I'm looking for some cybersecurity certification recommendations and resources for a friend looking to break in to cybersecurity.
We get asked this all the time at SJULTRA. On trigger for this question is when someone’s team is starting to measure compliance with NIST security standards and they link to examples like CompTIA Security + Information.
There are also handy infographics like this from Hacking Articles.
Here are some more detailed examples and links if you’re exploring cybersecurity certifications.
United States government cybersecurity professionals working with Information Assurance (IA) are required to earn a certification approved by the U.S. Department of Defense. DoD Directive 8570 lists the approved baseline certifications and providers.
Sec+ is the bare minimum for any government job. CompTIA Security+ is a global certification that validates the baseline skills necessary to perform core security functions and pursue an IT security career. Two years’ experience in network administration with a focus on security are required.
https://www.comptia.org/certifications/security
Here is a link to an online 200 page study guide PDF of the topics covered: https://cs.signal.army.mil/static/Course_Downloads/SY0-601v1_1-StudentStudyGuide.pdf
Here’s a link to the online 400 page PowerPoint PPTX of the Student Slide Deck
https://cs.signal.army.mil/static/Course_Downloads/SY0-601v1_1.pptx
Next up would be CEH https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/ not a great course but the government likes it.
Beware – the sponsor of this course EC Council has some plagiarism issues: https://attrition.org/errata/charlatan/ec-council/2021-eccouncil-response-to-plagiarism.html
For job positions with DOD Information Assurance (IA) and compliance a Certified Information Systems Security Professional CISSP from ISC2 is recommended.
https://www.isc2.org/Certifications/CISSP
Penetration Testing with Kali Linux is a self paced course that introduces tools and techniques to attack and penetrate live machines in a safe lab environment. Students who complete the course and pass the exam will earn the Offensive Security Certified Professional (OSCP) certification. The OSCP is considered to be more technical than other ethical hacking certifications and is one of the few that requires evidence of practical penetration testing skills.
https://www.offensive-security.com/courses/pen-200/