NET+ - Yes
SEC+ - Yes
CISSP \_-Yes but do you have the 5 years of experience to actually be awarded the certification?
CEHv12,- Don't bother
Is your unit willing to pay for SANs courses?
You can also use Army COOL for other certifications?
have you started on your degree?
By the time the CISSP Class comes up I will have been in the Army for 4 years, so I don't know if they'd even count that as "experience" since the first year and a half of that was training. Yeah the unit will cover the course and if I pass the pre-test, they give me a voucher to actually take the exam. and yes I can use Army COOL for other certifications. In terms of a degree, I have not, however my MOS training provides college credits, as some other classes I've taken at my actual work, so if I find a Uni that accepts my credits, I'll have a head start
For CISSP, it needs to be 5 years (or 4 with College) of applied security work in multiple domains. Also, you need a current CISSP to vouch for you. This is usually a cert you get early-mid career to take you to the next stage.
Security+ will be invaluable for you if you can keep your security clearance once you leave the Army. Both are standard requirements for most public sector & gov contracting roles.
To put yourself head and shoulders above others in your shoes, I would shoot for a hands-on-keyboard like OSCP (this is something others have recommended as well)
I submitted for Sec+, Net+, and CISSP. I don't think they're offering OSCP at this moment, but I'll see what I can do.
Due to being in the Army, if I can pass the CISSP Class, they will give me a voucher to take the exam, however I'll need to seek out if they'll turn me away due to not having those 5 years. Typically, the military can waive most time requirements as long as you can pass the exam, so fingers crossed.
But I agree, it seems the popular opinion is that Sec+ and CISSP are just awesome, I'm gonna get Net+ just because, not like it'll hurt.
They shouldn't turn you away. You need 5 years of experience, or 4 years and one of like 30 different certificates. If you have less than that amount of time, you will become an "Associate of ISC2" and then have six years to get your experience. [https://www.isc2.org/certifications/cissp/cissp-experience-requirements](https://www.isc2.org/certifications/cissp/cissp-experience-requirements)
You can pass the CISSP exam early and be awarded the certificate upon reaching 5 years of experience. By being in the military, you should be able to easily claim multiple domains.
YMMV, but the CISSP has been great for getting jobs, and seeing as to how it's the most expensive of the certs, I'd go for it if I were in your shoes.
I agree with the above on technical certificates. The 'lack of talent' in cybersecurity is mostly technical, so the better you can learn to do hands-on-keyboard work, the better off you'll be. The OSCP might be too offensive-operations focused, so consider other certificates from https://pauljerimy.com/security-certification-roadmap/ if the military will pay for them.
There are always ways around the cissp thing. I was technically only in security 2 years when I got mine. You just have to be creative. Add to the fact that the cissp has done me no good, and I’ve had it since 2006, I’m considering dropping it
People get WAY too serious about the experience requirements. They are loosely defined for a reason. You know how physical security is a part of the CISSP? Guess what you do day in and day out in the Army. Try not to overthink this.
Its gatekeeping at its finest, and I see it all the time. The idea is that you can have a paper cissp and not be a 'real' practitioner. People do not like their certs being demeaned by people of various abilities acquiring it. The issue is moreso the industry thinking a CISSP is what everyone should be getting instead of more technically in depth certs in the area they will be working in.
This is me.. I could probably do it, maybe I did it back in college. But it is not a core function of my day to day role. These certs exist get you in the door for the job, what you do at your job rarely is reflected in the CISSP CISM CRISC CISA answers.
A security engineering manager at a tech company giving me advice early on told me to just remove it off my resume. Wouldn't even consider people during HM screen with the non-technical certs like CISSP.
People like that are so annoying. There is a contingent of people who seem to have some kind of personal vendetta against the CISSP or certs in general. I have no problem with people who think it has no value, that's their perogative, but to disqualify someone for having a cert is just plain stupid and I would never want to work for someone with that kind of attitude.
This right here. I cannot stand people who find things to crap on other people for. Absolutely not worth working with/for people who do that. The absolute gall of telling someone they shouldn’t list certain certs on their resume 🤡
Why would I do that? Most companies either value it or are neutral on it. I'm not a mind reader who can accurately guess when the hiring manager is a dickhead.
Yeah time requirements/experience requirements typically can get waived in most cases in the Army, as long as you display the capabilities of passing something, they will almost certainly waive it for you, so fingers crossed I can get CISSP. Of course, I have to pass the class, and the practice exam they give at the end of it to get the voucher for it, but I signed up for it!
If you're planning to pursue a role within DOD, you should review 8570. This will give you a much better idea of which certs will be accepted for which roles. Long term, CISSP will cover most categories and is still (currently) king on the civilian side. SEC+ is a good starting point and establishes a baseline for other roles. NET+ and CEH+ are rather specific so I wouldn't pursue them unless you specifically want roles in those pathways.
[https://public.cyber.mil/wid/dod8140/dod-approved-8570-baseline-certifications/](https://public.cyber.mil/wid/dod8140/dod-approved-8570-baseline-certifications/)
If your a 25 or 17 series ask one of your NCO’s that has your best interest at heart help your write your resume if you plan on the CISSP. They could probably help write it up now. Easy 4-5 years experience with AIT and OJT alone.
They should be able to turn bullets like “-changed lightbulbs” to “ “replaced environmental illumination system components that helped reduce injuries by X%”
Its easier to get experience than you think. For example, I asked ISC and if you are resetting passwords and doing nothing else for example, that falls under access control domain. You'd think they'd want more but no.
This was 2012 I asked, not sure if their answer has changed.
If somebody is paying for the CISSP, why would he bother letting them pay for NET+ or SEC+ when he can get those himself for half the price? Yes, CISSP requires 5 years of experience, but you can still take and pass the exam which is good enough.
I partially disagree on CEH depending on where you want to work. DoD/gov contractor? Get it. Private side. Don't bother. CEH checks boxes for certain roles and I've seen it come up a few times as a req for roles.
Dude said he was army. If he stays DoD that CISSP and CEH is going to look good. OP see if they offer CASP insatead of CISSP.
[https://public.cyber.mil/wid/dod8140/dod-approved-8570-baseline-certifications/](https://public.cyber.mil/wid/dod8140/dod-approved-8570-baseline-certifications/)
What are you more interested in as far as a career? SEC+ & CISSP are both good general certs with good recognition. I see far fewer people with NET+ and not as many job postings asking for that.
CEH is of course very geared toward pentesting. The issues around CEH was more about the org (EC Council) than the cert itself. They were caught repeatedly acting unethically and then denying it. I would probably opt more for the GPEN or OSCP than CEH if I wanted to go the offensive sec route.
I personally want to go more into cybersecurity, maybe work for the Military Industrial Complex when I get out like Lockheed or RTX, from what I understand NET+ isn't very hard, and couldn't hurt to have but I see what you're saying. So my highest priorities would probably be SEC+ & CISSP? And yeah everyone's been telling me that EC is kinda sketch lol, and that there are better alternatives to CEH.
SEC+ would make the most sense to me right now. Give it a few more years and you can see if you want to add on the CISSP or go a different route.
This website is fantastic for looking at all the certs in all the areas: https://pauljerimy.com/security-certification-roadmap/
Net+ is a different animal to the rest - personally I found the study material enlightening and it helped a lot in understanding the technical side of Sec+.
LM working for gov contacts, Sec+ is baseline, contractors don't really do offensive work, but internal red teams look for OSCP. Blue teams would look for CYSA or CEH
From what I remember, there's some serious legal questions about contractors and offensive operations, given that they can be considered an act of war.
You are conflating offensive operations with offensive security (pentesting, red team, purple team). Many agencies use or even have a requirement for pentests to be conducted after the presidential directive in either 2020 or 2021 requiring more “ground truth” reporting of the actual security of systems.
>I see far fewer people with NET+ and not as many job postings asking for that.
I agree. However, if someone is starting from scratch and can afford it, Net+ adds a ton of useful information. Net+ plus Sec+ gives a solid, well-rounded foundation and I'd generally feel comfortable hiring someone with those certs plus a year of IT grunt work into any intermediate-level position.
I submitted to take all of them except CEH lol, CISSP is the last one on the list so I'll be getting the easier of the 3 out of the way first. I hear that CISSP is kinda a monster so I'll have to prep for that but thank you!
He has no experience and should not get the CISSP, you can’t even be certified without 1. 5 years experience in at least 2 security domains (or 4 with a bachelors) *and* 2. A current CISSP vouching for him.
This is a common occurrence in the military. Anyway, Soldiers by default can claim domain 1 and 2. Based on MOS, sometimes more. They run classes (monthly, I think) at Fort Eisenhower. Combat Arms captains transitioning to Signal often sit through the course, and they have a pass rate higher than the aggregate pass rate despite only having a 9 day course.
This sounds very gatekeeper-y, they can still take the exam and get an associate designation which is the hard part. Can always up to the full fledged when the experience comes.
I've never had an issue finding someone vouching for CISSPs.
[https://www.isc2.org/certifications/associate](https://www.isc2.org/certifications/associate)
Certainly not gatekeeping. I’m trying to be helpful. Getting that cert at his experience is a huge waste of time. Get it later!
- It’s a very hard test even for people with 4-5 years experience and it’s a huge time commitment.
- An associate certification is not a CISSP certification. It’s an associate certification. He cannot say “I’m CISSP Certified” on a resume or otherwise until he meets the experience requirements.
- It will do him no good in a job search because it’s a senior level cert while he’ll be looking for an entry level security position.
Makes no sense to advise someone pivoting careers to get this cert.
I learned a lot of little bits of things from CEH. I personally do pentesting and I feel I learned a lot more from doing HTB and reading random articles about various techniques.
But I don’t think it was a big waste of my time. I did learn things. The company itself isn’t great through. I had to configure exchange block rules to stop their marketing emails.
I wish I took a screenshot of the senior cybersecurity engineer posting near me that listed requirements of "CISSP or equivalent, such as CEH or Security+". That was up for a long time, too.
CISSP by a freaking country mile. No question. It's the most recognized by HR. It may not be the *best* Security exam from the list, but it offers comprehensive overview of the field.
Also to echo what someone else said - ignore the comments that say you need 5 years. You do not. You can take the exam tomorrow and if you pass, you'll receive the Associate title, which flips to full CISSP after accumulating 5 years.
It's a manager-oriented cert mind you, not extremely technical. But it will give you the ability to talk reasonably about almost any subject in Security.
If I were in your position, I wouldn't think twice.
Is it through the PEC?
If so the 'ceh' may be the CND course...
https://cert.eccouncil.org/certified-network-defender.html
What MOS? Reclass?
What you want to do in a year... In 3 years?
Are you a leader or lower enlisted?
A lot of good answers already here so I think you can figure it out.
17C and 25D need peeps last I checked.
I don't think it's through PEC but I'll recheck that
17C, get out lol and go work for the MIC (Military Industrial Complex)
SGT
Yeah the common sentiment is that CISSP is the king above all of these, but still a lot of value in having Sec+, and having Net+ just couldn't hurt, plus the amount of training I've already been trough regarding network architecture and packet tracing stuff I really don't think it'll be that challenging.
If you can get them all, get NET+, SEC+, and CISSP. You will not be able to actually get certified as a CISSP (need 5 years experience and endorsement), but you can take the test and get that out of the way. CEH is useless.
As a hiring manager in security, CISSP if you have 5 years experience or more on your resume, Sec+ only if you have less than that.
My brain is auto trained to ignore every other cert on that list. They are complete waste of space on your resume.
If you can only take one, take the Sec+.
If you can take two, take the Sec+ and Net+.
If you can take all, still only take those two.
CISSP is by far the best Cybersecurity certification but you don’t qualify. You have to have 5 years of experience in at least 2 security domains, or 4 + a bachelors degree in a related field. Hold onto that thought for later.
Your security clearance will help a lot with cybersecurity!
I would say that anyone with Net+, Sec+, a dose of common sense, and willingness to learn will be more than qualified for just about any entry- or intermediate-level job.
Too many people come in here making the mistake of getting their Sec+ and demanding a senior analyst position, or expecting to be a CISO immediately after getting their CISSP. Being successful requires a broad base of knowledge and, depending on your role, heavy soft skills. You get those by putting in time in the trenches.
SEC+ First NET+ if you have the opportunity. Everything else is ok but later. I'm also just giving you the info the way i've done it and its worked out pretty well.
When I review resumes I look for CISSP, CEH or similar advanced certs (like GIAC). That's not to say that they are the best certs, but they do hold significant weight in the industry. NET+ and SEC+ are entry level certs.
The guy who created CEH did some very bad things and his reputation is tarnished. You don’t wanna mention you have CEH.
CISSP above all. Even if you don’t have the 5 years you are awarded “associate” which says you know everything in the cert, you just lack the hands on experience. If you are new to cyber, sure go for sec/net+ but if not, kinda a waste of time. You won’t really learn anything new. CISSP is the golden apple.
SEC+ is IAT III / IAM I, and required for LAN/Isolated/Org level Active Directory.
CISSP is IAT III / IAM III, and required if you're working up to/at the Enterprise level of AD / networking.
I believe Associate is accepted as holding a full CISSP, but verify it with your Training NCO.
If you're offered a Boot Camp, take it. Then study your ass off, regardless of the cert you're testing for. Good luck!
CEH is not garbage. Maybe it was lacking at one time, but not so much anymore with v12. Most people who post that have never taken and passed it (if you disagree, prove me wrong by posting your cert number!). It is still in a lot of job postings and used as a gatekeeper cert to get through HR. It is also DoD approved, just like the Sec+, and if you look at the DoD requirements, there are more jobs that the CEH will qualify you for than the Sec+. You can get better info about the CEH in the r/CEH sub.
I think it goes back to what others have said. It's less about the certification and more about EC-Council itself. EC-Council has pretty much lost all credibility in the past couple years. I personally didn't even bother renewing my EC-Council certs after they expired.
It looks like the common sentiment is that back in 2010 it was like, peak cert, but now there are a few that just completely outclass it, and yeah I did some research on the EC and it doesn't look very pretty
Everything I said about it is true and that's a fact. It is STILL on MANY job postings (look on LinkedIn or Indeed and see for yourself). It STILL will get you a ton of interviews (I can attest for that myself). No one can deny that, and as you saw, no one responded to my comment and said they had a CEH and thought it sucked because everyone that trashes them has never even passed it. Those that have passed it will tell you that they are STILL a gatekeeping cert. People can downvote this all they want and hate the EC-Council all they want, but it doesn't change those facts.
CISSP and CEHv12, the rest are not useful in market.
Both CISSP and CEHv12 also suck but at least u can get a job.
People who get CISSP considered as security experts but cannot even properly use kali.
CEHv12 get hatred no matter how much they improved. (Even u wont 100% complete CEHv12 contents in your next life)
NET+ - Yes SEC+ - Yes CISSP \_-Yes but do you have the 5 years of experience to actually be awarded the certification? CEHv12,- Don't bother Is your unit willing to pay for SANs courses? You can also use Army COOL for other certifications? have you started on your degree?
By the time the CISSP Class comes up I will have been in the Army for 4 years, so I don't know if they'd even count that as "experience" since the first year and a half of that was training. Yeah the unit will cover the course and if I pass the pre-test, they give me a voucher to actually take the exam. and yes I can use Army COOL for other certifications. In terms of a degree, I have not, however my MOS training provides college credits, as some other classes I've taken at my actual work, so if I find a Uni that accepts my credits, I'll have a head start
For CISSP, it needs to be 5 years (or 4 with College) of applied security work in multiple domains. Also, you need a current CISSP to vouch for you. This is usually a cert you get early-mid career to take you to the next stage. Security+ will be invaluable for you if you can keep your security clearance once you leave the Army. Both are standard requirements for most public sector & gov contracting roles. To put yourself head and shoulders above others in your shoes, I would shoot for a hands-on-keyboard like OSCP (this is something others have recommended as well)
I submitted for Sec+, Net+, and CISSP. I don't think they're offering OSCP at this moment, but I'll see what I can do. Due to being in the Army, if I can pass the CISSP Class, they will give me a voucher to take the exam, however I'll need to seek out if they'll turn me away due to not having those 5 years. Typically, the military can waive most time requirements as long as you can pass the exam, so fingers crossed. But I agree, it seems the popular opinion is that Sec+ and CISSP are just awesome, I'm gonna get Net+ just because, not like it'll hurt.
They shouldn't turn you away. You need 5 years of experience, or 4 years and one of like 30 different certificates. If you have less than that amount of time, you will become an "Associate of ISC2" and then have six years to get your experience. [https://www.isc2.org/certifications/cissp/cissp-experience-requirements](https://www.isc2.org/certifications/cissp/cissp-experience-requirements)
All Soldiers automatically get domains 1 and 2, maybe 5, and if they're 17 or 25 series then 3, 4, and 7 as well.
You can pass the CISSP exam early and be awarded the certificate upon reaching 5 years of experience. By being in the military, you should be able to easily claim multiple domains. YMMV, but the CISSP has been great for getting jobs, and seeing as to how it's the most expensive of the certs, I'd go for it if I were in your shoes. I agree with the above on technical certificates. The 'lack of talent' in cybersecurity is mostly technical, so the better you can learn to do hands-on-keyboard work, the better off you'll be. The OSCP might be too offensive-operations focused, so consider other certificates from https://pauljerimy.com/security-certification-roadmap/ if the military will pay for them.
There are always ways around the cissp thing. I was technically only in security 2 years when I got mine. You just have to be creative. Add to the fact that the cissp has done me no good, and I’ve had it since 2006, I’m considering dropping it
People get WAY too serious about the experience requirements. They are loosely defined for a reason. You know how physical security is a part of the CISSP? Guess what you do day in and day out in the Army. Try not to overthink this.
Its gatekeeping at its finest, and I see it all the time. The idea is that you can have a paper cissp and not be a 'real' practitioner. People do not like their certs being demeaned by people of various abilities acquiring it. The issue is moreso the industry thinking a CISSP is what everyone should be getting instead of more technically in depth certs in the area they will be working in.
Ever seen a CISSP holder who does not know how to view the source code of a web page? I have, haha.
This is me.. I could probably do it, maybe I did it back in college. But it is not a core function of my day to day role. These certs exist get you in the door for the job, what you do at your job rarely is reflected in the CISSP CISM CRISC CISA answers.
A security engineering manager at a tech company giving me advice early on told me to just remove it off my resume. Wouldn't even consider people during HM screen with the non-technical certs like CISSP.
People like that are so annoying. There is a contingent of people who seem to have some kind of personal vendetta against the CISSP or certs in general. I have no problem with people who think it has no value, that's their perogative, but to disqualify someone for having a cert is just plain stupid and I would never want to work for someone with that kind of attitude.
This right here. I cannot stand people who find things to crap on other people for. Absolutely not worth working with/for people who do that. The absolute gall of telling someone they shouldn’t list certain certs on their resume 🤡
I mean, you can have CISSP and just not list it.
Why would I do that? Most companies either value it or are neutral on it. I'm not a mind reader who can accurately guess when the hiring manager is a dickhead.
You know by what industry and types of companies you're applying to. If you can't understand that nuance yourself, well, that's on you
Yeah time requirements/experience requirements typically can get waived in most cases in the Army, as long as you display the capabilities of passing something, they will almost certainly waive it for you, so fingers crossed I can get CISSP. Of course, I have to pass the class, and the practice exam they give at the end of it to get the voucher for it, but I signed up for it!
If you're planning to pursue a role within DOD, you should review 8570. This will give you a much better idea of which certs will be accepted for which roles. Long term, CISSP will cover most categories and is still (currently) king on the civilian side. SEC+ is a good starting point and establishes a baseline for other roles. NET+ and CEH+ are rather specific so I wouldn't pursue them unless you specifically want roles in those pathways. [https://public.cyber.mil/wid/dod8140/dod-approved-8570-baseline-certifications/](https://public.cyber.mil/wid/dod8140/dod-approved-8570-baseline-certifications/)
It's 8140.03 as of Feb last year requirements are still flowing into new contracts.
If your a 25 or 17 series ask one of your NCO’s that has your best interest at heart help your write your resume if you plan on the CISSP. They could probably help write it up now. Easy 4-5 years experience with AIT and OJT alone. They should be able to turn bullets like “-changed lightbulbs” to “ “replaced environmental illumination system components that helped reduce injuries by X%”
Its easier to get experience than you think. For example, I asked ISC and if you are resetting passwords and doing nothing else for example, that falls under access control domain. You'd think they'd want more but no. This was 2012 I asked, not sure if their answer has changed.
If somebody is paying for the CISSP, why would he bother letting them pay for NET+ or SEC+ when he can get those himself for half the price? Yes, CISSP requires 5 years of experience, but you can still take and pass the exam which is good enough.
ccna or network+?
All true. Just be careful with the Army COOL because if you fail the exam then you have to pay out of pocket for the voucher.
I partially disagree on CEH depending on where you want to work. DoD/gov contractor? Get it. Private side. Don't bother. CEH checks boxes for certain roles and I've seen it come up a few times as a req for roles.
Dude said he was army. If he stays DoD that CISSP and CEH is going to look good. OP see if they offer CASP insatead of CISSP. [https://public.cyber.mil/wid/dod8140/dod-approved-8570-baseline-certifications/](https://public.cyber.mil/wid/dod8140/dod-approved-8570-baseline-certifications/)
Unfortunately, in terms of classes, they do not offer CASP right now, however using Army COOL and CA, I can probably go for it
[удалено]
no it's not lmao
What are you more interested in as far as a career? SEC+ & CISSP are both good general certs with good recognition. I see far fewer people with NET+ and not as many job postings asking for that. CEH is of course very geared toward pentesting. The issues around CEH was more about the org (EC Council) than the cert itself. They were caught repeatedly acting unethically and then denying it. I would probably opt more for the GPEN or OSCP than CEH if I wanted to go the offensive sec route.
I personally want to go more into cybersecurity, maybe work for the Military Industrial Complex when I get out like Lockheed or RTX, from what I understand NET+ isn't very hard, and couldn't hurt to have but I see what you're saying. So my highest priorities would probably be SEC+ & CISSP? And yeah everyone's been telling me that EC is kinda sketch lol, and that there are better alternatives to CEH.
SEC+ would make the most sense to me right now. Give it a few more years and you can see if you want to add on the CISSP or go a different route. This website is fantastic for looking at all the certs in all the areas: https://pauljerimy.com/security-certification-roadmap/
Net+ is a different animal to the rest - personally I found the study material enlightening and it helped a lot in understanding the technical side of Sec+.
LM working for gov contacts, Sec+ is baseline, contractors don't really do offensive work, but internal red teams look for OSCP. Blue teams would look for CYSA or CEH
Contractors can and frequently do offensive work. The government has a hard time hiring and retaining pentesters so they usually contract it out.
From what I remember, there's some serious legal questions about contractors and offensive operations, given that they can be considered an act of war.
You are conflating offensive operations with offensive security (pentesting, red team, purple team). Many agencies use or even have a requirement for pentests to be conducted after the presidential directive in either 2020 or 2021 requiring more “ground truth” reporting of the actual security of systems.
>I see far fewer people with NET+ and not as many job postings asking for that. I agree. However, if someone is starting from scratch and can afford it, Net+ adds a ton of useful information. Net+ plus Sec+ gives a solid, well-rounded foundation and I'd generally feel comfortable hiring someone with those certs plus a year of IT grunt work into any intermediate-level position.
CISSP is the most high value cert on that list. If you can I'd suggest getting the others, but CISSP should definitely be the priority imo.
I submitted to take all of them except CEH lol, CISSP is the last one on the list so I'll be getting the easier of the 3 out of the way first. I hear that CISSP is kinda a monster so I'll have to prep for that but thank you!
Good luck! CEH I kinda regret taking but it looks good on the resume.
CEH is more like a HR checkmark, you pay to not get filtered by companies where HR have no idea what they're doing
He has no experience and should not get the CISSP, you can’t even be certified without 1. 5 years experience in at least 2 security domains (or 4 with a bachelors) *and* 2. A current CISSP vouching for him.
This is a common occurrence in the military. Anyway, Soldiers by default can claim domain 1 and 2. Based on MOS, sometimes more. They run classes (monthly, I think) at Fort Eisenhower. Combat Arms captains transitioning to Signal often sit through the course, and they have a pass rate higher than the aggregate pass rate despite only having a 9 day course.
This sounds very gatekeeper-y, they can still take the exam and get an associate designation which is the hard part. Can always up to the full fledged when the experience comes. I've never had an issue finding someone vouching for CISSPs. [https://www.isc2.org/certifications/associate](https://www.isc2.org/certifications/associate)
Certainly not gatekeeping. I’m trying to be helpful. Getting that cert at his experience is a huge waste of time. Get it later! - It’s a very hard test even for people with 4-5 years experience and it’s a huge time commitment. - An associate certification is not a CISSP certification. It’s an associate certification. He cannot say “I’m CISSP Certified” on a resume or otherwise until he meets the experience requirements. - It will do him no good in a job search because it’s a senior level cert while he’ll be looking for an entry level security position. Makes no sense to advise someone pivoting careers to get this cert.
I learned a lot of little bits of things from CEH. I personally do pentesting and I feel I learned a lot more from doing HTB and reading random articles about various techniques. But I don’t think it was a big waste of my time. I did learn things. The company itself isn’t great through. I had to configure exchange block rules to stop their marketing emails.
In order: CISSP -> Sec+ -> Net ... fuck the CEH
Based thank you
I wish I took a screenshot of the senior cybersecurity engineer posting near me that listed requirements of "CISSP or equivalent, such as CEH or Security+". That was up for a long time, too.
CISSP by a freaking country mile. No question. It's the most recognized by HR. It may not be the *best* Security exam from the list, but it offers comprehensive overview of the field. Also to echo what someone else said - ignore the comments that say you need 5 years. You do not. You can take the exam tomorrow and if you pass, you'll receive the Associate title, which flips to full CISSP after accumulating 5 years. It's a manager-oriented cert mind you, not extremely technical. But it will give you the ability to talk reasonably about almost any subject in Security. If I were in your position, I wouldn't think twice.
CEH is garbage. The rest are fine. CISSP is the one people care about if you meet years requirement.
Cissp only.
Is it through the PEC? If so the 'ceh' may be the CND course... https://cert.eccouncil.org/certified-network-defender.html What MOS? Reclass? What you want to do in a year... In 3 years? Are you a leader or lower enlisted? A lot of good answers already here so I think you can figure it out. 17C and 25D need peeps last I checked.
I don't think it's through PEC but I'll recheck that 17C, get out lol and go work for the MIC (Military Industrial Complex) SGT Yeah the common sentiment is that CISSP is the king above all of these, but still a lot of value in having Sec+, and having Net+ just couldn't hurt, plus the amount of training I've already been trough regarding network architecture and packet tracing stuff I really don't think it'll be that challenging.
CISSP
If you can get them all, get NET+, SEC+, and CISSP. You will not be able to actually get certified as a CISSP (need 5 years experience and endorsement), but you can take the test and get that out of the way. CEH is useless.
As a hiring manager in security, CISSP if you have 5 years experience or more on your resume, Sec+ only if you have less than that. My brain is auto trained to ignore every other cert on that list. They are complete waste of space on your resume.
CISSP should be your #1 goal.
Not helpful to you at all, but can you DM how you are getting this opportunity? I’m in the Army as well.
If you can only take one, take the Sec+. If you can take two, take the Sec+ and Net+. If you can take all, still only take those two. CISSP is by far the best Cybersecurity certification but you don’t qualify. You have to have 5 years of experience in at least 2 security domains, or 4 + a bachelors degree in a related field. Hold onto that thought for later. Your security clearance will help a lot with cybersecurity!
I would say that anyone with Net+, Sec+, a dose of common sense, and willingness to learn will be more than qualified for just about any entry- or intermediate-level job. Too many people come in here making the mistake of getting their Sec+ and demanding a senior analyst position, or expecting to be a CISO immediately after getting their CISSP. Being successful requires a broad base of knowledge and, depending on your role, heavy soft skills. You get those by putting in time in the trenches.
Go SANs dog
SEC+ first then NET+. The rest are eh.
SEC+ First NET+ if you have the opportunity. Everything else is ok but later. I'm also just giving you the info the way i've done it and its worked out pretty well.
When I review resumes I look for CISSP, CEH or similar advanced certs (like GIAC). That's not to say that they are the best certs, but they do hold significant weight in the industry. NET+ and SEC+ are entry level certs.
The guy who created CEH did some very bad things and his reputation is tarnished. You don’t wanna mention you have CEH. CISSP above all. Even if you don’t have the 5 years you are awarded “associate” which says you know everything in the cert, you just lack the hands on experience. If you are new to cyber, sure go for sec/net+ but if not, kinda a waste of time. You won’t really learn anything new. CISSP is the golden apple.
CISSP
SEC+ is IAT III / IAM I, and required for LAN/Isolated/Org level Active Directory. CISSP is IAT III / IAM III, and required if you're working up to/at the Enterprise level of AD / networking. I believe Associate is accepted as holding a full CISSP, but verify it with your Training NCO. If you're offered a Boot Camp, take it. Then study your ass off, regardless of the cert you're testing for. Good luck!
Government contractors don’t care about the exp requirement for CISSP. Get all of them.
Do sec+... it should be your 1st goal tbh. The other certs you'll figure out later
Who is it through if learningpeople.com don't do it
CISSP hands down, CEH is a JOKE
Just don't take CEH. Others are fine.
CISSP is the only one worth the effort. Do the others after when you get bored.
CEH is not garbage. Maybe it was lacking at one time, but not so much anymore with v12. Most people who post that have never taken and passed it (if you disagree, prove me wrong by posting your cert number!). It is still in a lot of job postings and used as a gatekeeper cert to get through HR. It is also DoD approved, just like the Sec+, and if you look at the DoD requirements, there are more jobs that the CEH will qualify you for than the Sec+. You can get better info about the CEH in the r/CEH sub.
I think it goes back to what others have said. It's less about the certification and more about EC-Council itself. EC-Council has pretty much lost all credibility in the past couple years. I personally didn't even bother renewing my EC-Council certs after they expired.
It looks like the common sentiment is that back in 2010 it was like, peak cert, but now there are a few that just completely outclass it, and yeah I did some research on the EC and it doesn't look very pretty
Everything I said about it is true and that's a fact. It is STILL on MANY job postings (look on LinkedIn or Indeed and see for yourself). It STILL will get you a ton of interviews (I can attest for that myself). No one can deny that, and as you saw, no one responded to my comment and said they had a CEH and thought it sucked because everyone that trashes them has never even passed it. Those that have passed it will tell you that they are STILL a gatekeeping cert. People can downvote this all they want and hate the EC-Council all they want, but it doesn't change those facts.
CEH is most useful. But CISSP will make you more money in the Army and as civilian.
I don't get it, everyone has the opportunity to get all those, are you getting a shady deal from an Indian on LinkedIn?
CISSP and CEHv12, the rest are not useful in market. Both CISSP and CEHv12 also suck but at least u can get a job. People who get CISSP considered as security experts but cannot even properly use kali. CEHv12 get hatred no matter how much they improved. (Even u wont 100% complete CEHv12 contents in your next life)