When someone is starting out in the industry I always recommend to them that they get at least 2 out of the 3 following certs:
- Comptia Network+
- Comptia Linux+
- Comptia Security+
I think it’s important for people starting out in the industry to get a decent foundation to work with.
In terms of penetration testing, I tend to look for people who have their OSCP, because I know they’ve at least popped a couple boxes before. Though I will say that I’ve come across a number of individuals who did have their OSCP that still need quite a bit of work before letting them go off and do their own pentest.
Overall though, I don’t really care about certs, I care if the person I’m looking to hire can do the job; that’s why we put candidates through both an app lab as well as a network lab.