Ask HN: What IT certifications should I get for my degree?

25 pointsby sublessover 5 years ago

I have my B.A. in Computer Information Systems with a focus on Networking and Security. I've been applying for jobs for almost an entire year with no luck so I'm looking into getting some certifications but not sure which ones exist that I should get nor do I know which organizations to trust to take the tests with or which study materials to get that will have all the information needed to past said exams/certification tests.Any helpful information will be greatly appreciated!

11 comments

mindcrimeover 5 years ago

I think it depends a lot on what kind of work you are trying to find. If you want to focus on security, you could start with some of the basic / easy to obtain security related certifications... maybe Security+ and/or CySA+. Maybe get the entry level LPIC certification.If you wanted to focus more specifically on network design / admin, you could go for a major vendor certification, like Cisco CCNA or something.Of course networking and security go hand in hand, and given your degree, it might be that you'd want to do some combination of both... getting a CCNA and the Security+ certification, for example.The thing is, it's hard to do anything other than speak in terms of generalities here, because every employer is different in terms of what they are looking for and what they value. Some companies weight certifications quite heavily (they may even require certain ones), others don't weight them much at all. The key things I'd say are:1. Don't treat certifications as a panacea. They can help, but they're not a magic wand. Look at all the ways you can beef up your resume.2. If you do pursue a certification, stick with ones from credible / well known organizations. If it's a vendor certification, you can feel pretty good about going with a Cisco or Juniper or whoever. It it's from a consortium or certifying body, the well known ones are usually relatively credible. As a simple first-pass heuristic, if Linux Academy or Egghead.io offer a prep class for a certification, it's probably a credible one that's recognized in industry, that could be worth pursuing.3. If you do pursue a certification, don't focus on just "getting the cert at all costs" (eg, don't go find braindumps and just memorize the answers). STUDY and LEARN the material for real. If you can find a way to take the stuff you learn, turn it into a portfolio project of some sort, and then publish that on Github, so much the better.4. Write. Start a blog and write technical content. Write about your learning experience(s). If you start a project, blog about the project you're working on.5. Network. Go to events (Meetups, user-group meetings, whatever you can find) that cater to the people doing the kind of work you want to be doing. Get to know people, and build personal relationships. Offer to speak at the group. In my experience, this is one of the best methods of "personal branding" available to you.6.Use LinkedIn to your advantage. Have an account, fill it out completely, and post relevant content. What's relevant content? Well, if you write a technical blog post, share it to your network. If you complete a class on Linux Academy or something like that, share that. Etc.7. You may be able to find some volunteer opportunities where you can gain some real world experience. Plenty of charitable groups could use somebody to build a database for them, or add some features to their website, etc. They may not be able to pay you, but you can still use that experience on your resume to help show what you're capable of.Finally, you'll notice I mentioned Linux Academy twice above. That's only because I am a happy customer of theirs. I have no financial stake or other interest in that company aside from being a customer. That said, I DO recommend them highly for IT related training. They offer tons of classes on all manner of topics, with a heavy focus on certification prep. I used their material to prepare for the AWS Certified Solution Architect exam, and am going through their material for the Docker Certified Associate exam now. They also offer plenty of standalone classes that aren't specifically exam prep, and every time you finish one of these you get a "certificate of completion" which, while not necessarily worth a ton by itself, makes something useful to add to your LinkedIn profile. If you don't have real world work experience yet, a handful of these to help bolster your resume probably can't hurt.

zahrcover 5 years ago

I have to agree with the user chupa-cups, that paying for certificates yourself is not worth it.I cannot offer you a job, but I can at least take a look on how you apply, and help you imrpove that process of application. I have several year of experience in recruiting on my back, and that in multiple countries.Improving your resume and application progress might actually be the missing part and if not, you can still figure out a way sell yourself good enough to get hired. :)Send me the following stuff to my email: zahrc_hn |at| protonmail.comAnd please make sure you redact any sensitive or private information of you and the companies you've applied for.- the listing or description (position name, requirements, ...)- How long it took for them to respond, after you've applied- your resume/CV/cover letter/portfolio whatever you send to a company- a informal written document on what you did and at what level and how big the company was, paired with what you really like to do and what you would like to do in futureedit: formatting and adding: please also add from which country you are from

评论 #21452036 未加载

hypnotistover 5 years ago

Everybody(in tech) knows that most of the time certifications are worthless in terms of real technical skill... that being said - it gets you through the door. you will get more interviews if you have something.Since you mentioned Networking and Security and let's assume you want to work in this field. - I would take Cisco CCNA/CCNP etc.Disclaimer: it's been a while since I looked into them so do some research which ones are relevant to you.

relaunchedover 5 years ago

GIAC Sans & OSCP certs are legit, in the security space - as much as any cert is legit in any space. OSCP shows that you are hands on, can find legit vulnerabilities and writeup findings.Sans does some of the best security education broadly available, but it's very expensive.

kylekover 5 years ago

In my experience the only certs worth their salt in the linux space are the Redhat certs (RHCSA/RHCE). They cover a very broad range of subjects. The go-to study resource for these is a book by Michael Jang.CCNA if you plan on doing anything with networking. I took a training course in highschool (many years ago!) but never took the test and it's been pretty invaluable. Yah there's a lot of vendor-specific stuff in it, but there is also a lot of theory that's applicable across the board. It's very hard to get any experience with that type of gear prior to your first real job.

chupa-chupsover 5 years ago

To be honest, from my experience IT certifications don't bring much bang for the buck, but this probably depends on what kind of certification it is.If you haven't had luck with applying for jobs, I'd suggest to think a bit outside the box. From my experience it helps if potential employers see you're passionate about something, whatever it is, even more so if it is in a relevant area.A GitHub profile on that topic, (semi-) deep knowledge or something comparable helps quite a lot.In our company we're primarily looking at, ordered in descending priority:* is the applicant either senior or does she/he show credible interest in learning?* is she/he a cultural fit (i.e. for our case, shows ownership, is able to express criticism and accept as well, is honest, ...)* does she/he have enough emotional and intellectual capacity to adapt to a changing environment?

评论 #21446378 未加载

评论 #21445068 未加载

sloakenover 5 years ago

The simple answer is A+, Network+ then Security+. The more advanced ones are nice, but become more difficult.I am sorry to hear your degree is not providing what you expected. The problem is the CIS degree is very heavily subscribed.

评论 #21457535 未加载

notusover 5 years ago

None. Do meaningful projects that you can show off instead. They will say a lot more about you than a certificate.

grad_mlover 5 years ago

I was suggest AWS certifications.

phausover 5 years ago

I'm a principal security analyst for a private company. I'd be willing to talk with you and help you figure out what you need to work on and give some advice on breaking into the field if you would like.As to your question about certifications, it really depends on what you want to do. There are a dozen or so subfields of network security. There are a lot of good certifications, but there are even more that are worthless or almost worthless.That being said, there are some certifications that employers want that are not good or not targeted towards technical people, but for some reason employers still value them.In general, books and youtube videos are better ways to learn technical skills. However, if you have at least 1 certification that people want, that could get you interviews where you can then demonstrate the things you have learned by reading, watching, and doing. This is how I broke into Security.Most of the certifications I recommend are going to involve buying study guides rather than paying thousands of dollars for a course. Its the smartest way to do it. If you're going to spend money on an expensive course go to a SANS course because they are the gold standard and they actually teach technical skills.If you want to focus on networking as a career:Start working on the CCNA, the CCNA used to be the minimum requirement for getting a job in networking and it probably still is. Most places use Cisco gear and these courses do a good job of teaching you how to use Cisco gear.After that, either continue working towards the CCNP or get your Security+ first.With those certs you should be able to get a job, then with experience you can figure out what else, if anything, you should work on.If you want to focus on security:Note that my advice focuses on just a couple of areas of security with which I am familiar, there's lots of different jobs.If you want to get into defensive security, such as working in a SOC or an Incident Response Team. You can try to start by getting a security+ and seeing if you can get interviews with that. Every company is different, but at my company we would probably be more likely to interview you based on your having a related degree than a Sec+.After this, your options become pretty limited if you want certificate. You can get the CEH with a study guide. The CEH is a pretty trash certificate with a pretty trash training program, but lots of employers still value it. I would recommend buying one or two study guides for it rather than paying thousands of dollars for a class. Furthermore, if you start playing around with the tools it suggests in your free time, then you will probably learn a lot. Learning the tools and techniques that pentesters use to attack networks is going to be invaluable if you end up becoming a security analyst that investigates attacker activity.This is where things branch off and you really run out of inexpensive options.For pentesting, the OSCP is an amazing certification and its also an amazing value compared to most paid training. Its online and self-paced, but the cost of the course depends on how much lab time you purchase. It used to be around 1100 for 90 days of access to their lab. Its an entry-level pentesting certification, but it is considered to be pretty difficult and there's no way to fake it. It is very well respected by employers and decently well respected by industry professionals. If you pass it, you should be ready for an entry-level pentesting gig. Note that this is also worth considering if you are going to do defensive security.The next option is SANS training. About 5-6k per course. Not ideal and I wouldn't recommend paying out of pocket. Most people go after they have a job and their employer usually pays. I have taken 6 courses from them and I learned something valuable at all but one.If you want to do defensive security, start with the GCIA course. Its a network traffic analysis course that focuses on security.If you really would rather learn host-based forensics instead, you could start with the GCFA course. However, I will say that more SOCs focus heavily on network traffic analysis than they do on host-based forensics. So, it might be easier to get a job with the GCIA.If you would prefer pentesting, the GWAPT is a pretty good course on web application penetration testing. SANS also has the GPEN, but basically its an easier, less in-depth version of the OSCP, but it costs 5x as much. Its still very well regarded in the industry and it might be a better option for you if you don't think you could pass the OSCP.Finally, this certification is incredibly worthless for a guy in a technical role, but for some reason companies, and especially the US government, think its the holy grail of certifications. The CISSP. Its almost entirely non-technical and its extremely tedious to make it through the study guides, but if you can pass the grueling 6 hour tests, its a really good thing to have on your resume and you could probably get a job with it even if you have no idea what you are doing.Those are the only certs I would consider until you have a job in the industry you want to be working in. Then let your job, your employer's needs, and your personal interests dictate what you study. Almost anything I didn't mention is either more advanced than what you need to get a job or completely worthless.Aside from paid education, the internet provides a world class education in network security for free.opensecuritytraining.info has some great classes.Iron Geek posts talks from pretty much every convention/r/netsec has some great resources and links to related subreddits.Just gotta keep googling. Get good at it because its like 20% of the job.And I mean it, reach out if you want to have an in-depth conversation.As a final note, there are people that look down upon anyone with a certification on their resume. Its a stupid perspective. They are correct that taking a certification exam doesn't magically bestow a high level of technical ability on a person, but the fact that they are working on security or networking stuff means that unless they aren't trying at all, they are probably learning something useful. I personally used the certifications I have to fill gaps in my knowledge. I was already a pretty good analyst that was self-taught using books and free stuff from the internet. However, sometimes its hard to identify areas that you have completely neglected when you structure your own training. At the very least, most certifications are designed to be well rounded on the subject they teach, so they can bring a lot of that stuff to light.I would never assume that a person is amazing because they have a certification, but I would never assume that it means they are bad either. That's what interviews are for.

theklubover 5 years ago

CCNA