Most Cybersecurity Certs are NOT Worth It.
ฝัง
- เผยแพร่เมื่อ 19 มิ.ย. 2024
- Cybersecurity certs and timeshares have something in common - they both rip you off with annual "maintenance" fees.
In this video, I share my thoughts on whether "maintaining" certifications is actually worth it. Shout out to orgs like TCM Security, OffSec, and Hack the Box who don't require "renewal" fees on certifications.
Enjoy! - วิทยาศาสตร์และเทคโนโลยี
Certs are best used to get past the HR/automated rejection gate. And no one will think that once you stop paying the fees you no longer have the knowledge it took to attain the cert, you'll always be able to say "I passed the CISSP/CCSK/GIAC test." I agree, the fees suck, but certs are critical for getting your foot in the door.
I agree, but hands-on certs are best and those usually don't require renewal fees (for pentesting anyways)
@@TylerRamsbey that's fair, I forgot the core concept of your channel is pentesting rather than generalized infosec
@@patrickmartin8437 There's more to infosec than pentesting...?!
@@jamesmckee9017 I think this is the part thats often forgotten. I agree certs are a scam, I have a ton of them, but if we want to talk about a SUPER oversaturated part of IT then its pentesting. So yeah, if you're going into pentesting you want hands-on certs like PNPT/OSCP/CPT
BLT or security Blue Team Level 1 is really a good cert for a blue team cert that doesn't expire it's way better than Comptia CYSA+
Alot of the youtubers and influencers specifically say after 2-3 years to not renew. I had a friend who told me a golden rule, just put the date you got your certification, and it usually gets you past HR filters.
Yup, great advice
Well Said . It still surprises me till this day . Why pick up certs like is Pokémon Go . When you can actually learn , take courses, practice and build projects , practical labs, tweak and break things , gain experience and most importantly keep your Money!
Because to do projects you have to actually learn things. It's easier to just study to pass a test with a defined scope so that it looks like you know stuff.
This works unless you work for a company that requires dod 8570...and they do require the cert to be current...so you do have to pay the annual fee...stay current on CE and recertify if needed to maintain. Also if you shift positions...making sure your cert covers the new domain if necessary or have 6 months to obtain the new cert for that new domain
Plus, when you are in Cybersecurity for a while, you shouldn't need to renew base level certs as by then you likely gained a better certification 2 or 3 years down the line.
thanks for advice !
How much time did you spend learning cybersecurity to get your first job in cybersecurity?
I have done ISC2 CC free course, and I will never pay them 50 dollars. I am Sec+, Pentest+ and Cysa+ certified, and i must say that Sec+ covers everything what is included in CC from ISC2. I think it's a matter of choice or budget.
Bro thanks I'm thinking the same 👏
Damn bro I feel you, my mailbox keeps filling up with those emails/ Ads....😂😅
WGU BS in Cyber Security is basically just full cert stack. Only reason I'm bulking up on CompTIA. Get me that 4yr degree in 1. And then HR filtration. I'm staying government and you almost need 8570 compliant certs if you want to go anywhere without just large time investments. But as a general rule yes, most certs aren't worth it. Just comes down to time/goals in my opinion. Figure out where you want to be in x-amount of time and then set goals to accomplish that.
Yup WGU has a great way of doing it (that's what I did). I have another video in the backlog about my time at WGU :)
@TylerRamsbey can't wait to see it! I'm just speed running the certs to get it done by next summer. Hopefully sprinkle in an 8570 like ceh along the way just to round out the resume.
I dont know if it changes as you move up, but any job I've ever interviewed for, no one even asked about my certs or my bachelors degree.
A+ net+ sec+ pentest+ cysa+ sscp az900 oci fundamentals
Annual maintenance fees? Nope. Never in a million years. Also mixrosoft just launched a free cyber security course.
Most certs are a scam, but for an entry level person I think they're valuable. And compared to a college diploma, for example, definitely not as much of a scam.
although you're right, they are still needed and required... at least certain certs not just to land a job, but also due to compliance reasons. some regulatory authorities and security frameworks do not accept your reports unless the author have at least one of certificates listed (they usually have a list). thus, consultancies/cybersec companies will have to hire certified people and ensure all their current team have some or all the required certs. and a lot of customers will reject members of your team that do not have the required certs as well.
Offsec by far have the best money vs value certs as they are almost accepted by all compliances/frameworks. you can get OSCP (the most accepted one) and you top it off with OSEP or OSWE or both if you would like and that's it. no need for anything else just do the training for the rest.
Yeah -- I agree. That's why I recommend hands-on certs that don't have silly maintenance fees (OSCP, PNPT, CPTS, etc.)
Why u dont like offsec
Hmm, some employers require their employees to get certified to keep their jobs. Why not have the employer expense the annual fees? Also, certs are great to bypass the HR gateway or to work in the Gov Tech. It's just the cost of doing business and the ROI working in IT/cybersecurity/cloud makes those annual fees negligible. Cheers!
Your company can pay for annual maintenance fees.
But what's the point? I get the value of those certs before you're in the industry, but not afterwards. I have the OSCP and 9 CVEs -- what value does something like the CCSP add? none lol
@@TylerRamsbey A pay raise, promotion, elite partner for your company, DOD 8140 IAM Level 3, validation of new knowledge gained through work experience. I don’t feel like I am losing anything if my employer is sponsoring my certifications and maintenance fees. However, I respect 🫡 your point. I also agree that once you have bonafide work experience certifications are not as important.
Actually, this exam not free) You can finish the course for free but you still need to pay for the certificate itself
Yeah you're right but the recruiters and the organizations don't get it. They always gatekeep jobs by keeping certs as a mandatory criteria...
Doing my best to change that as my platform grows :)
100% agree with you
I wouldn't avoid a cert due to renewal fees. If I'm 80% of the way to a recognized cert, it's worth it to just get it and don't renew. You can still leave it on the resume and say it expired, I'd like to think it's still better than nothing.
Yup, that's what I do
I agree...
Yeah but they get you past HR. Priceless.
Word!!! These so-called security influencers are wrong too. They advertise these beginner level certs with hidden maintenance fees as free. In fact, most are paid affiliates and receive a cut on these false advertisements of such companies. Then they use keywords such as "talent shortage" to lure beginners into buying these certifications.
There absolutely is no talent shortage, there's a job shortage.
sec+ is the best bang for your buck
this! 100% but my opinion: DO the exam, show that you understand the material. but dont pay annual fees etc to keep the cert.
I don’t disagree with you. I feel like it’s a easy option for HR to weed out candidates that don’t do continued education.
I agree -- people should focus on the hands-on certs that don't require renewal fees (OSCP, PNPT, CPTS, etc.)
Based
@TylerRamsbey hey i have opt for ejpt so any tips and can you let me know if the cert is valuable