Please rank certs from easiest to most difficult.
NoobInNeedofHelp
Member Posts: 5 ■□□□□□□□□□
Greetings,
Could you please rank the following certs from easiest to most difficult? BLUF: In my current career I DO NOT work in cyber security and do not have an education background of any relation to computer science.
My wife had a stroke and we have two young children. In my current job I will be able to transition in to a position where I can work from home if I get these certifications. My goal is to be more available at home so I can take care of my disabled wife and look after our two boys. Any help is appreciated. I just need a rough road map so I know where to start.
Certified Information Systems Security Professional (CISSP)
Certified Intrusion Analyst (GCIA),
Certified Information Systems Auditor (CISA),
Certified Ethical Hacker (CEH)
Certified Incident Handler (GCIH),
Web Application Penetration Tester (GWAPT),
Certified Penetration Tester (GPEN)
Exploit Researcher and Advanced Penetration Tester (GXPEN) |
Offensive Security Certified Professional (OSCP)
Offensive Security Certified Professional (OSCE)
Comments
-
JDMurray Admin Posts: 13,101 AdminAll of those are advanced InfoSec certification that are very difficult (and expensive) to achieve. People new to cybersecurity would not typically study for them. Instead, you should start by looking at the CompTIA Security+ certification to determine if cybersecurity work is something that you will find interesting.
-
yoba222 Member Posts: 1,237 ■■■■■■■■□□It would be unusual for a cyber security professional to get each and every one of those. Usually it's more like 1-3 on that list.
1) Several of those have experience prereqs (CISA, CISSP, CEH unless you pay a fee)
2) Several of those are very, very expensive (all GIAC) and are priced by design for your employer to pay the bill
Security+ is definitely a solid first step.
A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP -
PCTechLinc Member Posts: 646 ■■■■■■□□□□Out of that list I can only speak to CEH and CISSP. In my own opinion I believe without the knowledge I gained from my Master's in IT Security I would not have been able to pass either, and I've been working in IT at some level for 20 years. Depending on where you are in your career, if you want to obtain those certifications, it is going to require many years of studying and experience.
Master of Business Administration in Information Technology Management - Western Governors University
Master of Science in Information Security and Assurance - Western Governors University
Bachelor of Science in Network Administration - Western Governors University
Associate of Applied Science x4 - Heald College -
E Double U Member Posts: 2,239 ■■■■■■■■■■Every single one of those certifications could be difficult to anyone without the proper background in those areas.
Without work experience, you cannot even obtain (ISC)2 and ISACA credentials so exam difficulty is not even relevant since passing the test is only a step in the certificate process. I have known people with several years in the field that struggle with Offensive Security so based on your lack of experience this will probably be the hardest for you. GIAC exams are doable, but difficult without experience - not to mention very expensive.
I have six of the credentials you listed and I would say CEH is the easiest, but I took that exam after 13 years of overall IT experience with four of those years focused on Info Sec.
Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS -
TechGromit Member Posts: 2,156 ■■■■■■■■■□Certified Information Systems Security Professional (CISSP)Certified Intrusion Analyst (GCIA),Certified Information Systems Auditor (CISA),Certified Ethical Hacker (CEH)Certified Incident Handler (GCIH),Web Application Penetration Tester (GWAPT),Certified Penetration Tester (GPEN)Exploit Researcher and Advanced Penetration Tester (GXPEN)Offensive Security Certified Professional (OSCP)Offensive Security Certified Professional (OSCE)Still searching for the corner in a round room.
-
egrizzly Member Posts: 533 ■■■■■□□□□□yoba222 said:It would be unusual for a cyber security professional to get each and every one of those. Usually it's more like 1-3 on that list.
1) Several of those have experience prereqs (CISA, CISSP, CEH unless you pay a fee)
2) Several of those are very, very expensive (all GIAC) and are priced by design for your employer to pay the bill
Security+ is definitely a solid first step.B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+ -
stryder144 Member Posts: 1,684 ■■■■■■■■□□egrizzly said:yoba222 said:It would be unusual for a cyber security professional to get each and every one of those. Usually it's more like 1-3 on that list.
1) Several of those have experience prereqs (CISA, CISSP, CEH unless you pay a fee)
2) Several of those are very, very expensive (all GIAC) and are priced by design for your employer to pay the bill
Security+ is definitely a solid first step.
ISC2 doesn't but I think EC-Council does.
The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia
Connect With Me || My Blog Site || Follow Me -
yoba222 Member Posts: 1,237 ■■■■■■■■□□stryder144 said:egrizzly said:yoba222 said:It would be unusual for a cyber security professional to get each and every one of those. Usually it's more like 1-3 on that list.
1) Several of those have experience prereqs (CISA, CISSP, CEH unless you pay a fee)
2) Several of those are very, very expensive (all GIAC) and are priced by design for your employer to pay the bill
Security+ is definitely a solid first step.
ISC2 doesn't but I think EC-Council does.A+, Network+, CCNA, LFCS,
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP -
egrizzly Member Posts: 533 ■■■■■□□□□□I'll chime in on this discussion. The level of difficulty would depend on what type of learner you are (Analytical, Creative, Practical, etc). I've only taken (and passed) the CISSP so not having taken all the exams I cannot rank them from easiest to hardest but I can categorize them for you though. See below:Penetration Testing Certs (aka Ethical Hacking)Certified Ethical Hacker (CEH)Web Application Penetration Tester (GWAPT),Certified Penetration Tester (GPEN)
Exploit Researcher and Advanced Penetration Tester (GXPEN) Offensive Security Certified Professional (OSCP)Offensive Security Certified Professional (OSCE)
Security Assessment/Compliance
Certified Information Systems Auditor (CISA)
Incident Handling
Certified Incident Handler (GCIH)
Certified Intrusion Analyst (GCIA)
Security Management/High Level Overview
Certified Information Systems Security Professional (CISSP)
The ones under Security Management/High Level Overview and Security Assessment/Compliance are not technical so are relatively easier than the ones under Penetration Testing and Incident Handling. The most valuable is the CISSP since it's very comprehensive and takes longer to study for. Hope that helps.B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+ -
LonerVamp Member Posts: 518 ■■■■■■■■□□
Could you please rank the following certs from easiest to most difficult?
Certified Ethical Hacker (CEH)Certified Intrusion Analyst (GCIA),Certified Incident Handler (GCIH),Certified Information Systems Auditor (CISA),Certified Information Systems Security Professional (CISSP)Web Application Penetration Tester (GWAPT),Certified Penetration Tester (GPEN)Offensive Security Certified Professional (OSCP)Exploit Researcher and Advanced Penetration Tester (GXPEN)Offensive Security Certified Professional (OSCE)I ranked them not for the order I found them to be hard, but the order at which I expect a new person to IT/security would find them.I'll echo what others have said. With maybe the exception of the CEH, these are all pretty intensive for someone without experience. For a few, particularly anything SANS/GIAC, obtaining materials/training will be pretty expensive.Also, who in the world would ask you to get all of these and then be allowed to move into a position and WFH? I hate to say it, but someone is flat out lying to you. You could pick up any TWO of these certs and find a WFH infosec job if you interview well and truly know the material. And with some luck.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs? -
NoobInNeedofHelp Member Posts: 5 ■□□□□□□□□□Thank you so much I greatly appreciate all of your help.