Certifications, hacking experience, or being a unicorn? What’s really needed to kick off your career in cybersecurity? Every week, our team selects one pressing and common reader issue and deconstructs it to help you stay safe online.
Cybersecurity is booming, the paychecks are getting bigger, while headlines scream about a talent shortage. Landing a job should be easy, right? Well, not exactly.
When it comes to practicalities, starting from scratch is trickier. While cybersecurity is a relatively new career path, the direction might not seem as clear as with other professions.
A newcomer on Reddit summed it up perfectly with the question: Where do I actually start, and what’s worth my time, money, and sanity?
Cybernews cuts through the noise, explaining which certifications are worth your time. And of course, discussing what else is needed to kick off your career in cybersecurity.
Hands-on experience is crucial
“Honestly, my advice is don't stress too much about the specific cert, especially at the start. The hands-on skill is what matters most. I've been doing the paths on Hackviser, and I really like their model,” advised one Redditor.
That answer is not far from reality. While theoretical knowledge is important, practical experience remains the key.
According to a hiring trends report by ISC2, a nonprofit organization for cybersecurity professionals, 90% of recruiters consider candidates with prior IT work only.
Certifications are seen more as “nice to have,” but there are key exceptions. According to the organization, the following three certifications hold the most weight and could help you land a cybersecurity job:
- Certified in Cybersecurity (CC) by ISC2
- CASP+
- Security+ from CompTIA\
Cybersecurity specialists require a variety of skills
During an interview with Cybernews, Jon France, Chief Information Security Officer at ISC2, highlighted other important skills that you might not obtain solely with the certification, but which are crucial for being a good cybersecurity specialist, including being “fluent in solving business problems.”
Certifications help, but they aren’t everything. Experience – whether from IT, compliance, or even distinct fields like law or finance – can be effectively transferred.
What do hiring managers really look for? According to France, the ideal candidate is a problem-solver, a logical thinker who understands how an organization works. Someone who can learn, communicate, and think creatively.
“The challenge… is getting over the myth that it’s all about technical skills. It’s not. It’s about understanding business,” France said.
Cybersec pros recommend SANS certification and playing with HackTheBox
We asked a cybersecurity specialist within our company, and his response was that he sees SANS certificates as the most valuable.
“They are pricey but really good. In second place, I would say, could be Offensive Security certificates,” he said.
“I might mention a few other platforms – HackTheBox and TryHackMe, which have certificates, and they have nice practical learning paths,” he advised.
“And lastly, everything that is left – some are better and some are bad, but mostly, in my opinion, not worth bothering with.”
Don’t forget, as cybersecurity encompasses various fields, including Communication and Network Security, Security Architecture and Engineering, Identity and Access Management, Security Assessment and Testing, and others, it is essential to check the available certifications in each field.
Unlock more exclusive Cybernews content on YouTube
Your email address will not be published. Required fields are markedmarked