Little confused with qualifications in UK

Currently I’m pursuing a masters in Cybersecurity in UK. I’m interested in blue team side like SOC analysts or Security analysts roles, but couldn’t find a good certification for it. I practice stuffs from online labs for SIEMs tools, trainings, etc. And I was thinking of doing a CREST CPSA or CEH for these roles, which one will be good? As applying without a cert is better than with a cert?

Thanks!

Find more posts tagged with

specific skills needed in cyber

CEH

soc analyst

Comments

aniz

Any suggestions is highly appreciated.

UnixGuy

Blue Team level 1 cert, eLearnSecurity has similar courses. You definitely dont need CEH or CREST

aniz

UnixGuy said:

Blue Team level 1 cert, eLearnSecurity has similar courses. You definitely dont need CEH or CREST

Any cert other than CREST, like elearn security courses will it be considered to pass hr or for interviews?

JDMurray

As a hiring manager in a SOC myself, I say the CompTIA CySA+ (CS0-003) is pretty much what we do on a daily/weekly basis.

Job postings are where the HR requirements are. You need to look at job postings for SOC Analysts at all levels and see what certs are asked for. It's the interview(s) with the hiring manager and interview panel where you have a chance to make yourself appear as "great value for the money" by having advanced training, certs, degrees, experience, and presentation. You find out what being a "great value" is to the org by doing OSINT recon on the org itself.

aniz

JDMurray said:

As a hiring manager in a SOC myself, I say the CompTIA CySA+ (CS0-003) is pretty much what we do on a daily/weekly basis.
Job postings are where the HR requirements are. You need to look at job postings for SOC Analysts at all levels and see what certs are asked for. It's the interview(s) with the hiring manager and interview panel where you have a chance to make yourself appear as "great value for the money" by having advanced training, certs, degrees, experience, and presentation. You find out what being a "great value" is to the org by doing OSINT recon on the org itself.

Yeah thanks for the info. I looked into the postings, saw that many don’t ask for a cert in SOC positions but some asks like an entry level CEH or SEC+. Usually in UK, CREST is given more value but still some accepts other options also. So mainly I was wondering a more generic cert for overall? Like Cysa+ is good but any alternatives?

If I do CEH? Because I got a scholarship from EC-Council and the exam fees got reduced a lot by 80%, so will it be good?

Thanks!

JDMurray

The only certs that are good for you are the ones asked for--or just mentioned--in job postings for the kind of work you are looking for. One hiring manager may think C|EH is great, but another might think it's bogus and not want to interview you because you have it. This personal preference shows that certifications can entice--or discourage--a hiring manager from giving you a first-round interview.

It's also not easy to determine what the hiring manager is really needing based on the job posting. For example, if it is asking for "a Security+ or CISSP cert" they might really want a CISSP but would settle for a Sec+, or they are only looking for someone with a Sec+, but don't want to exclude CISSP candidates that don't have Sec+. Better if you have the CISSP in either case. Even better if you can talk with the hiring manager before actually applying for the position.

Getting a (good) job takes a lot of work.

aniz

Yup I understand, so a more generic cert like Sec+ will be great for entry level roles or skip the help desk positions, since I also got a masters degree? Cause I saw there’re lot certifications listed but mostly Sec+ is common.

aniz

JDMurray said:

The only certs that are good for you are the ones asked for--or just mentioned--in job postings for the kind of work you are looking for. One hiring manager may think C|EH is great, but another might think it's bogus and not want to interview you because you have it. This personal preference shows that certifications can entice--or discourage--a hiring manager from giving you a first-round interview.
It's also not easy to determine what the hiring manager is really needing based on the job posting. For example, if it is asking for "a Security+ or CISSP cert" they might really want a CISSP but would settle for a Sec+, or they are only looking for someone with a Sec+, but don't want to exclude CISSP candidates that don't have Sec+. Better if you have the CISSP in either case. Even better if you can talk with the hiring manager before actually applying for the position.
Getting a (good) job takes a lot of work.