5 answers
Xion
Student
Largo, Maryland
4
Questions
Updated
485 views
What certificates should I get in order to be successful in cybersecurity?
I've gained an interest in cybersecurity, but I don't know what would make me appealing when applying for jobs and internships. What should I work towards getting and learning to develop and show my skills?
Login to comment
5 answers
Megan Ferguson
Cybersecurity research and analysis
5
Answers
Arlington, Virginia
Updated
Megan’s Answer
Hi Xion,
I agree with both of the excellent answers already provided about certs, and especially about establishing a home lab and learning Linux and Python, if you are interested in the technical side of cybersecurity (there are all kinds of jobs in cyber, including ones that are not as technical).
I see your question is tagged "future hacker" and "ethical hacking" - which leads me to suggest you might enjoy getting the Certified Ethical Hacker certificate.
When applying for jobs/internships or discussing potential jobs/internships with people in cybersecurity, something that would make you stand out is to have answers to questions about where your interest lies and what you are currently doing to further those interests. Questions I'd think about are:
- What interests you most about cybersecurity? (an answer to this could include, but would not be limited to, pentesting, blue teaming, identifying vulnerabilities, working to protect an organization from cyber threats, or [and my personal favorite, because this is what I do for work] researching and providing information on the current threat landscape.) Note: no matter what interests you, the Security+ is the cert I'd recommend, just as the other answers did.
- What do you consider to be the top threat(s) facing organizations today? (an answer to this could include specific nation-state actors, specific types of vulnerable equipment/devices/software, threats posed by AI, or even a Critical Infrastructure Sector that you consider to be highly vulnerable/highly targeted.)
- Where do you get your information on the current cyber threat landscape? (answers to this could include the names of specific cyber news publications, cyber researcher blogs, YouTube channels, and accounts on X or Mastadon, Reddit forums)
- Are you familiar with the MITRE ATT&CK framework? (For this question, familiar could mean "do you know it exists" or "do you know how to use it")
- How familiar are you with CVEs? (CVEs = Common Vulnerabilities and Exposures, see the NIST Vulnerability Database)
Above all I recommend you stay curious, ask questions, and do not be afraid to answer questions you don't know the answers to by saying you don't know the answer.
Work to identify what interests you most about cybersecurity, then look into what people work on in that area/those areas (you don't need to have a firm answer, just knowing more about the possibilities is a great start)
Choose one cyber news site to visit daily. Read what interests you. (Podcasts would be a good alternative if you're not crazy about reading)
Watch some cyber channels on YouTube. One of my favorites is Network Chuck.
Visit the MITRE ATT&CK site, just so you know what it is.
Visit CISA.gov, look up "Critical Infrastructure Sectors" for background knowledge. On the CISA.gov landing page you'll also see their latest publications, including cyber threat advisories - take a look at these too.
I agree with both of the excellent answers already provided about certs, and especially about establishing a home lab and learning Linux and Python, if you are interested in the technical side of cybersecurity (there are all kinds of jobs in cyber, including ones that are not as technical).
I see your question is tagged "future hacker" and "ethical hacking" - which leads me to suggest you might enjoy getting the Certified Ethical Hacker certificate.
When applying for jobs/internships or discussing potential jobs/internships with people in cybersecurity, something that would make you stand out is to have answers to questions about where your interest lies and what you are currently doing to further those interests. Questions I'd think about are:
- What interests you most about cybersecurity? (an answer to this could include, but would not be limited to, pentesting, blue teaming, identifying vulnerabilities, working to protect an organization from cyber threats, or [and my personal favorite, because this is what I do for work] researching and providing information on the current threat landscape.) Note: no matter what interests you, the Security+ is the cert I'd recommend, just as the other answers did.
- What do you consider to be the top threat(s) facing organizations today? (an answer to this could include specific nation-state actors, specific types of vulnerable equipment/devices/software, threats posed by AI, or even a Critical Infrastructure Sector that you consider to be highly vulnerable/highly targeted.)
- Where do you get your information on the current cyber threat landscape? (answers to this could include the names of specific cyber news publications, cyber researcher blogs, YouTube channels, and accounts on X or Mastadon, Reddit forums)
- Are you familiar with the MITRE ATT&CK framework? (For this question, familiar could mean "do you know it exists" or "do you know how to use it")
- How familiar are you with CVEs? (CVEs = Common Vulnerabilities and Exposures, see the NIST Vulnerability Database)
Above all I recommend you stay curious, ask questions, and do not be afraid to answer questions you don't know the answers to by saying you don't know the answer.
Megan recommends the following next steps:
Puneet Bawa
Account operation Manager
5
Answers
Gurugram, Haryana, India
Updated
Puneet’s Answer
Certified Information Systems Security Professional
Certified Information Systems Auditor
Certified Information Security Manager
CompTIA Security Plus
Certified Ethical Hacker
GIAC Security Essentials Certification
Systems Security Certified Practitioner
CompTIA SecurityX
Certified Information Systems Auditor
Certified Information Security Manager
CompTIA Security Plus
Certified Ethical Hacker
GIAC Security Essentials Certification
Systems Security Certified Practitioner
CompTIA SecurityX
Jon. Restani
Account Manager
24
Answers
Sacramento, California
Updated
Jon.’s Answer
Hi Xion,
Starting a career in IT is exciting, and getting the right certifications can really help you succeed. Here are a few great options for beginners:
1. Fortinet Cybersecurity Foundation (FCF): This is perfect for newcomers, teaching you about common threats and basic cybersecurity ideas.
2. CompTIA Security+: Focuses on essential security skills, network protection, and managing risks, giving you a strong foundation.
3. ISC2 Certified in Cybersecurity (CC): Shows you understand key security principles, access controls, and how to respond to incidents.
You're on the right track, and I believe you'll do great! Best of luck - JR
Starting a career in IT is exciting, and getting the right certifications can really help you succeed. Here are a few great options for beginners:
1. Fortinet Cybersecurity Foundation (FCF): This is perfect for newcomers, teaching you about common threats and basic cybersecurity ideas.
2. CompTIA Security+: Focuses on essential security skills, network protection, and managing risks, giving you a strong foundation.
3. ISC2 Certified in Cybersecurity (CC): Shows you understand key security principles, access controls, and how to respond to incidents.
You're on the right track, and I believe you'll do great! Best of luck - JR
David Allen
Consultant
124
Answers
Dallas, Texas
Updated
David’s Answer
To build a strong foundation, start by earning the CompTIA Security+, which is the gold standard for entry-level roles and often a mandatory requirement for government and corporate positions. If you are on a tight budget, the ISC2 Certified in Cybersecurity (CC) is an excellent alternative to get a reputable name on your resume quickly. Since modern security is heavily cloud-based, pairing these with a foundational cloud cert like AWS Certified Cloud Practitioner or Microsoft Azure Fundamentals will make you significantly more competitive than candidates who only understand traditional on-premise hardware.
While certifications get your resume past HR filters, hands-on experience is what wins the interview. Build a home lab using virtual machines to practice monitoring network traffic or defending against simulated attacks, and document these projects on GitHub or a personal blog to show employers you can apply your knowledge. Supplement your learning with practical platforms like TryHackMe or Hack The Box, and focus on mastering Linux command line and Python scripting, as these are the daily tools of the trade that prove you are ready for a real-world cybersecurity environment.
While certifications get your resume past HR filters, hands-on experience is what wins the interview. Build a home lab using virtual machines to practice monitoring network traffic or defending against simulated attacks, and document these projects on GitHub or a personal blog to show employers you can apply your knowledge. Supplement your learning with practical platforms like TryHackMe or Hack The Box, and focus on mastering Linux command line and Python scripting, as these are the daily tools of the trade that prove you are ready for a real-world cybersecurity environment.
Keerat Gill
5
Answers
Updated
Keerat’s Answer
Hi Xion,
I would recommend starting off with ISACA IT Risk Fundamentals. From there, the the CompTIA Security+ and then building on your knowledge to obtain the Network+. These three certifications would be a good starting point, and will allow you to build upon your knowledge of cybersecurity. There are many more options as you advance, but I would recommend easing into it with these as a baseline.
Best of luck!
I would recommend starting off with ISACA IT Risk Fundamentals. From there, the the CompTIA Security+ and then building on your knowledge to obtain the Network+. These three certifications would be a good starting point, and will allow you to build upon your knowledge of cybersecurity. There are many more options as you advance, but I would recommend easing into it with these as a baseline.
Best of luck!