Cyber Security continues to be a hot industry and there are those who are interested in looking to break into the industry coming from positions like IT Help Desk, IT Infrastructure, or those looking to do a complete career change all together. Security certifications continue to be known as a great avenue to super charge your career, getting a jump on the competition – by validating and proving to would be hiring managers or recruiters that you’ve obtained the knowledge to at least pass a security exam and it may be worth taking a chance on you. There are tons of organizations that offer security exams, but which are the best?
Here is a list of the best cyber security certifications for beginners either fresh out of school with little to no experience or for those looking to make a career switch.
CompTIA Security+
The CompTIA Security+ is the quintessential baseline security exam and the associated books or courses you can find to study for this exam give prospecting exam students a great baseline for all the basic security concepts and terminology that is invaluable to have an understanding for as you continue to develop your security knowledge over the years. It covers concepts from encryption to types of malware to compliance standards and regulations that are at play within the space of security. All-in-all for the exams relatively low price there isn’t an entry level exam that has more bang for buck.
The best book to prepare yourself for the CompTIA Security + exam is this book:
GIAC Information Security Fundamentals GISF
For those with some money to blow, or are fortunate enough to get some employer sponsorship, the SANS SEC 301 course and accompanied GIAC certification is a great choice of beginners interested in diving into the field of Cyber Security. It too goes over security fundamentals like the CIA tirade, networking concepts and notions like least privilege and zero trust. The advantage of taking a SANS course and obtaining a GIAC certification is it’s a more well respected in the security origination than CompTIA because of its prestigious alumni of instructors and the free resources it provides to the security community like the internet storm center, their bevy of whitepapers and how-to articles. The great thing about SANS courses is they have no shortage courses that specialize in the different paths of security, unfortunately coming with a hefty price tag.
The only assure way to pass a GIAC certification is to take the exams’ associated course, as it follows an open book format and you will need the material they provide. Taking the test completely blind is possible, but is not ideal.
EC-Council CEH
Hacking and Offensive Security has always been looked at as the “Sexy” part of security, even more so now than in previous years because of high profile hacks like Lo4J or the Colonial Pipeline hack. For those interested in scratching the surface of the realm of Offensive Security the CEH is a good beginner’s certification. However, if you want serious offensive security people, red teamers and the like to take you seriously this should be looked at your first baby step in offensive security and not a license to think you’re fit to test an actual enterprise’s network. Nevertheless, the CEH will teach you basic security fundamentals and about typical tools that testers use for port scanning like nmap. If you are serious offensive security, you should look at certifications like Offensive Security’s OSCP or SANS’s GPEN. Note that most offensive security personal fall into two buckets: Consultants working on behalf of clients or working as in-house security for an organization.
The best book to prepare yourself for the CEH exam is this book:
ISC2 Security Administration and Operations SSCP
ISC2 is probably the preeminent security organization for professionals based on its sheer number of members. It’s most well-known certification is the CISSP, which is for industry veterans, however, it’s newer lesser known certification is the SSCP or Security Administration and Operations exam. This exam and associated course work teaches you about most of the same domains that are prevalent in more well CISSP exam. This include cryptography, security operations and administration, and incident response to name a few. This is a great exam to early security professional or those already in technology looking to make the security jump.
The best book to prepare yourself for the SSCP exam is this book which also comes with a few practice tests:
Azure Fundamentals or AWS Cloud Essentials
The last pair of certifications that are great for beginners are our first vendor specific certification being Microsoft Azure and Amazon AWS’s fundamental cloud certifications. These certifications teach you the basics about all the services these vendors offer in their cloud environment. Even if you don’t plan on being a cloud security engineer or cloud architecture in the long run – there will be a very high chance that at some point you will need to know about some specific services in AWS or Azure, and as organization continue to move their environments and data into the cloud is imperative that you understand the basics about how these two major cloud provider services’ work.
Both exams have great study material which can be found here:
