Good overview :) Considering to do CISSP in the next few months... One addition: If you get through the CISSP exam and dont have the work experience, you will become an ISC associate and have 6 years to fulfill the 5 years of necessary work experience.
I'm glad you enjoyed the video. I have addressed that in some other videos but there are specific reasons why I don't advertise that as an option. One of the major reasons is that even if you pass, you don't actually benefit until you are endorsed and certified. Per (ISC)2, you aren't suppose to even say which exam you passed and you can't claim Associate CISSP...heck most people that are responsible for hiring don't even know what an Associate of (ISC)2 means. Another reason is that there are lots of other options that have a higher return when you don't have the required experience for the CISSP....and that will actually grant you your certification (AWS, OSCP, Azure, CCNP, GIAC...so many). The last major reason is that the CISSP does require you to make decisions based on the experience you should have (it is a management exam for a reason). The real value of the CISSP comes from the experience requirement, not necessarily because you were able to pass the exam after a few years in the field. Basically the short version is...if you pass the CISSP exam without the experience requirement satisfied...can't apply to jobs that require a CISSP because you aren't one....can't get CISSP money because you aren't one. The value just isn't there to become an Associate so I would not even consider it unless you have at least 3.5 years or more of experience...basically qualifying once you pass the exam.
I'm glad you found the information helpful! The great part is that now you have found my channel so the rest of my content can bring you value as your career progresses.
I agree with you, Jon. I myself always got headache which certifications should I go for.. anyway, thank you for this video. Gotta take your advice in! Thanks!
I'm going to be starting in the SSCP pipeline as an entry-level cert for my Information Security job instead of the Security+. My boss is the Information Security Officer of the company that I work for and she has her CISSP. Our CIO recommended the Security+, but since we're a MSP and need to be vendor neutral as much as possible, we're going this route. I already have 1 year of experience in the industry because of working at my MSP (as well as other jobs I've held) so by the time I have taken the exam and passed, I'll have more than double (or even triple) the number of years needed. I'm planning on targeting the CAP after because some of our clients are subject to ITAR and NIST. I'll fill in the gaps with others as time goes on and get the Security+ and others as necessary.
Awesome stuff! Honestly between the SSCP and the Security+, you can't really go wrong with either. I tend to recommend Security+ more frequently because Security+ is better known (especially in the federal space) but they are both aimed at basically the same audience. With that being said, the Security+ does satisfy the IAM Level 1 of the DOD 8570 (now the 8140) where the SSCP does not...but with the SSCP you are probably closer to knowing the CISSP domains than with the Security+. What exactly do you mean by being "vendor neutral as much as possible?" CompTIA is extremely vendor neutral...and truthfully the Security+ is probably an easier exam. Also, I think you have to still take ISC2 exams at a testing center. The CAP has a lot of good information as many companies implement at least part of NIST SP 800 series...because the full implementation is very cost prohibitive. You will definitely want to make sure the CISSP is on your radar when you get enough experience...specifically because you're dealing with the government or government contractors.
Good luck! The OSCP has a ton of street credibility with employers. The learning environment is very different than most certifications out there so make sure you have a plan and stay on track...and be ready for a lot of banging your head on a wall.
That's IT in a nutshell. I enjoy going after the difficult / worthwhile certs. I'm okay with linux at this point and prefer it over Windows. However I love Powershell and server core.. but yea OSCP is my goal for 2020. I turned on notifications so I'll be checking out your future content.
@@manthing1467 So true so true. I'm actually working towards OSCP right now...my last exam attempt I was very close to passing but after taking a break I am going to ramp up again. Awesome...thank you for the support!
There are a few reasons why the CISM does not make the cut: 1. The CISM applies to a fairly small subset of professionals because it focuses on running an entire security program. Many managers aren't even running the entire program, so the audience is in a fairly high position in an organization. 2. The CISA is an entirely different skill set focused on identifying risk through both technical and non-technical means. 3. Most companies see the CISM and CISSP somewhat similar, however if you are only going to get one then the CISSP is a better move.
"With cloud, it's unclear where things are going" I mean... AWS is by far the market leader, if you want to cover all your bases get certified in AWS and Azure security. Most cloud sec job adverts I have seen over the last year ask for "certification in either AWS, Azure or GCP". CCSP has experience requirements far beyond what someone new to cloud security is likely to have.
Microsoft Azure is actually starting to gain popularity so although AWS had been the first choice in previous years, that isn't necessarily how things are still playing out. You can see it not only in job postings but also in the revenue for each company's product. What I've been noticing is that companies who really adopt the devops style or are in the tech industry tend to go for AWS but the more traditional companies are using Azure for things like infrastructure. I think it's going to be similar to the battle with Windows vs Mac instead of how Cisco has been dominating other networking players like Juniper. The requirement for CCSP is 5 years in IT, 3 years in infosec, and one year of cloud...or a CISSP waives all...so it's not necessarily out of reach because the majority of that could be satisfied at help desk or junior level jobs. I do agree that if you can get multiple cloud vendor certifications it looks better especially if you want to specialize in cloud at least early on in your career.
Got my security plus, read through the network plus exam material from mike meyers, took the cyber mentors ethical hacking course and now i'm taking the eJPTS as stepping stone into the OSCP. I have less than 1 year of experience in IT besides for dabbling in coding such as batch and GML as a kid. Do you think its necessary to take the Network plus exam if I want to be a pen tester? I personally couldn't care how to put together a rj-45 patch cable. I'm comfortable with linux, Python, and some C++.
The real question is can you pass the Network+ right now based on the knowledge that you have? If the answer is no, I would highly recommend getting that knowledge because it will help you regardless of the path you take. Companies don't want a penetration tester that just clicks buttons without an understanding of what is happening because that can lead to disaster situations. Another problem is that we don't know if you can get a job as a penetration tester yet. What happens if it takes you 3 years to get a chance to switch? You should be looking to continue to climb the ladder while you advance your studies. With all that being said the certification itself is not "mandatory" but there are a lot more factors in-play than simply learning about patch cables.
@@JonGoodCyber Thanks! I will prob take the exam in a few months. Your channel will become extremely popular once people find out. If only I would have seen these videos a year ago. It would have saved me a lot of research.
The CISSP and CCSP aren't really linked in terms of when you get them and it would depend on where you are in your career and what you are trying to do. With that being said, a big benefit of having both is that the CISSP satisfies the experience requirement of the CCSP.
Hi there, I currently have security+ and CISSP. Problem is I work in compliance, A&A, IT auditing scope and I’m bored. I find myself more interested in the security engineer or architecting side of things. How do you suggest I proceed?
Great question...I would look into whichever cloud certifications match your company (AWS, Azure, etc.). A lot of companies are shifting to more cloud hosted infrastructures and they need people who know about building out these environments in a secure fashion. You might also want to take a look at the CISSP concentrations (ISSAP and ISSEP), although you aren't really going to get the technical aspect of architecting/engineering.
i am doing MBA in (IT) please tell me a course from CISSP/CCSP/CISM/CISA which one will be a better pic for me as per my master degree...................pls reply fast✌️
Do you currently have any experience? If not, you can't qualify for any of those you listed yet. I would highly suggest looking at my website ( www.jongood.com/getting-started/ ) where I will give you an ideal path of skills and certifications.
Well for ethical hacking you will need to know the security vulnerabilities that exist in Linux, Unix, Mac, Windows, etc. Topics like when you configure certain services and how they can be vulnerable. Although ethical hacking is primarily about exploiting weaknesses, the BEST testers know how to fix issues and can recommend mitigation strategies.
Hi Jon, How are you? I graduated as a computer science engineer in 2009 and worked as a software engineer for over an year. Then I switched to banking and was working as a Manager, Asst.Manager for about 6 years. I used to handle internal compliance, credit control, asset quality verification(Loans), branch operation management etc. I am actually attracted towards cyber security. Because of the lack of experience in security, am not able to land in a junior level role to start up my career. As per my professors advice I completed a certification in SOC by ec council, still i could not find any job. I am giving my Sec+ this week. My question for you is that based upon your experience in the field, is there any particular combination of certification(CISA / CISM) which can help me land in a career in infosec based on my previous experience?
Unfortunately, given that your experience was over 10 years ago, and the fact that you only worked for 1-2 years...you’re more or less starting from scratch unless you kept programming on the side to keep sharp. Technology changes very rapidly, and especially over the last 10 years things are quite different. Risk Management or project management might be the closest thing to your skill set based on what you have said, however risk management in Cyber Security still deals with technology and I'm not sure if you have been dealing with that at all. I would start by grabbing a free copy of my eBook ( www.jongood.com/newsletter/ ) and reviewing the certification and skills road map I provide to give you insight on an ideal path. You can also check out my video on passing the CISSP (non-technical) ( th-cam.com/video/XQTY1Da2DJE/w-d-xo.html ) if you want more of a non-technical approach, however the eBook road map will make you more well rounded. From your experience, you bring business knowledge and soft skills but being out of technology for so long is going to hurt some. Make a plan and execute! Best of luck.
Not giving up and pushing through is one of the most important skills in this field! Also, as long as you can get through ~5 years, you can get to quite a lucrative salary.
Hi if i have 14 years in networking and operational security.. But did not make any certification.. Do i have to get some technical cert like ccnp sec fortinet or go through cissp?
Certifications are a great way to show employers you have a certain level of knowledge. Although years of experience is great, the quality of that experience varies greatly by the individual. Specifically in the situation with Cisco, companies are incentivized to have certain levels and numbers of certifications to receive discounts on equipment. Based on how many years of experience you have, the CISSP is absolutely a good certification you should get and other certifications aren't a prerequisite for passing.
Are you getting interviews? How often are you applying? Which types of jobs are you applying to? Security+ isn't an automatic to getting a job although it can help. Also, are you doing labs to learn different things? Typically the first job is a numbers game...you have to apply apply apply and keep improving your interviewing skills.
Historically the OSCP has been great for showing the ability to not quit and push through difficult situations. The course material was updated not too long ago to include some newer tactics but the pure focus is cracking shells. If you want a certification geared towards the full responsibilities of a pentester, then you would also want to look at eLearnSecurity (eCPPT) to be more well rounded.
The more I've learned about the eCPPT, I would highly recommend it. You will learn a lot about not only the technical aspects of penetration testing, but also the practical aspects.
The eJPT is a great certification for somebody looking to learn about penetration testing and I would highly recommend checking out my review on the certification. eLearnSecurity is growing in popularity and has a lot of solid certifications.
I’m a junior in college studying computer science and want to get int network security when should I start getting certs? Should try and find a job first and gain experience or try to get cert immediately after I graduate?
You should be working on certifications and getting a job at the same time because they are not isolated from each other. I would also check out my Getting Started page ( www.jongood.com/getting-started/ ) for things that you should do to help you on your journey.
I highly recommend grabbing a free copy of my eBook ( www.jongood.com/newsletter/ ) where I provide a road map of skills and certifications that will help boost your career.
Automated vehicles promise to increase driver safety?? Cybersecurity is a concern for everyone, from individuals to companies to national government. Computer algorithms are helping the police predict where and when crimes will take place. The spread of helpful robots in everyday life is accompanied by a fear that such technology may one day be adapted to build killer robots.
Cyber Security is definitely growing in importance every day. It's pretty interesting that 20 years ago the thought of companies having a large internet presence and having to worry about people hacking into systems wasn't even on the radar. Today the need for trained Cyber Security professionals is so high they can't even fill all the jobs...the next 20 years should be even more interesting.
@@JonGoodCyber I work in a closed area with several older people and it is kind of funny how "set in their ways" they are. One has adapted and thinks people who attempt to do better than just meet the NIST framework are morons, even if there are even more specific ways to increase the security and better secure the network. But at least he believes that model of security is good. The other one thinks that anything beyond controlling and knowing who has access to the systems is moronic and he is not easy to work with, but we make it happen one way or another. LOL
Meeting compliance is really a bare minimum requirement but you also have to consider the business completing their mission. That's an important concept because it doesn't matter if it's military, financial, etc....everybody has a mission that needs to be completed. The NIST 800 series is pretty interesting because it has flexibility to tailor controls IN or OUT based on the environment and mission but that discussion is for another day.
@@JonGoodCyber I am on the younger side in the cyber field (I have my security+ and CEH, would like to get my CISM and try for my CISSP again some day) and have brought in new changes to better secure the massive network I support. That is how I encountered these two older guys who actually built the network. I will say, they have taught me one thing; I have gotten really good at being prepared for push back and learned how to better negotiate for better security implementations even if the older people are not happy about the changes.
Great video! I already have passed the PMP exam, however I was thinking about taking the cissp or the cism exam. Which one which you think would be better if you work risk management?
Thank you for the feedback! The CISSP has a higher return and demand than the CISM (at least in the United States) but you will only scratch the surface on risk management. If you want to dive deeper, then the CISA and CRISC are good options.
Yes absolutely! There are basically a few big areas that you could explore. Web applications are only growing in their adoption by companies so knowing web languages, and knowing the OWASP top 10 as well as how to test for the flaws. Another path is getting heavy into C/C++ and trying to learn exploit development could be very interesting and profitable (don't turn into a bad actor). The last really popular path would be artificial intelligence because with so many alerts and sophisticated attacks, if you can learn to develop solutions that can learn/adapt then you will be extremely desirable. Certifications aren't going to be as vital in the programming space because it's just a different skill set.
Hi Jon, Thanks for the valuable advise on cyber security certifications. I need your suggestion regarding the cyber security certification. I have CCNP, CCNA with 3 years of exp into IT industry. Almost 1 year ago i am in a Cyber security profession and now want to grow further in this field. So which cyber security certification or path should i follow for a career boost. Thanks & Regards,
Thank you for the feedback! The first question is do you want to stay down the networking path? It seems like the CCNP: Security would be a fairly easy transition since there is a good chance you are dealing with some of those technologies already. What are you currently doing in Cyber Security? If you just want a good introduction into more things about Cyber Security then the Security+ from CompTIA would provide that.
@@JonGoodCyber Thanks for your prompt response! Following are my answers to your questions: Q: The first question is do you want to stay down the networking path? Ans: No. I want to extend my technical knowledge in other cyber security domains. Q: What are you currently doing in Cyber Security? Ans: Doing cyber security advisory services mostly related to "Network Security" domain such as (Secure Network Architecture Design, Network devices security configuration reviews, security hardening etc.. Although Security+ is a good introduction about cyber security. As you already know the background, i don't want to pursue Security+ certification it is ok for learning purpose. So which Cybersecurity Certifications should i target step by step that will benefit for job opportunities in future CCSP, CISSP, OSCP, CISM etc... ? Thanks & Regards,
@@muhammadirtaza1474 If you want to stay on the defensive side, I would definitely look into cloud certifications. The CCSP is nice because it’s vendor neutral but the new Microsoft Azure Security Engineer Associate is very interesting. The CISSP is also something that should be on your radar and can open up some doors for you but I would plan it out so you have the experience requirement met by the time you sit for the exam. If you are interested in switching to the offensive side, you should look into the eCPPT from eLearnSecurity and the OSCP from Offensive Security. Both have their pros and cons but work nicely if you stack them.
Would you recommend sec+, sscp, or ceh overall? I don't have a ton of experience in the security field so I was a bit hesitant towards sscp but some of the people I know in the field recommend that cert and sec+ to me. However, one of my professor recommended ceh and with sscp. I'm not too sure what I want to do specifically but I'm planning on taking one of these exams before I graduate!
I would recommend grabbing a copy of my free eBook where I lay out a certification path based on demand and experience. You can get a copy by signing up for my newsletter ( www.jongood.com/newsletter/ ).
Hi Jon, I have active PMP, CCNA and CCNP (expired), and would like to get knowledge into Cybersecurity to manage projects in that area. What certification do you recommend to help getting a job in the field? Thanks.
If you just want to manage projects, then the PMP gives you that skill set. Managing the projects versus being a Cyber Security manager can be two entirely different things. For example, a Cyber Security manager almost certainly needs a CISSP or CISM to even be considered but as a project manager, you won't be making the decisions that require that knowledge. It wouldn't hurt to have a Security+ from CompTIA as a basic certification, or you could even look at the CISA since risk is relevant to project management...but again it really depends if you just want to manage projects versus actually leading the security program.
CEH (Certified Ethical Hacker) mainly focuses on a lot of Penetration Testing tools and the Penetration Testing methodology so it's not really a good foundation if you are new or trying to break into Cybersecurity. The CISSP requires either 4 or 5 years experience to get fully certified and claim the certification so that's not an entry level certification either. Security+ is your best bet if you want to get a general certification that is widely recognized and doesn't formerly require experience. The foundation concepts are so important in Cybersecurity because everything builds on them so it's hard to justify recommending other certifications as a first step.
@@JonGoodCyber i had 5 years from 2010 2015 infrastructure experience level 1 and 2 support for virtualisation somthing like creating vm in vsphere managing clusters balancing and also managing sophos antivirus update to server and patching management from sscm to servers you make me change my mind i will do first securty plus in winter at the same time i will do ccna rooting and switching in night courses i want to come back to it so maybe these two certification made me up to date i will try also to see if they accept for cissp from my previus experince really thank you for your golden advices and sincerity
@@mansympa1002 No problem...I would definitely check with ISC2 to see about accepting the experience. The nice thing with doing Security+ plus first too is that you can add a certification to your CV/resume pretty quickly and then start working towards the more difficult CISSP.
@@JonGoodCyber i will take your video on udemy i follow ur advice i am now studing comptia using the known book at the same i pick the messer professor notes in about a week i will take your videos tx a lot u r really inspiring person
Hello Jon , thank you for the video. It was super informative . I am new to the system security field, like I dnt have any certifications yet . I am very confused where should I start with? Which certificate should I try first ? Please advise.
Thank you for the feedback! First, you will want to check out my playlist on Beginners Guide to Cyber Security Careers ( th-cam.com/play/PLErQ2qAXz3rq3NhCQfnIotfY2IDj0BtcY.html ) where I have a lot of advice for new people. Next, you will want to grab a free copy of my eBook which goes into more detail about Cyber Security Careers ( www.jongood.com/newsletter/ ). Finally, you will want to check out my series I am building on Building Cyber Security Experience ( th-cam.com/play/PLErQ2qAXz3rpSYL_0xDMrb_TWNtWu8xXF.html ). I would also recommend you join my Discord server ( www.jongood.com/discord ) because we have a lot of people in similar situations and can be quite helpful to learn from each other.
Jon Good, my background college degree is Business Administration; my career has been a community coordinator. As a person who wants to go through cybersecurity which certificate do you recommend I can start so I can quickly apply for jobs in New York or all metro areas.
I would recommend checking out my playlist on career advice ( th-cam.com/play/PLErQ2qAXz3rpivp98nr2RHuXZUokCMJXz.html ) and grabbing a copy of my eBook ( www.jongood.com/newsletter/ ). I'm not sure what you mean by "quickly" but there is no magic bullet. You can start by applying to help desk jobs and going for an A+ from CompTIA but technology jobs aren't really a profession you can fall into from zero knowledge...especially with Cyber Security which is expected to secure the technology that you need to know. My eBook will give you a road map that gives a realistic timeline.
Hi! In grad school for information communications sciences. I am in "part two" on this networking classes for school. Taking a cybersecurity course this summer as I am interested in the field. I have alot of sales experience and I would love to go into a consulting role of some sort. Trying to find out the best path between Network+, Security+ etc. Any insight would help as to what path i should take. Have basic knowledge of networking, switches etc
I would definitely look into getting the Network+ to give you some good networking knowledge. For Cyber Security certifications you will want to check out my video here ( th-cam.com/video/vBbhaUjiT1M/w-d-xo.html ) on Entry Level Cyber Security certifications to pursue as well as a new video that I am dropping tomorrow that will apply to you. Honestly, when you are starting out you should stay fairly broad with what you learn (systems, networking, security, etc.) because you can't predict what job you will get first and that impacts how you proceed significantly. For consulting, your sales background and communication skills are definitely useful but the consultants that provide the best value to customers are those that have been in the trenches. The downside of consultants who don't have much of a background deal a lot in theory instead of operational execution, so getting experience is going to make a difference. Hope this helps!
The A+ has good knowledge but it's really geared for the repair technician or help desk staff. Especially with everybody trying to move as much as possible to the cloud, repairing systems is probably going to be even more limited in the future. The Network+ on the other hand has a lot of good information and I would highly suggest getting certified. Cisco certifications go really well to follow up after the Network+ if you want to dive deeper into the networking world.
@@JonGoodCyber I actually read that, Cisco is a deep dive in a sense. My college gives us access to Cisco modules etc. But still found things easier on TH-cam and LinkedIn learning etc
Q: I have a BS and MS in Information Systems. Should I complement my background with some certifications or should I can still get into the field without certifications? Thanks
There are no mandatory requirements for the Security+. With that being said, the Security+ builds on networking knowledge so it's information you need to learn one way or another.
Hi Jon, thank you for your videos. I am an experienced developer considering moving into the cybersecurity business: is there a certification (training path?) that you could suggest?
You are welcome! With your background, web application security is probably one of the easier transitions. eLearnSecurity has the EWDP or EWPT depending if you want to be on the defensive or offensive side of things. GIAC also has GWAPT and GWEB, however the cost will be significantly higher. Along with those certifications, I would look into OWASP ( owasp.org/ ). A good book if you just want to start learning about Web App security is here ( amzn.to/3cfngDN ). There are other paths out there if you are wanted to get out of development but that is probably going to be your path of least resistance.
@@JonGoodCyber Great thank you, I have not looked at it from that perspective (the path of least resistance that is). I'll have a look at your suggestions.
Hi Jon...The video content was good...i recently passed CISA exam and would like to pursue CISSP exam..as CISSP is like a marathon...are there any specific topics and pointers for exams..
Thank you for the feedback! For the CISSP, I would watch my video on how I passed in two weeks ( th-cam.com/video/-HG1PTcDd60/w-d-xo.html ) and my video on the top 5 reasons you will fail the CISSP ( th-cam.com/video/giJFhtws-CE/w-d-xo.html ).
Risk is an extremely important concept in the enterprise so the knowledge is extremely useful. As far as the certification itself, it doesn't tend to show up on a lot of job postings and it's probably most valuable at a higher level management position. On the flip side, the study material is pretty short so you could knock it out relatively easy especially if you have a good background in the domains.
@@JonGoodCyber Thanks for the response! I only wanted your opinion because i’m already an IT Risk Analyst and was wondering if it would be smart to help push me towards the senior level or even further into upper management roles.
The baseline experience requirement for the CISM is 5 years, however they offer some experience waivers listed here ( www.isaca.org/credentialing/cism/get-cism-certified ).
Do you have a reputable source for that number? The truth is even though AWS has had a large share of the cloud market, other competitors such as Microsoft Azure are really starting to grab their fair share. It's easy to be the top dog when you are the only game in town but people aren't just jumping to AWS first anymore. www.forbes.com/sites/sergeiklebnikov/2020/01/07/microsoft-is-winning-the-cloud-war-against-amazon-report/#b55077c3bec8 www.forbes.com/sites/jeanbaptiste/2019/08/02/amazon-owns-nearly-half-of-the-public-cloud-infrastructure-market-worth-over-32-billion-report/#42d17c3529e0
Jon Good I stand corrected. I’m going on 2017/18 info. Even tho AWS infrastructure is 6x bigger than the rest of them combined, looks like Microsoft is rapidly closing ground
Indeed...from what I have noticed is that AWS shows up a lot in tech and heavy devops environments, and Azure seems to end up in more traditional companies but appears to be hosting lots of infrastructure. That might be an important consideration if you want to work for a specific type of company.
The CEH generally isn't a certification that will outright land you a job. In the private sector the CEH has great appeal to HR recruiters but especially to get a pentesting job you would be better served with an OSCP.
I love GIAC certifications but unfortunately they are very cost prohibitive...especially if you are self funding them. You also have to consider which certifications are frequently listed in job postings because somebody in human resources might not know what GCIH means but they know OSCP or CISSP. If an employer offered to pay for a GIAC certification with SANS training or another certification though, I would nearly always take the GIAC/SANS combo.
Certification study guides are going to be the best books you can read with zero experience. Although there are other books out there that provide useful information, if you don't have the fundamentals down the information will not provide you with any value.
Sure do...are you trying to actually break into Cyber Security or learn more about it to defend a company? Typically lawyers deal a lot with privacy aspects so the GLEG ( www.giac.org/certification/law-data-security-investigations-gleg ) and the CIPP ( iapp.org/certify/cipp/ ) are good places to start. Your success definitely requires you to have a good relationship with your Cyber people and even having a good grasp on what goes on during audits. Assuming you aren't trying to become a technical person, you want to leverage your experts for their knowledge, just like we leverage lawyers for their knowledge.
@@JonGoodCyber Got it. Thanks so much Jon. I know many attorneys start with CIPP. I'm actually looking into a course which will prepare for many technical certificates. some of which you covered in your video. I have a background in litigation representing consumers but I am open to advising businesses if I can be helpful. I was hoping that the technical expertise could help give me skills for litigation to use in data breach litigation. Does that sound like a good idea?
Having some of the technical knowledge might be useful from an overall understanding of how things work and where potential gaps might exist, but unless you have spent time in a security role (analyst, engineer, etc.) then I wouldn't expect to be providing much technical expertise. It's like a doctor who graduated their classes but then never went to do a residency...theory is important but it's not the whole story and I would be fairly skeptical of a lawyer giving any technical expertise.
@@JonGoodCyber Hmm I understand that. Is it still useful to the extent that I will be able to tell what falls below legal standards of care? As well as speak with experts and depose witnesses, etc, and know what I'm looking for?
Cool...I just didn't want you to try to wear both hats since each is a complex area. I definitely think from that perspective you can get plenty of knowledge to be prepared. Especially since technology isn't always the issue and processes are routinely a problem area.
'Thank GOD', and thank you very much ☺️ That was REALLY a lot of good information 🙄 I am currently working on my CompTIA Security+, but PEN Tester is my goal 😉 Any other suggestions 🤔
@@JonGoodCyber I am currently installing Minix and openSUSE for my platorms 🙄 openSUSE Server/Windows 10 Client and the same with Minix 🙄 on a different set of hardware in my home network 🏚️
The CISM has value but the intended audience is actually pretty small. I would check out my recommendations for 2021 ( th-cam.com/video/WyLt8gBYlwQ/w-d-xo.html ) and my video I did on the CISSP vs CISM ( th-cam.com/video/WbtpVWEm2QU/w-d-xo.html ).
Hi Jon and thank you for all the valuable information you give us youtubers. I've done CCNA, Cyber-ops Associate(New) and now I'm preparing to give the exam for the Pentest+ , I like purple team jobs. I spend a great part of my time reading security books and doing labs and I'm part of large communities as of TryHackMe and HackTheBoxAcademy to advance my knowledge. I wonder if I need to stay some more in this level and continue with CEH or CySA and then move on to difficult exams like CISSP or OSCP or start immediately, I know that before the likes of these exams we are in a world of script kiddies. So what's your opinion!? Thanks.
I'm glad that you are enjoying the content! I recommend grabbing my eBook ( jongood.com/getstarted/ ) to see the certifications and skills that I recommend for anybody trying to get into this career field. Do you currently have any experience? If not, landing a job in the career field should be your highest priority because you've already started to build a solid foundation. The quickest way to get into a purple team role is to start in either a penetration testing or security operations center (SOC) role....with SOC roles having the most opportunities available.
Good overview :) Considering to do CISSP in the next few months... One addition: If you get through the CISSP exam and dont have the work experience, you will become an ISC associate and have 6 years to fulfill the 5 years of necessary work experience.
I'm glad you enjoyed the video. I have addressed that in some other videos but there are specific reasons why I don't advertise that as an option. One of the major reasons is that even if you pass, you don't actually benefit until you are endorsed and certified. Per (ISC)2, you aren't suppose to even say which exam you passed and you can't claim Associate CISSP...heck most people that are responsible for hiring don't even know what an Associate of (ISC)2 means. Another reason is that there are lots of other options that have a higher return when you don't have the required experience for the CISSP....and that will actually grant you your certification (AWS, OSCP, Azure, CCNP, GIAC...so many). The last major reason is that the CISSP does require you to make decisions based on the experience you should have (it is a management exam for a reason). The real value of the CISSP comes from the experience requirement, not necessarily because you were able to pass the exam after a few years in the field.
Basically the short version is...if you pass the CISSP exam without the experience requirement satisfied...can't apply to jobs that require a CISSP because you aren't one....can't get CISSP money because you aren't one. The value just isn't there to become an Associate so I would not even consider it unless you have at least 3.5 years or more of experience...basically qualifying once you pass the exam.
I should have watched your video 11 months ago. I’m only starting my study for Security+ now... but everything you mention is what I want to do!😊
I'm glad you found the information helpful! The great part is that now you have found my channel so the rest of my content can bring you value as your career progresses.
I agree with you, Jon. I myself always got headache which certifications should I go for.. anyway, thank you for this video. Gotta take your advice in! Thanks!
Glad it was helpful!
I'm going to be starting in the SSCP pipeline as an entry-level cert for my Information Security job instead of the Security+. My boss is the Information Security Officer of the company that I work for and she has her CISSP. Our CIO recommended the Security+, but since we're a MSP and need to be vendor neutral as much as possible, we're going this route. I already have 1 year of experience in the industry because of working at my MSP (as well as other jobs I've held) so by the time I have taken the exam and passed, I'll have more than double (or even triple) the number of years needed. I'm planning on targeting the CAP after because some of our clients are subject to ITAR and NIST. I'll fill in the gaps with others as time goes on and get the Security+ and others as necessary.
Awesome stuff! Honestly between the SSCP and the Security+, you can't really go wrong with either. I tend to recommend Security+ more frequently because Security+ is better known (especially in the federal space) but they are both aimed at basically the same audience. With that being said, the Security+ does satisfy the IAM Level 1 of the DOD 8570 (now the 8140) where the SSCP does not...but with the SSCP you are probably closer to knowing the CISSP domains than with the Security+. What exactly do you mean by being "vendor neutral as much as possible?" CompTIA is extremely vendor neutral...and truthfully the Security+ is probably an easier exam. Also, I think you have to still take ISC2 exams at a testing center.
The CAP has a lot of good information as many companies implement at least part of NIST SP 800 series...because the full implementation is very cost prohibitive. You will definitely want to make sure the CISSP is on your radar when you get enough experience...specifically because you're dealing with the government or government contractors.
OSCP? I have my MCSE, CCNA, finishing my VCP then going for OSCP for starters. Barely 3 years into IT.
Good luck! The OSCP has a ton of street credibility with employers. The learning environment is very different than most certifications out there so make sure you have a plan and stay on track...and be ready for a lot of banging your head on a wall.
That's IT in a nutshell. I enjoy going after the difficult / worthwhile certs. I'm okay with linux at this point and prefer it over Windows. However I love Powershell and server core.. but yea OSCP is my goal for 2020. I turned on notifications so I'll be checking out your future content.
@@manthing1467 So true so true. I'm actually working towards OSCP right now...my last exam attempt I was very close to passing but after taking a break I am going to ramp up again. Awesome...thank you for the support!
@@manthing1467
Hey man just a question. Do you have a degree or you have a certifications?
Thanks for description with detailed links, love that. Tysm. Tc
You are so welcome! I'm glad you enjoyed the video.
You could add CISM either in place of, or tied with CISA.
There are a few reasons why the CISM does not make the cut:
1. The CISM applies to a fairly small subset of professionals because it focuses on running an entire security program. Many managers aren't even running the entire program, so the audience is in a fairly high position in an organization.
2. The CISA is an entirely different skill set focused on identifying risk through both technical and non-technical means.
3. Most companies see the CISM and CISSP somewhat similar, however if you are only going to get one then the CISSP is a better move.
"With cloud, it's unclear where things are going" I mean... AWS is by far the market leader, if you want to cover all your bases get certified in AWS and Azure security. Most cloud sec job adverts I have seen over the last year ask for "certification in either AWS, Azure or GCP". CCSP has experience requirements far beyond what someone new to cloud security is likely to have.
Microsoft Azure is actually starting to gain popularity so although AWS had been the first choice in previous years, that isn't necessarily how things are still playing out. You can see it not only in job postings but also in the revenue for each company's product. What I've been noticing is that companies who really adopt the devops style or are in the tech industry tend to go for AWS but the more traditional companies are using Azure for things like infrastructure. I think it's going to be similar to the battle with Windows vs Mac instead of how Cisco has been dominating other networking players like Juniper.
The requirement for CCSP is 5 years in IT, 3 years in infosec, and one year of cloud...or a CISSP waives all...so it's not necessarily out of reach because the majority of that could be satisfied at help desk or junior level jobs. I do agree that if you can get multiple cloud vendor certifications it looks better especially if you want to specialize in cloud at least early on in your career.
Got my security plus, read through the network plus exam material from mike meyers, took the cyber mentors ethical hacking course and now i'm taking the eJPTS as stepping stone into the OSCP. I have less than 1 year of experience in IT besides for dabbling in coding such as batch and GML as a kid. Do you think its necessary to take the Network plus exam if I want to be a pen tester? I personally couldn't care how to put together a rj-45 patch cable. I'm comfortable with linux, Python, and some C++.
The real question is can you pass the Network+ right now based on the knowledge that you have? If the answer is no, I would highly recommend getting that knowledge because it will help you regardless of the path you take. Companies don't want a penetration tester that just clicks buttons without an understanding of what is happening because that can lead to disaster situations. Another problem is that we don't know if you can get a job as a penetration tester yet. What happens if it takes you 3 years to get a chance to switch? You should be looking to continue to climb the ladder while you advance your studies. With all that being said the certification itself is not "mandatory" but there are a lot more factors in-play than simply learning about patch cables.
@@JonGoodCyber Thanks! I will prob take the exam in a few months. Your channel will become extremely popular once people find out. If only I would have seen these videos a year ago. It would have saved me a lot of research.
No problem and good luck! Thank you, I appreciate the feedback and hopefully I can help more people.
Should I consider getting CISSP before CCSP?
The CISSP and CCSP aren't really linked in terms of when you get them and it would depend on where you are in your career and what you are trying to do. With that being said, a big benefit of having both is that the CISSP satisfies the experience requirement of the CCSP.
Hi there, I currently have security+ and CISSP. Problem is I work in compliance, A&A, IT auditing scope and I’m bored. I find myself more interested in the security engineer or architecting side of things. How do you suggest I proceed?
Great question...I would look into whichever cloud certifications match your company (AWS, Azure, etc.). A lot of companies are shifting to more cloud hosted infrastructures and they need people who know about building out these environments in a secure fashion. You might also want to take a look at the CISSP concentrations (ISSAP and ISSEP), although you aren't really going to get the technical aspect of architecting/engineering.
i am doing MBA in (IT) please tell me a course from CISSP/CCSP/CISM/CISA which one will be a better pic for me as per my master degree...................pls reply fast✌️
Do you currently have any experience? If not, you can't qualify for any of those you listed yet. I would highly suggest looking at my website ( www.jongood.com/getting-started/ ) where I will give you an ideal path of skills and certifications.
@@JonGoodCyber i dont have experience right now but now a days i am learning CCNA ! please suggest few course after CCNA 😊
Make sure that you check out my web page that I linked because I provide all that information and more in my free eBook.
So my new CEH is not going to help me much ?
The CEH holds value with HR because they are familiar with it but there are other certifications that will help you a lot more.
I am looking into ethical hacking .. what is your advice ? What are the topics to be focused for operating system ?
Well for ethical hacking you will need to know the security vulnerabilities that exist in Linux, Unix, Mac, Windows, etc. Topics like when you configure certain services and how they can be vulnerable. Although ethical hacking is primarily about exploiting weaknesses, the BEST testers know how to fix issues and can recommend mitigation strategies.
Hi Jon, How are you?
I graduated as a computer science engineer in 2009 and worked as a software engineer for over an year. Then I switched to banking and was working as a Manager, Asst.Manager for about 6 years. I used to handle internal compliance, credit control, asset quality verification(Loans), branch operation management etc. I am actually attracted towards cyber security. Because of the lack of experience in security, am not able to land in a junior level role to start up my career. As per my professors advice I completed a certification in SOC by ec council, still i could not find any job. I am giving my Sec+ this week. My question for you is that based upon your experience in the field, is there any particular combination of certification(CISA / CISM) which can help me land in a career in infosec based on my previous experience?
Unfortunately, given that your experience was over 10 years ago, and the fact that you only worked for 1-2 years...you’re more or less starting from scratch unless you kept programming on the side to keep sharp. Technology changes very rapidly, and especially over the last 10 years things are quite different. Risk Management or project management might be the closest thing to your skill set based on what you have said, however risk management in Cyber Security still deals with technology and I'm not sure if you have been dealing with that at all. I would start by grabbing a free copy of my eBook ( www.jongood.com/newsletter/ ) and reviewing the certification and skills road map I provide to give you insight on an ideal path. You can also check out my video on passing the CISSP (non-technical) ( th-cam.com/video/XQTY1Da2DJE/w-d-xo.html ) if you want more of a non-technical approach, however the eBook road map will make you more well rounded. From your experience, you bring business knowledge and soft skills but being out of technology for so long is going to hurt some. Make a plan and execute! Best of luck.
@@JonGoodCyber Thank you Jon! I know its difficult for me, but I wont give up..!
Not giving up and pushing through is one of the most important skills in this field! Also, as long as you can get through ~5 years, you can get to quite a lucrative salary.
Hi if i have 14 years in networking and operational security.. But did not make any certification.. Do i have to get some technical cert like ccnp sec fortinet or go through cissp?
Certifications are a great way to show employers you have a certain level of knowledge. Although years of experience is great, the quality of that experience varies greatly by the individual. Specifically in the situation with Cisco, companies are incentivized to have certain levels and numbers of certifications to receive discounts on equipment. Based on how many years of experience you have, the CISSP is absolutely a good certification you should get and other certifications aren't a prerequisite for passing.
@@JonGoodCyber.. Thank you so much
Got my sec+ July 2020 and can't land a job 😪😪😪😔😔😔HELP. I HAVE NO EXP ALSO
Are you getting interviews? How often are you applying? Which types of jobs are you applying to? Security+ isn't an automatic to getting a job although it can help. Also, are you doing labs to learn different things? Typically the first job is a numbers game...you have to apply apply apply and keep improving your interviewing skills.
Hello! So been doing Pentesting for over 3 years now. I decided to sharpen my skills to perfection by going for OSCP, is it worth it?
Historically the OSCP has been great for showing the ability to not quit and push through difficult situations. The course material was updated not too long ago to include some newer tactics but the pure focus is cracking shells. If you want a certification geared towards the full responsibilities of a pentester, then you would also want to look at eLearnSecurity (eCPPT) to be more well rounded.
@@JonGoodCyber Interesting, is it better if I do eCPPT first?
The more I've learned about the eCPPT, I would highly recommend it. You will learn a lot about not only the technical aspects of penetration testing, but also the practical aspects.
@@JonGoodCyber Alright, thanks you! Ill go pass them first then. 🙂
Great video. Thank you sir
is eJPT a good certification? also does elearn security have good reputation?
The eJPT is a great certification for somebody looking to learn about penetration testing and I would highly recommend checking out my review on the certification. eLearnSecurity is growing in popularity and has a lot of solid certifications.
I’m a junior in college studying computer science and want to get int network security when should I start getting certs? Should try and find a job first and gain experience or try to get cert immediately after I graduate?
Correction, I want to get into information security.
You should be working on certifications and getting a job at the same time because they are not isolated from each other. I would also check out my Getting Started page ( www.jongood.com/getting-started/ ) for things that you should do to help you on your journey.
Looking into cyber security .. which certification or skills i need ? Currently working as a tech support in a firewall company .
sir please reply on this i am really confused
I highly recommend grabbing a free copy of my eBook ( www.jongood.com/newsletter/ ) where I provide a road map of skills and certifications that will help boost your career.
Automated vehicles promise to increase driver safety??
Cybersecurity is a concern for everyone, from individuals to
companies to national government.
Computer algorithms are helping the police predict where and
when crimes will take place.
The spread of helpful robots in everyday life is accompanied
by a fear that such technology may one day be adapted to build killer robots.
Cyber Security is definitely growing in importance every day. It's pretty interesting that 20 years ago the thought of companies having a large internet presence and having to worry about people hacking into systems wasn't even on the radar. Today the need for trained Cyber Security professionals is so high they can't even fill all the jobs...the next 20 years should be even more interesting.
@@JonGoodCyber I work in a closed area with several older people and it is kind of funny how "set in their ways" they are. One has adapted and thinks people who attempt to do better than just meet the NIST framework are morons, even if there are even more specific ways to increase the security and better secure the network. But at least he believes that model of security is good.
The other one thinks that anything beyond controlling and knowing who has access to the systems is moronic and he is not easy to work with, but we make it happen one way or another. LOL
Meeting compliance is really a bare minimum requirement but you also have to consider the business completing their mission. That's an important concept because it doesn't matter if it's military, financial, etc....everybody has a mission that needs to be completed. The NIST 800 series is pretty interesting because it has flexibility to tailor controls IN or OUT based on the environment and mission but that discussion is for another day.
@@JonGoodCyber I am on the younger side in the cyber field (I have my security+ and CEH, would like to get my CISM and try for my CISSP again some day) and have brought in new changes to better secure the massive network I support. That is how I encountered these two older guys who actually built the network.
I will say, they have taught me one thing; I have gotten really good at being prepared for push back and learned how to better negotiate for better security implementations even if the older people are not happy about the changes.
Great video! I already have passed the PMP exam, however I was thinking about taking the cissp or the cism exam. Which one which you think would be better if you work risk management?
Thank you for the feedback! The CISSP has a higher return and demand than the CISM (at least in the United States) but you will only scratch the surface on risk management. If you want to dive deeper, then the CISA and CRISC are good options.
Doing information technology in my 1st year of college. I do programming and software development. Any advice for programmers?✌️
Yes absolutely! There are basically a few big areas that you could explore. Web applications are only growing in their adoption by companies so knowing web languages, and knowing the OWASP top 10 as well as how to test for the flaws. Another path is getting heavy into C/C++ and trying to learn exploit development could be very interesting and profitable (don't turn into a bad actor). The last really popular path would be artificial intelligence because with so many alerts and sophisticated attacks, if you can learn to develop solutions that can learn/adapt then you will be extremely desirable.
Certifications aren't going to be as vital in the programming space because it's just a different skill set.
Hi Jon,
Thanks for the valuable advise on cyber security certifications. I need your suggestion regarding the cyber security certification.
I have CCNP, CCNA with 3 years of exp into IT industry. Almost 1 year ago i am in a Cyber security profession and now want to grow further in this field. So which cyber security certification or path should i follow for a career boost.
Thanks & Regards,
Thank you for the feedback!
The first question is do you want to stay down the networking path? It seems like the CCNP: Security would be a fairly easy transition since there is a good chance you are dealing with some of those technologies already. What are you currently doing in Cyber Security? If you just want a good introduction into more things about Cyber Security then the Security+ from CompTIA would provide that.
@@JonGoodCyber Thanks for your prompt response!
Following are my answers to your questions:
Q: The first question is do you want to stay down the networking path?
Ans: No. I want to extend my technical knowledge in other cyber security domains.
Q: What are you currently doing in Cyber Security?
Ans: Doing cyber security advisory services mostly related to "Network Security" domain such as (Secure Network Architecture Design, Network devices security configuration reviews, security hardening etc..
Although Security+ is a good introduction about cyber security. As you already know the background, i don't want to pursue Security+ certification it is ok for learning purpose.
So which Cybersecurity Certifications should i target step by step that will benefit for job opportunities in future
CCSP, CISSP, OSCP, CISM etc... ?
Thanks & Regards,
@@muhammadirtaza1474 If you want to stay on the defensive side, I would definitely look into cloud certifications. The CCSP is nice because it’s vendor neutral but the new Microsoft Azure Security Engineer Associate is very interesting. The CISSP is also something that should be on your radar and can open up some doors for you but I would plan it out so you have the experience requirement met by the time you sit for the exam.
If you are interested in switching to the offensive side, you should look into the eCPPT from eLearnSecurity and the OSCP from Offensive Security. Both have their pros and cons but work nicely if you stack them.
Would you recommend sec+, sscp, or ceh overall? I don't have a ton of experience in the security field so I was a bit hesitant towards sscp but some of the people I know in the field recommend that cert and sec+ to me. However, one of my professor recommended ceh and with sscp.
I'm not too sure what I want to do specifically but I'm planning on taking one of these exams before I graduate!
I would recommend grabbing a copy of my free eBook where I lay out a certification path based on demand and experience. You can get a copy by signing up for my newsletter ( www.jongood.com/newsletter/ ).
@@JonGoodCyber thank you very much!
@@naruharu100 No problem!
Hi Jon, I have active PMP, CCNA and CCNP (expired), and would like to get knowledge into Cybersecurity to manage projects in that area. What certification do you recommend to help getting a job in the field? Thanks.
If you just want to manage projects, then the PMP gives you that skill set. Managing the projects versus being a Cyber Security manager can be two entirely different things. For example, a Cyber Security manager almost certainly needs a CISSP or CISM to even be considered but as a project manager, you won't be making the decisions that require that knowledge. It wouldn't hurt to have a Security+ from CompTIA as a basic certification, or you could even look at the CISA since risk is relevant to project management...but again it really depends if you just want to manage projects versus actually leading the security program.
@@JonGoodCyber Thank you!
I want ur advice i want to start creer un cybersecurity and my plan is to passe ceh first and after cissp ?
CEH (Certified Ethical Hacker) mainly focuses on a lot of Penetration Testing tools and the Penetration Testing methodology so it's not really a good foundation if you are new or trying to break into Cybersecurity. The CISSP requires either 4 or 5 years experience to get fully certified and claim the certification so that's not an entry level certification either.
Security+ is your best bet if you want to get a general certification that is widely recognized and doesn't formerly require experience. The foundation concepts are so important in Cybersecurity because everything builds on them so it's hard to justify recommending other certifications as a first step.
@@JonGoodCyber i had 5 years from 2010 2015 infrastructure experience level 1 and 2 support for virtualisation somthing like creating vm in vsphere managing clusters balancing and also managing sophos antivirus update to server and patching management from sscm to servers you make me change my mind i will do first securty plus in winter at the same time i will do ccna rooting and switching in night courses i want to come back to it so maybe these two certification made me up to date i will try also to see if they accept for cissp from my previus experince really thank you for your golden advices and sincerity
@@mansympa1002 No problem...I would definitely check with ISC2 to see about accepting the experience. The nice thing with doing Security+ plus first too is that you can add a certification to your CV/resume pretty quickly and then start working towards the more difficult CISSP.
@@JonGoodCyber i will take your video on udemy i follow ur advice i am now studing comptia using the known book at the same i pick the messer professor notes in about a week i will take your videos tx a lot u r really inspiring person
@@mansympa1002 Awesome...sounds like a solid plan...good luck!
Hello Jon , thank you for the video. It was super informative . I am new to the system security field, like I dnt have any certifications yet . I am very confused where should I start with? Which certificate should I try first ? Please advise.
Thank you for the feedback! First, you will want to check out my playlist on Beginners Guide to Cyber Security Careers ( th-cam.com/play/PLErQ2qAXz3rq3NhCQfnIotfY2IDj0BtcY.html ) where I have a lot of advice for new people. Next, you will want to grab a free copy of my eBook which goes into more detail about Cyber Security Careers ( www.jongood.com/newsletter/ ). Finally, you will want to check out my series I am building on Building Cyber Security Experience ( th-cam.com/play/PLErQ2qAXz3rpSYL_0xDMrb_TWNtWu8xXF.html ). I would also recommend you join my Discord server ( www.jongood.com/discord ) because we have a lot of people in similar situations and can be quite helpful to learn from each other.
Jon Good, my background college degree is Business Administration; my career has been a community coordinator. As a person who wants to go through cybersecurity which certificate do you recommend I can start so I can quickly apply for jobs in New York or all metro areas.
I would recommend checking out my playlist on career advice ( th-cam.com/play/PLErQ2qAXz3rpivp98nr2RHuXZUokCMJXz.html ) and grabbing a copy of my eBook ( www.jongood.com/newsletter/ ). I'm not sure what you mean by "quickly" but there is no magic bullet. You can start by applying to help desk jobs and going for an A+ from CompTIA but technology jobs aren't really a profession you can fall into from zero knowledge...especially with Cyber Security which is expected to secure the technology that you need to know. My eBook will give you a road map that gives a realistic timeline.
might get some lab questions, i got about 6 of them on my security plus I guess i got unlucky... thankfully still passed.
Everybody definitely has different experiences with the exam but congratulations!
Thank you and thanks for helping me figure out which cert to go for next I'm thinking ccna, and ccnp security.
Hi! In grad school for information communications sciences. I am in "part two" on this networking classes for school. Taking a cybersecurity course this summer as I am interested in the field. I have alot of sales experience and I would love to go into a consulting role of some sort. Trying to find out the best path between Network+, Security+ etc. Any insight would help as to what path i should take.
Have basic knowledge of networking, switches etc
I would definitely look into getting the Network+ to give you some good networking knowledge. For Cyber Security certifications you will want to check out my video here ( th-cam.com/video/vBbhaUjiT1M/w-d-xo.html ) on Entry Level Cyber Security certifications to pursue as well as a new video that I am dropping tomorrow that will apply to you. Honestly, when you are starting out you should stay fairly broad with what you learn (systems, networking, security, etc.) because you can't predict what job you will get first and that impacts how you proceed significantly.
For consulting, your sales background and communication skills are definitely useful but the consultants that provide the best value to customers are those that have been in the trenches. The downside of consultants who don't have much of a background deal a lot in theory instead of operational execution, so getting experience is going to make a difference. Hope this helps!
I suppose that's right instead of relying on just sales and theory makes sense. Gotta get studying.
Also what is your recommendation as far as path A+ or Network+ alot of people say different things
The A+ has good knowledge but it's really geared for the repair technician or help desk staff. Especially with everybody trying to move as much as possible to the cloud, repairing systems is probably going to be even more limited in the future. The Network+ on the other hand has a lot of good information and I would highly suggest getting certified. Cisco certifications go really well to follow up after the Network+ if you want to dive deeper into the networking world.
@@JonGoodCyber I actually read that, Cisco is a deep dive in a sense. My college gives us access to Cisco modules etc. But still found things easier on TH-cam and LinkedIn learning etc
Q: I have a BS and MS in Information Systems. Should I complement my background with some certifications or should I can still get into the field without certifications? Thanks
You might be able to get in the field without certifications but ultimately they do play a big part in career advancement.
Do we need to study the network+ before going to Security+ I mean is it a pre-requisite?
There are no mandatory requirements for the Security+. With that being said, the Security+ builds on networking knowledge so it's information you need to learn one way or another.
Hi Jon, thank you for your videos. I am an experienced developer considering moving into the cybersecurity business: is there a certification (training path?) that you could suggest?
You are welcome! With your background, web application security is probably one of the easier transitions. eLearnSecurity has the EWDP or EWPT depending if you want to be on the defensive or offensive side of things. GIAC also has GWAPT and GWEB, however the cost will be significantly higher. Along with those certifications, I would look into OWASP ( owasp.org/ ). A good book if you just want to start learning about Web App security is here ( amzn.to/3cfngDN ). There are other paths out there if you are wanted to get out of development but that is probably going to be your path of least resistance.
@@JonGoodCyber Great thank you, I have not looked at it from that perspective (the path of least resistance that is). I'll have a look at your suggestions.
No problem...definitely let me know if you have questions.
Hi Jon...The video content was good...i recently passed CISA exam and would like to pursue CISSP exam..as CISSP is like a marathon...are there any specific topics and pointers for exams..
Thank you for the feedback! For the CISSP, I would watch my video on how I passed in two weeks ( th-cam.com/video/-HG1PTcDd60/w-d-xo.html ) and my video on the top 5 reasons you will fail the CISSP ( th-cam.com/video/giJFhtws-CE/w-d-xo.html ).
thoughts on the CRISC?
Risk is an extremely important concept in the enterprise so the knowledge is extremely useful. As far as the certification itself, it doesn't tend to show up on a lot of job postings and it's probably most valuable at a higher level management position. On the flip side, the study material is pretty short so you could knock it out relatively easy especially if you have a good background in the domains.
@@JonGoodCyber Thanks for the response! I only wanted your opinion because i’m already an IT Risk Analyst and was wondering if it would be smart to help push me towards the senior level or even further into upper management roles.
Hi do i must have work experience approve to apply for CISM certification exam
The baseline experience requirement for the CISM is 5 years, however they offer some experience waivers listed here ( www.isaca.org/credentialing/cism/get-cism-certified ).
AWS runs 80% of cloud globally???
Do you have a reputable source for that number? The truth is even though AWS has had a large share of the cloud market, other competitors such as Microsoft Azure are really starting to grab their fair share. It's easy to be the top dog when you are the only game in town but people aren't just jumping to AWS first anymore.
www.forbes.com/sites/sergeiklebnikov/2020/01/07/microsoft-is-winning-the-cloud-war-against-amazon-report/#b55077c3bec8
www.forbes.com/sites/jeanbaptiste/2019/08/02/amazon-owns-nearly-half-of-the-public-cloud-infrastructure-market-worth-over-32-billion-report/#42d17c3529e0
Jon Good I stand corrected. I’m going on 2017/18 info. Even tho AWS infrastructure is 6x bigger than the rest of them combined, looks like Microsoft is rapidly closing ground
Indeed...from what I have noticed is that AWS shows up a lot in tech and heavy devops environments, and Azure seems to end up in more traditional companies but appears to be hosting lots of infrastructure. That might be an important consideration if you want to work for a specific type of company.
Hello sir im a computer science engineer, Can a CEH certification fetch me a job in the US?
The CEH generally isn't a certification that will outright land you a job. In the private sector the CEH has great appeal to HR recruiters but especially to get a pentesting job you would be better served with an OSCP.
No GIAC? You have at least 3 on the wall.
I love GIAC certifications but unfortunately they are very cost prohibitive...especially if you are self funding them. You also have to consider which certifications are frequently listed in job postings because somebody in human resources might not know what GCIH means but they know OSCP or CISSP. If an employer offered to pay for a GIAC certification with SANS training or another certification though, I would nearly always take the GIAC/SANS combo.
@@JonGoodCyber I hear ya, I have GCIH and GCIA. Wouldn't have either if my employer didn't cover them.
I have GSEC, GWAPT, and GCIH. For the GSEC and GCIH I did the work study program, which is a great opportunity and saves some money.
hey how can i msg you ? i have a some questions....
All of my social media accounts are linked in the description or I can answer them here on TH-cam.
@@JonGoodCyber ok thx... what books you recommend for reading and how does some with 0 experience begin?
Certification study guides are going to be the best books you can read with zero experience. Although there are other books out there that provide useful information, if you don't have the fundamentals down the information will not provide you with any value.
Do you have any advice for a law graduate?
Sure do...are you trying to actually break into Cyber Security or learn more about it to defend a company? Typically lawyers deal a lot with privacy aspects so the GLEG ( www.giac.org/certification/law-data-security-investigations-gleg ) and the CIPP ( iapp.org/certify/cipp/ ) are good places to start. Your success definitely requires you to have a good relationship with your Cyber people and even having a good grasp on what goes on during audits. Assuming you aren't trying to become a technical person, you want to leverage your experts for their knowledge, just like we leverage lawyers for their knowledge.
@@JonGoodCyber Got it. Thanks so much Jon. I know many attorneys start with CIPP. I'm actually looking into a course which will prepare for many technical certificates. some of which you covered in your video. I have a background in litigation representing consumers but I am open to advising businesses if I can be helpful. I was hoping that the technical expertise could help give me skills for litigation to use in data breach litigation. Does that sound like a good idea?
Having some of the technical knowledge might be useful from an overall understanding of how things work and where potential gaps might exist, but unless you have spent time in a security role (analyst, engineer, etc.) then I wouldn't expect to be providing much technical expertise. It's like a doctor who graduated their classes but then never went to do a residency...theory is important but it's not the whole story and I would be fairly skeptical of a lawyer giving any technical expertise.
@@JonGoodCyber Hmm I understand that. Is it still useful to the extent that I will be able to tell what falls below legal standards of care? As well as speak with experts and depose witnesses, etc, and know what I'm looking for?
Cool...I just didn't want you to try to wear both hats since each is a complex area. I definitely think from that perspective you can get plenty of knowledge to be prepared. Especially since technology isn't always the issue and processes are routinely a problem area.
man you good.
I appreciate the support!
'Thank GOD', and thank you very much ☺️ That was REALLY a lot of good information 🙄 I am currently working on my CompTIA Security+, but PEN Tester is my goal 😉 Any other suggestions 🤔
Thank you and you are welcome! Make sure you become comfortable with Linux because penetration testers live in Linux for most of the tools.
@@JonGoodCyber I am currently installing Minix and openSUSE for my platorms 🙄 openSUSE Server/Windows 10 Client and the same with Minix 🙄 on a different set of hardware in my home network 🏚️
CISM?
The CISM has value but the intended audience is actually pretty small. I would check out my recommendations for 2021 ( th-cam.com/video/WyLt8gBYlwQ/w-d-xo.html ) and my video I did on the CISSP vs CISM ( th-cam.com/video/WbtpVWEm2QU/w-d-xo.html ).
Very good info
I appreciate the feedback and support!
Set playback speed to 1.25, thank me later.
By the way, Jon, thanks for the information!
Thank you for the feedback and I'm glad you enjoyed the video!
Hi Jon and thank you for all the valuable information you give us youtubers. I've done CCNA, Cyber-ops Associate(New) and now I'm preparing to give the exam for the Pentest+ , I like purple team jobs. I spend a great part of my time reading security books and doing labs and I'm part of large communities as of TryHackMe and HackTheBoxAcademy to advance my knowledge. I wonder if I need to stay some more in this level and continue with CEH or CySA and then move on to difficult exams like CISSP or OSCP or start immediately, I know that before the likes of these exams we are in a world of script kiddies. So what's your opinion!? Thanks.
I'm glad that you are enjoying the content! I recommend grabbing my eBook ( jongood.com/getstarted/ ) to see the certifications and skills that I recommend for anybody trying to get into this career field. Do you currently have any experience? If not, landing a job in the career field should be your highest priority because you've already started to build a solid foundation. The quickest way to get into a purple team role is to start in either a penetration testing or security operations center (SOC) role....with SOC roles having the most opportunities available.