Idk if you’ll see this comment but I want you to know that this completely changed the direction of my cyber security journey. In the end this saved me thousands of dollars and over a year on studying. In fact today I just finished my first month working for google
This is truthful and informative. I just finished PNPT and PJPT after the Pentest+. I learned a TON from PNPT and PJPT. I learned 0 from the Pentest+ (except how to cram for an exam). Thank you for putting this out. It may make some angry, but people deserve to hear the truth.
exactly! I’m getting attacked for saying this, ironically from those who are new to the indsutry (or not even in the indusutry) but somehow have an emotional attachment and strong opinions about certs…
@@UnixGuy For my Masters Degree, I've been knocking out the CompTIA certs. ISC2 CC, CYSA, Pentest+, and CASP. Unfortunately, even though I'd rather run down the TCM Security route, I need to go down this route, as these certs mean more to my employer, as well as the degree. There are simply 2 ways to move up in labor category, job types, and responsibility: 1) years of experience. 2) education that is DoD recognized.
@@brianpaap7046 yeah mate I totally understand! the comptia certs still have a lot of good information so if its part of your program please focus on them; there will be plenty of time for you to do other certs later. Good luck 🤝
Just my take on Security +, I am pretty new to cyber security, have been working in the field for one year now. I studied around 3 months for sec+ and did some labs, vídeo course and at the end the exam questions. I must say it kicked my butt, I passed it with few points above the minimum required score. For someone like you with over 20 years of experience in the field it is probably not very valuable cert but for me it was an awesome journey and now I am wraping up my prep for the CySa+ as a next step
Thanks for sharing your views and congrats on passing the security+ it is definitely not an easy exam specially if you’re new the concepts. Good with the CySA+ it is definitely a challenging exam! I recommend the Blue team cert as a more practical alternative, which I explained in detail in this video: th-cam.com/video/DRJic8vCodE/w-d-xo.htmlsi=h3cy9MYdI9d1UhPg
Just took my CySA+ test two days ago and just barely passed. Scored 751 on my second try 😅. In my opinion it was definitely way more difficult than security plus.
Thank you, as a person going into applied computing with a focus in cybersecurity your videos and others like it are extremely helpful to try to get an idea about what certifications to go for.
If of any help, YT premium offers content which is not interrupted with bunch of ad's. I find it of great value as it allows me to focus without attention being distorted due to gazzilion ad's.
Whatever certs you do, take a moment to think why their content is relevant and use the time devoted to studying for certs to build your skills and knowledge. In an interview, you'll have to show you are confident with the conceps and can apply them in real-world situations. In my personal experience, interview questions were not tricky or difficult, but they were mostly scenario-based, so you need to really have the concepts clear in your mind and have practiced using them to solve simple problems.
I studied for a bachelor's in cyber security. Studying for my cissp was more difficult and taught me a lot more overall than my degree. I value what it did for my career. I did varying cyber roles, but the cissp helped me to think big picture and connect the various domains together, then understand why I am doing what I'm doing. For example, why I need to manage the grc program and why I am locking down windows/Linux directories for sensitive classifications. Huge help for me. Maybe for others it's easy and you are a good test taker I guess. Keep in mind I was a 4.0 gpa. I rather take cissp than my bachelor's if I had to do over. Hopefully this helps others that may be hesitant. If you say only help desk experience can get you cissp then I think we need to audit those cissps to ensure they really have the proper experience in those domains. Clean house now.
hey Marco, thanks for sharing your experience and views. I certainly didn’t intend to take away from the hard work you put into your CISSP But if the CISSP (which is a watered down touch on basic domains in cyber) taught you more than your bachelors then no offence but your bachelor degrees must be terrible and I would question its value. The CISSP gives you definitions, it doesn’t teach you much (if at all) about GRC. For example, CISSP taught you that ‘risk assessments’ exists and need to happen, but it doesnt teach you how to do any of the work that we need in GRC (i.e. you wouldnt know how to create a proper cyber security program or even manage one) which is unfortunate. And yes the ‘experience’ aspect of CISSP is very questionable which is why most CISSP holders are either network engineers or individuals who are very junior (not saying that’s you and not saying that you didn’t work hard for it)
There are a few people who understand IT like this guy. I have worked in tech for over 25 years and can tell someone who knows what they are talking about in the first 5 mins of a conversation. The recruiters have put CISSP on a pedestal it doesn't belong. What doesn't make sense to me is how even the industry allows them to get away with it. SMH! No controversy with me at all! What I would say is that cybersecurity is overatted as a whole. One needs to know more about technology or the concepts of the basics before they can defend systems. A few examples one needs to understand is dns,3 way handshake, ports, sql queries, and things like that to be able to defend the threat techniques that are posed on them. In most of the cybersecurity lessons they teach how to defend them but don't understand how they work. This video should be given to the hiring managers who are on the market right now.
i think the issue is that some people have spent a lot of effort studying for CISSP so when I dared critisize it they took it personal. I agree with you, and honestly in the real no one cares
I've gotten my CISSP, it is not mandatory but a good to have, to be consistent in the terms and methodology used. It is not only about protecting but decision making especially with limited resources, and some stakeholder management skills.
Glad to see TCM rated so high on this list. I took Heaths udemy course on ethical hacking during covid and it was really informative for someone new to the area
Thank you so very much. I'm still in the early stages of my cybersecurity journey and your advice seems consistently practical and relevant, again, thank you.
Mr. Unix Guy, once again, thank you for a very thorough presentation of the Certs Tier List. I began my journey pursuing a Cybersecurity this past year as a second career. I'm always amazed at the content source you put out on TH-cam. Thank you again for taking the time in providing your valuable input on the many topics based upon your experience and/or as a Hiring Manager! I truly wish you were my Cybersecurity / Hacking FTO - Field Training Officer!!!! Something tells me I would be on the right path all the time!!!! Stay safe!
Thank you, I'm in the middle of the google cybersec certification since I'm in a reconversion, I have a better idea where to go next. I'm so grateful for all of your content !
Very informative, thank you. One reason you may see CISSP wishlisted in senior positions especially for US jobs is because it’s a popular cert that covers nearly every tier of DoD 8570. For high-level Federal positions (GS 13+), military, and GovCon - having the CISSP (or comparable cert) would be a necessity. Ultimately, for someone trying to get into cybersecurity in the US that is not ex-military; then the most important above all else is to obtain and maintain a security clearance. That seems to be the golden ticket to a 6 figure salary from my perspective.
@@ankitpandya552 did you have clearance prior? Do you have a degree? Do you have prior experience? What things do you have under your belt that you feel was helpful with you landing that job?
Hey UnixGuy, thank you soooo much for the work you do it's unvaluable to me! I actually started with googlecyber security cert, and I am loving it, following the ethical hacking roadmap you made on another video. Thank you so much! I somehow am learning new concepts that I didn't know I was able to and actually (not kiding haha puting those into work). Friend of mine had a message asking for some info and I somehow said: Hey man isn't that phising? and I think that's precisely it. And again thank you, you have a great one legend : ).
Awesome video. I would feel much more comfortable with a beginner in the field seeing this Tier list than some of the other lists I've seen out there. I will say it does seem like a bit of an incomplete list without mentioning the Blue Team Level 1 especially, and even the Certified CyberDefender certification as well. They're both on the rise as some of the only PRACTICAL, hands-on certifications geared towards blue teamers. I did see the video where you talked about it, which makes me wonder even more why it wasn't included in this list. Insightful video either way. Been following you for a while now and really appreciate the honesty in your content! 🙂
Great and informative session, i have 0 IT experience and just got Comptia Network + and comptia Security +. I totally agree with your rankings and reasoning behind it. Now since i have a foundational knowledge, i am going for Blue Team Security Level 1. Time to get hands dirty!
Great video! I can't stand ISC2 exams. I feel as though they're highly overpriced, and in my experience taking the CCSP, once you answer a question, you're not allowed to go back and make changes. I'm currently closing out my cybersecurity degree at WGU. And while I think the premise of the program is far greater than a traditional college, the program should axe A+, Network+, Project+, and SSCP, and incorporate Linux CLI essentials, eJPT, AWS cloud practitioner or Azure essentials, and a splunk certificate, since that's a tool that's widely used. These are far more practical to enhancing beginner cyber skills, instead of useless Project+ and A+ certs.
It would definitely be must more useful doing any practical or vendor exams. I'm about to start one of the Master's program and it's crazy to compare the Pentest+ exam to OSCP exam for credit. They should really emphasize the hands-on exams for some of the earlier courses instead of the multiple choice ones.
Thank you for these videos. I’m learning so much before even starting my career change. These videos are extremely helpful and appreciated to someone who knows absolutely nothing about cyber security but wants to start!
Very very informative and useful, while I have almost structured my path in a similar way as your lecture, I wish I had seen this earlier this year 2023. I have been doing a lot of EC-Council hands on courses since they also use their lab which they encourage you to create yours in order to practice
glad to hear you’re doing hands-on courses! if you want to become an ethical hacker, I recommend you follow this: th-cam.com/video/8K7iAJ9BNl0/w-d-xo.htmlsi=bTIhR3OqgDJhyz-I
Hi Sir, Kudos to you Sir, frankly speaking this one of the best video I come across which classify from A to F the certificate we can go for in order to land a job as a beginner. This is very powerful. I just love it. Thanks.
Thanks for breaking all that down! In doing research it can get really confusing so I wasn't sure where to start! I think I'm going for the entry level Google cert first. Everyone talks about cyber security but not the fact that you have to get additional certs. In different areas.
Should add BTL1/2 & Certified Cyberdefender to the list here. Those are practical blue team certs that people should go for if they want affordable hands on experience.
Thank you. I get asked this often. Your list is solid. Again, thank you. Also, I'm heartened to see your ranking of CEH in the F tier. I agree even beyond it being a multiple-guess test and requiring rote memorization. It relies too much on specific (and even dated) tools instead of covering concepts and techniques. It was a garbage cert when I took it in 2007 and it's still a garbage cert (back in 2007 it had multiple questions that didn't have correct answers to choose from). Unfortunately, I see CEH being recommended or required for people to obtain for even regular cybersecurity jobs unrelated to hacking, ethical or otherwise. I do my level best to steer them to other certificates that are better, but too often they are pigeon-holed into getting it because a manager read about it as a certificate that meets certain criteria across multiple levels (I"m looking at you DoD 8570) and made it a hiring requirement.
mate you should see some of the nasty comments I got from people with bruised egos who are upset that I didn’t rank their beloved certs higher. You have a great growth mindset that will take you places 👏🏻
very nice list! I am currently working as an IT manager and have 6 engineers below me + one sys admin, currently working on the CISSP but will get more on the technical side once that is completed
This just confirm that the only certs I think is worthwhile for me pursuing is the PNPT and the OSCP, that will come after i get the RHCA and the CCNA which I'm currently pursuing, thanks for these information.
that’s not what I meant though, the PNPT and OSCP are penetration testing certs so it really depends on what you want to do I have video with a roadmap for ethical hacking but I also have a different one if you want to be a security analyst - different paths :)
@@UnixGuy I'm more geared towards Software Development/Engineering, I'm just exploring the domains of Hacking so that I know the importance of Coding securely, but when I got into it I found that one has to have a good foundation knowledge of Networking and Linux, it's great stuff and very interesting.
This is a very helpful and informative video..most peeps get pushed to Comptia in the UK. I will be looking at the other A certs once done with things I have already purchased before coming across your videos *hugs*
I started seeing your videos two days ago. Amazing information. Thank you. You are from Australia. That is my dream country to travel. When I land my 1st GRC job I will travel to Australia. Thank you for all your information. I am writing everything down.
Man! You are like the chatGPT for security as i had the same thoughts about this. Currently doing sec+ after finishing google cybersec and isc2 cc. "How can memorizing types of fire alarms make you a cybersec expert" ..... that made me stare at my ISC2 CC for 10 mins.. i reckon that those bits and pieces of tutorials on youtube like how to use nmap, make a STIG, could add up to make an experience as well as the roadmap of courses to take for beginners. I wish to meet you someday to give you a firm handshake for you have no idea how your videos are helping me.
This tier list was strictly for value right? Because CEH and Pentest+ show up WAY more on job boards then EJPT and PJPT….I looked up EJPT on indeed and only got 3 results. Yes HR can be out of touch but it’s the reality we live in and we have to adapt to it. I think a combo of CEH and EJPT would be nice to learn the real skills and also land you a job.
I explained why things ‘show up in job search’, people put them there as a wishlist. You wont get a pentest job based on pentest+ or CEH. You can do the CEH if you want to and you can find out yourself if its worth it. If you want to be an ethical hacker, this is tje roadmap for you: th-cam.com/video/8K7iAJ9BNl0/w-d-xo.html
@@UnixGuy Isn’t it important to get certs that are on these wishlists so you can actually get your resume in front of a hiring manager? Then from there you can showcase the skills you actually learned from a more hands on, practical (better) cert.
I really liked this video even though Blue Team Lv 1 was not on the list. Question: I had believed the Pentest+ and CEH are great introductions to penetration testing and good preparation for someone looking to do OSCP. Depending on the person’s background, would you recommend someone at least study those certs, even if they don’t spend money in the exam? And then do higher level or testing cert?
hey mate, the blue team is definitely Tier A! If you want something before OSCP, I highly recommend you follow this roadmap: th-cam.com/video/8K7iAJ9BNl0/w-d-xo.html
Great content. Thank you so much. Currently, I am doing a Google CyberSecurity Certificate. Your video has put a lot of motivation into my learning path. I am thinking of obtaining a CompTIA security+ Cert. What would you suggest?
Thank you because I was about to start aligning myseld towards the ISC² path of certs after taking the free CC program. Boy what a mistake that would've been 😅 This was an awesome discussion
I was literally seconds away from starting Google's Cybersecurity Pro Cert from your previous videos, but I just want to double check one thing since you've mentioned all the rival courses alongside it: do any of the other courses come with a Security+ discount like the Google one? I remember you mentioning this in a previous video and I thought this was a pretty solid start getting the Google and then Sec+ to getting my first cybersec job.
Im currently doing certificate IV in cyber security at TAFE Qld here in Australia. Looking to add some more certificates onto my belt after ive qualified, so videos like this i greatly appreciate. Experience concerns me a little as its hard to get entry level positions without it. Worked in hospitality most of my career so anything to build skill set is highly valuable to me. Kind regards, and thank you for your content.
yeah mate I understand! I recommend starting with the google cert: th-cam.com/video/6LIUhx95MCU/w-d-xo.htmlsi=sFCzUDSbnxrquzyc then work your way up with the practical projects: th-cam.com/video/LFlsDm8w36A/w-d-xo.htmlsi=1itqDV2ISLlOZrEa
@@UnixGuy yes google cert is definitely on my bucket list, about to work on my python skills over the holidays with Harvardx cs50, they've also given us access with this TAFE course to get our CCNA and use Cyberbit (which has over 100 different classes to level up in skills). My journey has only just begun, but I'm excited to see where cybersecurity leads me in the future. Kind regards brother
Where would you rank the blue team level 1 cert I’m really interested on getting into a soc analyst position I heard good things about this certification.
In a prior video, you recommended getting the Blue team level 1 following the Google Cybersecurity certificate, do you still suggest this path for a beginner or someone just coming into the field?
As someone who is just starting is journey and tryinf to break into field this has proven lots of insight! Im currently enrolled at wgu and will get the trifect, pentest and cysa through them! I plan on getting blue team level 1 and other certs that willl benefit me. I appreciate all the help your channel has brought me
I passed many certs. some are expired. Anyway, regardless of the role, CCNA is what got me the foot in the door. also, I learned fundamental concepts that I still use today in my IR role. I recommend it over other certs if you are just starting. I have OSCP and CISSP, but CISSP is what definitely helped getting more interview and salary increase. Unfortunately, after spending so many hours on it, I have to admit OSCP is worth jack shit today. And unless you want a Jr pentest role, field which overcrowded BTW, it wont helps you much. CEH is junk. SANS are great but are too overpriced. Only if your company pay for it, why not but they are not very challenging. If you know how to index a book, anybody could pass the exam which is open book LOL. If you are in the mid of your career, CISSP is what you want and only what you need. I dont like it but HR guys and management boomers do, a lot....
Glad to hear you’re doing well, good luck with everything. The point of SANS is the quality training, not the indexing and cramming. OSCP is a pentest cert, that’s precisely what I would use it for. Each to their own, good luck anyway 🤝
I’m a huge fan of hands-on, almost all cybersecurity certifications are all theoretical even CEH, which in my opinion I feel like Pentest+ has more practical questions. To be honest, Is better to be certified than not having any certifications at all and hope you will land a job in cybersecurity, when your father or your buddy aren’t the owner of the company. My advice is that you still need to learn the fundamentals regardless of how you feel about computer networking it’s still very crucial as a cybersecurity professional for u to understand what ports are, how TCP/IP protocols works, how computer is actually connected. You can’t protect what you don’t know. A lot of cybersecurity professionals don’t even know how to configure simple firewall rules or apply ACLs, or even know what security solutions are to be applied on routers or switches and hardware firewalls. Don’t be discouraged by bunch of TH-cam videos about people going after certifications, but they all have more than one certification and started somewhere, they didn’t brake into cybersecurity by not having a degrees or certifications. If you’re just starting of it won’t be a bad idea to get familiar with different areas, networking, cloud computing, penetration testing, etc.. As a Network engineer I built a physical home lab during my CCNA exam with Cisco routers and switches including access points that I bought from EBay. But due to space and noises I decided to build virtual lab using Eve-NG. So hands-on and experience is very huge. So many company are looking people for people who are experienced in configuring Palo Alto firewalls, and Cisco ASA,Cisco ISE,Fortinet Firewalls. U don’t have to take networking certification but understanding how computer systems are connected will aid in your troubleshooting process. Last but lost, have a NICHE after familiarizing yourself with bunch areas in IT field, cybersecurity is very broad and I’ve seen job postings “cybersecurity engineer” on LinkedIn but they’re specifically targeting professionals with experience in Cisco routing and switching, cisco ASA,ISE,Palo Alto, fortinet and checkpoints firewalls. No knowledge is wasted, learn as much as you can grow to the level that you’re so confident in yourself and not have to deal with imposter syndrome.
@@certified-master3986 I have 20Y of exp in IT and half of that in Cybersecurity. I hold CISSP and OSCP but I still feel like a n00b. Imposter Syndrome never goes away....
The list of courses that I recommend for ‘foundation’ as a replacement for A+/Net+/CCNA are all in this video: th-cam.com/video/rIOvsj7jBuQ/w-d-xo.html
Hi, what is your opinion of cisco skills for all? there is ethical hacker course and a Junior Cybersecurity Analyst Career Path, both of them are free.
I have over 20 certifications (some from your A and B tier), many projects and I am not sure it is helping me find a job at all. (3 months and over 1500 applications later)
The only channel i follow religiously, This guy helped me a lot through his videos , i made a roadmap and started my cyber security learning journey. By the way u forgot Blue team certification.
Love your videos, cheers for all your insights. I’m at that early stage, just passed Sec+ last week & I’m going to start working thru your project roadmap today. I’m really interested in digital forensics but can’t find a lot of information on what to learn/how to get started to be a good candidate for a digital forensics position. I’ve done short courses on Autopsy & TSK but if you - or anyone else - could offer some pointers on where to take my next steps to get into that field I’d really appreciate it! Thx again, I’m recommending you to everyone I know training in cybersec
I agree that CISM/CISA/CISSP doesnt really teach you HOW to do cyber as it's a lot of theory, but I would definitely put them above CompTIA in A tier for career advancement potential. Comptia is good to get your foot in the door and then meh after that. I would put OSCP at the top and everything below it. That one is tough. CISSP/CISM/Sec+ holder
yeah it’s a tough one, i put sec+ above because it servers a purpose of introudcing someone to a topic and teaching them something, but I see your point!
I'm finding in the Google CS Program labs and portfolio activities I'm having to go outside of the course material and get clarification. I feel Google can do much better than just overwhelm a beginner with just walls of soulless text explaining a lab. Nothing beats having a professional sit down and work with you in a TH-cam video step by step.
Thank you for your videos! I found them very useful. Could you please make a video with a roadmap from zero to become a pentester? Something like what ppl need to learn: 1. networking essentials, 2. Linux. 3. Python and etc. I would really appreciate it so much
In a nutshell quickly take your CISSP cert for the good salaries and the job requirements but if you really want to learn about Cybersecurity in practice you go to the king. OSCP if you can pass 24 hour exam and GIAC if you can afford the price. If you are working in cloud technologies you obviously take the respective cloud cert. That's what the 22 min video is about and makes sense to me as Cybersecurity Professional.
I really appreciate how straight forward you are. I was wondering if you take the exams yourself to give your review on them? I'm not a great theoretical learner but very practical so you making these distinctions helped a lot.
I took many exams but sometimes I just do the course quickly if its entry level. I also mentor a lot of people who do these exams so im familiar with the content. I never recommend anything without taking it myself first
Thank you for your video :). I am looking to switch into cyber sec. My background is in Network engineering and for the last years as a project manager. I'm currenly doing the google cert, after that probably S+ and then Blue team. My problem is that I dont know What I am passionate about yet :D.
I agree on most of the stuff but CISSP is a very good cert I believe the knowledge you gain through it is priceless. I have not done it yet but I have gone through the CISSP material and it was amazing and I learned a lot.
Hey try to make video on how security analyst resume looks like. What should put on our resume ? And how to increase chances of getting job faster then others. ( Extra skills.)
Thank you so much for the time and effort you put in your videos. I have decided to only take your advice and block out all other videos on beginners path to cybersecurity and I truly beleive it will pay out. Quick question as I am a local also (Melbourne) what exactly does your book a call with you involve? I tried to find in the discord information and search your TH-cam videos but unfortunately didn't find anything on the subject. Again thank you for your great videos and advice.
Hey mate, I deliberately didn’t put a lot of info about the career coaching calls because I don’t have capacity to do a lot of them 😆 What they involve is I’ll get you to send me your current CV and any transcript or courses or things you did in the past, I’ll also get u to send me as many queations as you have via email then I proceed to dig through your CV/linkedIn/transcript/courses and I identify gaps ans create a custom plan for you in a word document then when we do the call which is one hour long, you get to ask as many questions as you have, and I also dig deeper and ask you more questions about your goals, current life situation and I adjust the plan as I go, by the end of it I’ll email you the plan and I also you should be taking notes during the calls as I also identify personaloty things, limiting beliefs, etc That’s all! but before you book it, please ensure that you have also watched the videos thoroghly :)
Thank you so much for the above information. I will go through all your videos from the start and hopefully in the next few weeks if nothing changes from my end I will book that mentorship call. Again thanks for your great advice and TH-cam videos.
A clearly highly experienced consultant who gives his experience to the world to right a clear inbalance in the system. I wish I knew many things sooner myself. Subscribed, I'll be watching all your videos.
I agree in many ways on the certifications posted here but will add my worthless pennies of 25 plus years of IT consulting with a touch of Security thrown in for good measure. ;-) There is often a problem in IT Security and Information Security that often is far too focused on the Tech aspect well forgetting what Security really means. CISSP as an example I think is focused more on the Security Management and there to help align gaps in management and create a consistent bench mark for managing Information Security. As Security isn't a tech thing but rather a larger mechanism to support a companies Vision, goals, objectives. In short what I am saying is that CISSP isn't as mentioned in the video a starting point, has some things that seem pointless like fire suppression systems it does sort of give that general mindset. Far too often I have butted heads with the heads of IT on how they want to run a company, IT knows best (security also) and misses the actual point on what information or asset, and process we are actually supporting. In the CyberSec field we are really lacking high level thinkers that understand technologies though and also IT Techies (perhaps experts) that can also think abstract.
Hopfeully I made it a little clear as often it is hard to type it all out in the comments. Just to be clear I am not diminishing the importance of the technical security side but rather having the look at a larger picture. One of the Cannons in many Security exams is to remember that people always come first before assets, laws, etc. I personally take that a bit serious and as I am sure you are well aware of technologies change (always) so that should not be the driver. On the other side of there is, and are many in the so called "leadership" that do not even know how to turn on a computer. That is dangerous as I guess you are aware of and also leaves Risks misunderstood and not able to be leveraged to move forwards. Just last week I was in a potential (C)ISO interview and the whole places was all strictly on Site, working, etc when servers are naturally in the cloud. I asked why on site and they answered for security :( Anyways I digress and thank you for the videos. I am always open to discussion, and or correction ;-) @@UnixGuy
@@shamuscoghlan_807 no I agree with you, in fact im spending more of time nowadays on the risk side of things than the technical world so I see your points
Thanks for the overview. I wouldn't say CISSP is for beginners at all. More likely for more experienced risk professionals setting foot for managerial level.
great video, but i'm a bit curious to what made you not consider blue team level-1 & 2 certificates. please provide an insight to that. And if you were to add those certs. to the list what tier would you rank them in? thanks
honestly because I thought the video was too long as it is and I discussed them in other videos, in hindsight I should’ve included them - definitely Tier A :)
Idk if you’ll see this comment but I want you to know that this completely changed the direction of my cyber security journey. In the end this saved me thousands of dollars and over a year on studying. In fact today I just finished my first month working for google
huge congrats!!! so happpy to hear that 🎉🎉🎉
Can I know what was the interview process in the google
Can i know your journey to get this job
This is truthful and informative. I just finished PNPT and PJPT after the Pentest+. I learned a TON from PNPT and PJPT. I learned 0 from the Pentest+ (except how to cram for an exam). Thank you for putting this out. It may make some angry, but people deserve to hear the truth.
exactly! I’m getting attacked for saying this, ironically from those who are new to the indsutry (or not even in the indusutry) but somehow have an emotional attachment and strong opinions about certs…
@@UnixGuy For my Masters Degree, I've been knocking out the CompTIA certs. ISC2 CC, CYSA, Pentest+, and CASP. Unfortunately, even though I'd rather run down the TCM Security route, I need to go down this route, as these certs mean more to my employer, as well as the degree. There are simply 2 ways to move up in labor category, job types, and responsibility: 1) years of experience. 2) education that is DoD recognized.
@@brianpaap7046 yeah mate I totally understand! the comptia certs still have a lot of good information so if its part of your program please focus on them; there will be plenty of time for you to do other certs later. Good luck 🤝
@@UnixGuy ty, sir :)
I’m there with ya.
Just my take on Security +, I am pretty new to cyber security, have been working in the field for one year now. I studied around 3 months for sec+ and did some labs, vídeo course and at the end the exam questions. I must say it kicked my butt, I passed it with few points above the minimum required score. For someone like you with over 20 years of experience in the field it is probably not very valuable cert but for me it was an awesome journey and now I am wraping up my prep for the CySa+ as a next step
Thanks for sharing your views and congrats on passing the security+ it is definitely not an easy exam specially if you’re new the concepts. Good with the CySA+ it is definitely a challenging exam! I recommend the Blue team cert as a more practical alternative, which I explained in detail in this video:
th-cam.com/video/DRJic8vCodE/w-d-xo.htmlsi=h3cy9MYdI9d1UhPg
Sec+ is a requirement for any gov cyber work
Just took my CySA+ test two days ago and just barely passed. Scored 751 on my second try 😅. In my opinion it was definitely way more difficult than security plus.
Thank you, as a person going into applied computing with a focus in cybersecurity your videos and others like it are extremely helpful to try to get an idea about what certifications to go for.
Glad it was helpful!
Always no BS video. I never skip ads.
🫡
If of any help, YT premium offers content which is not interrupted with bunch of ad's. I find it of great value as it allows me to focus without attention being distorted due to gazzilion ad's.
Whatever certs you do, take a moment to think why their content is relevant and use the time devoted to studying for certs to build your skills and knowledge. In an interview, you'll have to show you are confident with the conceps and can apply them in real-world situations. In my personal experience, interview questions were not tricky or difficult, but they were mostly scenario-based, so you need to really have the concepts clear in your mind and have practiced using them to solve simple problems.
good points, thanks for sharing!
I completed the Google cybersecurity ceruficate, I am now getting ready for eJPT certificate. Thank you for your guidance
well done 👏🏻
I studied for a bachelor's in cyber security. Studying for my cissp was more difficult and taught me a lot more overall than my degree. I value what it did for my career. I did varying cyber roles, but the cissp helped me to think big picture and connect the various domains together, then understand why I am doing what I'm doing. For example, why I need to manage the grc program and why I am locking down windows/Linux directories for sensitive classifications. Huge help for me. Maybe for others it's easy and you are a good test taker I guess. Keep in mind I was a 4.0 gpa. I rather take cissp than my bachelor's if I had to do over. Hopefully this helps others that may be hesitant. If you say only help desk experience can get you cissp then I think we need to audit those cissps to ensure they really have the proper experience in those domains. Clean house now.
hey Marco, thanks for sharing your experience and views. I certainly didn’t intend to take away from the hard work you put into your CISSP
But if the CISSP (which is a watered down touch on basic domains in cyber) taught you more than your bachelors then no offence but your bachelor degrees must be terrible and I would question its value.
The CISSP gives you definitions, it doesn’t teach you much (if at all) about GRC. For example, CISSP taught you that ‘risk assessments’ exists and need to happen, but it doesnt teach you how to do any of the work that we need in GRC (i.e. you wouldnt know how to create a proper cyber security program or even manage one) which is unfortunate.
And yes the ‘experience’ aspect of CISSP is very questionable which is why most CISSP holders are either network engineers or individuals who are very junior (not saying that’s you and not saying that you didn’t work hard for it)
@@UnixGuy thanks for your super quick reply sir! Much appreciated your feedback. Every bit helps. Keep doing what you do!
my pleasure Marco, and thanks for being professional, you will do really well in this industry 🫡
There are a few people who understand IT like this guy. I have worked in tech for over 25 years and can tell someone who knows what they are talking about in the first 5 mins of a conversation. The recruiters have put CISSP on a pedestal it doesn't belong. What doesn't make sense to me is how even the industry allows them to get away with it. SMH!
No controversy with me at all! What I would say is that cybersecurity is overatted as a whole. One needs to know more about technology or the concepts of the basics before they can defend systems. A few examples one needs to understand is dns,3 way handshake, ports, sql queries, and things like that to be able to defend the threat techniques that are posed on them. In most of the cybersecurity lessons they teach how to defend them but don't understand how they work. This video should be given to the hiring managers who are on the market right now.
i think the issue is that some people have spent a lot of effort studying for CISSP so when I dared critisize it they took it personal. I agree with you, and honestly in the real no one cares
I've gotten my CISSP, it is not mandatory but a good to have, to be consistent in the terms and methodology used. It is not only about protecting but decision making especially with limited resources, and some stakeholder management skills.
This definitely will save me a lot of time. It's great to hear some industry advice, especially in Australia.
🫡
Glad to see TCM rated so high on this list. I took Heaths udemy course on ethical hacking during covid and it was really informative for someone new to the area
they’re pretty solid!
God, people deserve more content like these... so assertive! Obrigado!
thank you!
Thank you so very much. I'm still in the early stages of my cybersecurity journey and your advice seems consistently practical and relevant, again, thank you.
🙏🏻
Mr. Unix Guy, once again, thank you for a very thorough presentation of the Certs Tier List. I began my journey pursuing a Cybersecurity this past year as a second career. I'm always amazed at the content source you put out on TH-cam. Thank you again for taking the time in providing your valuable input on the many topics based upon your experience and/or as a Hiring Manager! I truly wish you were my Cybersecurity / Hacking FTO - Field Training Officer!!!! Something tells me I would be on the right path all the time!!!! Stay safe!
Thanks mate I appreciate you kind words and support, hope we meet one day 🤝
Another banger by UnixGuy, glad to see that you're blowing up - you deserve it!
Appreciate it 🫡
Thank you, I'm in the middle of the google cybersec certification since I'm in a reconversion, I have a better idea where to go next. I'm so grateful for all of your content !
Best of luck!
This is very helpful for planning my learning path, thank you for keeping your content updated! :)
🫡
Very informative, thank you. One reason you may see CISSP wishlisted in senior positions especially for US jobs is because it’s a popular cert that covers nearly every tier of DoD 8570. For high-level Federal positions (GS 13+), military, and GovCon - having the CISSP (or comparable cert) would be a necessity. Ultimately, for someone trying to get into cybersecurity in the US that is not ex-military; then the most important above all else is to obtain and maintain a security clearance. That seems to be the golden ticket to a 6 figure salary from my perspective.
thanks for sharing, very interesting points and very useful for federal positions!
Very much agreed. I received a clearance in the military on top of a cyber sec degree and sec+ cert and my future is looking very lucrative
Not really. I was selected for FBI GS 14, eventhough I did not have CISSP
@@ankitpandya552 people just go off what they read in a job description, a lot more goes into hiring
@@ankitpandya552 did you have clearance prior? Do you have a degree? Do you have prior experience? What things do you have under your belt that you feel was helpful with you landing that job?
Hey UnixGuy, thank you soooo much for the work you do it's unvaluable to me!
I actually started with googlecyber security cert, and I am loving it, following the ethical hacking roadmap you made on another video. Thank you so much! I somehow am learning new concepts that I didn't know I was able to and actually (not kiding haha puting those into work). Friend of mine had a message asking for some info and I somehow said: Hey man isn't that phising? and I think that's precisely it.
And again thank you, you have a great one legend : ).
so glad to hear that! you’re doing a great job, keep it up 👏🏻
@slevinlaine, may i borrow your cybersecurity roadmap.
I am a beginner, only 1 year in IT (helpdesk)
6 months sysadmin
@@TheBlueMahoe if you looked my videos you would’ve found it 😜 here it is:
th-cam.com/video/8K7iAJ9BNl0/w-d-xo.html
Thank you for all that information. I have heard some of these certifications and now I have a better perspective. 😁
glad to hear that :)
Awesome video. I would feel much more comfortable with a beginner in the field seeing this Tier list than some of the other lists I've seen out there. I will say it does seem like a bit of an incomplete list without mentioning the Blue Team Level 1 especially, and even the Certified CyberDefender certification as well. They're both on the rise as some of the only PRACTICAL, hands-on certifications geared towards blue teamers. I did see the video where you talked about it, which makes me wonder even more why it wasn't included in this list. Insightful video either way.
Been following you for a while now and really appreciate the honesty in your content! 🙂
blue team is definite tier A :)
Great and informative session, i have 0 IT experience and just got Comptia Network + and comptia Security +. I totally agree with your rankings and reasoning behind it. Now since i have a foundational knowledge, i am going for Blue Team Security Level 1. Time to get hands dirty!
now the fun begins 😎 best of luck
Great video! I can't stand ISC2 exams. I feel as though they're highly overpriced, and in my experience taking the CCSP, once you answer a question, you're not allowed to go back and make changes. I'm currently closing out my cybersecurity degree at WGU. And while I think the premise of the program is far greater than a traditional college, the program should axe A+, Network+, Project+, and SSCP, and incorporate Linux CLI essentials, eJPT, AWS cloud practitioner or Azure essentials, and a splunk certificate, since that's a tool that's widely used. These are far more practical to enhancing beginner cyber skills, instead of useless Project+ and A+ certs.
yeah agreed mate, people are fascinated by those certs without understanding that the market isn’t what they think it is
It would definitely be must more useful doing any practical or vendor exams. I'm about to start one of the Master's program and it's crazy to compare the Pentest+ exam to OSCP exam for credit. They should really emphasize the hands-on exams for some of the earlier courses instead of the multiple choice ones.
Thank you for these videos. I’m learning so much before even starting my career change. These videos are extremely helpful and appreciated to someone who knows absolutely nothing about cyber security but wants to start!
I'm so glad!
Very very informative and useful, while I have almost structured my path in a similar way as your lecture, I wish I had seen this earlier this year 2023. I have been doing a lot of EC-Council hands on courses since they also use their lab which they encourage you to create yours in order to practice
glad to hear you’re doing hands-on courses! if you want to become an ethical hacker, I recommend you follow this:
th-cam.com/video/8K7iAJ9BNl0/w-d-xo.htmlsi=bTIhR3OqgDJhyz-I
I appreciate you making this video, I was just researching where should I begin for certs and this video definitely helped me create a layout. Thanks
Glad it was helpful!
Hi Sir,
Kudos to you Sir, frankly speaking this one of the best video I come across which classify from A to F the certificate we can go for in order to land a job as a beginner. This is very powerful. I just love it. Thanks.
🙏🏻
Thanks for breaking all that down! In doing research it can get really confusing so I wasn't sure where to start! I think I'm going for the entry level Google cert first. Everyone talks about cyber security but not the fact that you have to get additional certs. In different areas.
yes it is confusing! watch this before you do the Google cert:
th-cam.com/video/6LIUhx95MCU/w-d-xo.htmlsi=rQD2vDFZx4xngk64
Should add BTL1/2 & Certified Cyberdefender to the list here. Those are practical blue team certs that people should go for if they want affordable hands on experience.
yep blue team is definitely tier A
@@UnixGuyIn an earlier video you mentioned BLT1&2 are theoretical and not practical at all, a great cert nonetheless. Please clarify
@@jairoaugusto2533 BLT1&2 are practical. There is theory but also labs. The exam is fully practical as well (BLT1 is 24h practical exam).
The Best cybersecurity channel on yt. You've helped me so much, thank you.
thanks for your kind words and support 🤝 glad to hear I’ve helped
Thank you. I get asked this often. Your list is solid. Again, thank you.
Also, I'm heartened to see your ranking of CEH in the F tier. I agree even beyond it being a multiple-guess test and requiring rote memorization. It relies too much on specific (and even dated) tools instead of covering concepts and techniques. It was a garbage cert when I took it in 2007 and it's still a garbage cert (back in 2007 it had multiple questions that didn't have correct answers to choose from).
Unfortunately, I see CEH being recommended or required for people to obtain for even regular cybersecurity jobs unrelated to hacking, ethical or otherwise. I do my level best to steer them to other certificates that are better, but too often they are pigeon-holed into getting it because a manager read about it as a certificate that meets certain criteria across multiple levels (I"m looking at you DoD 8570) and made it a hiring requirement.
mate you should see some of the nasty comments I got from people with bruised egos who are upset that I didn’t rank their beloved certs higher. You have a great growth mindset that will take you places 👏🏻
very nice list! I am currently working as an IT manager and have 6 engineers below me + one sys admin, currently working on the CISSP but will get more on the technical side once that is completed
Best of luck! watch the videos in this playlist:
Start Here | Get into Cyber Security
th-cam.com/play/PLdI5VHN89i7X932iFp7-M30FM9J8QHqOk.html
This just confirm that the only certs I think is worthwhile for me pursuing is the PNPT and the OSCP, that will come after i get the RHCA and the CCNA which I'm currently pursuing, thanks for these information.
that’s not what I meant though, the PNPT and OSCP are penetration testing certs so it really depends on what you want to do
I have video with a roadmap for ethical
hacking but I also have a different one if you want to be a security analyst - different paths :)
@@UnixGuy I'm more geared towards Software Development/Engineering, I'm just exploring the domains of Hacking so that I know the importance of Coding securely, but when I got into it I found that one has to have a good foundation knowledge of Networking and Linux, it's great stuff and very interesting.
@@TripleA679 if that’s the case then check this video out:
th-cam.com/video/-oGxe4CW_Z8/w-d-xo.html
@@UnixGuy Thanks mate🤟🏼
This is a very helpful and informative video..most peeps get pushed to Comptia in the UK. I will be looking at the other A certs once done with things I have already purchased before coming across your videos *hugs*
thanks mate 🙏🏻
Yet another wonderful video from Unixguy. Thank you so much!
🙏🏻
I started seeing your videos two days ago. Amazing information. Thank you. You are from Australia. That is my dream country to travel. When I land my 1st GRC job I will travel to Australia. Thank you for all your information. I am writing everything down.
Welcome aboard! Can’t wait to hear all about your success story :)
I really take issue with ranking the ISC2 CC certificate higher than the SSCP.
I explained it in the video, sscp doesn’t serve any purpose. but if you want to do it, just do it :)
Man! You are like the chatGPT for security as i had the same thoughts about this. Currently doing sec+ after finishing google cybersec and isc2 cc. "How can memorizing types of fire alarms make you a cybersec expert" ..... that made me stare at my ISC2 CC for 10 mins.. i reckon that those bits and pieces of tutorials on youtube like how to use nmap, make a STIG, could add up to make an experience as well as the roadmap of courses to take for beginners. I wish to meet you someday to give you a firm handshake for you have no idea how your videos are helping me.
so glad to hear that, and I wish we meet up one day as well :)
This tier list was strictly for value right? Because CEH and Pentest+ show up WAY more on job boards then EJPT and PJPT….I looked up EJPT on indeed and only got 3 results. Yes HR can be out of touch but it’s the reality we live in and we have to adapt to it.
I think a combo of CEH and EJPT would be nice to learn the real skills and also land you a job.
I explained why things ‘show up in job search’, people put them there as a wishlist. You wont get a pentest job based on pentest+ or CEH.
You can do the CEH if you want to and you can find out yourself if its worth it.
If you want to be an ethical hacker, this is tje roadmap for you:
th-cam.com/video/8K7iAJ9BNl0/w-d-xo.html
@@UnixGuy Isn’t it important to get certs that are on these wishlists so you can actually get your resume in front of a hiring manager?
Then from there you can showcase the skills you actually learned from a more hands on, practical (better) cert.
CEH recently debut a new cert Certified Ethical Hacker (Practical) so you could update the list later on. Well done, very informative video.
thanks!
I appreciate the great job you’re doing sir! This has given me a clear understanding of where to go after the Sec+. Thanks 🙏🏾
Glad it was helpful!
Once again, an amazing and VERY informative video. Truly appreciate your videos!!
🫡
I really liked this video even though Blue Team Lv 1 was not on the list.
Question:
I had believed the Pentest+ and CEH are great introductions to penetration testing and good preparation for someone looking to do OSCP. Depending on the person’s background, would you recommend someone at least study those certs, even if they don’t spend money in the exam? And then do higher level or testing cert?
hey mate, the blue team is definitely Tier A!
If you want something before OSCP, I highly recommend you follow this roadmap:
th-cam.com/video/8K7iAJ9BNl0/w-d-xo.html
Always you provide useful videos we’re glad for valuable information in your channel
🫡
Great content. Thank you so much.
Currently, I am doing a Google CyberSecurity Certificate. Your video has put a lot of motivation into my learning path. I am thinking of obtaining a CompTIA security+ Cert. What would you suggest?
yep good choice! for a full roadmap watch this:
th-cam.com/video/DRJic8vCodE/w-d-xo.html
Thank you because I was about to start aligning myseld towards the ISC² path of certs after taking the free CC program. Boy what a mistake that would've been 😅
This was an awesome discussion
glad to hear it 🙏🏻
I was literally seconds away from starting Google's Cybersecurity Pro Cert from your previous videos, but I just want to double check one thing since you've mentioned all the rival courses alongside it: do any of the other courses come with a Security+ discount like the Google one? I remember you mentioning this in a previous video and I thought this was a pretty solid start getting the Google and then Sec+ to getting my first cybersec job.
no only the google cert come with that discount :)
Im currently doing certificate IV in cyber security at TAFE Qld here in Australia. Looking to add some more certificates onto my belt after ive qualified, so videos like this i greatly appreciate. Experience concerns me a little as its hard to get entry level positions without it. Worked in hospitality most of my career so anything to build skill set is highly valuable to me. Kind regards, and thank you for your content.
yeah mate I understand! I recommend starting with the google cert:
th-cam.com/video/6LIUhx95MCU/w-d-xo.htmlsi=sFCzUDSbnxrquzyc
then work your way up with the practical projects:
th-cam.com/video/LFlsDm8w36A/w-d-xo.htmlsi=1itqDV2ISLlOZrEa
@@UnixGuy yes google cert is definitely on my bucket list, about to work on my python skills over the holidays with Harvardx cs50, they've also given us access with this TAFE course to get our CCNA and use Cyberbit (which has over 100 different classes to level up in skills). My journey has only just begun, but I'm excited to see where cybersecurity leads me in the future. Kind regards brother
Where would you rank the blue team level 1 cert I’m really interested on getting into a soc analyst position I heard good things about this certification.
In a prior video, you recommended getting the Blue team level 1 following the Google Cybersecurity certificate, do you still suggest this path for a beginner or someone just coming into the field?
Honestly its a good Blue team cert where it teaches many practical stuff, but unfortuntely this cert is not really recognized in many companies
@@warlocksmurf yeah that’s the unfortunate thing not being recognized by most companies which is why I’m thinking on taking the certification.
@@CyberDavid2413honestly u can take it just for the practical knowledge. I tried its labs and it was fun
yes I dicussed it in previois videos, its highly rated definitely tier A
As someone who is just starting is journey and tryinf to break into field this has proven lots of insight! Im currently enrolled at wgu and will get the trifect, pentest and cysa through them! I plan on getting blue team level 1 and other certs that willl benefit me. I appreciate all the help your channel has brought me
all the best!
I’m trying to renter myself, I went to school for1 semester and left to get certs instead but I’m having trouble to find where to start
I passed many certs. some are expired.
Anyway, regardless of the role, CCNA is what got me the foot in the door. also, I learned fundamental concepts that I still use today in my IR role. I recommend it over other certs if you are just starting.
I have OSCP and CISSP, but CISSP is what definitely helped getting more interview and salary increase.
Unfortunately, after spending so many hours on it, I have to admit OSCP is worth jack shit today. And unless you want a Jr pentest role, field which overcrowded BTW, it wont helps you much.
CEH is junk.
SANS are great but are too overpriced. Only if your company pay for it, why not but they are not very challenging. If you know how to index a book, anybody could pass the exam which is open book LOL.
If you are in the mid of your career, CISSP is what you want and only what you need. I dont like it but HR guys and management boomers do, a lot....
Glad to hear you’re doing well, good luck with everything.
The point of SANS is the quality training, not the indexing and cramming.
OSCP is a pentest cert, that’s precisely what I would use it for.
Each to their own, good luck anyway 🤝
I’m a huge fan of hands-on, almost all cybersecurity certifications are all theoretical even CEH, which in my opinion I feel like Pentest+ has more practical questions.
To be honest, Is better to be certified than not having any certifications at all and hope you will land a job in cybersecurity, when your father or your buddy aren’t the owner of the company. My advice is that you still need to learn the fundamentals regardless of how you feel about computer networking it’s still very crucial as a cybersecurity professional for u to understand what ports are, how TCP/IP protocols works, how computer is actually connected. You can’t protect what you don’t know.
A lot of cybersecurity professionals don’t even know how to configure simple firewall rules or apply ACLs, or even know what security solutions are to be applied on routers or switches and hardware firewalls.
Don’t be discouraged by bunch of TH-cam videos about people going after certifications, but they all have more than one certification and started somewhere, they didn’t brake into cybersecurity by not having a degrees or certifications. If you’re just starting of it won’t be a bad idea to get familiar with different areas, networking, cloud computing, penetration testing, etc..
As a Network engineer I built a physical home lab during my CCNA exam with Cisco routers and switches including access points that I bought from EBay. But due to space and noises I decided to build virtual lab using Eve-NG. So hands-on and experience is very huge.
So many company are looking people for people who are experienced in configuring Palo Alto firewalls, and Cisco ASA,Cisco ISE,Fortinet Firewalls. U don’t have to take networking certification but understanding how computer systems are connected will aid in your troubleshooting process.
Last but lost, have a NICHE after familiarizing yourself with bunch areas in IT field, cybersecurity is very broad and I’ve seen job postings “cybersecurity engineer” on LinkedIn but they’re specifically targeting professionals with experience in Cisco routing and switching, cisco ASA,ISE,Palo Alto, fortinet and checkpoints firewalls.
No knowledge is wasted, learn as much as you can grow to the level that you’re so confident in yourself and not have to deal with imposter syndrome.
@@certified-master3986
I have 20Y of exp in IT and half of that in Cybersecurity. I hold CISSP and OSCP but I still feel like a n00b. Imposter Syndrome never goes away....
Thank you very very much brotha. I truly appreciate your video and information! Blessings for you 🙏
🫡
OSCP ppl are so rare
💯
thank you for opening my eyes i was lost now i have a good idea now i am focusing on oscp only and ccnp network security
if you want to be an ethical hacker, then this is the roadmap that can take you there:
th-cam.com/video/8K7iAJ9BNl0/w-d-xo.html
The list of courses that I recommend for ‘foundation’ as a replacement for A+/Net+/CCNA are all in this video:
th-cam.com/video/rIOvsj7jBuQ/w-d-xo.html
and what about cpent?
Where does that stand?
Hi, what is your opinion of cisco skills for all? there is ethical hacker course and a Junior Cybersecurity Analyst Career Path, both of them are free.
Hey I wanted to ask you if you've heard of the Nexgent cyber security program?
Sir, Why are their 2 SANS institute websites?
I have over 20 certifications (some from your A and B tier), many projects and I am not sure it is helping me find a job at all. (3 months and over 1500 applications later)
Always providing useful information... Nice haircut, makes you look younger.
haha thanks 😅
Having solid networking foundation is a must for any cbersecurity role.
ok great
HTB CPTS might be S tier soon as well its very cheap and practical, even harder than OSCP
yeah it is good!
Extremely helpful. Thank you very much. Salute
🙏🏻
Thank you for this Video, It was an eye opener.
glad it was helpful :)
I have GIAC and CISSP certifications. Both were difficult in very different ways. GIAC was technical and CISSP was about thinking as a manager.
I agree, experience is key.
well done on having both 👏🏻
The only channel i follow religiously, This guy helped me a lot through his videos , i made a roadmap and started my cyber security learning journey.
By the way u forgot Blue team certification.
🫡
Love your videos, cheers for all your insights. I’m at that early stage, just passed Sec+ last week & I’m going to start working thru your project roadmap today. I’m really interested in digital forensics but can’t find a lot of information on what to learn/how to get started to be a good candidate for a digital forensics position. I’ve done short courses on Autopsy & TSK but if you - or anyone else - could offer some pointers on where to take my next steps to get into that field I’d really appreciate it! Thx again, I’m recommending you to everyone I know training in cybersec
I talked about it in this video
th-cam.com/video/DRJic8vCodE/w-d-xo.html
As usual, one of the very lucrative videos series
🙏🏻
Amazing info! Thank you so much!!!
🫡
I agree that CISM/CISA/CISSP doesnt really teach you HOW to do cyber as it's a lot of theory, but I would definitely put them above CompTIA in A tier for career advancement potential. Comptia is good to get your foot in the door and then meh after that. I would put OSCP at the top and everything below it. That one is tough. CISSP/CISM/Sec+ holder
yeah it’s a tough one, i put sec+ above because it servers a purpose of introudcing someone to a topic and teaching them something, but I see your point!
I'm finding in the Google CS Program labs and portfolio activities I'm having to go outside of the course material and get clarification. I feel Google can do much better than just overwhelm a beginner with just walls of soulless text explaining a lab. Nothing beats having a professional sit down and work with you in a TH-cam video step by step.
fair enough, although to be fair thats the nature of most certs :)
you are the best and the most hardworking and most honest cybersec professional on TH-cam.
thanks for your kind words 🤝
Cissp helps
With HR, and the CBK is a great reference to keep learning. I agree with your list. Next on my list is oscp
👍
Thank you for this! Very helpful
🫡
Thank you so much I have been trying to figure out where to start. I am going to do Sec+ and AWS Sec.
Best of luck!
Thanks sir for making honest content/ video
🫡
Nice! Thanks once again.
🙏🏻
Thank you so much sir, this is very helpful
🙏🏻
Thanks for the info, I'm thinking changing career going into cyber security
Excellent work! Start here:
th-cam.com/play/PLdI5VHN89i7X932iFp7-M30FM9J8QHqOk.html&si=SmUfdflq_XCAsS8B
Once again great video and insigh.
🫡
Thank you very much this is the best info well done brother
thanks for your support 🤝
Great content ! as always very useful thank yo
🫡
Your honest is mind-blowing...the way you say: it absolutely serve no purpose 😅
🙏🏻
100% Agreed with your Tier List.
🫡
Very informative … thanks for sharing
🫡
Great information. Thanks for sharing.
🫡
Thank you so much UnixGuy!
🫡
Great job man. I particularly like that you’re not flashy and trying to be a showman like some others on this platform.
thanks mate I appreciate your kind words. I’m here to help others as much as I can, definitely not here to do theatrics :)
Thank you for your videos! I found them very useful. Could you please make a video with a roadmap from zero to become a pentester? Something like what ppl need to learn: 1. networking essentials, 2. Linux. 3. Python and etc. I would really appreciate it so much
I already have 😉
th-cam.com/video/8K7iAJ9BNl0/w-d-xo.html
In a nutshell quickly take your CISSP cert for the good salaries and the job requirements but if you really want to learn about Cybersecurity in practice you go to the king. OSCP if you can pass 24 hour exam and GIAC if you can afford the price.
If you are working in cloud technologies you obviously take the respective cloud cert. That's what the 22 min video is about and makes sense to me as Cybersecurity Professional.
possible
I really appreciate how straight forward you are. I was wondering if you take the exams yourself to give your review on them? I'm not a great theoretical learner but very practical so you making these distinctions helped a lot.
I took many exams but sometimes I just do the course quickly if its entry level. I also mentor a lot of people who do these exams so im familiar with the content. I never recommend anything without taking it myself first
Thank you for your video :).
I am looking to switch into cyber sec. My background is in Network engineering and for the last years as a project manager.
I'm currenly doing the google cert, after that probably S+ and then Blue team.
My problem is that I dont know What I am passionate about yet :D.
you have a great background to work in cyber security! Passion is fleeting, focus on being disciplined and consistent and great things will come
I know for sure cybersecurity also involve a bit of knowledge in physical security so we could say the CISSP has its place IMO
mate theoritically yes, but in the real world no, cyber security professionals dont really do physical security
@@UnixGuy I just implied that it involved a "bit" of physical security. I never said that they do physical security, not in the slightest sense.
ok thanks
I agree on most of the stuff but CISSP is a very good cert I believe the knowledge you gain through it is priceless. I have not done it yet but I have gone through the CISSP material and it was amazing and I learned a lot.
Thanks for sharing your views. I agree the information in the CISSP is good which is why its rated as B
INTERESTINGLY INFORMATIVE!🧠😀👍
Thanks!
Thank you for the details
my pleasure 🫡
Hey try to make video on how security analyst resume looks like. What should put on our resume ? And how to increase chances of getting job faster then others. ( Extra skills.)
I already made it:
th-cam.com/video/LFlsDm8w36A/w-d-xo.html
Thank you ! My university has a partnership with ccna hopefully I get the ccst cyber even cheaper
good choice, good luck!
Thank you so much for the time and effort you put in your videos. I have decided to only take your advice and block out all other videos on beginners path to cybersecurity and I truly beleive it will pay out. Quick question as I am a local also (Melbourne) what exactly does your book a call with you involve? I tried to find in the discord information and search your TH-cam videos but unfortunately didn't find anything on the subject. Again thank you for your great videos and advice.
Hey mate, I deliberately didn’t put a lot of info about the career coaching calls because I don’t have capacity to do a lot of them 😆
What they involve is I’ll get you to send me your current CV and any transcript or courses or things you did in the past, I’ll also get u to send me as many queations as you have via email
then I proceed to dig through your CV/linkedIn/transcript/courses and I identify gaps ans create a custom plan for you in a word document
then when we do the call which is one hour long, you get to ask as many questions as you have, and I also dig deeper and ask you more questions about your goals, current life situation and I adjust the plan as I go, by the end of it I’ll email you the plan and I also you should be taking notes during the calls as I also identify personaloty things, limiting beliefs, etc
That’s all! but before you book it, please ensure that you have also watched the videos thoroghly :)
Thank you so much for the above information. I will go through all your videos from the start and hopefully in the next few weeks if nothing changes from my end I will book that mentorship call. Again thanks for your great advice and TH-cam videos.
@@konderzotis824 no worried at all! probably just watch the last 12 x videos, they have all the up to date information
@@UnixGuy I will go over them again to make sure I haven't missed anything. Cheers Kon
A clearly highly experienced consultant who gives his experience to the world to right a clear inbalance in the system. I wish I knew many things sooner myself. Subscribed, I'll be watching all your videos.
glad to have you here Dylan :)
I agree in many ways on the certifications posted here but will add my worthless pennies of 25 plus years of IT consulting with a touch of Security thrown in for good measure. ;-) There is often a problem in IT Security and Information Security that often is far too focused on the Tech aspect well forgetting what Security really means. CISSP as an example I think is focused more on the Security Management and there to help align gaps in management and create a consistent bench mark for managing Information Security. As Security isn't a tech thing but rather a larger mechanism to support a companies Vision, goals, objectives. In short what I am saying is that CISSP isn't as mentioned in the video a starting point, has some things that seem pointless like fire suppression systems it does sort of give that general mindset. Far too often I have butted heads with the heads of IT on how they want to run a company, IT knows best (security also) and misses the actual point on what information or asset, and process we are actually supporting.
In the CyberSec field we are really lacking high level thinkers that understand technologies though and also IT Techies (perhaps experts) that can also think abstract.
interesting points, thanks for sharing your experience and perspective, you make a lot of good points!
Hopfeully I made it a little clear as often it is hard to type it all out in the comments. Just to be clear I am not diminishing the importance of the technical security side but rather having the look at a larger picture. One of the Cannons in many Security exams is to remember that people always come first before assets, laws, etc. I personally take that a bit serious and as I am sure you are well aware of technologies change (always) so that should not be the driver. On the other side of there is, and are many in the so called "leadership" that do not even know how to turn on a computer. That is dangerous as I guess you are aware of and also leaves Risks misunderstood and not able to be leveraged to move forwards. Just last week I was in a potential (C)ISO interview and the whole places was all strictly on Site, working, etc when servers are naturally in the cloud. I asked why on site and they answered for security :( Anyways I digress and thank you for the videos. I am always open to discussion, and or correction ;-) @@UnixGuy
@@shamuscoghlan_807 no I agree with you, in fact im spending more of time nowadays on the risk side of things than the technical world so
I see your points
Great video :)
thank you :)
Thanks for the overview. I wouldn't say CISSP is for beginners at all. More likely for more experienced risk professionals setting foot for managerial level.
correct! it is intended for exactly what you said :)
great video, but i'm a bit curious to what made you not consider blue team level-1 & 2 certificates.
please provide an insight to that. And if you were to add those certs. to the list what tier would you rank them in?
thanks
honestly because I thought the video was too long as it is and I discussed them in other videos, in hindsight I should’ve included them - definitely Tier A :)