This training is mandatory unless you have two years of documented information security experience and EC Council charges a $100 dollar application fee to prove that. This exam 100% requires a workstation with Kali Linux installed as well as at least a virtual victim machine to simulate attacks at a minimum. A full blown lab environment is recommended if you have that option to simulate more robust attacks. As an aside, I despise the price point EC Council has set for this exam (The cost has legit doubled in the last 7 years) and in many ways, it pains me to recommend it. Why this certification: This is the baseline certification for what most young people envision the Cyber Security industry to be, which is ethical hacking (more on this topic down the road). I include this here as this is the sexy hacking instruction people crave. Learning how to perform SQL Injection, privilege escalation, XSS and other common attack vectors will allow an entry level CEH to begin a career on the offensive security side of the fence. Ask and Ye Shall Receive. #1 - Associate of ISC2 Cost: Starting at $700 Level of Difficulty (1-10): 9 Prerequisites: This exam requires a significant volume of knowledge over a large array of topics both in the Cyber Security and Business. This is one of the more difficult IT exams in the world. I will explain why I have it here as a beginner certification in a moment Exam URL: https://www.isc2.org/Certifications/CISSP Overview: This is the CISSP exam which stands for Certified Information Systems Security Professional. The difference between a full blown CISSP and an Associate of ISC2 is the lack of the experience requirement needed to obtain the CISSP (4 years of full time Information Security work in 2 of the 8 CISSP Domains if you have either a 4 year degree or another qualifying certification or 5 years without either). Like it or not, the CISSP is THE single most sought after Cyber Security Certification in the world. It is a very difficult exam that consists of topics that are a mile wide and about 3 inches deep. This is the Security+ on super steroids, requiring knowledge of a vast array of technical disciplines as well as business knowledge from the perspective of the CISO. This exam will test your grasp of the English language and your ability to perform logic problems, much like LSAT exam does for perspective attorneys. ISC2 breaks down the exam topics into what they call the CISSP Common Body of Knowledge. There are presently 8 domains, each domain holding a massive array of potential questions. A list of the current exam topics is listed here: https://www.isc2.org/-/media/ISC2/Certifications/Exam-Outlines/CISSP-Exam-Outline-121417--Final.ashx What you need to study: This test requires a huge volume of studying for a beginner. The question bank is massive and most of what you will be learning is likely to be new content. There are no configuration questions on the exam so the only prerequisites you will need are some studying materials (a book, YouTube and an online course are all recommended for this. You will likely need them all) as well as dedicated time on a consistent basis. It is not uncommon for people to study for this test for months even years. The test itself is a computer adaptive test which works a little different than previous versions of this exam. The test now will provide you questions and based on how you answer. Here is a good example of this process: - The test consists of at least 100 but no more than 150 questions. You have 3 hours to complete the exam. There are also up to 25 experimental questions that are not scored but instead used to evaluate for future exams. Regardless, you will not know which are which so you must treat each question the same. - The test can end early depending on how you are doing. If you are doing very poorly or very well, the Computer Adaptive Testing engine may decide you have either passed or failed prior to hitting the maximum questions permitted on the exam. - This test works very much like Chess ELO. You start at a median value, lets say 1500 score. And if you get a question right, your score goes up. It will then ask you a more difficult question. If you answer that correctly, it goes up again. It tracks this for each of the domains on the exam. If you answer enough correctly, it may stop asking you questions in that domain and choose another. The goal of the engine is to figure out which domain you are weakest in and push you to your limit. In many ways, this makes passing the CISSP more difficult now versus the paper exam as it is very much designed for you to fail. Why this certification: This is as close to a CISSP as one can get without the experience and make no mistake, the CISSP is the single most requested, required and evaluated certification in the industry in 2021. The CISSP is the gold standard for Cyber Security certifications. In many ways, the CISSP is worth more to employers than a 4 year degree. There are more jobs asking for the certification than people who currently hold it: https://www.cyberseek.org/heatmap.html Passing this exam as a beginner to the Cyber Security profession shows ambition and determination and can very likely land you an entry level job in the industry. The biggest challenge to this option is two fold. First, many HR departments may not understand what being an associate of ISC2 means however IT professionals should be aware. And second, this is a bear of a test and will require a major time investment particularly as someone new to the industry. In Closing No matter which of these you choose, getting certified is the least path of resistance to landing that first interview for a Cyber Security position. Keep in mind there are plenty of other certifications that can also get you started in the profession; I just chose these as I feel they are the best five for the industry and provide the most meaningful skills for success. Which certification do you want to start with? Did I miss a certification you feel is better suited to get you started? Feel free to comment below!

Comments


bottom of page