Certificates without work experience???

Hi guys,

I noticed that most prestigious IT Certifications require work experience. So, as a student, is there any good certificates I can get now before having a work experience?

Find more posts tagged with

Comments

danny069

Comptia A+ you can self study for. You don't necessarily need work experience even though they say it is required, you can self study for any exam really. Even the N+ or Security+.

TechGuru80

A+, Net+, Sec+...any Microsoft MTA exam. Focus on this group first because they are the foundational certs.

You might even be able to do a Microsoft MCSA cert and Cisco CCENT / CCNA. This group is more difficult but still attainable.

TechGuru80

CompTIA Career Roadmap | Why Certify | CompTIA IT Certifications

Check out that site. It shows the level of experience and well known certs...not just comptia ones.

eth0

slim123 wrote: »

Hi guys,

I noticed that most prestigious IT Certifications require work experience. So, as a student, is there any good certificates I can get now before having a work experience?

To be honest, I learned most on my own at home because I started working somewhere

i.a. I made OSCP without professional experience (unofficially I am in top students since I rooted whole lab in 1mo and exam in 9h). All is just about learning, you can learn most at home without any help other that Google. I started as admin and I learned all at home in virtual machines, then I was intern for some 1.5mo and they hire me as admin in one of #200 top global sites. Today you can buy VPS for $5 like on digitalocean and just start learning. So first start at home, then go on certificates, because else you will be one from this guys who do certificates just to pass them as some bit of chance... so imo is much better to have good part of knowledge when start certificate course because you can justfill knowledge gaps. I don't believe that someone who is on skill level that is OSCP document (so entry-level) can pass this without problems just after course

.

Same I think about for example eWPT, I started it today but I have good knowledge about OWASP. I don't believe that someone without any knowledge about websec can be good in this after few mo with eWPT materials. Sorry but something like this doesn't exist. I can "kill" people like this in first question on recruitment, for example about what is XSSI or diffrence between XSS/CSRF (people after CE|H don't know what is XSS, lol that is most funny and say so much about people who "just do certificates to have them") but anyway almost noone know for example why HTTPD can write to logs but with LFI you can't read this logs... Also same about pentesters who don't have programmings skills to automate something in script languages like Python/Perl/Bash etc...

So you know, in IT security you can be hacker or just guy like Russian general with decorations

. Most of CISSP are just noobs who have some knowledge about ideas in infosec. After few years I learned only that problem in only responsibility, no skills if you want break some security.... if someone really think that you can't break security of top companies then I can only say that more harder is hack into some home server made by student that to some well known company. Because there is so many ways and you just need have imagination because most of IT dept are just security noobs. So my tip? Learn at home, do bug bounties, get job and do certs.

NovaHax

IMO...the best certifications DO NOT require work experience. Those that do usually use that as a buffer to prevent unqualified candidates from getting the cert because the difficulty of the test is not sufficient to do so.

All of my certs that I am most proud of do not require any work experience (OSCP, eWPT, eMAPT, GPEN, etc...). I always get backlash for saying this from people who are proud of their CISSPs...but lets be serious...CISSP is a resume filler to get past HR goons. Its an over-hyped version of Sec+.

EDIT: And as far as a recommendation of where you should start...I would agree with those here who have recommended CompTIA as a good starting point. Either that or CCENT/CCNA...depending on your interests.

eth0

NovaHax wrote: »

All of my certs that I am most proud of do not require any work experience (OSCP, eWPT, eMAPT, GPEN, etc...). I always get backlash for saying this from people who are proud of their CISSPs...but lets be serious...CISSP is a resume filler to get past HR goons. Its an over-hyped version of Sec+.

yeah +1

NetworkNewb

NovaHax wrote: »

CISSP is a resume filler to get past HR goons. Its an over-hyped version of Sec+.

I know right... just like OSCP is an over-hyped version of the CEH.

**grabs popcorn**

TechGuru80

It's all about the end result. Security+ does very little to create policy...CISSP is all about creating policies in management.

CEH is great for those not in a pentesting role because you can get the concepts and know of some tools....OSCP forces you to use the tools but focuses heavily on manual techniques which is great if you are a pen tester in a bind.

NovaHax

Don't feed the T-R-O-L-L

.

He's already got his popcorn.

fuz1on

How about CASP difficulty over CISSP?!

For what it's worth, here's Cert Mag's Top Certs for Securing Linux:

Top certifications to you help you secure Linux environments - CertMag

They specifically list Security+ and Linux+ as a combo that is held in high prestige.

Dakinggamer87

TechGuru80 wrote: »

A+, Net+, Sec+...any Microsoft MTA exam. Focus on this group first because they are the foundational certs.

You might even be able to do a Microsoft MCSA cert and Cisco CCENT / CCNA. This group is more difficult but still attainable.

I second this recommendation. The CompTIA trio would be the best to start with to build a sold road map.

OctalDump

CompTIA trio. Linux is very useful in ITSec, so add Linux+ (or similar). Next step up is MCSA, CCNA and RHCSA/RHCE. How accessible those will be depends a bit on how much you know already about Windows, networking and Linux.

Getting a grasp on programming is also a good move, whether that's perl, python, C, PHP or .Net or Java or whatever. MS have a secure programming course. Not sure if it has a certification.

OSCP is also something you can do from home, but it depends on the base you are starting from. Offensive Security have a free course for Metasploit, which isn't a bad deal if you think pen testing is your thing.

And read and read and test and play and do and break and fix and read.

TacoRocket

Lab it up! Anytime I work on a certification, I try to get it as close as I can to the blueprint. Even with some of the mid level certifications you may be hard pressed to find a job. The thing I like about certifications, from the knowledge you gain you can go back and pinpoint some of the "cooler" stuff on older jobs that you didn't know you were doing. Which helps for the next job.