Re: advice needed - Page 2

tinkuhalder · ‎08-19-2025

I passed cc exam august 25. I am a self employed personal. what next certification should I choose to gain practical expertise on IT and network security.?

nkeaton · ‎08-22-2025

@Onam I hold a bit of a different opinion. I have held Security+ since 2010 and keep it current mostly because of our employees to better assist them (we have around 800). I have helped several hundred of them earn theirs. The problem is not CompTIA as much as the "schools" that offer it. They put forward what I call the big lie. First there are so many open positions; there are but are not at entry level and would require 5 - 10 years of experience. Can work from anywhere, no way are we letting an entry level cybersecurity person work remotely. Can pick your own hours, definitely will never happen. Big pay, not for entry level. DoD created this mess, and private industry followed. Since the DoD has changed their requirements, I only hope that private industry follows again because experience and education have always been more important indicators. CompTIA brags at over 700K Security+ certified which is actually a pretty embarrassing brag. That's the competition; the job market is flooded with this certification. Security+ no longer differentiates a potential entry level candidate. I definitely never recommend vendor certifications to anyone who is not working in that environment. I do believe that those are both good companies, but their training is often vendor specific. Networking really doesn't have a good vendor neutral/agnostic certification unfortunately. The issue of vendor certifications is even worse when talking about cloud. I know that some CISSPs are offended by the CC like it somehow devalues our certification. I applaud the effort for an actual recognized entry level cybersecurity certification. I am glad to see our AMFs being used for that and volunteered to participate in the pilot program (ELCC). They are up to almost 70K certified in just 3 years. I feel that it is much better for entry level than Security+. I see the CC and SSCP as excellent stepping stones to the CISSP which is the goal of many cybersecurity people. This is just my perspective. I have been working in cybersecurity since 2008. One of my jobs is getting our people cybersecurity certified and to help them keep their certifications. So economies of scale, I stay on top of cybersecurity certifications in order for our people to do their work and am available for their questions and guidance.

Onam · ‎08-23-2025

@nkeatonI really appreciate your perspective. I agree with you on most points, especially about Security+ being oversold and the CC/SSCP being stronger entry-level paths. At the same time, I think it depends a lot on the career path. If someone needs to build hard technical skills, vendor-specific certs can sometimes be necessary. In the end, it really comes down to where someone wants to go in their career, but I share much of your view.

nkeaton · ‎08-23-2025

@Onman thank you for your response. There’s no actual right or wrong for sure and of course may depend on the individual as well. As you can tell, I believe in building theory first. Where they go from there will depend on their interests and skills. The worst I see in vendor certifications is always cloud. People will go for one or many vendor cloud certifications without being employed. I think those are best if are working for an organization with that product. My employer does not recognize those but does recognize CCSP and Cloud+. I appreciate your input as well. I am guessing that your work is more hands on which I have a lot of respect for. It takes many skillsets for effective defense in depth.