So you want to get certified to bolster your resume and accelerate your I.T. career, right? Or perhaps you just saw the latest action film where a hacker either destroys or saves the world with a few suave and cryptic keystrokes, typing strange code into a black command prompt. Maybe you want to become a penetration tester or white hat hacker because you like tinkering with computer systems and networks, and enjoy understanding what makes computer systems tick.
No matter what your motives are, if you’re like most people, chances are you are overwhelmed with options. One of the problems facing I.T. engineers is that there are so many different paths to take. Today we’re going to take a closer look at several different key starting points with regards to certifications to set you down the right path. In addition, we’re going to talk about the finish line, and what the rewards are for pursuing a career in the exciting world of cyber security and penetration testing.
The Three Biggest Factors That Determine Career Success in I.T.
To succeed in any I.T. discipline, there’s three main things you need: a degree, certifications, and experience. And of those three qualifications, experience reigns king. That said, degrees and certifications certainly have their importance on a resume as well. The problem is that some young go-getters think that college degrees and certifications will propel them to the front of the job-hunting pack, and instantly gratify them with a high salary.
But that isn’t the case, because you need all three factors in order to secure a high paying job. A college degree will certainly help you qualify for better positions, whether you are studying for a Bachelors Degree or a Masters Degree. If you have the time and energy during your studies at a college or university, it would be highly advantageous for you to get a few entry level certifications under your belt (as we’ll discuss next).
If you can land an entry level job out of the gate, then the future is going to be a lot easier, because you’ll have your foot in the door and can start building up the most important qualification: experience. You don’t necessarily need certifications to land an entry level position. However, today’s job market is extremely competitive, and certifications could be the deciding factor between you and another entry level candidate.
Just remember this key distinction: certifications do not guarantee a job position or a salary. Instead, they help show employers that you’re serious enough about your career to pursue certifications on your own and they help validate your knowledge of crucial industry topics and concepts. Nevertheless, now we need to ask ourselves an important question. Where on earth should you begin your certification journey?
Entry Level Certifications
More often than not, folks who don’t have any certifications need to start at the lowest section of the totem pole. There are a few exceptions, though. For instance, sometimes working professionals lack certifications, but they have decades of experience within the I.T. field that their experience speaks for their work. This is all well and good, but it is the exception, and not the rule.
So if you don’t have any industry experience or a working knowledge of computer systems, networks, and rudimentary security concepts, the easiest place to start is with Comptia certifications. If you really don’t know your way around computer hardware, the best place to start is likely the A+ exam. However, it’s not the best place to start because it will make your resume shimmer to potential employers.
Instead, it will start you off from square one, and help build a foundation upon which you can build all your future I.T. education. I think most technologically literate people and those who have studied computer systems in school will have an easy time with the A+ exam. Furthermore, people with years of real world experience will likely see it as a waste of time. And to be completely honest, with exception to entry level positions, most employers won’t hold a lot of value in the A+ certification on your resume.
That said, Comptia is well-known throughout many industries, and is very respected. They do have several certifications that will help you gain a leg up on the competition, especially if you lack any industry experience. For those of you who want to be either network engineers or penetrations testers, two ideal entry level certifications (again, assuming you have little foundational knowledge) are the Network+ and the Security+ exams.
However, if you’re up for a bit more challenging entry level certification, you would benefit from achieving the CCNA certification. You can either take it as a composite exam or as two separate exams. Those who only pass the first exam are qualified as a CCENT (Cisco Certified Entry Networking Technician). And to be completely honest, the CCNA certification holds a lot more weight than the Comptia certifications, though both have their value.
Also, if you plan on pursuing more vendor certifications (as I hope you would), you should know that the CCNA is the first place to start in the Cisco world. After you achieve the CCNA, you can start to spread out your knowledge in more specialized areas and open the path to professional level certifications.
In summary, the following are some of the most popular entry level certifications that will serve as your first stepping stone to becoming a network engineer, white hat hacker, or penetration tester:
Comptia A+ – not the most impressive certification, but a great place for newbies with little to no knowledge to start building a foundation of hardware concepts
Comptia Security+ – an entry level certification that will help job seekers understand high level security concepts
Comptia Network+ – like all Comptia certifications, the Network+ is vendor neutral and serves as an introduction to networking design, operating, configuration, and more
Comptia Linux+ – any competent hacker or penetration tester is going to need to know their way around Linux systems, and this cert offers introductory and foundational knowledge regarding the wide world of Linux
Entry Level LPI Certifications – there are many various Linux Professional Institute certifications, and they’ll look good on your resume if you need to use network mapping tools, vulnerability scanners, and similar tools from a Linux command line in real world scenarios
Cisco CCNA – The CCNA is typically more highly regarded than the Comptia certifications, and serves as the first stepping stone to other Cisco certifications
CEH – the Certified Ethical Hacker certification is a great way for future penetration testers to build their skills, though it is a little more challenging than the Comptia examinations
I think these certifications are a great place for entry level engineers and penetrations testers to start. However, note that this list is by no means comprehensive. There are a million and one different vendor certifications (ok, perhaps I’m exaggerating a little), and there are plenty of other good entry level certs.
For instance, you may find yourself working with Juniper equipment, or you may want to get certified with a specific hardware firewall vendor. But by and large, the aforementioned certifications are an ideal place to start you down the path of becoming a white hat hacker.
Professional Level Certifications
After you have a few entry level certifications under your belt, a degree (hopefully), and perhaps 2-4 years of real world experience, it’s time to start progressing to more complex certifications. At this point, you should have a working knowledge of computer networks, Linux systems, and other similar basic concepts.
You can then start to really dig deep and bolster your understanding of Internet technologies and advanced concepts. In addition, you can start to specialize in different facets and networking disciplines, such as Data Center technologies, Voice, or Security (which is the most applicable for wannabe penetration testers). These days, most I.T. engineers need to have a very ecclectic knowledge of complex networking and security technologies.
First, you could start by branching out into the security track of Cisco certficiations. The next stepping stone would be to study for and achieve the CCNA Security certification. Next, you may want to proceed with the CCNP (Cisco Certified Network Professional) or CCSP (Cisco Certified Security Professional). These exams are extremely challenging, and require multple (2-4) exams to be passed before you are certified.
At this point, depending on whom you work for, you may not have a personal choice. Realize that a lot of consulting firms, such as Cisco Channel Partners, get kickbacks and discounts from Cisco if X number of their employees have different certifications. Having certified employees helps Cisco partners increase their profits, and many other vendors have similar incentive programs.
To become a better network engineer, white hat hacker, or penetration tester, the next certifications you will likely want to pursue after gaining entry level certifications include the following:
Any other related professional level Cisco certifications
Higher level LPI certifications to expand your Linux knowledge
Expert Level Certifications
Just how deep does the certification rabbit hole go? As far as you’re willing to go, I suppose. Professional level certifications are rather challenging, and they receive a far amount of respect when combined with a degree and a track record with years of real world experience.
But nothing beats the expert level certifications. The problem is that there are so many of them that you can’t ever hope to get them all. Even within Cisco’s certification program, they are retiring old tracks that have become outdated in favor of newer disciplines to keep up with the ever-changing technology industry.
If you wanted to pursue a more traditional network engineering role, you would likely want to pursue the CCIE Routing and Switching. As a fair warning, note that the expert level Cisco certifications are extremely challenging and expensive. In addition to an astoundingly challenging written portion of the exam, candidates are also required to complete a hands-on lab exam, which many agree is the hardest part.
All of the CCIE exams follow the same format, including both a written and hands-on portion of the exam. So if you were focused on security, taking the CCIE Security is an equally challenging feat. But few other certifications garner as much trust, respect, and credibility as the CCIE certifications.
At the expert level, you’ll want to have more than 5 years of experience. In fact, it’s better to have well over a decade of practical experience before attempting such challenging certifications as the CCIE’s. The following are just a few of the certifications that will help unlock six figure salaries (or higher) as network engineers and security specialists.
Cisco CCIE certifications (Data Center, Routing and Switching, Security, etc.)
Other high level certifications, such as expert-level vendor certs
Highest level LPI certifications
New certifications that are constantly emerging
Though most people are far from the expert level certifications, there’s plenty you can do to get started. The first stepping stone on your way to becoming an ethical hacker is to obtain some entry level certifications and get your feet wet with Linux, networking, and security concepts.
Just remember that at the entry level, the certifications don’t hold as much weight, and won’t necessarily guarantee you a salary or job. But they’re a great way to expand your knowledge, validate your skills, and prove to employers that your serious and self motivated.