Happy Sunday :D Lmk your thoughts in the comments below! Btw - you can get 50% off Keeper Password Manager with code WITHSANDRA at www.keeper.io/with-sandra 📚 Google Cybersecurity Certificate: imp.i384100.net/k0R0rz 🧭 Springboard Cybersecurity Bootcamp (Get a Job or Your Money Back Guaranteed - $1000 off Code WITHSANDRA): www.springboard.com/landing/influencer/withsandra 💼 Start a 6-Figure Non-Technical GRC Cybersecurity Role: www.symposia.com/channel-partner/s 💡 Ace your cybersecurity interviews with my Cybersecurity Interview Prep Mastery Course: learn.withcybersecurity.com/ 💻 My Cyber Security Career Resources: withsandra.square.site/ 📕 Get My FREE Cybersecurity Beginner Roadmap Guide: www.withsandra.dev/
I am a software engineer. passionnate about cyber security. what's your advise on the part. i initially considered C | SA (certified soc analyst ) to begin with before taking CEH but after seeing this video everything changed
Did COMPTIA A+ as a introduction course in 2021, learned some! Looking to get into I.T. , so Securiry+ sounds a great way to start (thinking to COMPTIA ITF+, then Net+ & Sec+). Sounds great?
Yeah, it reminds me of when people used to compare the schools they graduated from, esp in my first job out of college, things like this tend to matter in the corporate world unfortunately
Yeah, talking about how expensive these certifications are but she'll get you $1000 off the bootcamp, lol, which only makes you wonder what kind of ridiculous price they're charging. Oh yeah, that bootcamp will get you the Sec+!!😂😂😂
Hi Sandra! I agree with a lot of these. I just passed my GCIH cert exam, and it was the greatest course I've ever taken. The trick with GIAC is that you have to find a job where they pay for those courses. They are very expensive, but highly rewarding if you can get the employer to pay. I've learned more in just the SANS 504 course than my entire bachelor's degree, sec +, and ceh combined!
CompTIA security+ has become a rip off, 400 bucks is way too much for an exam that is still an entry-level cybersecurity test. I thoroughly believe they are greed-focused now.
I recently got my security+ and haven’t found a job yet I think it helps but I also think you will need more than security+ in order to land a job nowadays
It unfortunately is overpriced, but if you're serious about getting into CSec the Security+ is good foundation for concepts, you should not be struggling with the content. Also, for U.S. citizens it is a hard requirement for many federal jobs when they're also phasing out degree requirements over the next year instead.
@@skella2k209I got mines as well and yes this cert looks good on paper, but if you don’t have any experience or projects to showcase your skills, these recruiters will not look twice at your resume. It’s the honest truth.
The exam fee increases every ~6ish months or so from what I've seen (I assume due to inflation?) But I agree with the other comments here that the Sec+ is just one of the qualifications you need for a job, technical cyber projects using hands-on tooling is another important pillar to focus on outside of just networking well and going to conferences/job fairs
Here is the problem with this generation struggling to break into Cybersecurity having ONLY Cybersecurity training....you have no idea what you are securing, no idea how any of it works....you just hop on your invisible internet and throw some commands around, but if something breaks....you're stuck. You have no idea what to do and you have to wait for IT to fix it. Every Cybersecurity professionals with 20+ years is going to tell you that you need to understand IT and Networking FIRST before moving on to Cybersecurity....the hardware and the network is what you are actually securing and you have no idea how to tell the difference between a switch, router and an access point. If you want to be hired in Cybersecurity and actually be successful, it would behoove you to have the skill set and knowledge to FIX the network or hardware if something breaks instead of having to wait for the IT guy to do it. IT, Networking and Cybersecurity literally work hand in hand....if you want to be in the upper echelon of pay and be promotable year after year, you should get A+...then Net+....then Sec+....and if you REALLY want be that person, toss.in Linux+....you can get a job almost anywhere with Linux+ alone right now!
As someone who is attempting to make the transition into tech/cybersecurity, I have thought about getting Linux+ before Sec+ mostly because as a recent Linux convert, learning the OS has been more interesting. Your enthusiasm for it is making me consider it even more.
@@cyberlocc Absolutely. More and more companies are using Linux OS, especially for Cybersecurity. I personally know two young gentleman working for the CIA with nothing but an Associates in IT and Linux+, both making $200,000+ annually...and the biggest thing I hear from other folks I know in the sector is "learn Linux!". 90% of interviewers ask if you have experience with Linux now.
nowadays people did not grow up during the origin of the internet are not 50 years old who know and understand how the internet works from zeroes and ones. It is more difficult for people to enter the industry with all these so called gurus on youtube teaching, stupid boot camps and for profit exam companies. chill old timer
My heart jumps for joy when you said HTB's CPTS is gaining traction. I've been trying to get my break into cyber sec, and I know that certs are something that will carry me passing HR gate. OSCP's price is way too high for people in tight pockets right now. Can't wait to see days that HR knows how people who pasts CPTS can really perform.
I got a job with a major security/firewall vendor with my Security+ certification and 10 years of IT Help Desk experience starting out at $86k/year USD. At the time of my departure, I was making around $126k/year USD having been there for a few years. Now, I'm working for an MSSP (Managed Security Services Provider). I was new to the field, so I wasn't making as much as with my previous job. However, having been here for several years now and gaining more experience, I'm making much more and I'm in a much better position to choose which direction in Cybersecurity I'd like to pursue next with a higher salary potential.
While I agree Security + holds value in the field for sure. For those that are trying to 'get started' in IT and want to head to security, A+ can be invaluable. There are a TON of folks who do not understand the basics of the tech model down to how a computer works, etc. Learnign that builds a basis of knowledge to proceed and progress. There are a lot of folks now looking to change careers (older) or go into (younger) who understand very little beyond 'pushing a button on a screen'. Great info, thank you!
GIAC Certifications are way too expensive for any newbie. No one should ever waste their money for them. Only a company should pay for them because their prices are ridiculous. Regular people taking on their own is just foolish. It's not necessary to get any job. CompTIA Security+, CEH, OSCP, or CISSP will have way more impact on the job search.
Good information for anyone looking to get certified. Sandra, it would be nice to see more videos on GRC, specifically covering how to write policies and things like that.
Hey, thanks for the recc! Will definitely be adding to my backlog :) I recommend watching Gerald Auger's vids for now sinc ehe has a lot of GRC content, hope this helps!
I love my CEH and also have my Pentest+, Sec+, CASP and a few others. Since I got almost all my certifications for free, I'm not complaining and I like challenging myself to learn more.
Thank you! I'm working on A+ because I'm completely switching careers from construction so I'm taking the courses but I'll skip the certs and go next to the security+ after i pass the practice exams! ❤ thank you for saving me some money! 🎉
Thank you for this video. I’m already in the regulatory compliance space in the healthcare sector and looking to move into GRC. You’ve cleared up my concerns about different certs out here.
Hey Sandra! I love your content & just wanted to say you are helping me immensely as I prepare for a career in cybersecurity. Your videos are very personable and informative which is refreshing in a space where it seems so many people are trying to make money off your career aspirations. I hope more people like me are able to find your channel! Thanks for what you do and I hope you keep doing it (:
Basically every video about cyber security expert saying different things. Guys don’t listen to this people, they talking just about their opinions. Explore your job market in your area and do some research about stats and hiring. That’s it
Yeah this video has some cook3d takes. If you don't understand basic things like hardware/software, how a computer works, operating systems - which is stuff you learn from the A+ - you are just gonna have a surface level knowledge of security which will put you behind people who did take time to learn it.
@@tonyb9864 The primary certification that the federal government requires is CompTIA Security+. If you've never worked in the federal government before, even if you have a College degree in IT or experience in IT fields, you must get a CompTIA Security+ Certificate, as they require you to attain one six months after being hired. If you don't get it, you will get fired.
I'm last year student already got my sec+ 1 month ago. Beside to certificates what are the other skills considered essentials to obtain a government job?
This kind of guidance is invaluable for anyone looking to make smart decisions about their career path in cybersecurity. Appreciate the insights, Sandra!
A big issue I've found is that you might have a certification that means you've got knowledge and competency in lets say skill set A. You go to an interview, and they like skill set A, but would like you to get a certification for skill set B instead (which is very similar, but is from the provider they did it with). But expect you to pay for it and do it in your own time, but until that point they won't give you the job. Sucks.
Added this in another comment but something to look out for (hopefully soon lol) - With all these new job simulation programs that're popping up (Forage, Clicked, etc), I do think cyber hiring is changing since companies are hiring talent directly from their training sims, but rn, Sec+ is still the way to go for entry level security analyst roles.
Thank you so much for being frank and honest about all this. I presume you had to learn all of this "the hard way". And if knowledge is power, your "know how" is like power^2
That's a real question, not trying to discourage you because a lot of people need your videos, but dont you get bored teaching the very basics of cyber? Isnt it more exiting as a professional to learn the very advanced stuff such as the army cyber capabilities or things like that? To have a job where you challenge the thoughest hackers in this world? But again, that was a regular question because like I said, you are helping out a lot of people.
I switched from cyber security to studying to be a supply chain analyst which line up better with my skills, cyber security a good field but were i from jobs are limited digital forensics is not available for anyone outside of Law Enforcement and most employers i seen wanted some one with a IT degree and experience in some tech field..it just didnt look right having all those certs and coming out of the retail industry..thats just what i experience wih the cyber security field,like i said its good if you have opportunities than paying for those certs will be well worth it.
@@prr3298 I am a newbie. I would prefer to gain IT fundamentals and experience for at least 2 years then cybersecurity after. I am playing the long game
i do not think that the A+ is worth it even if you are going into IT rather than CS. IMHO, A+ is an out-of-date certification. It was good 20 years ago, but has not stayed up with technology, and does not seem to be as vendor agnostic as they claim to be.
Sandra. I am hoping you can offer your opinion which I value dearly. I have the CCSP, the CISSP and the Google GCP ACE. Most of my background is in IT/IS Operations, server support, etc. What in your opinion would be the quickest way to be hired in a cybersecurity role? Thanks in advance.
I noticed the google cyber security certification is listed in the description, but it wasnt mentioned in the video. What are your thoughts on that cert? Im assuming you like it based on the fact that you're endorsing it in the description. Thanks!
I enrolled for Springboard cybersecurity bootcamp, my start-date is September 9th. im very excited to start on my cybersecurity career😁😁😁 Wish me luck, also if there's any way i can get some advice on "learning cybersecurity best practices for success" that would be awesome 😁
You mentioned that getting a job depends on how well you stand out against other candidates. In order to get a chance to stand out you have to get your resume through HR. What are good resume services or people that can help get those interviews?
CEH is litteraly trash. I took it from an ec council employee, who taught us IN CLASS how to hack a microsoft singapore site and some janky movie site also in singapore. Oh and he told us how to buy the answers to the exam. so stay far away from EC Council.
I'd say 2-3 sound fine. No need to overdo it lol, unless its employer-sponsored, then go ahead and use that budget money xD (a better use for that will be for conferences like defcon or blackhat)
Do you have any videos about scam IT jobs? I have an A+ and am working on Sec+ and live in the DC area where there are plenty of companies hiring but i keep getting contacted by people who seem so desperate that I contact them back that it seems shady. One guy yesterday emailed me 8 times in 15 minutes while I was in the shower. A place i applied to today texted me literally 30 seconds after I'd uploaded my resume but it was an "AI recruiter". Are these things as shady as they seem?
GIAC courses are REQUIRED to take the exam. That's the problem with them. In order to take one of them, you have to also purchase the corresponding course to take it. So the price to take the GIAC exam is not worth it unless your company is paying for it.
Well, I have been to GIAC conferences and they are very, very popular. You will take a far deeper dive in cyber security than 99% of the other certification tracks. GIAC is not meant for self pay. I agree they are probably too expensive but you will also learn far more than you realize.
If you have perspective on how employable a certification makes you (IE if hiring managers are looking for said certification) would be a nice metric to add to a video like this.
I'm being forced to take the A+ certification now with over 7 years of experience just to get into the IT/ entry level security due to market competition.
Sadly, with the invention of the social media and internet everyone has an opinion and sadly no one come up with a definitive answer. I could find 10 other youtubers who would say something bad about the google certificate and then they recommend comptia A+ certificate. I am living in Australia, I don't know if this video would apply to me or not. I got recommended Comptia A+ by Professor Messer. I am so confused. Who did you hear about GIAC Certificate?
Google cybersecurity course will provide a voucher for comptia sec+. They even suggested to combine the two on your resume. I would recommend sticking with comptia and Google, but be sure to get plenty of hands on experience, create your own projects.
@@sharspice4041 @sharspice4041 Well, currently I am doing a Certificate IV Cybersecurity let me finish that first and then I will move onto the google one and comptia one as well. How do I get hands on experience though? Where exactly do I create my own projects?
GIAC trainings are indeed way way way too too much 7k dollars😮!!!!! But if you can find/borrow the materials it should cost you 1k … and the cert if worth it and sits above all else
Certification, bla bla, Certification, bla bla, Certification, Certification, bla bla, Certification, bla bla, Certification, Certification, bla bla, Certification, bla bla, Certification,
Just passed my Network+ exam last month! Still no luck in the hiring process but keeping the grind on. I skipped ahead and took Net+ right away and planning to pass the Security+ by the end of 2024.........any advice for someone looking into a Helpdesk/Junior Systems Admin/Junior Technical assistant role? No luck with any offers as of yet. Thank you!
Nope, do an intro to cyber course like sec+ or the google cyber cert and then focus on hands on cyber certs like the PJPT or the eJPT. After that, the cert to actually land you a job is the OSCP. Its a difficult and expensive exam so it is wise to do some intermediate training like the CPTS, PNPT, or eCPPT before attempting the OSCP.
@@Thiccolohave you taken both the CPTS and OSCP? I've seen people claim that the OSCP is shorter and easier than the CPTS. Might be worth doing a little research on this for anyone wanting to red team
CompTIA certs will check boxes on government lists which is definitely important depending on where you're looking, but net+, Google Certified in Cybersecurity, or ISC2 CC give you the solid foundational knowledgebase (note the difference between knowledgebase and skillset). You got to know how stuff works before you can secure it. You need both the HR box checks and the skillsets. Once you have your foundations, you might even start with TCM Security's PJWT to start building a bug bounty portfolio while you work your way through the pjpt, pnpt route. Anything Offsec is really expensive, but if you can get your foundation knowledge, build your skillsets with TCM Security, Hack the Box, or INE (my lean is toward TCM and Hack the Box, great programs), and knock out a couple gate keeping certs on the side (a lot of this knowledge you'll pick up passively), it might be enough to get a slot with someone who'll pay for your Offsec subscription. Not to mention the combo of the affordable TCM Security certs and the Hack the Box academy cert will go a long way to prepping you for OSCP. Also, if you are planning to do any CompTIA certs, which their are definitely ways to get them for reduced price (helps with the checkbox), do the ones you intend to get in order. CompTIA has a system where a more advanced cert within a path will automatically renew all certs in that path below it. For example, Pentest+ renews sec+, net+, and a+ simultaneously, giving them all the same renewal date and nullifying the fees. A lot easier to manage once you start racking up renewal cycles. Anything you can do to uncomplicate things is always a plus. Handling a dozen different renewal cycles and fees at the same time is not preferable.
@@cusillo6976 Agreed I've seen many cyber pros saying the CPTS is going to be the new OSCP, even seasoned hacking vets. Very interesting to see which comes out on top in the next few years from recruiters/HR
CEH def sucks I got PNPT and currently studying for CRTP, and learning bug bounty too. To start using my knowledge to actual exploit and share on resume !
The latest CEH version offers substantial hands-on content in a CTF-style format, moving beyond traditional multiple-choice to enhance both quality and depth. Given these improvements, I would strongly recommend the CEH over the OSCP. However, the HackTheBox Pentesting Certification is also an exceptional credential in its own right.
Allow me to ask a question Sandra, and by all means everyone can reply... Do you think purchasing the book for the CompTIA Linux+ is a good investment? I am not talking about paying for the exam. Many thanks in advance 🤗🤗
If you mean the All in One textbooks that you can find on Amazon for about ~$30 bucks then hell yeah! lol I rented my All in One Security+ textbook for about that price n passed my exam first try so 100% worth it
@@WithSandra Yes! That was exactly what I meant! Maybe I should have written a longer comment and be more elaborate 😅 Once again though, thank YOU for also taking the time to answer at the comment section. I have seen RUclipsrs who do not care about the comment section and find that kind of sad. It's all about being a community, that's at least how I see it.
Hi Sandra! In your opinion, if I have a CompTIA Security+ and a CompTIA CySA+, would it be worth studying for and taking the CompTIA CASP+ if my primary goal is to prepare for the CISSP? Let's assume I’m not worried about the cost of study materials and certification, but I'm focused on getting ready for the CISSP.
Honestly, I'd go straight for CISSP rather than an extra exam fee for CASP+ to prep for it, I dont think CASP+ has anything near the reputation that the CISSP has with hiring managers and recruiters. Best of luck studying!! You got this 🙌
i agree with sandra casp is not as industry recognized as cissp but if u get the casp it should renew ur sec+ and CYSA you will also be level 3 on the DOD 8570
Bad thing to is, pass/fail. You better damn well be ready for an exam or you have to pay in full again. 🤑It's best to just do labs and prove hands on exp. Sure, read the material but, labs are going to help stand out a bit.
if you're planning on getting casp id prob go for cissp instead. For dod you will b level 3 compliant with CASP but outside of government its not really that important cissp is more industry recognized but i will say you need someone who already has been certified to vouch for you once you pass otherwise your cert will be considered as cissp associate , aka not the offical deal
let me ask you this are you init for good work to life balance? if you are stay away from anything that has soc/noc If you're interested in security jobs there are plenty of jobs on the blue side that pay 6 figs and have great work to life balance
Before you offer cybersecurity lessons to the world, I would like to understand your background in cybersecurity. What specific experience do you have in this field? It's essential to have a solid understanding of computer hardware, software, networks, and devices. Without this foundational knowledge, cybersecurity certifications may not be valuable. It seems that everyone is a vlogger these days.
CISSP is really just a management cert, its useless to anyone else. i ONLY keep it because my employer wants me to have it so they can bill me out higher
Every now and again I watch videos on cybersecurity certs and this is the first one I've seen for a long while that's absolutely nailed it. I'll add that EC-Council have continually come under fire for unethical practices and the CEH has lower quality content than the CompTIA PenTest+ (which has a better overview of tools and documentation). Some see OSCP as an exam version of a CTF, whereas PNPT focuses more on real-world application of tools and techniques, as well as communicating with stakeholders. The CompTIA Network+ can be useful as a precursor to Security+ if you're moving into a SOC analyst or Incident Response (IR) role involving network logs, but I agree that A+ is unnecessary unless moving into something like a field technician or End User Computing (EUC) support role. Even then, a 6 month or 1 year institutional course may be a better option.
CEH is the most overvalued and overhyped certification I completed my eJPT for half the price of the CEH and it's not worth the money I've seen many people do the CEH just to get HR attention
I just want to say, if you can hack fairly well. Haven't gone for the OSCP or just a little shy of the skill for the OSCP. The CEH is great, it's not gonna teach you anything however, it's still HR Candy at the moment with a lot of jobs looking for that still (For the life of me I do not understand why) So if you're around the skill of doing medium HTB level stuff, get the CEH just so you get HR to actually look at your resume.
I am a Certified EC Instructor, CEH as downside of MCQ but from CEHv12 they introduced CEH Elite package; Which has typical CEH+ CEH practicals where practicals is completely hands-on and upcoming CEHv13 is about to introduce ActveDirectory pentesting, Ransomware attacks, other trending attacks with Automation in security across all 20 modules so CEHv13 is CEH with AI + price is max $707 for CEH elite package with training in ATC
Security+ is unbelievably overpriced, $450 after tax is unbelievable for and introduction to cybersecurity. In the same way, the $899 OSCC from OffSec is in the same boat. TryHackMe has a free beginner intro to security, cyber, and networking basics for FREE. For $910 (if you are diligent in your studies), you can get 3 certifications form HTB for $10 more. OSCP is crazy expensive as well, $1800 after tax in most places for 1 try is insane, plenty of expensive for no reason certs in IT.
Agreed but Security+ is pretty standard for most cyber roles, even with free training from THM and HTB, the Security+ is more of an HR checkmark and it will make your job search easier compared to if you didn't have it. With all these new job simulation programs that're popping up (Forage, Clicked, etc), I do think cyber hiring is changing since companies are hiring talent directly from their training sims, but rn, Sec+ is still the way to go for entry level security analyst roles.
Get it for free, or a student discount. I have for entry level certs and the only one I paid out of pocket was the A+, and that's because I didn't know any better. Being a student has its perks, especially in community college because you're not paying 4-year college level tuition yet.
Happy Sunday :D Lmk your thoughts in the comments below! Btw - you can get 50% off Keeper Password Manager with code WITHSANDRA at www.keeper.io/with-sandra
📚 Google Cybersecurity Certificate: imp.i384100.net/k0R0rz
🧭 Springboard Cybersecurity Bootcamp (Get a Job or Your Money Back Guaranteed - $1000 off Code WITHSANDRA): www.springboard.com/landing/influencer/withsandra
💼 Start a 6-Figure Non-Technical GRC Cybersecurity Role: www.symposia.com/channel-partner/s
💡 Ace your cybersecurity interviews with my Cybersecurity Interview Prep Mastery Course: learn.withcybersecurity.com/
💻 My Cyber Security Career Resources: withsandra.square.site/
📕 Get My FREE Cybersecurity Beginner Roadmap Guide: www.withsandra.dev/
You forgot to link 'Forage'
8:00
I am a software engineer. passionnate about cyber security. what's your advise on the part. i initially considered C | SA (certified soc analyst ) to begin with before taking CEH but after seeing this video everything changed
Security PLUS landed me my 1st THREE IT jobs with the government...and I know jobs still asking for it. I would highly recommend it for newbies
did you use usajobs.gov?
Government job where? no one seems to be hiring
@@thebest3702 Government Jobs are everywhere…iv had 3 in Korea and 1 offer in Europe
@@thebest3702have you tried usajobs? I've gotten a few offers but they were out of my range.
Did COMPTIA A+ as a introduction course in 2021, learned some! Looking to get into I.T. , so Securiry+ sounds a great way to start (thinking to COMPTIA ITF+, then Net+ & Sec+). Sounds great?
The problem with Cybersecurity Certs is they are all pretty much the same. You are not paying for a cert, you are paying for a brand.
Yeah, it reminds me of when people used to compare the schools they graduated from, esp in my first job out of college, things like this tend to matter in the corporate world unfortunately
if your company pays for it which many does
not bad and you can also use that to negotiate salary
I dont think you are always paying for the brand, paying for an OSCP+ is paying for a serious cert, while paying for CEH is in fact paying for a brand
Easy to say if you dont have the certifications. Sec+ != CySA+ != CISSP != CASP+, all 4 are different.
I like how you're telling us which certificates are scams while advertising a Cybersecurity BootCamp in your video description.
I hope more and more people develop content creator fatigue and stop engaging with this slop.
Yeah, talking about how expensive these certifications are but she'll get you $1000 off the bootcamp, lol, which only makes you wonder what kind of ridiculous price they're charging.
Oh yeah, that bootcamp will get you the Sec+!!😂😂😂
This video is nothing but click bait.
It's all scam.If any of them could land you a job she wouldnt be making these videos 😗
Hi Sandra! I agree with a lot of these. I just passed my GCIH cert exam, and it was the greatest course I've ever taken. The trick with GIAC is that you have to find a job where they pay for those courses. They are very expensive, but highly rewarding if you can get the employer to pay. I've learned more in just the SANS 504 course than my entire bachelor's degree, sec +, and ceh combined!
CompTIA security+ has become a rip off, 400 bucks is way too much for an exam that is still an entry-level cybersecurity test. I thoroughly believe they are greed-focused now.
I recently got my security+ and haven’t found a job yet I think it helps but I also think you will need more than security+ in order to land a job nowadays
It unfortunately is overpriced, but if you're serious about getting into CSec the Security+ is good foundation for concepts, you should not be struggling with the content. Also, for U.S. citizens it is a hard requirement for many federal jobs when they're also phasing out degree requirements over the next year instead.
@@skella2k209 volunteering, internships, freelance, as quickly as possible after finishing certifications MAY help.
@@skella2k209I got mines as well and yes this cert looks good on paper, but if you don’t have any experience or projects to showcase your skills, these recruiters will not look twice at your resume. It’s the honest truth.
The exam fee increases every ~6ish months or so from what I've seen (I assume due to inflation?) But I agree with the other comments here that the Sec+ is just one of the qualifications you need for a job, technical cyber projects using hands-on tooling is another important pillar to focus on outside of just networking well and going to conferences/job fairs
Here is the problem with this generation struggling to break into Cybersecurity having ONLY Cybersecurity training....you have no idea what you are securing, no idea how any of it works....you just hop on your invisible internet and throw some commands around, but if something breaks....you're stuck. You have no idea what to do and you have to wait for IT to fix it. Every Cybersecurity professionals with 20+ years is going to tell you that you need to understand IT and Networking FIRST before moving on to Cybersecurity....the hardware and the network is what you are actually securing and you have no idea how to tell the difference between a switch, router and an access point. If you want to be hired in Cybersecurity and actually be successful, it would behoove you to have the skill set and knowledge to FIX the network or hardware if something breaks instead of having to wait for the IT guy to do it. IT, Networking and Cybersecurity literally work hand in hand....if you want to be in the upper echelon of pay and be promotable year after year, you should get A+...then Net+....then Sec+....and if you REALLY want be that person, toss.in Linux+....you can get a job almost anywhere with Linux+ alone right now!
You're not wrong. All valid points even though a lot of younger folks won't want to hear it.
As someone who is attempting to make the transition into tech/cybersecurity, I have thought about getting Linux+ before Sec+ mostly because as a recent Linux convert, learning the OS has been more interesting. Your enthusiasm for it is making me consider it even more.
Hmm you really think Linux+ has value? I have never seen anyone say it has value?
@@cyberlocc Absolutely. More and more companies are using Linux OS, especially for Cybersecurity. I personally know two young gentleman working for the CIA with nothing but an Associates in IT and Linux+, both making $200,000+ annually...and the biggest thing I hear from other folks I know in the sector is "learn Linux!". 90% of interviewers ask if you have experience with Linux now.
nowadays people did not grow up during the origin of the internet are not 50 years old who know and understand how the internet works from zeroes and ones. It is more difficult for people to enter the industry with all these so called gurus on youtube teaching, stupid boot camps and for profit exam companies. chill old timer
I will never understand companies that want you to get certs that either cost an arm and a leg or certs thats not worth anything like CEH.
This is definitely an area I hope that the cybersecurity field will gradually do better at 😅
In my country CEH holds equivalent respect and recognition from HR as someone who holds OSCP.
@manimuthu3287 bruh that's crazy. What country are you from?
@@MagicEye117 India
@@manimuthu3287 BEcause HR does not know jack shit. They club CISSP with OSCP
My heart jumps for joy when you said HTB's CPTS is gaining traction. I've been trying to get my break into cyber sec, and I know that certs are something that will carry me passing HR gate.
OSCP's price is way too high for people in tight pockets right now. Can't wait to see days that HR knows how people who pasts CPTS can really perform.
I got a job with a major security/firewall vendor with my Security+ certification and 10 years of IT Help Desk experience starting out at $86k/year USD. At the time of my departure, I was making around $126k/year USD having been there for a few years. Now, I'm working for an MSSP (Managed Security Services Provider). I was new to the field, so I wasn't making as much as with my previous job. However, having been here for several years now and gaining more experience, I'm making much more and I'm in a much better position to choose which direction in Cybersecurity I'd like to pursue next with a higher salary potential.
While I agree Security + holds value in the field for sure. For those that are trying to 'get started' in IT and want to head to security, A+ can be invaluable. There are a TON of folks who do not understand the basics of the tech model down to how a computer works, etc. Learnign that builds a basis of knowledge to proceed and progress. There are a lot of folks now looking to change careers (older) or go into (younger) who understand very little beyond 'pushing a button on a screen'.
Great info, thank you!
GIAC Certifications are way too expensive for any newbie. No one should ever waste their money for them. Only a company should pay for them because their prices are ridiculous. Regular people taking on their own is just foolish. It's not necessary to get any job. CompTIA Security+, CEH, OSCP, or CISSP will have way more impact on the job search.
Key word here folks: Newbie
HELLO, GIAC certs aren't for NEWBIES
Good information for anyone looking to get certified. Sandra, it would be nice to see more videos on GRC, specifically covering how to write policies and things like that.
Hey, thanks for the recc! Will definitely be adding to my backlog :) I recommend watching Gerald Auger's vids for now sinc ehe has a lot of GRC content, hope this helps!
I like unixguy for this
I'm still in RESEARCH MODE but I have found your channel & this video in particular valuable.
I Dig Ur Content!
I love my CEH and also have my Pentest+, Sec+, CASP and a few others. Since I got almost all my certifications for free, I'm not complaining and I like challenging myself to learn more.
Thank you! I'm working on A+ because I'm completely switching careers from construction so I'm taking the courses but I'll skip the certs and go next to the security+ after i pass the practice exams! ❤ thank you for saving me some money! 🎉
Listening and watching your videos while I am doing grave shift makes it less painful
Bless your heart 😅
Thank you for this video. I’m already in the regulatory compliance space in the healthcare sector and looking to move into GRC. You’ve cleared up my concerns about different certs out here.
Great video Sandra, thanks for the information. Aa a person who is new in cybersecurity area absolutely priceles info, keep uploading new videos.
Thank you so much!! A lot of work goes into these videos every week so I always appreciate comments like this.
Hey Sandra! I love your content & just wanted to say you are helping me immensely as I prepare for a career in cybersecurity. Your videos are very personable and informative which is refreshing in a space where it seems so many people are trying to make money off your career aspirations. I hope more people like me are able to find your channel! Thanks for what you do and I hope you keep doing it (:
I’m admiring the presentation more than the content 😆
Basically every video about cyber security expert saying different things. Guys don’t listen to this people, they talking just about their opinions. Explore your job market in your area and do some research about stats and hiring. That’s it
Yeah this video has some cook3d takes. If you don't understand basic things like hardware/software, how a computer works, operating systems - which is stuff you learn from the A+ - you are just gonna have a surface level knowledge of security which will put you behind people who did take time to learn it.
I have my Pitch fork ready for A+ lol
Great video! I can see why.
CompTIA Security+ and CompTIA Networking+ are worth it in a federal government job. How do I know this? Well, I work in the federal government.
Hi! Any other certs needed for fed gov work? Thanks!
thank you for sharing! I am currently studying for CompTIA Sec+ and Network+
@@tonyb9864 The primary certification that the federal government requires is CompTIA Security+. If you've never worked in the federal government before, even if you have a College degree in IT or experience in IT fields, you must get a CompTIA Security+ Certificate, as they require you to attain one six months after being hired. If you don't get it, you will get fired.
I'm last year student already got my sec+ 1 month ago. Beside to certificates what are the other skills considered essentials to obtain a government job?
do you agree with the federal government's hiring requirements is another topic for another day then
This kind of guidance is invaluable for anyone looking to make smart decisions about their career path in cybersecurity. Appreciate the insights, Sandra!
Every 2 years the CEH they renewed the exam. So i expect this coming september there's a good probability they going to renew it.
A big issue I've found is that you might have a certification that means you've got knowledge and competency in lets say skill set A. You go to an interview, and they like skill set A, but would like you to get a certification for skill set B instead (which is very similar, but is from the provider they did it with). But expect you to pay for it and do it in your own time, but until that point they won't give you the job. Sucks.
Added this in another comment but something to look out for (hopefully soon lol) - With all these new job simulation programs that're popping up (Forage, Clicked, etc), I do think cyber hiring is changing since companies are hiring talent directly from their training sims, but rn, Sec+ is still the way to go for entry level security analyst roles.
Another great video. Thanks for sharing.
Thank you so much for being frank and honest about all this. I presume you had to learn all of this "the hard way". And if knowledge is power, your "know how" is like power^2
Thank you so much!! You tend to see more of this outside of the "rose colored glasses" throughout your career
@@WithSandra
Thank YOU, I insist :)
Awesome video!
very good though about not getting caught with certs Sandra :)
Fantastic video I love the last 3 mins
Good advice!👍
Ty! Glad this could be helpful :)
for me one of the most greatest certs is the PNTP certification
Thought it was too niche, did you somehow get employed off that alone?
That's a real question, not trying to discourage you because a lot of people need your videos, but dont you get bored teaching the very basics of cyber? Isnt it more exiting as a professional to learn the very advanced stuff such as the army cyber capabilities or things like that? To have a job where you challenge the thoughest hackers in this world? But again, that was a regular question because like I said, you are helping out a lot of people.
before watching the video I am going to say CCSP, SSCP, ITILv4 and A+ (although knowing the information from these certs is still valuable)
I actually would like to do ITILv4
I switched from cyber security to studying to be a supply chain analyst which line up better with my skills, cyber security a good field but were i from jobs are limited digital forensics is not available for anyone outside of Law Enforcement and most employers i seen wanted some one with a IT degree and experience in some tech field..it just didnt look right having all those certs and coming out of the retail industry..thats just what i experience wih the cyber security field,like i said its good if you have opportunities than paying for those certs will be well worth it.
They raised the price because of so many ppl becoming interested in it.
A+ is my goal. Once I land a job, allow the company to cover network plus and transition into cyber
Go straight to Sec+ , don't waste your time on A+
@@prr3298 I am a newbie. I would prefer to gain IT fundamentals and experience for at least 2 years then cybersecurity after. I am playing the long game
Or get a CCNA and then Security+, covers the foundation in both networking and security. Also, very valuable in the job market.
i do not think that the A+ is worth it even if you are going into IT rather than CS. IMHO, A+ is an out-of-date certification. It was good 20 years ago, but has not stayed up with technology, and does not seem to be as vendor agnostic as they claim to be.
Sandra. I am hoping you can offer your opinion which I value dearly. I have the CCSP, the CISSP and the Google GCP ACE. Most of my background is in IT/IS Operations, server support, etc. What in your opinion would be the quickest way to be hired in a cybersecurity role? Thanks in advance.
I noticed the google cyber security certification is listed in the description, but it wasnt mentioned in the video. What are your thoughts on that cert? Im assuming you like it based on the fact that you're endorsing it in the description. Thanks!
I enrolled for Springboard cybersecurity bootcamp, my start-date is September 9th. im very excited to start on my cybersecurity career😁😁😁
Wish me luck, also if there's any way i can get some advice on "learning cybersecurity best practices for success" that would be awesome 😁
That bootcamp a scam I did that one
You mentioned that getting a job depends on how well you stand out against other candidates. In order to get a chance to stand out you have to get your resume through HR. What are good resume services or people that can help get those interviews?
You should learn more about CEH Practical!
CEH is litteraly trash. I took it from an ec council employee, who taught us IN CLASS how to hack a microsoft singapore site and some janky movie site also in singapore. Oh and he told us how to buy the answers to the exam. so stay far away from EC Council.
Facts about amount of certs. I hear about 3 is good enough depending on the field.
I'd say 2-3 sound fine. No need to overdo it lol, unless its employer-sponsored, then go ahead and use that budget money xD (a better use for that will be for conferences like defcon or blackhat)
Do you have any videos about scam IT jobs? I have an A+ and am working on Sec+ and live in the DC area where there are plenty of companies hiring but i keep getting contacted by people who seem so desperate that I contact them back that it seems shady. One guy yesterday emailed me 8 times in 15 minutes while I was in the shower. A place i applied to today texted me literally 30 seconds after I'd uploaded my resume but it was an "AI recruiter". Are these things as shady as they seem?
GIAC courses are REQUIRED to take the exam. That's the problem with them. In order to take one of them, you have to also purchase the corresponding course to take it. So the price to take the GIAC exam is not worth it unless your company is paying for it.
Well, I have been to GIAC conferences and they are very, very popular. You will take a far deeper dive in cyber security than 99% of the other certification tracks. GIAC is not meant for self pay. I agree they are probably too expensive but you will also learn far more than you realize.
Please be relaxed, your speaking speed is so fast, so information bounces from my head 😅
i’m going to get my very first “professional” certificate what do you think i should start with first ?
If you have perspective on how employable a certification makes you (IE if hiring managers are looking for said certification) would be a nice metric to add to a video like this.
Looking to get into CS is the Google CS cert worth it?
Hi Sandra, CISCO's "Junior Security Anlyst" course covers a lot of topic. It is free. But it is underrated. What is your thoughts about it?
I'm being forced to take the A+ certification now with over 7 years of experience just to get into the IT/ entry level security due to market competition.
Are they paying for it if not get your SEC+ and find another job.
You don't need A+ to get into the field
I coach ppl for free and get them into IT all the way up to security
I am curently doing CCT certification , I am just the beginner and this is my first certification. What's your point of view related to it.
Sadly, with the invention of the social media and internet everyone has an opinion and sadly no one come up with a definitive answer. I could find 10 other youtubers who would say something bad about the google certificate and then they recommend comptia A+ certificate. I am living in Australia, I don't know if this video would apply to me or not. I got recommended Comptia A+ by Professor Messer. I am so confused. Who did you hear about GIAC Certificate?
Google cybersecurity course will provide a voucher for comptia sec+. They even suggested to combine the two on your resume. I would recommend sticking with comptia and Google, but be sure to get plenty of hands on experience, create your own projects.
GIAC is expensive, but they occasionally have programs that are grant funded (free).
@@sharspice4041 @sharspice4041 Well, currently I am doing a Certificate IV Cybersecurity let me finish that first and then I will move onto the google one and comptia one as well. How do I get hands on experience though? Where exactly do I create my own projects?
GIAC trainings are indeed way way way too too much 7k dollars😮!!!!! But if you can find/borrow the materials it should cost you 1k … and the cert if worth it and sits above all else
Certification, bla bla, Certification, bla bla, Certification, Certification, bla bla, Certification, bla bla, Certification, Certification, bla bla, Certification, bla bla, Certification,
Please include the links you promised because its not included
I thought I was watching the video on 1.25 speed.😂
Just passed my Network+ exam last month! Still no luck in the hiring process but keeping the grind on. I skipped ahead and took Net+ right away and planning to pass the Security+ by the end of 2024.........any advice for someone looking into a Helpdesk/Junior Systems Admin/Junior Technical assistant role? No luck with any offers as of yet. Thank you!
Hi
I want to go in red team and I’m planning for Pentest + before sec +
Is it a good path ?
Nope, do an intro to cyber course like sec+ or the google cyber cert and then focus on hands on cyber certs like the PJPT or the eJPT. After that, the cert to actually land you a job is the OSCP. Its a difficult and expensive exam so it is wise to do some intermediate training like the CPTS, PNPT, or eCPPT before attempting the OSCP.
@@Thiccolohave you taken both the CPTS and OSCP? I've seen people claim that the OSCP is shorter and easier than the CPTS. Might be worth doing a little research on this for anyone wanting to red team
CompTIA certs will check boxes on government lists which is definitely important depending on where you're looking, but net+, Google Certified in Cybersecurity, or ISC2 CC give you the solid foundational knowledgebase (note the difference between knowledgebase and skillset). You got to know how stuff works before you can secure it. You need both the HR box checks and the skillsets. Once you have your foundations, you might even start with TCM Security's PJWT to start building a bug bounty portfolio while you work your way through the pjpt, pnpt route. Anything Offsec is really expensive, but if you can get your foundation knowledge, build your skillsets with TCM Security, Hack the Box, or INE (my lean is toward TCM and Hack the Box, great programs), and knock out a couple gate keeping certs on the side (a lot of this knowledge you'll pick up passively), it might be enough to get a slot with someone who'll pay for your Offsec subscription. Not to mention the combo of the affordable TCM Security certs and the Hack the Box academy cert will go a long way to prepping you for OSCP. Also, if you are planning to do any CompTIA certs, which their are definitely ways to get them for reduced price (helps with the checkbox), do the ones you intend to get in order. CompTIA has a system where a more advanced cert within a path will automatically renew all certs in that path below it. For example, Pentest+ renews sec+, net+, and a+ simultaneously, giving them all the same renewal date and nullifying the fees. A lot easier to manage once you start racking up renewal cycles. Anything you can do to uncomplicate things is always a plus. Handling a dozen different renewal cycles and fees at the same time is not preferable.
@@cusillo6976 Agreed I've seen many cyber pros saying the CPTS is going to be the new OSCP, even seasoned hacking vets. Very interesting to see which comes out on top in the next few years from recruiters/HR
What about the Secops Foundation's Certifications?
CEH def sucks I got PNPT and currently studying for CRTP, and learning bug bounty too. To start using my knowledge to actual exploit and share on resume !
Where is the main real person that help in cyber security as the "IT Security Architects ". No one talk about it?
The latest CEH version offers substantial hands-on content in a CTF-style format, moving beyond traditional multiple-choice to enhance both quality and depth. Given these improvements, I would strongly recommend the CEH over the OSCP.
However, the HackTheBox Pentesting Certification is also an exceptional credential in its own right.
Thoughts on PJPT and eJPT?
Great information and very timely!! What’s your opinion on the Google Cybersecurity Cert? Is that worth getting??
Allow me to ask a question Sandra, and by all means everyone can reply... Do you think purchasing the book for the CompTIA Linux+ is a good investment? I am not talking about paying for the exam. Many thanks in advance 🤗🤗
@@ionamygdalon2263go to Libgen, and you get an e-pub for free. 😄
If you mean the All in One textbooks that you can find on Amazon for about ~$30 bucks then hell yeah! lol I rented my All in One Security+ textbook for about that price n passed my exam first try so 100% worth it
@@WithSandra
Yes! That was exactly what I meant! Maybe I should have written a longer comment and be more elaborate 😅 Once again though, thank YOU for also taking the time to answer at the comment section. I have seen RUclipsrs who do not care about the comment section and find that kind of sad. It's all about being a community, that's at least how I see it.
Honest CISSP is not hard , CASP+ more difectele ( thenical )
What do you think about the BurpSuit cyber certification?
It is only $99.
never heard of it.
what are you trying to get into . maybe i can help
How much money can cyber security make is cyber security make alot or not
Hi Sandra! In your opinion, if I have a CompTIA Security+ and a CompTIA CySA+, would it be worth studying for and taking the CompTIA CASP+ if my primary goal is to prepare for the CISSP? Let's assume I’m not worried about the cost of study materials and certification, but I'm focused on getting ready for the CISSP.
Honestly, I'd go straight for CISSP rather than an extra exam fee for CASP+ to prep for it, I dont think CASP+ has anything near the reputation that the CISSP has with hiring managers and recruiters. Best of luck studying!! You got this 🙌
@@WithSandra Hi Sandra. Thank you for your suggestion. Would you recommend any study materials for the CISSP?
i agree with sandra
casp is not as industry recognized as cissp
but if u get the casp it should renew ur sec+ and CYSA
you will also be level 3 on the DOD 8570
What are your thoughts on the CASP+?
Bad thing to is, pass/fail. You better damn well be ready for an exam or you have to pay in full again. 🤑It's best to just do labs and prove hands on exp. Sure, read the material but, labs are going to help stand out a bit.
What about CASP?! Is it worth getting certified
if you're planning on getting casp
id prob go for cissp instead. For dod you will b level 3 compliant with CASP but outside of government its not really that important
cissp is more industry recognized
but i will say you need someone who already has been certified to vouch for you once you pass otherwise your cert
will be considered as cissp associate , aka not the offical deal
What about tripleten's program?
Blue Team level 1?
what about it?
Easier said than done;
When our *Nation* are pushing for 'em..
Whats the guide to become a SOC Analyst
let me ask you this
are you init for good work to life balance?
if you are stay away from anything that has soc/noc
If you're interested in security jobs
there are plenty of jobs on the blue side that pay 6 figs and have great work to life balance
Table of contents please
what do u think about google cybersecurity professional certificate at coursera..im just enroll
Any opinion on CYSA
Keeper is fantastic
Why are you using a microphone? Your audio was perfectly fine before
Before you offer cybersecurity lessons to the world, I would like to understand your background in cybersecurity. What specific experience do you have in this field? It's essential to have a solid understanding of computer hardware, software, networks, and devices. Without this foundational knowledge, cybersecurity certifications may not be valuable. It seems that everyone is a vlogger these days.
what about CISSP? 😄
Not for beginner level 😎😎
CISSP is really just a management cert, its useless to anyone else. i ONLY keep it because my employer wants me to have it so they can bill me out higher
Every now and again I watch videos on cybersecurity certs and this is the first one I've seen for a long while that's absolutely nailed it. I'll add that EC-Council have continually come under fire for unethical practices and the CEH has lower quality content than the CompTIA PenTest+ (which has a better overview of tools and documentation). Some see OSCP as an exam version of a CTF, whereas PNPT focuses more on real-world application of tools and techniques, as well as communicating with stakeholders.
The CompTIA Network+ can be useful as a precursor to Security+ if you're moving into a SOC analyst or Incident Response (IR) role involving network logs, but I agree that A+ is unnecessary unless moving into something like a field technician or End User Computing (EUC) support role. Even then, a 6 month or 1 year institutional course may be a better option.
You are right
CEH has a practical exam that forms part of the CEH Master program. This has been in place for a while. It is no longer purely multiple-choice
This is total BS. GIAC certifications are very well-regarded in the industry.
thank you
Hello, Can someone work for cyber security if he/she not from CSE background but from arts background but he/she has good programming skills?
why yopu talk so fast? you cant barely follow up with what youre saying
S-I-Ms 😂 it's called Sims or practicals.
They are all pointless.
CEH is the most overvalued and overhyped certification I completed my eJPT for half the price of the CEH and it's not worth the money I've seen many people do the CEH just to get HR attention
I just want to say, if you can hack fairly well. Haven't gone for the OSCP or just a little shy of the skill for the OSCP. The CEH is great, it's not gonna teach you anything however, it's still HR Candy at the moment with a lot of jobs looking for that still (For the life of me I do not understand why)
So if you're around the skill of doing medium HTB level stuff, get the CEH just so you get HR to actually look at your resume.
I am a Certified EC Instructor, CEH as downside of MCQ but from CEHv12 they introduced CEH Elite package; Which has typical CEH+ CEH practicals where practicals is completely hands-on and upcoming CEHv13 is about to introduce ActveDirectory pentesting, Ransomware attacks, other trending attacks with Automation in security across all 20 modules so CEHv13 is CEH with AI + price is max $707 for CEH elite package with training in ATC
Security+ is unbelievably overpriced, $450 after tax is unbelievable for and introduction to cybersecurity. In the same way, the $899 OSCC from OffSec is in the same boat. TryHackMe has a free beginner intro to security, cyber, and networking basics for FREE. For $910 (if you are diligent in your studies), you can get 3 certifications form HTB for $10 more. OSCP is crazy expensive as well, $1800 after tax in most places for 1 try is insane, plenty of expensive for no reason certs in IT.
Bro, just ask your employer to sponsor OSCP
What matters is what employers and IT Managers recognize. If you don't have those. Your wasting your time.
Agreed but Security+ is pretty standard for most cyber roles, even with free training from THM and HTB, the Security+ is more of an HR checkmark and it will make your job search easier compared to if you didn't have it. With all these new job simulation programs that're popping up (Forage, Clicked, etc), I do think cyber hiring is changing since companies are hiring talent directly from their training sims, but rn, Sec+ is still the way to go for entry level security analyst roles.
@@sheastech Agreed. It's to make HR and hiring managers happy, and that's what's gonna get you hired at the end of the day
Get it for free, or a student discount. I have for entry level certs and the only one I paid out of pocket was the A+, and that's because I didn't know any better.
Being a student has its perks, especially in community college because you're not paying 4-year college level tuition yet.