CYBERSECURITY JOB HUNTING GUIDE
Pick your certifications
Author: Stefan Waldvogel
How can you select and choose the right certification?
Picking the proper certification or career path is a tough decision.
You can use LinkedIn to see their value. Valuable certifications offer a lot of open jobs. Let us compare some certifications / paths with open jobs in the US: eJPT (8/9), OSCP (1740/1814), CEH (4200/4690), CompTIA (10,700/10,200), CCNA (87,600/92,100), Azure (74,000/79,600), AWS (113,800/116,800). The first number stands for the middle of 2020 and the second for March 2021.
If you start your career, you can go for something with many open jobs. Most Cybersecurity jobs are not entry-level; therefore, the bright idea is to begin in a related area. This list shows you exactly where you should start your career, because overall we have 278,000 open positions in the cloud (March 2021) vs. 66,400 in Cybersecurity (March 2021) in the US. A unique aspect is further growth, and we see an exception. CompTIA certifications are helpful to get the basics but to get a job, the certs getting less important.
Find future trends:
If you search for people in combination with a cert, you can see future trends. Let us take eJPT and eCPPT. Here we have 2,700 / 914 certification holders (March 2021). In a couple of years, these people hire others, and they know the value of this certification.
Search specific
One hint: This list is general, do your research in your area/city. Some areas do not offer cloud jobs at all… it is useless if you add cloud knowledge and do not want to move. Working remote… yes… but more competition.
Cloud is huge… the network field is big, too. If you struggle to get a well-paid job… think about these two fields. Cybersecurity is very close to both areas.
Please do not trust me or someone else!
Try to find reliable and independent data. Let us say you are looking for a Security+ salary and open CompTIA’s webpage. You see crazy high salaries without a single disadvantage… this is sales! Sales articles look like this one: https://blog.eccu.edu/a-career-in-Cybersecurity-2025/. Think critically about everything connected with sales like universities, course providers, cert providers, paid reviews (most of them have affiliate links)… these companies want your money and highlight the positive side without mentioning the costs. I mentioned some excellent resources, but there are more. Payscale, Glassdoor, LinkedIn, and other job-hunting platforms are good resources because they show what employers will pay for your knowledge. This is the reference, nothing else.
What certification or course should I take?
To me, this is a tough question because we have so many certs (over 300) and paths in Cybersecurity. My favorite certifications and courses for the blue and red side are the following ones, but most likely, you have a different goal.
You can take the basic certs (if you need them to gain motivation), but they do not hold much value. Security+ might help you the most, because it is a DOD 8140 (8570) approved cert and a good starting point.
You can use LinkedIn to see their value. Valuable certifications offer a lot of open jobs. Let us compare some certifications / paths with open jobs in the US: eJPT (8/9), OSCP (1740/1814), CEH (4200/4690), CompTIA (10,700/10,200), CCNA (87,600/92,100), Azure (74,000/79,600), AWS (113,800/116,800). The first number stands for the middle of 2020 and the second for March 2021.
If you start your career, you can go for something with many open jobs. Most Cybersecurity jobs are not entry-level; therefore, the bright idea is to begin in a related area. This list shows you exactly where you should start your career, because overall we have 278,000 open positions in the cloud (March 2021) vs. 66,400 in Cybersecurity (March 2021) in the US. A unique aspect is further growth, and we see an exception. CompTIA certifications are helpful to get the basics but to get a job, the certs getting less important.
Find future trends:
If you search for people in combination with a cert, you can see future trends. Let us take eJPT and eCPPT. Here we have 2,700 / 914 certification holders (March 2021). In a couple of years, these people hire others, and they know the value of this certification.
Search specific
One hint: This list is general, do your research in your area/city. Some areas do not offer cloud jobs at all… it is useless if you add cloud knowledge and do not want to move. Working remote… yes… but more competition.
Cloud is huge… the network field is big, too. If you struggle to get a well-paid job… think about these two fields. Cybersecurity is very close to both areas.
Please do not trust me or someone else!
Try to find reliable and independent data. Let us say you are looking for a Security+ salary and open CompTIA’s webpage. You see crazy high salaries without a single disadvantage… this is sales! Sales articles look like this one: https://blog.eccu.edu/a-career-in-Cybersecurity-2025/. Think critically about everything connected with sales like universities, course providers, cert providers, paid reviews (most of them have affiliate links)… these companies want your money and highlight the positive side without mentioning the costs. I mentioned some excellent resources, but there are more. Payscale, Glassdoor, LinkedIn, and other job-hunting platforms are good resources because they show what employers will pay for your knowledge. This is the reference, nothing else.
What certification or course should I take?
To me, this is a tough question because we have so many certs (over 300) and paths in Cybersecurity. My favorite certifications and courses for the blue and red side are the following ones, but most likely, you have a different goal.
You can take the basic certs (if you need them to gain motivation), but they do not hold much value. Security+ might help you the most, because it is a DOD 8140 (8570) approved cert and a good starting point.
Note:
INE is no longer a good option. The free Starter Pass does not exist anymore and INE does weird things with their existing clients. I do not recommend INE.
Best practice
To find the proper knowledge/certifications, you can follow a best practice. It will help if you have the basics in many related fields and one area with the most knowledge. Broad knowledge in essential areas protects you against expensive mistakes. You can talk to your coworkers or customers and understand the bigger picture. You earn your money with one thing because here you have unique and valuable knowledge.
If you take an advanced certification, study it for longer because later you work with this knowledge. If you learn via brain dumps and cannot do the most straightforward tasks, you burned your name. You want to have a good feeling, and you want to know the most related tasks for this activity. The feeling as a reference is dangerous because of the imposter syndrome. Regularly, talk to people in the field to get a realistic view of your "real" level.
INE is no longer a good option. The free Starter Pass does not exist anymore and INE does weird things with their existing clients. I do not recommend INE.
Best practice
To find the proper knowledge/certifications, you can follow a best practice. It will help if you have the basics in many related fields and one area with the most knowledge. Broad knowledge in essential areas protects you against expensive mistakes. You can talk to your coworkers or customers and understand the bigger picture. You earn your money with one thing because here you have unique and valuable knowledge.
If you take an advanced certification, study it for longer because later you work with this knowledge. If you learn via brain dumps and cannot do the most straightforward tasks, you burned your name. You want to have a good feeling, and you want to know the most related tasks for this activity. The feeling as a reference is dangerous because of the imposter syndrome. Regularly, talk to people in the field to get a realistic view of your "real" level.
The basic certifications are the first step. You learn how to learn and how to take exams.
If you want a red job, most likely you need OSCP because HR loves it. You can read very different reviews about OSCP. Some people study 500 hours, get three known machines, finish the exam in 12 hours, study 1000 hours, solve any HTB machine in less than 4 hours, and cannot pass the exam. They get crazy tough machines with multiple databases and multiple web pages on one box…. It is a gambling exam, and it prepares you very well for CTFs but not so much for the actual world. Before you start OffSec's PWK (OSCP) course, make sure you have a very solid understanding of pen-testing. The PWK course is expensive, but you can learn the basics for free or very cheap. Do not spend money on learning Nmap, dirbuster, burp suite, etc. Go for INE's Starter Pass, TryHackMe, etc., and get the free knowledge first before you even think of OSCP.
You can use INE's Cybersecurity Pass ($750) to get a solid and more realistic approach. INE's labs reflect reality much better, and you can use any tools you want. OSCP has a ton of unrealistic restrictions; INE's / eLearnSecurity's exams are not like that. INE's Cybersecurity Pass included a lot more, it is for red and blue. If you have a whole year, you can reach a very, very high level in both fields.
If you want to go into purple or more toward becoming an Information Security Engineer, you can look at PurpleLabs (https://www.defensive-security.com/purplelabs/). This course is a good option if the employer pays for it.
If you want a red job, most likely you need OSCP because HR loves it. You can read very different reviews about OSCP. Some people study 500 hours, get three known machines, finish the exam in 12 hours, study 1000 hours, solve any HTB machine in less than 4 hours, and cannot pass the exam. They get crazy tough machines with multiple databases and multiple web pages on one box…. It is a gambling exam, and it prepares you very well for CTFs but not so much for the actual world. Before you start OffSec's PWK (OSCP) course, make sure you have a very solid understanding of pen-testing. The PWK course is expensive, but you can learn the basics for free or very cheap. Do not spend money on learning Nmap, dirbuster, burp suite, etc. Go for INE's Starter Pass, TryHackMe, etc., and get the free knowledge first before you even think of OSCP.
You can use INE's Cybersecurity Pass ($750) to get a solid and more realistic approach. INE's labs reflect reality much better, and you can use any tools you want. OSCP has a ton of unrealistic restrictions; INE's / eLearnSecurity's exams are not like that. INE's Cybersecurity Pass included a lot more, it is for red and blue. If you have a whole year, you can reach a very, very high level in both fields.
If you want to go into purple or more toward becoming an Information Security Engineer, you can look at PurpleLabs (https://www.defensive-security.com/purplelabs/). This course is a good option if the employer pays for it.
Know your goal!
Again, know your specific goal for this section because, in Cybersecurity, we have over 300 certifications. If you go for a higher certification, you need time and, many times, a lot of time and money. Some certifications require 500 hours of study time and more. If you do it right, you want two things:
Paper warriors can collect most certifications in a quick time. Many exams use questions, and if you google for brain dumps, you find them. Having a certificate opens the door to get an interview, but you need the understanding to do your job. Remember the advisor job role? It was all about understanding, and certifications are optional. Exams are helpful because they motivate us to learn all the things.
If you want to earn the big bucks, get the basics and pick one specialization.
The advisor role
For our advisor role, we need red and blue knowledge. RangeForce and INE offer this knowledge for free, but if you want, you can add some certifications/badges like eJPT (INE), SOC 1, and SOC 2 (RangeForce).
Why these certifications?
Think about the value of what you need, what you get, and how much you pay.
You can take the “famous” CEH and get a broad knowledge about Cybersecurity, but the pricing is a problem. CEH is extremely expensive, outdated, and a paper cert with a bunch of questions without a hands-on part. I did the v10 course version, and I wouldn’t say I liked it at all. It was a trap.
eJPT and SOC1/2 are affordable, and they offer hands-on training, which is between $100 to $300. Rangeforce’s prices are not stable, sometimes a path is $50, sometimes more. You have to request a demo. Big hint: if you are a student, ask for the student path… you get over 400 hands-on modules and many certs for $150(?).
Do you want more knowledge in combination with a certification?
At the moment, INE has a great offer, and it is $750 for an entire year (https://ine.com/pages/plans). INE offers blue and red hands-on labs. As a beginner, start with the free Starter Pass, and if you like the concept, you can buy the path. If you have problems or want to connect to people in the field, join the Unofficial eLearnSecurity/INE discord. They have study groups and more.
If you go into a field, try to collect all the information you need to pick the best certs. If you search for US relevant pen-testing certifications, it could look like this:
Again, know your specific goal for this section because, in Cybersecurity, we have over 300 certifications. If you go for a higher certification, you need time and, many times, a lot of time and money. Some certifications require 500 hours of study time and more. If you do it right, you want two things:
- The paper for HR and
- the understanding/knowledge to do your job
Paper warriors can collect most certifications in a quick time. Many exams use questions, and if you google for brain dumps, you find them. Having a certificate opens the door to get an interview, but you need the understanding to do your job. Remember the advisor job role? It was all about understanding, and certifications are optional. Exams are helpful because they motivate us to learn all the things.
If you want to earn the big bucks, get the basics and pick one specialization.
The advisor role
For our advisor role, we need red and blue knowledge. RangeForce and INE offer this knowledge for free, but if you want, you can add some certifications/badges like eJPT (INE), SOC 1, and SOC 2 (RangeForce).
Why these certifications?
Think about the value of what you need, what you get, and how much you pay.
You can take the “famous” CEH and get a broad knowledge about Cybersecurity, but the pricing is a problem. CEH is extremely expensive, outdated, and a paper cert with a bunch of questions without a hands-on part. I did the v10 course version, and I wouldn’t say I liked it at all. It was a trap.
eJPT and SOC1/2 are affordable, and they offer hands-on training, which is between $100 to $300. Rangeforce’s prices are not stable, sometimes a path is $50, sometimes more. You have to request a demo. Big hint: if you are a student, ask for the student path… you get over 400 hands-on modules and many certs for $150(?).
Do you want more knowledge in combination with a certification?
At the moment, INE has a great offer, and it is $750 for an entire year (https://ine.com/pages/plans). INE offers blue and red hands-on labs. As a beginner, start with the free Starter Pass, and if you like the concept, you can buy the path. If you have problems or want to connect to people in the field, join the Unofficial eLearnSecurity/INE discord. They have study groups and more.
If you go into a field, try to collect all the information you need to pick the best certs. If you search for US relevant pen-testing certifications, it could look like this:
In other countries, this looks different, and maybe CREST is an option, too. If you are in Singapore, look at the CSAT program.
Cybersecurity is enormous, and many people have very diverse opinions about certifications. Ask many people and do solid research based on actual job postings to find the best certification. Some certificates are just for you, and others are HR relevant.
Cybersecurity is enormous, and many people have very diverse opinions about certifications. Ask many people and do solid research based on actual job postings to find the best certification. Some certificates are just for you, and others are HR relevant.
© 2021. This work is licensed under a CC BY-SA 4.0 license