@Dey93   You might want to see if there is an active local OWASP chapter.  That is the only security group that I am aware of that deals somewhat with that specialty.  I don't remember if discussed in the CC, but everyone should be at least aware of OWASP's Top 10.  owasp.org/Top10/2025/0x00_2025-Introduction  They also have some very good tools available.  CSA also does this for cloud.  cloudsecurityalliance.org/press-releases/2024/08/06/cloud-security-alliance-releases-top-threats-to-cloud-computing-2024-report  

@Dey93  Congratulations on your CC.  That is a great first step.  Unfortunately everyone unfamiliar with cybersecurity wants to be an ethical hacker or pentester because it sounds cool, and occasionally it is when not writing reports and all of the other tedious tasks that come with it.  Since defensive and offensive security are not profit centers, there are very few positions with many people wanting to fill them.  Offensive security has very few positions except in a company that sells those services, and they will want experience.  I am one of many that believes that ECC needs to be boycotted to eventually go out of business.  ECC has always been over priced, has a long history of mistreating their female employees, and of having labs that were not great.  A few years ago they had some major ethical violations.  You can look for thor ceh if want details as he is well respected and known internationally.  He earned a CEH and gave it up over these incidents.  Where I work, we will hire someone with an ECC certification because is not their ethics that is in question, only ECC's lack of ethics.  We will never create any new ones though.  Oddly it seems to be the men that are the most infuriated about it.  Paraphrasing what you will read from Thor, ECC said that women are too stupid to be in cybersecurity.  The men say that the organization insulted their wives, mothers, daughters, etc.  We have our folks do CySA+ and/or PenTest+ depending on their role.  I have only ever heard good things from others about OSCP and eJPT.  My employer does not recognize them because do not have a continuing education component or would know more about them.  From those that I know, I would recommend either of them over anything that ECC offers.  

Congrats on passing the CC.

I have only heard positive reviews on the CEH.  Networking is great especially to help you get started on your new career.

d

@Dey93 You noted you're networking to get a position.  Hopefully it's with local people who already work in the field.  They can probably give you better advise then here as we don't know your local area.

There is some negative feels toward CEH and EC-Council.  I won't repeat it, but on another thread regarding certs someone pointed out some of the issues.

You might want to take a look at CompTIA and their Sec+, Net+, Pentest+ certs.  While I have issues with them going for-profit, those are still decent certs.  Understand that certs aren't a "golden ticket" to a job...

More expensive are the SANS certs, but there are ways to get around the cost (look up "Work Study").  Also check out groups like Hack the Box and Offensive Security.

Many local community colleges/tech schools are doing cybersecurity training.  How good that might be I have no idea, or how well they are at getting people into the industry.  Local people would better be able to tell you.

Hope this helps.  Am sure others here will add to this.