For the next video can you please put closed caption at specific time of the video when you bring up important part of the video such as CERT 4: Gsec, and so on.
Thankfully I found this channel, recently I decided to go to school for cyber security. It was a coin flip between information Technology or cyber security. I really hope to land some good opportunities, made this change for my future family!
Thank you very much for the video and elaboration. I was studying the security + before I even came to this video, but now i am confident that I am on the right path.
Right now I'm Microsoft certified in Networking and Security and then planning on getting me a entry level job to build up work experience. Working on the mid level certs after this. Thanks!!!
Idk why ejpt is slept on so much. Its the only entry level cyber cert that actually gives you hands on experience and the test makes you break into stuff.
The CEH now has a practical exam you can take too. There are a few problems that exist: 1. It can be hard to self assess where you stand in relation to a lot of these certifications and if you can't decide your level for whatever reason, you probably will default to the certification with the biggest buzz. For ethical hacking this almost always results in people saying the OSCP. 2. Employers frequently shoot for the moon on qualifications they want employees to have in their job postings, which then causes confusion for job seekers. Therefore if employers don't list certifications like eJPT then job seekers aren't going to pursue it because it's not "in demand."
GIAC gets you on extensions too. If you want to take the exam beyond the 4(edited) month enrolment period it is $400. I like the way it is set up though, in my opinion it tests your actual knowledge well not so much your memorization or test taking skills.
They actually come with 4 months, which for most certifications should be plenty if you dedicate enough time but I agree at $419 (current extension cost) you probably don't want to make that a habit. I am a huge fan of GIAC certifications and wish more companies would invest in them for staff.
@@JonGoodCyberthank you for the correction, it's been a little while since I took it.. I ended up buying an extension because a series of unexpected personal things came up and I didn't feel ready at test time. After taking the exam I think I would have done fine without it. Taking the Sec460 Threat & Vulnerability Assessment this summer.
@@143jeg I've also purchased an extension before since life happens sometimes and taking a little extra time is better than paying the full cost for the exam. Good luck with SEC460!
#cyber lots of certs. I am planning on CISSP because that has more of a general acceptance among employers. You can spend an lot of time and money on certs and still have difficulty getting work. If the employer is paying not too bad just your time but paying out of pocket and renewal fees on certs will get you broke on trying to maintain them on your own dime.
If you have the experience to satisfy the CISSP requirement, you should definitely set your sights on it. A nice thing with the renewal fees and CPE credits to maintain certifications is that most of the vendors allow them to count for multiple or all of your certifications. Eventually some certifications don't hold much value to your career and honestly you can just let them expire...but it is nice if you have an employer that can at least fund the renewals.
Hi Jon, I'm interested in taking the Cybersecurity path. Next month will start working for a company that works with Azure. Do you think is a good idea to get maybe security+ and network+ certs in order to get a solid foundation and from there, get Microsoft security cloud certifications and follow that path?
Building a foundation of skills and knowledge is definitely vital to advancing your career. You will definitely want to grab a copy of my eBook ( www.jongood.com/newsletter/ ) because I provide a solid career roadmap with certifications and skills to learn. What exactly is your job going to be? Just because the company uses Azure doesn't mean you will get exposure to it, therefore knowing what your actual duties are going to be will help me give you advice. If your job is going to be dealing with Azure quite a bit, then yes I think the plan you stated makes a lot of sense.
@@JonGoodCyber The company works as a contractor for Microsoft, so we need to know at least some cloud basics and will go to a position called Azure Monitoring and Automation and from there in a few months can look to move to storage, active directory, security, etc.
@@josephwood499 did you have to have your CCNA to get that monitoring position? What did it take for you to land that job? I was a software developer 15 yrs ago, and now coming back to IT, and thought i could enter cybersecurity. Just don't know what i should do right now in order to get to cybersecurity as my final destination. Any thoughts or advice? Thanks!
@@purepositivity7404 I have no CCNA, just some experience with customer service and worked as level II engineer providing security access management and stuff like that, no big deal. Unfortunately, my current job is not related to cybersecurity. Is something very different and incredibly difficult and complicated for me. But will look forward to try to get into another position whenever there's a chance to do so. Good luck
Jon, Thank you for your information on certifications. I don't see you mention the CASP from CompTIA. Any comment ??? I have extensive IT experience and am currently updating my skills in order to pivot to security and cloud computing. So I found your strategies of what certs confirming what I came to in my conclusion prior to seeing your information. The only thought I had was should i go ahead and work towards the CASP is it worth it? or should i stick to getting fundamentals first. The CASP is a stepping stone into getting into cybersecurity and I would eventually get a CISSP. I just found your comment on this cert absent and was wondering why???
The CASP+ is not an entry level certification. Even CompTIA's recommended experience is "10+ years in IT and 5+ years in security." Although CompTIA doesn't require experience to actually take the exam, the topics are well outside the scope of what a beginner should be focusing on. The CASP+ is meant more for the senior level staff member who prefers the technical side of things but might have some lead responsibilities. I do agree that the CASP+ is a good stepping stone towards the CISSP, however the Security+ is a much better first step to get somebody speaking the security language and then going from there.
Thank you for the feedback! The MS-500 (Microsoft 365 Security Administration), definitely has it's place in the correct situation. Not everybody uses Microsoft 365 so that of course limits the companies where you will get value. I would personally lean towards the AZ-500 (Microsoft Azure Security Technologies) first because it's more likely to show up before MS-500 in jobs.
Hi Jon, first of all thanks for sharing your thoughts with us. What do you think about Cisco's Cybersecurity certification (Cisco Certified Cybersecurity Associate)? Thanks in advanced for your kind attention.
You are welcome and I'm glad you enjoyed the video! I think that certification has value if you can get the official training. You will want to check out my video I published recently for 2021 ( ruclips.net/video/9Ci8QPpKXzQ/видео.html ) because I also give some alternative options.
Is that ok to get Cyber Security Certifications from different vendors for example, I want to start taking one or two certification from elearn and then get the CISSP? or Should I stay with one single vendor? Thank you very much for your help.
You should get the certifications that make sense based on your interests and career progression regardless of the vendor. Most people will have at least a few certifications from different vendors.
sir im preparing for ccna ..so getting a ccna cert is not much necessary??.....I have already started. Is it a good cert for a person seeking for a cyber security career
I would grab a free copy of my eBook ( www.jongood.com/newsletter/ ) where I provide a road map of certifications and skills to learn. The CCNA still has value but it's not a Cyber Security certification so it's not on this list.
@@JonGoodCyber ohh so did i waste my time....i hsve put a lot of commitment and time...to study..its been10 days..and i have finished 1/2 of first book
I work in project management (PMO support) and currently have a PMP. But the environment I work in is cyber security. Do you recommend the SSCP or the Security+?
I typically recommend the Security+ over the SSCP unless there is a very specific reason. The Security+ is more widely known and my students usually have an easier time passing.
Beginner can refer to either of those situations. It is possible to jump directly into a Cyber Security role without prior experience and pass certifications although it’s typically not as likely. A downside of jumping directly into Cyber Security without experience in other tech areas is that you don’t always have context for certain things but you can acquire it over time.
Regarding "Domain 2. Security Operations and Administration".. will three year patching and vulnerability remediation experience meet the required work experience requirements
Thank you for the feedback and I'm glad you enjoyed the video! On my other videos, I fixed that issue because for some reason my camera liked my microphone more than my face.
do you think CEH will get me a job in cybersecurity even though I had no job experience? from the cyber seek most of the private employers are looking for cissp,cisa,cism and few with sec+ in most of the tick blue states, do you think with CEH I can get a job in those areas or i should just go for what's in demand from those areas?
First, there are only two ways you can qualify to sit for the CEH...one is by having two years of experience verified by your employer or two is by attending an official course, which isn't going to be that inexpensive. Neither way really makes sense for a beginner because you aren't going to have the foundational knowledge you need. Additionally, the CEH is great for government or military/defense sectors because of the DOD 8570 / 8140 mandates that require specific certifications for job roles...but you have more flexibility in other industries which makes it not as valuable for companies in other sectors. As far as the other certifications you listed (CISSP, CISA, CISM)...with no experience you are a ways off from qualifying for those since you are basically looking at 4 years on the low end to get approved and certified. I would highly suggest watching my video on how to get started ( ruclips.net/video/nfUuO86VUjk/видео.html ), as well as downloading a copy of my eBook ( www.jongood.com/newsletter/ ) for an ideal path to follow. Security certifications are more beneficial when you have the foundational knowledge to support them, so even the certifications I list in this video on Best Entry Certifications will mean more if you have that background.
@@JonGoodCyber I do have a background in electronic and computer eng. And computer network and security. The only issue here is that I'm enable to get job yet
Why did you say you don't have experience in your original post? Anyways, the CEH is more like a nice-to-have but it's not going to breakdown doors for jobs. Whenever I am looking at jobs, I always pick the certifications that have the highest demand in searches to give myself the most chances. The CISSP/CISM/CISA will absolutely all open some opportunities for you, however it depends if you will actually like those positions, which tend to be non-technical.
@@JonGoodCyber sorry about the misunderstand! Job experience is what I didn't have. Ever since I finish schooling I haven't done any IT job and that is why I'm looking at any certification that could get me that job. Thanks so much for your time and I do appreciate it.
I'm still not entirely sure what you mean by you "haven't done any IT job." Have you worked in Cyber Security jobs then? Background/education is not the same thing as actual job experience as far as certifications are concerned. Either way I'm glad I could help.
You aren't going to find any free certifications for this industry that are worth the effort. With that being said, many vendors offer various scholarship type opportunities that will pay for your preparation and/or exams if you are selected.
13:00 "Its kind of a good thing, it keeps people limited who dont have experience" .... promoting the cycle of "You dont have experience, sorry, go get experience." joke of a process going. How about you make the tests like Cisco where you DO (from labs) rather than REPEAT (a book). That way if you pass you literally did something to be expected of you in the job?? Experience is a joke. A lot of jobs a monkey can do if you let it.
I strictly meant it from a professional standpoint because in a way it is rewarding you for being in the field for X number of years. That DOES NOT mean that just by having years of experience that you are qualified to do a specific job. Those two points are entirely different viewpoints and practical exams definitely tend to be more reliable than multiple choice exams. With all that being said, the right experience plays a huge role in your ability to perform because there are many things that just cannot be tested or predicted both from a technical and non-technical perspective.
Useful resources to help prepare:
-Hacker Playbook: amzn.to/2X844ne
-GSEC Self-Study: amzn.to/2X59Ju8
-SSCP Official CBK: amzn.to/2JDoaOg
-SSCP Study Guide: amzn.to/3bPRU6y
-Microsoft Azure Security Engineer Associate: docs.microsoft.com/en-us/lear...
-Security+ Study Guide: amzn.to/3aIiA8Z
-Security+ Video Training: www.jongood.com/courses/
For the next video can you please put closed caption at specific time of the video when you bring up important part of the video such as CERT 4: Gsec, and so on.
Hi, Jon. I've look into the reviews of the book and may I know is the tools in the Hacker Playbook 3 still available until today?
@SX Ong tools change all the time but typically they are available for a while even if support for them has stopped.
@@JonGoodCyber got it, thanks for your explaination
all of these videos about passing certs in under two weeks. makes it look so easy. might as well give it a fair go
Although I cannot guarantee the same results, as long as you put in the work then the certifications are totally doable!
Thankfully I found this channel, recently I decided to go to school for cyber security. It was a coin flip between information Technology or cyber security. I really hope to land some good opportunities, made this change for my future family!
Best of luck! It's a great time to get into the industry.
Thank you very much for the video and elaboration. I was studying the security + before I even came to this video, but now i am confident that I am on the right path.
Glad it was helpful and you're welcome!
I never make a comment normally , bit I wish you all the success,
Thanks a lot
Thank you! I appreciate the feedback and support!
Right now I'm Microsoft certified in Networking and Security and then planning on getting me a entry level job to build up work experience. Working on the mid level certs after this. Thanks!!!
Awesome and thank you for viewing!
Idk why ejpt is slept on so much. Its the only entry level cyber cert that actually gives you hands on experience and the test makes you break into stuff.
The CEH now has a practical exam you can take too.
There are a few problems that exist:
1. It can be hard to self assess where you stand in relation to a lot of these certifications and if you can't decide your level for whatever reason, you probably will default to the certification with the biggest buzz. For ethical hacking this almost always results in people saying the OSCP.
2. Employers frequently shoot for the moon on qualifications they want employees to have in their job postings, which then causes confusion for job seekers. Therefore if employers don't list certifications like eJPT then job seekers aren't going to pursue it because it's not "in demand."
Employer is paying for me to do the SSCP, liking the content so far. OSCP is still my year end goal though.
Excellent! A lot of good knowledge to absorb from the SSCP. Good luck!
GIAC gets you on extensions too. If you want to take the exam beyond the 4(edited) month enrolment period it is $400. I like the way it is set up though, in my opinion it tests your actual knowledge well not so much your memorization or test taking skills.
They actually come with 4 months, which for most certifications should be plenty if you dedicate enough time but I agree at $419 (current extension cost) you probably don't want to make that a habit. I am a huge fan of GIAC certifications and wish more companies would invest in them for staff.
@@JonGoodCyberthank you for the correction, it's been a little while since I took it.. I ended up buying an extension because a series of unexpected personal things came up and I didn't feel ready at test time. After taking the exam I think I would have done fine without it. Taking the Sec460 Threat & Vulnerability Assessment this summer.
@@143jeg I've also purchased an extension before since life happens sometimes and taking a little extra time is better than paying the full cost for the exam. Good luck with SEC460!
I like your content.
I appreciate the feedback!
#cyber lots of certs. I am planning on CISSP because that has more of a general acceptance among employers. You can spend an lot of time and money on certs and still have difficulty getting work. If the employer is paying not too bad just your time but paying out of pocket and renewal fees on certs will get you broke on trying to maintain them on your own dime.
If you have the experience to satisfy the CISSP requirement, you should definitely set your sights on it. A nice thing with the renewal fees and CPE credits to maintain certifications is that most of the vendors allow them to count for multiple or all of your certifications. Eventually some certifications don't hold much value to your career and honestly you can just let them expire...but it is nice if you have an employer that can at least fund the renewals.
Thanks, Jon. I found the video really helpful
You are welcome. Glad to hear it!
Hi Jon, I'm interested in taking the Cybersecurity path. Next month will start working for a company that works with Azure. Do you think is a good idea to get maybe security+ and network+ certs in order to get a solid foundation and from there, get Microsoft security cloud certifications and follow that path?
Building a foundation of skills and knowledge is definitely vital to advancing your career. You will definitely want to grab a copy of my eBook ( www.jongood.com/newsletter/ ) because I provide a solid career roadmap with certifications and skills to learn. What exactly is your job going to be? Just because the company uses Azure doesn't mean you will get exposure to it, therefore knowing what your actual duties are going to be will help me give you advice. If your job is going to be dealing with Azure quite a bit, then yes I think the plan you stated makes a lot of sense.
@@JonGoodCyber The company works as a contractor for Microsoft, so we need to know at least some cloud basics and will go to a position called Azure Monitoring and Automation and from there in a few months can look to move to storage, active directory, security, etc.
Sounds like an awesome opportunity where you will get a lot of useful hands on with Azure!
@@josephwood499 did you have to have your CCNA to get that monitoring position? What did it take for you to land that job? I was a software developer 15 yrs ago, and now coming back to IT, and thought i could enter cybersecurity. Just don't know what i should do right now in order to get to cybersecurity as my final destination. Any thoughts or advice? Thanks!
@@purepositivity7404 I have no CCNA, just some experience with customer service and worked as level II engineer providing security access management and stuff like that, no big deal. Unfortunately, my current job is not related to cybersecurity. Is something very different and incredibly difficult and complicated for me. But will look forward to try to get into another position whenever there's a chance to do so. Good luck
Jon, Thank you for your information on certifications. I don't see you mention the CASP from CompTIA. Any comment ??? I have extensive IT experience and am currently updating my skills in order to pivot to security and cloud computing. So I found your strategies of what certs confirming what I came to in my conclusion prior to seeing your information. The only thought I had was should i go ahead and work towards the CASP is it worth it? or should i stick to getting fundamentals first. The CASP is a stepping stone into getting into cybersecurity and I would eventually get a CISSP. I just found your comment on this cert absent and was wondering why???
The CASP+ is not an entry level certification. Even CompTIA's recommended experience is "10+ years in IT and 5+ years in security." Although CompTIA doesn't require experience to actually take the exam, the topics are well outside the scope of what a beginner should be focusing on. The CASP+ is meant more for the senior level staff member who prefers the technical side of things but might have some lead responsibilities. I do agree that the CASP+ is a good stepping stone towards the CISSP, however the Security+ is a much better first step to get somebody speaking the security language and then going from there.
Hey Jon what do you think about Microsoft’s MS-500 certification? Great vid btw! Thanks
Thank you for the feedback! The MS-500 (Microsoft 365 Security Administration), definitely has it's place in the correct situation. Not everybody uses Microsoft 365 so that of course limits the companies where you will get value. I would personally lean towards the AZ-500 (Microsoft Azure Security Technologies) first because it's more likely to show up before MS-500 in jobs.
Thanks Jon for this vid a lot
You're welcome and I'm glad you enjoyed the video!
Great information. Thanks!
Glad it was helpful and you're welcome!
Hi Jon, first of all thanks for sharing your thoughts with us. What do you think about Cisco's Cybersecurity certification (Cisco Certified Cybersecurity Associate)? Thanks in advanced for your kind attention.
You are welcome and I'm glad you enjoyed the video! I think that certification has value if you can get the official training. You will want to check out my video I published recently for 2021 ( ruclips.net/video/9Ci8QPpKXzQ/видео.html ) because I also give some alternative options.
Is that ok to get Cyber Security Certifications from different vendors for example, I want to start taking one or two certification from elearn and then get the CISSP? or Should I stay with one single vendor? Thank you very much for your help.
You should get the certifications that make sense based on your interests and career progression regardless of the vendor. Most people will have at least a few certifications from different vendors.
sir im preparing for ccna ..so getting a ccna cert is not much necessary??.....I have already started. Is it a good cert for a person seeking for a cyber security career
I would grab a free copy of my eBook ( www.jongood.com/newsletter/ ) where I provide a road map of certifications and skills to learn. The CCNA still has value but it's not a Cyber Security certification so it's not on this list.
@@JonGoodCyber ohh so did i waste my time....i hsve put a lot of commitment and time...to study..its been10 days..and i have finished 1/2 of first book
My eBook has a lot of the answers you are needing and more. Definitely grab your free copy.
@@JonGoodCyber Thanks a lot sir
I work in project management (PMO support) and currently have a PMP. But the environment I work in is cyber security. Do you recommend the SSCP or the Security+?
I typically recommend the Security+ over the SSCP unless there is a very specific reason. The Security+ is more widely known and my students usually have an easier time passing.
@@JonGoodCyber hmmm...what is the difference between the SSCP and Sec+? My goal is the CISSP. Which do you recommend is the better option?
See my recommendation in my comment above. I've also made several videos on the road to the CISSP for both technical and non-technical paths.
@@JonGoodCyber which video is that? I'm interested.
-CISSP Non Technical: ruclips.net/video/XQTY1Da2DJE/видео.html
-CISSP Technical: ruclips.net/video/wWKACDri6hM/видео.html
When you say beginner do you mean, people with no tech experience / no college or people from other tech fields.
Beginner can refer to either of those situations. It is possible to jump directly into a Cyber Security role without prior experience and pass certifications although it’s typically not as likely. A downside of jumping directly into Cyber Security without experience in other tech areas is that you don’t always have context for certain things but you can acquire it over time.
Jon Good thanks Jon
Regarding "Domain 2. Security Operations and Administration".. will three year patching and vulnerability remediation experience meet the required work experience requirements
That would be relevant experience towards any Cyber Security certification. The technical area would be "vulnerability management."
Thanks for the tips... Your camera is out of focus too - on the mic instead of your face 😉
Thank you for the feedback and I'm glad you enjoyed the video! On my other videos, I fixed that issue because for some reason my camera liked my microphone more than my face.
@@JonGoodCyber well it is a rather good looking microphone, i must say! 🤣🤣
I will Go for SSCP for entry Level, yes i will pass the Comptia! Am i Right ? 😂
Awesome and good luck!
@@JonGoodCyber Thx brother 🙏🏻
Security plus
Awesome and thank you for sharing!
do you think CEH will get me a job in cybersecurity even though I had no job experience? from the cyber seek most of the private employers are looking for cissp,cisa,cism and few with sec+ in most of the tick blue states, do you think with CEH I can get a job in those areas or i should just go for what's in demand from those areas?
First, there are only two ways you can qualify to sit for the CEH...one is by having two years of experience verified by your employer or two is by attending an official course, which isn't going to be that inexpensive. Neither way really makes sense for a beginner because you aren't going to have the foundational knowledge you need. Additionally, the CEH is great for government or military/defense sectors because of the DOD 8570 / 8140 mandates that require specific certifications for job roles...but you have more flexibility in other industries which makes it not as valuable for companies in other sectors.
As far as the other certifications you listed (CISSP, CISA, CISM)...with no experience you are a ways off from qualifying for those since you are basically looking at 4 years on the low end to get approved and certified. I would highly suggest watching my video on how to get started ( ruclips.net/video/nfUuO86VUjk/видео.html ), as well as downloading a copy of my eBook ( www.jongood.com/newsletter/ ) for an ideal path to follow. Security certifications are more beneficial when you have the foundational knowledge to support them, so even the certifications I list in this video on Best Entry Certifications will mean more if you have that background.
@@JonGoodCyber I do have a background in electronic and computer eng. And computer network and security. The only issue here is that I'm enable to get job yet
Why did you say you don't have experience in your original post? Anyways, the CEH is more like a nice-to-have but it's not going to breakdown doors for jobs. Whenever I am looking at jobs, I always pick the certifications that have the highest demand in searches to give myself the most chances. The CISSP/CISM/CISA will absolutely all open some opportunities for you, however it depends if you will actually like those positions, which tend to be non-technical.
@@JonGoodCyber sorry about the misunderstand! Job experience is what I didn't have. Ever since I finish schooling I haven't done any IT job and that is why I'm looking at any certification that could get me that job. Thanks so much for your time and I do appreciate it.
I'm still not entirely sure what you mean by you "haven't done any IT job." Have you worked in Cyber Security jobs then? Background/education is not the same thing as actual job experience as far as certifications are concerned. Either way I'm glad I could help.
Any free certification?
You aren't going to find any free certifications for this industry that are worth the effort. With that being said, many vendors offer various scholarship type opportunities that will pay for your preparation and/or exams if you are selected.
Good!
Thank you for the feedback!
13:00 "Its kind of a good thing, it keeps people limited who dont have experience" .... promoting the cycle of "You dont have experience, sorry, go get experience." joke of a process going. How about you make the tests like Cisco where you DO (from labs) rather than REPEAT (a book). That way if you pass you literally did something to be expected of you in the job?? Experience is a joke. A lot of jobs a monkey can do if you let it.
I strictly meant it from a professional standpoint because in a way it is rewarding you for being in the field for X number of years. That DOES NOT mean that just by having years of experience that you are qualified to do a specific job. Those two points are entirely different viewpoints and practical exams definitely tend to be more reliable than multiple choice exams. With all that being said, the right experience plays a huge role in your ability to perform because there are many things that just cannot be tested or predicted both from a technical and non-technical perspective.
@@JonGoodCyber Thank you for the clarification.
Watch in 1.25x speed
Don’t care didn’t ask
@@Besidjuu free advice! Take it or leave it.
Thank you for watching!
Hello Algorithm
Thank you for the support!
@@JonGoodCyber Just PASSED my CASP+. Thank you for your videos.
#cyber
I'm glad you enjoyed the video!
#cyber
I'm glad you enjoyed the video!
#cyber
I'm glad you enjoyed the video!
#cyber
I'm glad you enjoyed the video!