Question about Cyber Security Certifications
I’m looking for some recommendations for a friend looking to break in to cyber security – his team is starting to measure compliance with NIST security standards – have you heard of this for example???
United States government cybersecurity professionals working with Information Assurance (IA) are required to earn a certification approved by the U.S. Department of Defense. DoD Directive 8570 lists the approved baseline certifications and providers.
- Sec+ is the bare minimum for any government job. CompTIA Security+ is a global certification that validates the baseline skills necessary to perform core security functions and pursue an IT security career. Two years’ experience in network administration with a focus on security are required.
Here is a link to an online 200 page study guide PDF of the topics covered: https://cs.signal.army.mil/static/Course_Downloads/SY0-601v1_1-StudentStudyGuide.pdf
Here’s a link to the online 400 page PowerPoint PPTX of the Student Slide Deck
- Next up would be CEH https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/ not a great course but the government likes it. Beware – the sponsor of this course EC Council has some plagiarism issues: https://attrition.org/errata/charlatan/ec-council/2021-eccouncil-response-to-plagiarism.html
- For job positions with DOD Information Assurance (IA) and compliance a Certified Information Systems Security Professional CISSP from ISC2 is recommended.
- Penetration Testing with Kali Linux is a self paced course that introduces tools and techniques to attack and penetrate live machines in a safe lab environment. Students who complete the course and pass the exam will earn the Offensive Security Certified Professional (OSCP) certification. The OSCP is considered to be more technical than other ethical hacking certifications and is one of the few that requires evidence of practical penetration testing skills.