YouTube Cyber Security Questions Answered: “Should I take CEH or OSCP first? What about CISSP?”
Our YouTube viewers are often actively working towards cyber security expertise and have great questions for us! Upon answering a question last week, I decided it may be nice to go into depth with some of these questions by blogging more detailed responses. Here is my first attempt at answering these questions comprehensively:
Last week, YouTube user bob hilkin asked us whether they should take CEH before OSCP as well as what our thoughts on CISSP was.
Here’s the short answer I gave in return:
Now, let’s go a bit deeper into Security +, CEH, OSCP and CISSP for a deeper look into cyber security training pathways.
While a certification may not be a one-way ticket to a high salary and job security, it will definitely help you land a job, if you’re new to the field, and will likely up your pay-rate. Some companies require specific certifications for specific roles.
Some certifications show a broad understanding, while others show specialist expertise. It’s important you have a clear idea of your desired career path before diving in to certifications.
With all this in mind, let’s break down the three cyber security certifications mentioned in Bob Hilkin’s question and the additional certification I bring up in my answer.
CompTIA’s Security +
Security+ is an industry-recognized certification that has become one of a few certifications which many employers require as a prerequisite for applying to jobs at certain companies and government agencies. Another perk of the Security + certification is that it isn’t limited to a specific technology or vendor.
This certification will help you build foundational knowledge of essential skills to break into the industry. It’s a great certification to start with, then build your resume with more specific certifications on top of it.
Per PayScale, out of 2,896 votes by those with a Security + certification rate their job satisfaction with 5 out of 5 stars. Once you have your Security + certification, apply for some entry-level positions so you can start gaining experience as you continue on your certification course work.
Certified Ethical Hacker (CEH)
The EC-Council Certified Ethical Hacker exam is for those seeking the title of Ethical Hacker. This is a highly technical job and requires in-depth knowledge of penetration testing and the cyber security field at large.
The exam and course work are focused on tools and theory. So, while CEH is an industry-recognized certification, it will not get you far without actual penetration testing experience.
The CEH Exam proves industry knowledge of penetration testing. Our course focuses not only on the theories and tools a professional hacker would use when conducting a penetration test, but also helps students gain an insight into the day to day workflow of an ethical hacker.
A CEH certification also requires holders to take the exam again, every three years, to ensure they are privy of shifting trends in the industry. This can give an edge to applicants when applying with a company who is familiar with this certification.
Offensive Security Computer Professional (OSCP)
OSCP is another frequently asked for certification and a great follow-on from CEH. However, it depends on what career you are working for as it is essentially a Kali Linux training course, and not all companies or roles will require such knowledge.
While the course will help you validate yourself for specific roles, it may be just as well to acquire your CEH and take a Kali Linux training course- just so you have that knowledge without having to spend the cash to take the OSCP exam.
On the flip-side, OSCP does include a lot more hands-on, practical knowledge that the CEH exam does not cover. Also, that OSCP is a 24 hour exam, it proves the persistence and dedication required of a professional penetration tester.
Again, this will take some research and decision making on your part, as it really all depends on what career path you’re on.
Certified Information Systems Security Professional (CISSP)
A CISSP certification, from (ISC)2 is the most widely coveted certification for an information security professional to have. It shows comprehensive technical knowledge as well as proof of experience (as you need 5 years of experience to qualify for taking the exam.
It also focuses on some managerial skills that position you nicely for promotions, or a faster break into mid-higher level positions.
With a combination of advanced technical skills and soft-skills required for a successful security professional, CISSP is highly regarded and recommended among information security experts and businesses alike.
It’s a 6 hour exam with 250 questions, available in 7 languages, as well as a version for the visually impaired.
I hope this explanation has been helpful. It’s hard to give generic advice on a subject that requires deep thought and personalization depending on an individual’s personal career goals. Whatever your career goals may be: study hard, network fervently and take every opportunity presented to you that will help you land your dream job!
Looking to expand your information security and privacy knowledge? Wanting to better understand how to defend yourself against malicious attacks? Considering starting a career in cyber security? Look no further! Start your education and training today!
CyberTraining 365 is an online academy that offers nearly 1,000 hours of relevant and cutting edge cyber security training. Our training provides the most in-demand industry certification prep courses including EC-Council, CompTIA, (ISC)2 and Cisco; all taught by leading cyber security experts. All of our offerings are aligned with the national initiative for cyber security education (NICE) and ensure the most up-to-date information for this constantly shifting field. With engaging content in a scenario-based format, CyberTraining 365 uses bite-sized micro-learning methodology ensures learners are not overwhelmed with information. On Demand, LMS platform has white-label capabilities ideal for internal training purposes.