Which industry certifications are most useful?

The impact of industry certifications on a professional’s career has been debated in the security industry. For example, How useful is it to get your CISSP? Is it most useful when interviewing for a job or talking to a potential client?

Which industry certs are most useful to you and your career? What are your thoughts on industry certs in general?

When someone is starting out in the industry I always recommend to them that they get at least 2 out of the 3 following certs:

  • Comptia Network+
  • Comptia Linux+
  • Comptia Security+

I think it’s important for people starting out in the industry to get a decent foundation to work with.

In terms of penetration testing, I tend to look for people who have their OSCP, because I know they’ve at least popped a couple boxes before. Though I will say that I’ve come across a number of individuals who did have their OSCP that still need quite a bit of work before letting them go off and do their own pentest.

Overall though, I don’t really care about certs, I care if the person I’m looking to hire can do the job; that’s why we put candidates through both an app lab as well as a network lab.

3 Likes

I have no certifications. I’ve been violating computer networks since the late 80s and I feel that having a clue is way more important that a piece of paper (real or virtual). Not having any certifications hasn’t hindered me in any way.

4 Likes

Came here to say that! For me getting a certification is useless and I have worked with great people who had no certification whatsoever and were one of a kind.
I do not believe that a piece of paper or an organization that prints them can tell if you’re good or not. These skills cannot be measured. You get all that from experience.
In terms of hiring I think a technical interview will reveal way more than any certificate can possibly tell for a person.

I think if you participate in things that help you gain security experience and can show you understand the concepts then you don’t need certification or a degree. Those things are stepping stones to getting experience for most though as too many employers don’t know how to validate open source experience or community experiences as a business value. But it’s also the same problem with certifications. Many employers don’t know that a CISSP won’t make a better bug hunter. Although many of the more technical certs will still make better security management just because they’ll understand HOW something works which is so much more important than security terminology or firewall config skills. I’m biased to the OSSTMM certs for skill though. The goal there is to assure that if you hire one they can do the job you need them to on day 1. And really, doing the job is what you want from anyone, cert or no cert, degree or no degree.

None of the existing certifications listed are worth getting for beginners in my opinion. The only certifications I am interested in are the ones that can boost sales.

Simple people can work wonder. every People is unique and they have a quality to work so it needs to give a chance to work for performance. Ricoh printer has a good team of technicians who are helping many people to the printer related issue.

I have the CISSP OSCP, and GWAPT. In my opinion certs like the OSCP, OSCE, GWAPT and GPEN are great certs for pentesters and researchers. I like that the Offensive Security certs are lab based exams requiring you to prove what you know by actually exploiting targets. My OSCP had been the most valuable of my certs.

Industry certifications are designed for professionals to help them earn higher packages and seek bigger career opportunities. The every technology manager or software developer in the IT universe has one or the other certification. However, it is imperative to find out which certifications will be valuable for the progressive IT and digital technology managers at present.
Read Printer in error state.

You mentioned you have done both OSCP and OSCE. Is OSCP really more valuable than OSCE? Just curious.

1 Like

I don’t have the OSCE, but I have the OSCP. I think the OSCE carries more value and is a more advanced cert. OSCE is geared more towards exploit development and a better option for security researchers in my opinion.

There are many industry certifications which are very useful.

  • Certified Information Systems Security Professional (CISSP)
  • Cisco Certified Network Associate (CCNA)
  • Cisco Certified Network Professional (CCNP)
  • CompTIA A+
  • Global Information Assurance Certification (GIAC)
  • ITIL.
  • Microsoft Certified Solutions Expert: Cloud Platform and Infrastructure.
  • Project Management Professional (PMP)
  • Oracle certification
  • CCNA Certification
  • MS SQL Certification
  • Google Analytics Certification and many more.