I am graduating college in April with a Bachelors degree in Computer Information Systems specializing in Information Security. I have no experience in the field, and I am wondering which certificate exam should I take first.
IMHO - they are (almost) all valuable and good to have. I started with CISSP many years ago...
If you have not researched them well yet, consider going out to cyberseek.org. This site lists the ratio of the # of the various certifications held to the current job openings where such certifications are mentioned (note that CISSP is still highly regarded, according to this data). If you know your target area in cybersecurity and target employer(s), that might help, too.
Having taught Comptia Security+ to folks of all education levels, I think that is a good one to start with. However, you should also research and become fully aware of the associated costs (testing fees, training fees, annual fees, cost to keep up your CPEs, etc.)... because, when your certifications start to stack up, it starts to get expensive! (some employers will help)
Edward Skinner, MBA, CISA, CISSP, GSNA, GCCC, Security+
I agree, with my colleagues learned comments, but ask yourself, what are your career plan and aspirations?
There are other certifications such as Cloud Security Alliance CCSK V4 and also there is a lot of Cloud Providers providing Cloud certifications as well. Think ahead, what would your potential employer want to set you on the pathway towards being a Security practitioner? What in inspires you?
Regards
Caute_cautim
@shayce wrote:I am graduating college in April with a Bachelors degree in Computer Information Systems specializing in Information Security. I have no experience in the field, and I am wondering which certificate exam should I take first.
Tony,
For now.. NONE!
Concentrate on finding a relevant job, and consider what skills the hiring employers are looking for.You will be hired with the full knowledge that you may be book-smart but skills TBD. That is ok.
If you get hired for a job or with a company you like, then look at what they want and whether they will pay for training.
If you have trouble getting hired, pay attention to what the interviews tell you about what they need. Seek training, either self-taught or classes, in the skills they are hiring for
At the moment, your focus should not be on what credential you should seek, but what additional training will benefit you this early in your career. Seek solid training in the skills that meet two criteria: you are interested in them, and employers want them.
While going through certificate training is one way to gain skills, there are many others you can follow on your own. Use what works for you and you can afford.
I must strongly disagree with @EdSkinner1 who implied you should you to look to the the CISSP soon, although I agree that the Sec+, as well as the A+ and Network+, are good beginner certificates to pursue early in your career. The CISSP is a management certification, not a front-line infosec specialist credential. If you stay in the field and build up your experience in several areas of infosec, then, and only then you can consider management certifications like CISSP, CISM, PMP, etc.
For excellent hands on tech training, I recommend SANS. However, they are expensive, so try to get an employer to pay for their course. Vendor certificate training for gear you expect to use, like Cisco or Microsoft, is always helpful.
As far as job hunting, use your school's alumni network and placement service. Also, if there are chapters of any of the following organizations near you, join, meet, greet, and let members know who you are and what help you need: ISSA, (ISC)2, ISACA, OWASP. These are your first line of professional networking opportunities.You will probably have to start out with each chapter online only, bu dive in, and got to meetings when they are available, video or live.
Set up your LinkedIn profile, and use that for more networking. However, do not just click on a CONNECT button for someone and lear it at that. First, read the person's whole profile, and decide if that person might be able to advise you or help you. When you ask for a connection, include a personalized message that tells why you think thy might be a good connection for you, adn ask for their help on their are a of expertise.
And I mean READ the profiles. My profile says at teh very top I only connect with people I knwo; if someone wants to contact me use my e-mail address. In spite of that I get several connection requests a week with no message and no prior contact.. Those folks did not read my profile.
Basic knowledge: resumes, degrees, certificates, and certifications do not get you hired, but sometimes they can get you interviewed. Networking and interviews get you hired.
Good luck, and do keep coming to this community for help.
Craig
Hey now... that is not fair CraginS... I did not say that CISSP IS (absolutely) the first certificate you should take... I just said that it is (still) highly regarded and was the first I had received (well over a decade ago). Gaining that cert helped define my career, and opened many doors... and encouraged me to get other/more certs and education.
I actually mentioned Security+ as a good first-cert (after one considers all other concerns I listed).I had taught Security+ during the last recession, it helped many of my unemployed students land their first IT jobs (and actually, some retain their first jobs - which were about to be eliminated) ...and some students landed jobs in information security. So, (to be fair) I've seen it.
I will also say that I've known information security managers who sift through resumes (and perhaps not hire) candidates that don't have a cert... as 1) so many candidates already do have some cert, 2) they are looking for assurance that candidates have aptitude, and 3) the positions they are hiring for are rarely entry-level (so they want to/need to justify the pay v. qualifications with HR). I was a CISO when the economy was on a sound footing, and I hired staff/interns (paid) that had certs... I did not have difficulty in finding candidates with certs.
As for the other things you've said in your post... I agree with most. I actually treasure my MBA more than certs. ...and I guess if you are not already SURE that you are going into IT or IT security, then that's something different.
Long story short, KEEP LEARNING... you will have to in this career field! Even if you navigate away from IT, some of these certs are still very valuable, as is what you actually learn (technology is everywhere). & Good Luck!
Sorry... I would be remiss to not mention that if you want to work for the federal government in information assurance (and now, I believe also most contractors for such - see link below), you will also need to be certified (or get certified):
https://www.isc2.org/Training/US-Government#accordion-f14b42883ed645fbb9e31b3683e2c691
Just something more to consider and think about... this is truly a huge topic with many considerations (and differing opinions)... simply, again, good luck!
-Ed
I tend to agree with the wisdom of @CraginS "find a relevant job first" or better yet create a Startup in Infosec! Think big! Solve big problems and have fun. You have a long career in front of you.
@shayceOr even be bold as volunteering to get some work experience, or even help communities, all of this counts as experience to a potential employer, showing you are willing to learn, achieve your goals and determined to succeed.
regards
Caute_cautim
@CraginS wrote:Concentrate on finding a relevant job, and consider what skills the hiring employers are looking for. You will be hired with the full knowledge that you may be book-smart but skills TBD. That is ok.
This is key. Across you entire career, you will find the need to keep knowledge and experience in balance. College has built your book-smarts (knowledge). Now, it is time to complement that with skill-set (experience). It's a yin-yang ☯ thing.
So, look for a job that seems relevant/interesting/challenging and in a location you would like to live and apply. And take job requirements with a grain of salt. Sure, you are not going to become CIO straight out of college, but at the same time, they are not going to find their unicorn.
Certificates can wait till another day. Plus, as Craig states, you can often get the employer to pay for them; kinda like work-study in reverse.
I'd recommend that you do the analysis of what job postings for entry level positions are asking for in terms of certificates. Then you research those, including the study materials, costs, exams and any ongoing fees. Once you have that an understand possible career paths in InfoSec and the path you're looking pursue, you start applying for jobs. You won't meet all the requirements, but apply anyway if you've got a 70-80% match. You may get a lot of rejections, but what is essential is that you get some practical work experience in IT or InfoSec. You might also want to consider applying for general IT jobs and then take advantage of internal vacancies once you're in a role.
So it's more about you're tactics to get a foothold initially than the specific certifications that are best. The certifications are a means to an end for most people.