Certifications - worth it or not any more?

Hey all,

So I have been looking around on different forums and such and I see this topic come up a lot. Usually it is posed by some young person, coming out of college maybe, who is looking for advice as to which certificates to get to ‘break into’ the security industry.

Now, from what I can see this is a very polarizing topic. Either people reply with a laundry list of different certificates OR they completely bash the idea of certs all together.

I am wondering what you all think? I know @jhaddix had mentioned, in an interview I watched, that he got a lot of certs when he first got into hacking back in the day, but that was back in the day. Are they still relevant? If so, which do people think are actually legit? If not, why do you feel this way?

Just thought this would be a great place to get peoples opinions! Hope everyone is having a great weekend!

happy hacking,

Hi Jason,

Almost every freshmen in security faces this question. Here is a list of some recognised vendor neutral certifications that comprises of all entry level to advance level certification.

Baseline Protection Auditor
BS 7799/ISO 27001 ISMS Auditor
C/HFI - Computer Hacking Forensics Investigator
CAHIMS - Certified Associate in Healthcare Information & Management Systems
CASP - Certified Advanced Security Professional
CAP - Certified Authorization Professional (formerly Certification and Accreditation Professional)
CBCP - Certified Business Continuity Professional
CCE - Certified Computer Examiner
CCI - Certified Computer Crime Investigator
CCFE - Certified Computer Forensics Examiner
CCFP - Certified Computer Forensics Professional
CCFT - Certified Computer Forensics Technician
CCSA - Certification in Control Self-Assessment
CCSP - Certified Cloud Security Professional
CCSK - Certificate of Cloud Security Knowledge
CDFE - Certified Digital Forensics Examiner
CEH - Certified Ethical Hacker
CCSP - Certified Cloud Security Specialist
CFCE - Certified Forensic Computer Examiner
CFE - Certified Fraud Examiner
CGEIT - Certified in Governance of Enterprise IT
CHC - Certified in Healthcare Compliance
CHCIO - Certified Healthcare CIO
CHPC - Certified in Healthcare Privacy Compliance
CHPS - Certified in Healthcare Privacy and Security
CIA - Certified Internal Auditor
CISA - Certified Information Systems Auditor
CISM - Certified Information Security Manager
CISSP - Certified Information Systems Security Professional
CISSP - ISSAP, Information Systems Security Architecture Professional
CISSP - ISSEP, Information Systems Security Engineering Professional
CISSP - ISSMP, Information Systems Security Management Professional
CIW Security - Certified Internet Webmaster Security Analyst
CompTIA Cloud+
CompTIA Healthcare IT Technician
CPHIMS - Certified Professional in Healthcare Information & Management systems
CPP - Certified Protection Professional
CRISC - Certified in Risk and Information Systems Control
CSA - Control Self-Assessment
CSFA - Cybersecurity Forensic Analyst
CSSLP - Certified Secure Software Lifecycle Professional
CWNA - Certified Wireless Network Administrator
CWSP - Certified Wireless Security Professional
Data Protection Auditor G7799 - GIAC Certified ISO-17799 Specialist
DFCP Digital Forensics Certified Practitioner
GCFA - GIAC Certified Forensic Analyst
GCFW - GIAC Certified Firewall Analyst
GCIA - GIAC Certified Intrusion Analyst
GCIH - GIAC Certified Incident Handler
GCSC - GIAC Certified Security Consultant
GCUX - GIAC Certified UNIX Security Administrator
GCWN - GIAC Certified Windows Security Administrator
GISF - GIAC Information Security Fundamentals
GSAE - GIAC IT Security Audit Essentials
GSEC - GIAC Security Essentials Certification
GSLC - GIAC Security Leadership Certification
GSNA - GIAC Systems and Network Auditor
IAM - NSA Infosec Assessment Methodology
HCISPP - Healthcare Information Security and Privacy Practitioner
ISACA IT Governance Certificate
ISEB - Information Systems Examinations Board
MBCP - Master Business Continuity Professional
OPSA - Open Source Security Testing Methodology Manual Professional Security Analyst
OPSE - Open Source Security Testing Methodology Manual Professional Security Expert
OPST - Open Source Security Testing Methodology Manual Professional Security Tester
PCI - Professional Certified Investigator
PCS - Professional Cloud Security Manager
PMP - Project Management Professional
PSP - Physical Security Professional
QISP - Qualified Information Security Professional
SCP - Cloud Security
SSCP - Systems Security Certified Practitioner
TISP - Infrastructure Security Partnership

Many among this require mandatory industry experience to undertake them and serve as good credential ranging from your choice of career in the security domain.
Like If one wants to pursue a career in cybersecurity, entry level certifications like CEH help in backing up.
After a couple of years only you can explore other ventures like consulting and auditing and at that point of time certs like PCI, ISO127001 come to picture and similarly there are different for forensics and testing accordingly

Overall it depends what part of security domain do you want to explore. and then you can back your self with the certs associated. Also many among these are expensive, so professional get it reimbursed by their employers.

Experience is considered crucial in this industry and backed with certs , it can stand you apart among the crowd especially considering HR filtering process.