EMPLOYER PAID CERTS. OR SELF PAID CERTS?

deep_logic

I'm just getting into security field. I ended up paying for my Sec+ myself. Probably $700 including the exam. (2 courses and 4 books). I've noticed that to get to the next level, i.e. CEH, OSCP, GIAC, these are VERY costly. 
How many folks here are having their employer pay for the class/exam? I would like to get the SPLUNK CORE next, but after that, it's getting a little bit much on my credit card.
Thanks,

UnixGuy

I paid for some and my employer paid for some, it depends on many factors.

Certified in Cyber Security by ISC 2 is free (for now), so maybe do that. It's an investment , those certs should give you more skills that will lead to higher paying jobs.

E Double U

I have had employers pay for everything that I could possibly get them to pay for: training, materials, exams, annual maintenance fees. I only paid for things myself in the beginning of my career as a contractor because there was no budget for me and I could not expense anything. 

JDMurray

Having an employer pay for training or certs or both is pretty much hit-and-miss. With (cyber) employee retention being such a problem right now, it's more likely employers are providing more training opportunities than a few years ago. I think Splunk training is a good investment for SOC analysts (Free Splunk Training).

nighas

im enrolled in an insititue for CIS and they cover all exam preps and actual exams through CompTia for the cert from ITF+, A+, net+ to sec+, & honeslty I think this is good way to break in the industry since it is a foundational knowlegde of infosec. but im still confused which domian to pick, offensive, defensive, grc, or architect 

JDMurray

I'd start with the defensive (Blue Team) side of security operations (SOC) for the best shot at getting started in cybersecurity. You can move into incident response, threat hunting, penetration testing, digital forensics, or full Red Team from there. Security architecture and security engineering are difficult to make an immediate start in unless you already have significant network architecture/engineering experience.

SteveLavoie

Most of my certs have been paid by my employer. SANS/GIAC cert are too expensive for an individual.. however a CISSP or CISA or CISM at 699$ is well in the reach of the infosec pro with 5 years of exp.

E Double U

SteveLavoie said:

however a CISSP or CISA or CISM at 699$ is well in the reach of the infosec pro with 5 years of exp.

Failed CISSP twice when it was $599 and that hurt since I could not expense failed exams lol.

SteveLavoie

E Double U said:

SteveLavoie said:

however a CISSP or CISA or CISM at 699$ is well in the reach of the infosec pro with 5 years of exp.

Failed CISSP twice when it was $599 and that hurt since I could not expense failed exams lol.

I agree... A failed 599$ or 699$ USD exam hurts. I am lucky to have never failed a very expensive exam. I have failed a few times, but it was less expensive one like VCP (about 150$). 

srothman

Certifications and qualifications required by my job I've always paid for myself. I've always felt that it's my responsibility to make sure I'm sufficiently skilled and qualified to do my job. If it's something outside of this and at the request of my employer, I'd happily discuss splitting the bill with them if it meant getting certified/qualified gave me a salary bump. I'm generally happy to invest if it means getting a return on it. If it's something I want just because I want it, I'll just pay for it myself. Case in point being PNPT I'm keen on. Nothing really to do with my day job, but it looks fun.

E Double U

@srothman - Was the option available for you to have certifications paid for by your employer when you chose to pay yourself? I agree that we are all responsible for keeping our skills up to date, but I don't see the point of paying for it myself if not necessary. Rather put that money to use in other areas. 

srothman

E Double U said:

@srothman - Was the option available for you to have certifications paid for by your employer when you chose to pay yourself? I agree that we are all responsible for keeping our skills up to date, but I don't see the point of paying for it myself if not necessary. Rather put that money to use in other areas. 

Honestly, most of the time I never really raised it, but all the rest of my colleagues had their exams/training paid for, so I don't see why it would have been an issue. I don't know. Perhaps I thrive on the pressure of not wanting to lose my $$$  

E Double U

srothman said:

E Double U said:

@srothman - Was the option available for you to have certifications paid for by your employer when you chose to pay yourself? I agree that we are all responsible for keeping our skills up to date, but I don't see the point of paying for it myself if not necessary. Rather put that money to use in other areas. 

Honestly, most of the time I never really raised it, but all the rest of my colleagues had their exams/training paid for, so I don't see why it would have been an issue. I don't know. Perhaps I thrive on the pressure of not wanting to lose my $$$  

Well, technically that pressure does not exist knowing that you can expense the costs for reimbursement should you choose to do so lol. 

srothman

lol.... thanks for making my point... 

But we digress.... to the OP, if you're in a position to pay for your own certs and want to do that, go for it. If you can get your employer to pay and you don't have to sign your life away through excessive payback agreements or a 3/yr lock in for a $100- exam etc.... then that's great too. 

E Double U

srothman said:

If you can get your employer to pay and you don't have to sign your life away through excessive payback agreements or a 3/yr lock in for a $100- exam etc.... 

A very important point to consider. 

SteveLavoie

As an employer now, I am paying most if not all certification exam from my team(and books, and some training subs). And I dont require any payback or contract except for expensive training class. 

Most exam are less than 500$, I am considering this a bargain to allow them to expense considering that to succeed most employee need to study enough hours on their own time that it is cheaper for me. At the end, I am getting a certified employee, a more knowlegable and motivated employee, for a few dollars. 

deep_logic

Thanks for the valuable insights from everyone. The COMPTIA ones are reasonably priced. I didn't realize that CISSP, was $699 - that's doable on my budget.  However, I DONT have CYBERSECURITY experience, per se. I'm trying to (hopefully) get several certs (Sec+, CBROPS, SPKUNK) that will "count" as experience. I've been on LinkedIn/dice/indeed looking for a part time position - but they're hard to find. Thanks again for the tips. I'm still grinding 💯.

srothman

What I really could also suggest, if you're looking to gain experience through a cert, is to consider something that has a practical element to it. Depending on where you want to start out, there are several very cost-effective options.

HTB Certifications (hackthebox.com)
Practical Network Penetration Tester - TCM Security (tcm-sec.com) <- at $400- for training and exam voucher you could do a lot worse
How to prepare for the Burp Suite Certified Practitioner exam | Web Security Academy - PortSwigger <- Free training modules and exam attempt at around $100

This being said, nothing wrong with the CompTIA ones either, they should provide a really solid theoretical foundation on which to build out your experience.

SteveLavoie

deep_logic said:

Thanks for the valuable insights from everyone. The COMPTIA ones are reasonably priced. I didn't realize that CISSP, was $699 - that's doable on my budget.  However, I DONT have CYBERSECURITY experience, per se. I'm trying to (hopefully) get several certs (Sec+, CBROPS, SPKUNK) that will "count" as experience. I've been on LinkedIn/dice/indeed looking for a part time position - but they're hard to find. Thanks again for the tips. I'm still grinding 💯.

well.. the requirement is experience in 2 of the 8 domain. If you are an IT Generalist, you can surely justify some experience in domain 4 (telecom/networking), domain 7 (sec operation), domain 5 (identity management). They dont evaluate your title, they evaluate what you are doing. 

Also, you can get some waiver for 1 year with another certification like Sec+ or SSCP (I did the SSCP for that reason, and I chose SSCP over SEC+ to have one less CPE program to manage. 

deep_logic

@SteveLavoie - The SSCP looks interesting. I don't see this cert advertised a lot on DICE/LinkedIn. I currently have the Sec+. Are you saying that if you have the Sec+ cert, you can apply this to the SSCP cert? This is giving me a little optimism.

SteveLavoie

deep_logic said:

@SteveLavoie - The SSCP looks interesting. I don't see this cert advertised a lot on DICE/LinkedIn. I currently have the Sec+. Are you saying that if you have the Sec+ cert, you can apply this to the SSCP cert? This is giving me a little optimism.

First Sec+ and SSCP cover relatively the same knowledge. Sure Sec+ is more popular than SSCP.  However, you will have to manage another CPE program. If you do a lot of certification, it can get complex and not fun, I have to manage CPE for ISC2, ISACA and GIAC, so I didnt want to add Comptia. 

Second, if you have Sec+ or SSCP (and there are other certs too, just visit ISC2 to know about them), they will give a waiver for 1 year of experience on the 5 years required. 

vinaysingh0399

My Employer is paying for the certification, But in a month, only two people can take that reward If you are the one who will be the employee of them month.