Navigating Cybersecurity Certifications

Helen Patton
6 min readNov 25, 2023

It Ain’t Easy…

I have the privilege of talking to a lot of people trying to become a cybersecurity professional. They ALWAYS have questions about certifications: Are they worth it? Which one(s) should I pursue? Which ones would get me a job? How should I get it? I talked about it in my book “Navigating the Cybersecurity Career Path”, but this topic keeps coming up, so here are my thoughts.

Photo by Honey Yanibel Minaya Cruz on Unsplash

Should I Get A Cert?

Answering this question always leaves me a bit uneasy. Why? The answer to the question is complicated. Consider:

  • Just because a certification is popular doesn’t make it good.
  • There are a ton of certs out there, so how can one person know enough to make a recommendation?
  • Doing a certification takes time and money, so recommending the wrong cert is a gate-keeping exercise at best, purely negligent at worst.
  • Most notably, hiring managers often value on-the-job experience over certifications, so if you only have limited time to invest, I suggest you invest it in practical, on-the-job experiences, not on a cert.
  • Almost every job posting asks for some kind of cert.
  • If resumes are similar in every other way, having a cert might tip the hiring manager to prefer that candidate.
  • For seekers without on-the-job experience, a cert can at least demonstrate commitment, interest and the ability to learn.

But job-seekers, particularly ones with little or no on-the-job experience, think that getting a certification is a way to bridge the knowledge gap. And hiring companies continue to ask for certs, instead of doing the harder work of specifying the exact skills they need.

So the answer to the question of “Should I get a cert?” is probably “Yes”.

Which then leads to the question:

Which Cert Should I Get?

There is an entire industry built to help people get certifications. Check out this great (and slightly scary) visual at pauljiremy.com:

--

--

Helen Patton

Cyber Security, Technology Ethics, and Humanity. What else? I can be found at CISOHelen.com or on Twitter @CisoHelen or on Mastodon @cisohelen@infosec.exchange