Cyber Security Certifications

Question about Cyber Security Certifications

I’m looking for some recommendations for a friend looking to break in to cyber security – his team is starting to measure compliance with NIST security standards – have you heard of this for example???

https://cs.signal.army.mil/default.asp?title=sec

https://twitter.com/hackinarticles/status/1462042273646972932/photo/1

Response

United States government cybersecurity professionals working with Information Assurance (IA) are required to earn a certification approved by the U.S. Department of Defense. DoD Directive 8570 lists the approved baseline certifications and providers.

  1. Sec+ is the bare minimum for any government job. CompTIA Security+ is a global certification that validates the baseline skills necessary to perform core security functions and pursue an IT security career. Two years’ experience in network administration with a focus on security are required.
    https://www.comptia.org/certifications/security
    https://www.comptia.org/certifications/security
    Here is a link to an online 200 page study guide PDF of the topics covered: https://cs.signal.army.mil/static/Course_Downloads/SY0-601v1_1-StudentStudyGuide.pdf
    Here’s a link to the online 400 page PowerPoint PPTX of the Student Slide Deck
    https://cs.signal.army.mil/static/Course_Downloads/SY0-601v1_1.pptx
  2. Next up would be CEH https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/ not a great course but the government likes it. Beware – the sponsor of this course EC Council has some plagiarism issues: https://attrition.org/errata/charlatan/ec-council/2021-eccouncil-response-to-plagiarism.html
  3. For job positions with DOD Information Assurance (IA) and compliance a Certified Information Systems Security Professional CISSP from ISC2 is recommended.
    https://www.isc2.org/Certifications/CISSP
    https://www.isc2.org/Certifications/CISSP
  4. Penetration Testing with Kali Linux is a self paced course that introduces tools and techniques to attack and penetrate live machines in a safe lab environment. Students who complete the course and pass the exam will earn the Offensive Security Certified Professional (OSCP) certification. The OSCP is considered to be more technical than other ethical hacking certifications and is one of the few that requires evidence of practical penetration testing skills.
    https://www.offensive-security.com/courses/pen-200/
    https://www.offensive-security.com/courses/pen-200/