Cybersecurity Learning and Certification Path

---

Hi

I have a Teritary Diploma in Business Computing in Singapore and I am looking to do a career switch to Cybersecurity either as a Pen Tester or Cloud Security.

So far from my research, I am getting started with the following.

1. Comptia A+ certification
2. Comptia Network+
3. Comptia Security+
4. Comptia Linux+ or LPIC-1
5. Phyton
6. OSCP
7. CISSP
8. CCSP

Is this a recommended route or is jumping to CISSP and CCSP too fast? I plan to be taking the ISC2 associate route. Also after Comptia A+ do I still need to take the MTA Networking and Security fundamentals before moving on to Network+ or Security+ will that be a repeated learning route?

Last question, between OSCP or CEHv11 which would you recommend? I understand that OSCP is completely hands on with a 24 hours exams. If i take the CEHv11 i plan to take the practical as well for mastery certification.

Thanks alot in advance for any possible advice in this area.
Gilbert

Greetings, @Gilbert-Choo

You've got a pretty good path developed, though I would make just a few adjustments.

First, to answer your question, you don't "NEED" the MTA certs before moving on to Network+ and Security+. Are they helpful? Maybe. Probably, but not necessary. Network+ and Security+ are "foundational" certs meaning they are meant for those that are looking to learn networking and security not that they necessarily already have some networking and/or security skills.

Second. From my experience and from my interaction with others in the cybersecurity space, the OSCP is more respected than CEH. That doesn't mean that CEH is worthless. CEH will be found on many job posts, but is considered an entry-level pentesting cert. To be fair, so is OSCP, but it is much more difficult and, in my experience, more respected.

Third. CISSP isn't a highly technical certification, but it is a LARGE body of information with more focus on things like procedures, regulations, frameworks, standards, policies, etc. It's a tough exam and is respected, but is a different animal than pentesting certs. Obviously CCSP is a cloud-specific security cert, but is more of a "defensive security" cert and not a pentesting cert.

I hope that helps clear things up for you.

Cheers
Daniel

Thanks @daniel-lowrie87 for your advise. Glad to hear that MTA certs are not required.

I also notice CISSP is almost every job posting I see here in Singapore. Seems like it will open a lot of doors and not limit myself to jus pen-testing. I personally prefer OSCP as well, so far from most of what I read people tends to side OSCP more and EC-Council seems to have some bad rep over the years?

The OSCP have 24 hours exams which scares me a little, however, I am glad to hear that ITPRO.TV is working on a course for that as well.

What other certification would you advise after Security+ and OSCP? I reckon Linux+ and phyton skills might be favourable as well.

Thanks
Gilbert

Hi @daniel-lowrie87

How would you compare Pentest+ to OSCP?

Thanks

Glad to be of some help, @Gilbert-Choo

Pentest+ is much more of a traditional cert exam with some "performance-based" questions.

OSCP is more like a 24hr marathon of CTFs where you connect to vulnerable machines through a VPN and then write and submit a detailed "pentest" report. If the good folks at Offensive Security deem the report to contain enough detail and accuracy, then you get the cert. This is what makes the OSCP a more "hands-on" or "practical" exam.

You absolutely need to be able to work well in a Linux environment. Python plays a good part of certs like OSCP where you use it to create custom exploits.

Another good entry-level pentesting cert would be eJPT from eLearnsecurity.

Hope that helps

Daniel

Thanks @daniel-lowrie87.

I just bought the bundle for Network+, Security+, Linux+ and CySA+. I think that should set me up for a year or two of studying to enter the cybersecurity niche. After that mayb OSCP and then CISSP i hope.

One again thank you for your advise and inputs. Much appreciated.

Gilbert