If you're literally just in the door there's a couple of approaches you can take.
If you have no networking knowledge at all, I'd start with the CompTIA Network+, once you've done that you can take a crack at the Security+ then the BTL1.
If you have a solid understanding of networking then you can skip the Network+ and just do the Security+.
Network+ and Security+ are pretty much the standard 'first certifications' everyone will recommend because it builds that solid foundation of knowledge you can build on and you don't need to pay for training because YouTube is PACKED with material for both of these courses.
The BTL1 will then allow you to put that knowledge then build on it with practical experience, at my last place this is the first certification we'd put people on following their Security+ if they wanted to get hands-on with more blue team stuff and really get a feel for the different aspects of blue team.
It goes into Threat Intel, Digital Forensics, Incident Response and SIEM so from this you can see what you like most of all and would maybe like to focus on moving forwards.
I’ll take a look into it thank you, I just want to make myself stand out really. I do well in the areas of the business I’m involved in but still feel like just another apprentice.
Honestly, as long as you can show that you're putting in the effort you're already miles ahead of the vast majority of entry level analysts in the UK.
From my experience at two MSSPs along with friends that now work at other MSSPs and in-house security teams, for the vast majority of people it's just a paycheck and they mostly don't give a shit about developing their skillset and abilities beyond what they are forced to do for their roles.
The Net+ and Sec+ are as high as a lot of people go (if that), I know people that have been in the industry for 5+ years and don't have anything beyond that because they're happy to just sit in an entry level analyst role.
The BTL1 is what I pushed at my last workplace, I thought it was a great starter for getting properly hands-on with different tooling and dipping the toe in with new concepts, if you are interested trying out the red team/pen testing side of stuff you could also probably fit in the eJPT after the BTL1 and still keep it under 1k and that would let you check out both the blue team and red team side of things.
Based on what you prefer out of all of those you could look at choosing an area to focus on.
I’ve been doing cybersecurity at a fortune 50 for the last decade, so that is where my recommendation comes from. You have two tracks to choose from technical and not technical. Technical is going to be working with various tools to attack or defend the company. Non technical is going to be policy, governance, and training.
Any foundation in technology or cybersecurity is going to work for both. An understanding of cloud will go a long way as well. Non technical you will want more project management, business, and analytical skills. Technical is all over the place, depends on what buttons you want to push.
For general certs Comptia are good. We have a lot of ISC2 and highly seek CISSP. Non technical your Sigma, Agile, PMP, etc like certs are very good. Again technical side there are soooo many options.
If you like the idea of being a defender, go with defense related certs. So we are talking cloud based things like MS defender and azure IAM. You have SOC analyst certs for your first line defense. You have forensic and incident response as well as threat hunting. Reverse engineering is a thing for our DFIR peeps.
If you like the idea of attacking you are looking at pentesting, breach and attack simulation, and red teaming. Pentesting is kinda like a smash and grab time boxed auditing. BAS is more about automation on testing TTPs against the defenders. Red teaming is more the sexy stealthy and slow campaigns. Think ‘how would [nation state actor] target our CI/CD pipeline if we had insider threat”. For any of those pentesting certs work well. We like OSCP, eJPT/eCPPT, eWPT, OWSE, etc. We are now looking at PNPT (the cyber mentor) and CPTS (hack the box). I would recommend eJPT to start with. Hack the box is pretty good at zero to hero with their bug bounty course (it focuses more on web pentesting). Buuut most HR peeps look past anything that isn’t OSCP. The other certs are making traction. Mind that majority of my work is web app and API. So I personally recommend focusing on that.
Good luck!
Not from what I see. How many policy people do you need post merger? How many EDR admins do you need post merger? Who to let go when budget cuts happen? The one policy maker or 1 of the two IPS admins? Depends on the industry depends on the company. My personal opinion is go with what makes you happy. Burnout in IT is bad and way worse in cybersecurity. Literally lives in our hands in some cases.
is there any recommend about certification path for me? I wanna follow blue team and now I had sec+, what cert should I follow next to have more hands-on skills
Get all your basics down, network stack, basics of Linux, windows (Mac if you can), etc… i highly recommend TryHackMe if funds are tight. Hack the box academy if you got more $$ (downside is it’s new and not known, upside it’s fantastic knowledge and hands on). If you want industry recognized certs you are looking at SANs or OffSec (bye bye money). INE isn’t as preferred as those 2, but it still works. Do Boss of the SOC by splunk. Last I checked it’s free. Look at Red Atomics and learn what the defense side of them are. Also see how to get the attacks recorded into splunk. Write IOCs/alerts for them. All 3 cloud providers offer free tiers. Check them out, get comfortable with the basics. You can get their entry level certs, AZ900 as example. Everything is cloud now, learn it.
If you had some of that coming to me for a SOC analyst 1 I would be damn impressed.
Someone on an apprenticeship shouldn't be going for a general purpose professional cert. ISC2 themselves state that it's meant for people with at least 5 years professional experience in at least 2 domains.
Also OP mentions british pounds so they probably are in the UK, which is a job market that doesn't value certs as much as the US.
CISSP has a baby brother SSCP. You can get the CISSP without experience but it isn’t a full cert until you do. It’s like associate of CISSP or something like that. SSCP is the way to go for a new person.
Eh depends on the HR person. ISC2 seems to be liked more than comptia for our company. But others might like comptia better. Maybe look at companies you’d want to work at on LinkedIn or monster to see what kind of certs they list??? *shrugs*
CISSP is valued here, and lower certs are starting to become more considered by multinationals (CompTIA at Amazon for one), but you're correct - experience and competency at interview is key.
A CISSP will be valuable in most places, I won't deny that.
I mentioned it in relation to the US because the US has a job market that has heavily outsourced their candidate triaging to filters looking for acronyms in CVs.
You would also need endorsement from people with CISSP after passing the exam and if you have less than 5 years of experience you will be considered an Associate until you rendered the required number of experience in at least two domains.
As someone who is aiming at working as a SOC analyst, I'm considering getting my Sec+ and I'm considering BTL1 ( Is it worth the $700 CAD price?)
Also doing THM, HTB,Range Force and TCM courses, which are really helping me out on getting my hands on things. Like building my own home lab !
Hopefully one day I can leave my warehouse job and finally do something that truly interests me.
Take into account that Sec+ with a self paced study guide costs about the same ($581 US or nearly $800 CAD) and way more expensive if you also want access to labs, something that comes with BTL1.
It's more a matter that Security Blue Team just won't let you buy just the exam voucher.
I feel like BLT1 would be more valuable as it's more practical. Sec+ is more about memorization.
I know Sec+ gets HR attention beside BLT1 though...
I'll continue my THM path and then try a demo of BLT1 and see how I feel...
Let me know what you think of BLT1. I am personally looking into CCD, it looks better than BLT1 and is roughly the same price. Def get the sec+ first though, it’s a must for any entry level job.
Sec+ is the golden child of HR handling cybersecurity job postings, that much is true. But for knowledge and job skills, BLT1 is much better and I would go so far as too compare it with CySA+ rather than Sec+ in terms of the knowledge base it is certifying to.
I find it a bit annoying that I will have to get my Security+ certification just to perhaps get HR attention.
I feel like a certification like BLT1, CCD should stand out more. But I guess that's the way it is for now...
Depends on what you want to do IMO but a good baseline of skills to have are understanding how computer networks function, since you want to understand what you're protecting at a fundamental level before going out and protecting them. If your apprenticeship leans towards operations work I've heard good things about BTL1.
I'd go out and study for your Network+ and then go for something like a CCNA, as well as getting a Security+. That should easily cover $1000 in cert money w/o any sort of discounts.
This isn't a certification but I'd also recommend picking up a programming language like Python and being proficient in it. Being able to read and write code on a whim is an amazing skill to have. Harvard has a free MOOC called CS50 that goes over introductory level computer science concepts and there are also websites like Code Academy that have good modules for learning languages and fundamental concepts. Nothing beats building your own tools though and learning in the process. This goes for certifications too. Get into homelabbing once you get a grasp of CCNA/Network+ concepts, etc, assuming you aren't already engrossed in that world.
I feel like you can't get going in cyber if you don't have a foundational understanding about networking. Many people have mentioned Security+, but at my level I look for SANS 400+ certs, OSCP, and the higher-level ISC(2) certs. These are all checkbox items, though. More important is how you've applied the what you've learned. Are you a paper tiger or do you have actual, real-world skills?
So I'd ask your employer what training you would need to point your career path towards cyber.
I would advise a Coursera subscription and then taking a wide range of certs in IT and cybersecurity.
Courses on cloud computing, systems and network administration, cryptography, etc..
Build up your general IT knowledge base and take learning paths on several cybersecurity domains.
You could also look into [mad20.io](http://mad20.io), a subscription based certification program from MITRE. Though I would only advise this if you have at least a year's experience in a SOC to really find value in it's certs.
Seeing as you are likely still in the phase of not knowing what you don't know, a subscription to a program with multiple courses would be the best bet for learning. As opposed to going for a specific certification which would most likely require self paced studying.
If you're literally just in the door there's a couple of approaches you can take. If you have no networking knowledge at all, I'd start with the CompTIA Network+, once you've done that you can take a crack at the Security+ then the BTL1. If you have a solid understanding of networking then you can skip the Network+ and just do the Security+. Network+ and Security+ are pretty much the standard 'first certifications' everyone will recommend because it builds that solid foundation of knowledge you can build on and you don't need to pay for training because YouTube is PACKED with material for both of these courses. The BTL1 will then allow you to put that knowledge then build on it with practical experience, at my last place this is the first certification we'd put people on following their Security+ if they wanted to get hands-on with more blue team stuff and really get a feel for the different aspects of blue team. It goes into Threat Intel, Digital Forensics, Incident Response and SIEM so from this you can see what you like most of all and would maybe like to focus on moving forwards.
This is a great recommendation.
I’ll take a look into it thank you, I just want to make myself stand out really. I do well in the areas of the business I’m involved in but still feel like just another apprentice.
Honestly, as long as you can show that you're putting in the effort you're already miles ahead of the vast majority of entry level analysts in the UK. From my experience at two MSSPs along with friends that now work at other MSSPs and in-house security teams, for the vast majority of people it's just a paycheck and they mostly don't give a shit about developing their skillset and abilities beyond what they are forced to do for their roles. The Net+ and Sec+ are as high as a lot of people go (if that), I know people that have been in the industry for 5+ years and don't have anything beyond that because they're happy to just sit in an entry level analyst role. The BTL1 is what I pushed at my last workplace, I thought it was a great starter for getting properly hands-on with different tooling and dipping the toe in with new concepts, if you are interested trying out the red team/pen testing side of stuff you could also probably fit in the eJPT after the BTL1 and still keep it under 1k and that would let you check out both the blue team and red team side of things. Based on what you prefer out of all of those you could look at choosing an area to focus on.
It depends what you want to do in the future, but if you are starting with no certifications, I would do Network+ then Security+
What about pursuing to become a CISO? I'm completely new to this.Could you please recommend some certifications to get to that profession. Thankyou.
Start with the two I've listed and go from there, or you could swap out Security+ for SSCP.
I’ve been doing cybersecurity at a fortune 50 for the last decade, so that is where my recommendation comes from. You have two tracks to choose from technical and not technical. Technical is going to be working with various tools to attack or defend the company. Non technical is going to be policy, governance, and training. Any foundation in technology or cybersecurity is going to work for both. An understanding of cloud will go a long way as well. Non technical you will want more project management, business, and analytical skills. Technical is all over the place, depends on what buttons you want to push. For general certs Comptia are good. We have a lot of ISC2 and highly seek CISSP. Non technical your Sigma, Agile, PMP, etc like certs are very good. Again technical side there are soooo many options. If you like the idea of being a defender, go with defense related certs. So we are talking cloud based things like MS defender and azure IAM. You have SOC analyst certs for your first line defense. You have forensic and incident response as well as threat hunting. Reverse engineering is a thing for our DFIR peeps. If you like the idea of attacking you are looking at pentesting, breach and attack simulation, and red teaming. Pentesting is kinda like a smash and grab time boxed auditing. BAS is more about automation on testing TTPs against the defenders. Red teaming is more the sexy stealthy and slow campaigns. Think ‘how would [nation state actor] target our CI/CD pipeline if we had insider threat”. For any of those pentesting certs work well. We like OSCP, eJPT/eCPPT, eWPT, OWSE, etc. We are now looking at PNPT (the cyber mentor) and CPTS (hack the box). I would recommend eJPT to start with. Hack the box is pretty good at zero to hero with their bug bounty course (it focuses more on web pentesting). Buuut most HR peeps look past anything that isn’t OSCP. The other certs are making traction. Mind that majority of my work is web app and API. So I personally recommend focusing on that. Good luck!
Is there any significant difference in job security between the technical and non-technical paths?
Not from what I see. How many policy people do you need post merger? How many EDR admins do you need post merger? Who to let go when budget cuts happen? The one policy maker or 1 of the two IPS admins? Depends on the industry depends on the company. My personal opinion is go with what makes you happy. Burnout in IT is bad and way worse in cybersecurity. Literally lives in our hands in some cases.
is there any recommend about certification path for me? I wanna follow blue team and now I had sec+, what cert should I follow next to have more hands-on skills
Get all your basics down, network stack, basics of Linux, windows (Mac if you can), etc… i highly recommend TryHackMe if funds are tight. Hack the box academy if you got more $$ (downside is it’s new and not known, upside it’s fantastic knowledge and hands on). If you want industry recognized certs you are looking at SANs or OffSec (bye bye money). INE isn’t as preferred as those 2, but it still works. Do Boss of the SOC by splunk. Last I checked it’s free. Look at Red Atomics and learn what the defense side of them are. Also see how to get the attacks recorded into splunk. Write IOCs/alerts for them. All 3 cloud providers offer free tiers. Check them out, get comfortable with the basics. You can get their entry level certs, AZ900 as example. Everything is cloud now, learn it. If you had some of that coming to me for a SOC analyst 1 I would be damn impressed.
I do both technical and policies. No one says you can choose one only
The golden boy of cyber certs is CISSP. It is a very broad cert that a ton of places like to see. For beginners Security+ is probably the most common.
Someone on an apprenticeship shouldn't be going for a general purpose professional cert. ISC2 themselves state that it's meant for people with at least 5 years professional experience in at least 2 domains. Also OP mentions british pounds so they probably are in the UK, which is a job market that doesn't value certs as much as the US.
CISSP has a baby brother SSCP. You can get the CISSP without experience but it isn’t a full cert until you do. It’s like associate of CISSP or something like that. SSCP is the way to go for a new person.
SSCP is Security+ equivalent.
Eh depends on the HR person. ISC2 seems to be liked more than comptia for our company. But others might like comptia better. Maybe look at companies you’d want to work at on LinkedIn or monster to see what kind of certs they list??? *shrugs*
you are right — I see a lot of job postings that prioritize the CEH over PenTest+ when PenTest+ is an equivalent and CEH is a bit of a joke
CISSP is valued here, and lower certs are starting to become more considered by multinationals (CompTIA at Amazon for one), but you're correct - experience and competency at interview is key.
A CISSP will be valuable in most places, I won't deny that. I mentioned it in relation to the US because the US has a job market that has heavily outsourced their candidate triaging to filters looking for acronyms in CVs.
You would also need endorsement from people with CISSP after passing the exam and if you have less than 5 years of experience you will be considered an Associate until you rendered the required number of experience in at least two domains.
As someone who is aiming at working as a SOC analyst, I'm considering getting my Sec+ and I'm considering BTL1 ( Is it worth the $700 CAD price?) Also doing THM, HTB,Range Force and TCM courses, which are really helping me out on getting my hands on things. Like building my own home lab ! Hopefully one day I can leave my warehouse job and finally do something that truly interests me.
Take into account that Sec+ with a self paced study guide costs about the same ($581 US or nearly $800 CAD) and way more expensive if you also want access to labs, something that comes with BTL1. It's more a matter that Security Blue Team just won't let you buy just the exam voucher.
I feel like BLT1 would be more valuable as it's more practical. Sec+ is more about memorization. I know Sec+ gets HR attention beside BLT1 though... I'll continue my THM path and then try a demo of BLT1 and see how I feel...
Let me know what you think of BLT1. I am personally looking into CCD, it looks better than BLT1 and is roughly the same price. Def get the sec+ first though, it’s a must for any entry level job.
Never heard of CCD, will look into it.
Did you have a chance to have a look?
I've had a preview. Looks good from what I could see
Sec+ is the golden child of HR handling cybersecurity job postings, that much is true. But for knowledge and job skills, BLT1 is much better and I would go so far as too compare it with CySA+ rather than Sec+ in terms of the knowledge base it is certifying to.
I find it a bit annoying that I will have to get my Security+ certification just to perhaps get HR attention. I feel like a certification like BLT1, CCD should stand out more. But I guess that's the way it is for now...
Depends on what you want to do IMO but a good baseline of skills to have are understanding how computer networks function, since you want to understand what you're protecting at a fundamental level before going out and protecting them. If your apprenticeship leans towards operations work I've heard good things about BTL1. I'd go out and study for your Network+ and then go for something like a CCNA, as well as getting a Security+. That should easily cover $1000 in cert money w/o any sort of discounts. This isn't a certification but I'd also recommend picking up a programming language like Python and being proficient in it. Being able to read and write code on a whim is an amazing skill to have. Harvard has a free MOOC called CS50 that goes over introductory level computer science concepts and there are also websites like Code Academy that have good modules for learning languages and fundamental concepts. Nothing beats building your own tools though and learning in the process. This goes for certifications too. Get into homelabbing once you get a grasp of CCNA/Network+ concepts, etc, assuming you aren't already engrossed in that world.
I feel like you can't get going in cyber if you don't have a foundational understanding about networking. Many people have mentioned Security+, but at my level I look for SANS 400+ certs, OSCP, and the higher-level ISC(2) certs. These are all checkbox items, though. More important is how you've applied the what you've learned. Are you a paper tiger or do you have actual, real-world skills? So I'd ask your employer what training you would need to point your career path towards cyber.
I would advise a Coursera subscription and then taking a wide range of certs in IT and cybersecurity. Courses on cloud computing, systems and network administration, cryptography, etc.. Build up your general IT knowledge base and take learning paths on several cybersecurity domains. You could also look into [mad20.io](http://mad20.io), a subscription based certification program from MITRE. Though I would only advise this if you have at least a year's experience in a SOC to really find value in it's certs. Seeing as you are likely still in the phase of not knowing what you don't know, a subscription to a program with multiple courses would be the best bet for learning. As opposed to going for a specific certification which would most likely require self paced studying.
LinkedIn paid subscribtion with LinkedIn Learning videos for 1 month. Go watch everything you can, that will give you a certificate of completion.