7 answers

What security certifications are ideal to obtain when pursuing a career in cyber security, more specifically a position dealing with cybercrime?

Updated Viewed 131 times

7 answers

Joel’s Answer


There are five GIAC certifications related to digital forensics.

  • GIAC Certified Forensic Analyst (GCFA)
  • GIAC Advanced Smartphone Forensics (GASF)
  • GIAC Certified Forensic Examiner (GCFE)
  • GIAC Network Forensic Analyst (GNFA)
  • GIAC Reverse Engineering Malware (GREM)

Any of these would be beneficial for someone seeking a position in fighting cybercrime.

Joel recommends the following next steps:

  • Go to the GIAC website (https://www.giac.org/) and read over the certification details and determine if you have the background necessary to begin the forensic certification that most interest you.
Thank you so much Mr Snider. I will certainly look into these certifications and see what each entails and which best fit what I'm looking for. Armando T.

KC’s Answer


If you're looking for a role in cyber security, certifications certainly won't hurt. However, companies where security engineers are doing the hiring tend to focus more on practical skills and an understanding how how to assess and address risk. Certifications don't necessarily reflect those skills in practice. In fact, most of the brightest people I know in infosec do not have certifications. By no means am I assuaging you from pursuing that. But many security certs require years of experience, so you run into frequent 'chicken-and-egg' issues. Instead, spend your time interacting with others around your geographical area that are security engineers. If you have a local BSides, OWASP, or DEF CON group, reach out to them to help assess the resources available to you based on your interests. Explore, do, challenge yourself! We need you!

Exceptional advice thank you. I certainly want to do what is necessary to obtain those critical security skills. I will definitely be pursuing some certifications, but I understand what you mean when you say that certifications don't necessarily mean you have those fundamental practical skills. My aim is to learn as much as I can from current security professionals and resources in order to develop the essential skills and knowledge that I need to excel in the information security industry. I will definitely look into the security groups that you suggested! Armando T.

ROBERT’s Answer


I would suggest you look into a law enforcement training track. When we have brushed against actionable crime in business we always need to turn it over to police or FBI to take action. From my interaction with law enforcement you will have much more trust & opportunity if you become an officer or special agent first, then specialize in a unit focused on cybercrime.

ROBERT recommends the following next steps:

  • Ask Gregory Michaels at Kroll Cybersecurity. I am a client and worked with him in the past.
Thank you for the advice Mr. Sullivan. I actually originally planned on pursuing law enforcement and majored in criminal justice in my undergrad. This is certainly something that I have considered and is of great interest, I will certainly follow up with Mr. Michaels for further insight. Armando T.

Jessica Valentine’s Answer


Hi Armando! Look into the Security+ certification with CompTIA and the CISSP (associate level can be achieved prior to the 5 years of required experience.

Thank you for the tips Mrs. Valentine I have actually looked into the security+ and will definitely be pursuing it this year. I will also look into the CISSP and learn more about the requirements and benefits. Armando T.

Doris’s Answer


Hi Armando,

Here's another link with great info on getting your OSCP.


Good luck!

Thank you Mrs. Delgado the link your provided is certainly helpful in giving me insight on what to expect. I am currently focused on obtaining my Security+ , but will be referring back to this link and to better prepare when I am able to pursue the OSCP. Armando T.
Thank you Mrs Delgado the link you provided is certainly insightful on what to expect when obtaining the OSCP. I am currently pursuing my Security+, but will be referring back to this when I am ready to obtain my OSCP. Armando T.

Stacy’s Answer


Hello Armando,

Here is a link from the College Board website that can give you a head start about some possible career paths that you can choose from. Definitely, if you want to work for the CIA or FBI, you would be required to get a MA (Master's degree).


Hope this helps you a little to figure out your future endeavors (:

Thank you so much it will certainly give me a better idea of what to expect and how I should prepare. I really appreciate it! Armando T.

Mariana’s Answer


Hi Armando, GIAC is definitely a great start, but it's somewhat general and broad. OSCP (Offensive Security Certified Professional), it's hands on, with explanation on techniques. The material will lead you to a lab and prepare you for the exam.


A couple of books that will help you are Practical Malware Analysis. The Rootkit Arsenal. Reversing Secrets of Reverse Engineering.

Mariana recommends the following next steps:

  • Go to Defcon
  • Download Kali Linux and start with some easy exploits
  • Follow Liveoverflow https://liveoverflow.com/ and suscribe to his youtube channel, he explains amazingly well.
  • Be curious!
Hello Mrs. rodriguez thank you for the exceptional advice. I will certainly follow up on each of these and learn as much I can to prepare myself. The OSCP certification is certainly of interest to me and I plan pursuing it and any other essential certifications that will strengthen my understanding of vital security topics. Armando T.
Awesome to hear Armando. Happy learning!! Mariana Rodriguez