Please rank certs from easiest to most difficult.

NoobInNeedofHelpNoobInNeedofHelp Member Posts: 5 ■□□□□□□□□□
Greetings,

Could you please rank the following certs from easiest to most difficult? BLUF: In my current career I DO NOT work in cyber security and do not have an education background of any relation to computer science.

My wife had a stroke and we have two young children.  In my current job I will be able to transition in to a position where I can work from home if I get these certifications.  My goal is to be more available at home so I can take care of my disabled wife and look after our two boys.  Any help is appreciated.  I just need a rough road map so I know where to start.

Certified Information Systems Security Professional (CISSP)
Certified Intrusion Analyst (GCIA),
Certified Information Systems Auditor (CISA),
Certified Ethical Hacker (CEH)
Certified Incident Handler (GCIH),
Web Application Penetration Tester (GWAPT),
Certified Penetration Tester (GPEN)
Exploit Researcher and Advanced Penetration Tester (GXPEN)
Offensive Security Certified Professional (OSCP)
Offensive Security Certified Professional (OSCE)


Comments

  • JDMurrayJDMurray Admin Posts: 13,101 Admin
    All of those are advanced InfoSec certification that are very difficult (and expensive) to achieve. People new to cybersecurity would not typically study for them. Instead, you should start by looking at the CompTIA Security+ certification to determine if cybersecurity work is something that you will find interesting.
  • NoobInNeedofHelpNoobInNeedofHelp Member Posts: 5 ■□□□□□□□□□
    Thank you.  Can you still rank them?
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    It would be unusual for a cyber security professional to get each and every one of those. Usually it's more like 1-3 on that list.
    1) Several of those have experience prereqs (CISA, CISSP, CEH unless you pay a fee)
    2) Several of those are very, very expensive (all GIAC) and are priced by design for your employer to pay the bill

    Security+ is definitely a solid first step.

    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • PCTechLincPCTechLinc Member Posts: 646 ■■■■■■□□□□
    Out of that list I can only speak to CEH and CISSP.  In my own opinion I believe without the knowledge I gained from my Master's in IT Security I would not have been able to pass either, and I've been working in IT at some level for 20 years.  Depending on where you are in your career, if you want to obtain those certifications, it is going to require many years of studying and experience.
    Master of Business Administration in Information Technology Management - Western Governors University
    Master of Science in Information Security and Assurance - Western Governors University
    Bachelor of Science in Network Administration - Western Governors University
    Associate of Applied Science x4 - Heald College
  • E Double UE Double U Member Posts: 2,239 ■■■■■■■■■■
    edited April 2020
    Every single one of those certifications could be difficult to anyone without the proper background in those areas. 

    Without work experience, you cannot even obtain (ISC)2 and ISACA credentials so exam difficulty is not even relevant since passing the test is only a step in the certificate process. I have known people with several years in the field that struggle with Offensive Security so based on your lack of experience this will probably be the hardest for you. GIAC exams are doable, but difficult without experience - not to mention very expensive. 

    I have six of the credentials you listed and I would say CEH is the easiest, but I took that exam after 13 years of overall IT experience with four of those years focused on Info Sec. 


    Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    Certified Information Systems Security Professional (CISSP) 
    Certified Intrusion Analyst (GCIA),
    Certified Information Systems Auditor (CISA),
    Certified Ethical Hacker (CEH)
    Certified Incident Handler (GCIH),
    Web Application Penetration Tester (GWAPT),
    Certified Penetration Tester (GPEN)
    Exploit Researcher and Advanced Penetration Tester (GXPEN)
    Offensive Security Certified Professional (OSCP)
    Offensive Security Certified Professional (OSCE) 
    Your going to be hard pressed to find anyone who has first hand experience in all of these certifications. I'd say the GCIH is the easiest on this list from my experience.  The CISSP one of the hardest from what I heard, due to the fact the amount of material involved and no reliable practice test for it. I've read about people who spent hundreds of dollars for 3rd party practice exams and it was nothing like the real exam. The SANS 503 is a pretty tough course, but don't know how the GCIA exam is. The OSCP can be challenging as well, it's a 24 hour exam, have lots of coffee and 5 hours available.   
    Still searching for the corner in a round room.
  • NoobInNeedofHelpNoobInNeedofHelp Member Posts: 5 ■□□□□□□□□□
    You guys rock, thank you so much for this insight 
  • egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□
    yoba222 said:
    It would be unusual for a cyber security professional to get each and every one of those. Usually it's more like 1-3 on that list.
    1) Several of those have experience prereqs (CISA, CISSP, CEH unless you pay a fee)
    2) Several of those are very, very expensive (all GIAC) and are priced by design for your employer to pay the bill

    Security+ is definitely a solid first step.

    I've never heard of ISC2 accepting a fee in lieu of the required experience for the CISSP.  Is this some new policy that they just came out with?
    B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
  • stryder144stryder144 Member Posts: 1,684 ■■■■■■■■□□
    egrizzly said:
    yoba222 said:
    It would be unusual for a cyber security professional to get each and every one of those. Usually it's more like 1-3 on that list.
    1) Several of those have experience prereqs (CISA, CISSP, CEH unless you pay a fee)
    2) Several of those are very, very expensive (all GIAC) and are priced by design for your employer to pay the bill

    Security+ is definitely a solid first step.

    I've never heard of ISC2 accepting a fee in lieu of the required experience for the CISSP.  Is this some new policy that they just came out with?

    ISC2 doesn't but I think EC-Council does.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
    egrizzly said:
    yoba222 said:
    It would be unusual for a cyber security professional to get each and every one of those. Usually it's more like 1-3 on that list.
    1) Several of those have experience prereqs (CISA, CISSP, CEH unless you pay a fee)
    2) Several of those are very, very expensive (all GIAC) and are priced by design for your employer to pay the bill

    Security+ is definitely a solid first step.

    I've never heard of ISC2 accepting a fee in lieu of the required experience for the CISSP.  Is this some new policy that they just came out with?

    ISC2 doesn't but I think EC-Council does.
    Yes. Mandatory 2 years experience to take the CEH--unless you pay them for their course, in which case you're magically qualified enough. EC Council certainly has earned their reputation over the years.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□
    I'll chime in on this discussion.  The level of difficulty would depend on what type of learner you are (Analytical, Creative, Practical, etc). I've only taken (and passed) the CISSP so not having taken all the exams I cannot rank them from easiest to hardest but I can categorize them for you though.  See below:

    Penetration Testing Certs (aka Ethical Hacking)
    Certified Ethical Hacker (CEH)
    Web Application Penetration Tester (GWAPT),
    Certified Penetration Tester (GPEN)
    Exploit Researcher and Advanced Penetration Tester (GXPEN)
    Offensive Security Certified Professional (OSCP)
    Offensive Security Certified Professional (OSCE) 

    Security Assessment/Compliance
    Certified Information Systems Auditor (CISA)

    Incident Handling
    Certified Incident Handler (GCIH)
    Certified Intrusion Analyst (GCIA)

    Security Management/High Level Overview
    Certified Information Systems Security Professional (CISSP) 

    The ones under Security Management/High Level Overview and Security Assessment/Compliance are not technical so are relatively easier than the ones under Penetration Testing and Incident Handling.  The most valuable is the CISSP since it's very comprehensive and takes longer to study for.  Hope that helps.
    B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    edited April 2020
    Could you please rank the following certs from easiest to most difficult?

    Certified Ethical Hacker (CEH)
    Certified Intrusion Analyst (GCIA),
    Certified Incident Handler (GCIH),
    Certified Information Systems Auditor (CISA),
    Certified Information Systems Security Professional (CISSP)
    Web Application Penetration Tester (GWAPT),
    Certified Penetration Tester (GPEN)
    Offensive Security Certified Professional (OSCP)
    Exploit Researcher and Advanced Penetration Tester (GXPEN)
    Offensive Security Certified Professional (OSCE)

    I ranked them not for the order I found them to be hard, but the order at which I expect a new person to IT/security would find them.

    I'll echo what others have said. With maybe the exception of the CEH, these are all pretty intensive for someone without experience. For a few, particularly anything SANS/GIAC, obtaining materials/training will be pretty expensive.

    Also, who in the world would ask you to get all of these and then be allowed to move into a position and WFH? I hate to say it, but someone is flat out lying to you. You could pick up any TWO of these certs and find a WFH infosec job if you interview well and truly know the material. And with some luck.






    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • NoobInNeedofHelpNoobInNeedofHelp Member Posts: 5 ■□□□□□□□□□
    Thank you so much I greatly appreciate all of your help.
Sign In or Register to comment.