CYBERSECURITY JOB HUNTING GUIDE
  • Home
  • Introduction
    • Things you should know
    • The strategy
  • Paths into Cybersecurity
    • First steps
    • SWOT Analysis
    • How much time do you need?
    • Calculate& Evaluate Knowledge
    • Imposter syndrome
    • Time Management
    • Cybersecurity Domains
    • Cloud Security
    • Financial advice >
      • Credit score
    • The salary
    • Advocacy for underrepresented groups
  • Goal Setting & Career paths
    • Find your career in 5 steps
    • Cybersecurity career options
    • Career finding with LinkedIn
    • Transferable Skills (general)
    • Transferable IT Skills
    • Find a path with job descriptions
    • The I do not know path
    • Do you know “garbage” jobs?
    • “Bonus” knowledge
    • Learning & Motivation
    • Particular vs. any job
    • Pentester path (start)
    • Pen Testing as Career
    • SOC Analyst as career
    • Security Engineer as career
    • Compliance & Risk as career
    • How to find a career (IAM Engineer)
    • Find a company
  • Networking
    • Networking like a pro
    • LinkedIn
    • Referrals & Skills
    • LinkedIn Recruiters >
      • Working with a recruiter
    • Cyber Community
    • Networking University
    • Mentoring
    • Build your personal brand
    • Goal of Networking
  • Hands-on
    • The home lab >
      • Designing a home lab
      • Ways to create a home lab
      • Hypervisors >
        • VirtualBox
        • VMWare Player
        • QEMU/KVM
      • Docker
      • Operating Systems >
        • Kali Linux >
          • Installing Kali with VirtualBox
        • Parrot
        • BlackArch
        • Red Hat Enterprise Linux >
          • RHCSA
        • Security Onion >
          • Installation Security Onion
        • Metasploitable2
        • Ubuntu
        • Windows >
          • Windows in a VM
          • Windows with Virtual Machine Manager
          • Preparing Windows logging
          • John Strand's ADHD VM
      • Firewalls >
        • pfSense Installation
        • pfSense configuration for Security Onion
    • Volunteer Work
    • Note Taking
    • Red labs >
      • Cyberseclabs
      • HackTheBox >
        • HackTheBox Academy
      • INE red side
      • RangeForce
      • Offensive Security
      • TryHackMe
      • Virtual Hacking Labs
    • Red tools & techniques >
      • Atomic Red Team
      • DVWA
      • Metasploit
      • OSINT tools
      • OWASP Juice Shop
    • Blue labs >
      • Blue Team Labs Online
      • DetectionLab (free)
      • INE
      • Letsdefend >
        • LetsDefend password stealer
      • Opensecuritytraining (free)
      • PurpleLabs
      • RangeForce
    • Blue tools >
      • Install a Canary Token
      • CyberChef
      • EDR Lima Charlie installation
      • EDR LimaCharlie configuration
      • EDR Velociraptor (free)
      • EDR Bluespawn (free)
      • DeepBlueCLI (logs Powershell, free)
      • Raccine (ransomware protection, free)
      • Install RITA (detects C2 traffic, free)
      • Sandboxes >
        • Joe's Sandbox
      • SIEM ELK Stack
      • SIEM Graylog >
        • Getting started with Graylog
        • Install Graylog
        • Graylog Windows agent
        • Graylog Linux agent
        • Graylog as application
      • Suricata with RangeForce
      • Identifying IoCs with RangeForce
      • What2Log
  • Certifications, Degree & Courses
    • Overview
    • Free & Affordable Resources
    • Pick your cert
    • Skill Assessment
    • Get a cheap degree
  • (Employment) fraud & scams
    • Suspicious Offer
    • Second Offer
    • Certification Scams
    • Fraud with courses
  • Analyzing a job ad
    • The Header
    • Building a Bridge
    • The Responsibilities
    • Desired Skills
    • Preferred Qualification
    • Benefits
    • Own skills vs job ad
    • Dealing with poorly written job ads
  • Resume writing
    • Templates
    • Building a draft
    • Resume in Detail
    • Understand the company
    • ATS and tailoring
    • Last Step
  • Cover letter
    • Writing a cover letter
  • Preparation & Interview
    • Organize your job hunt
    • SWOT Again (interview)
    • Twitter
    • The interview
    • Interview Questions Designed To Trick You
    • Post interview tasks
  • I did it all, but...
    • You are not alone
    • Try Something New
    • Why You'll Fail in Cyber Security
  • Yes, I got a job!
    • Two, or more offers?
    • Continued learning
    • Moving up
    • Lessons learned
  • Conclusion
  • Additional things
    • Reviews (labs, courses, certs) >
      • CompTIA A+
      • CompTIA Network+
      • CompTIA Security+
      • CompTIA Server+
      • CompTIA PenTest+
      • DroneSec DSOC
      • Defensive-Security Purple Labs
      • FAA Part 107
      • INE eCPPT & PTP
      • Letsdefend review
      • Microsoft AZ-500
      • RangeForce SOC 1
      • RangeForce SOC 2
    • Work In A Different Country >
      • The Work Permit
      • Working in the US
      • Studying in the US
      • Studying in Germany
      • Work in a different country
    • Other Resources >
      • Useful Links >
        • All about careers
        • Red resources
        • Blue resources
      • YouTube
      • Twitch
      • Podcasts
      • Books
      • Udemy
      • Thanks
    • Contributors
  • Stefan Waldvogel, where can I help?
  • Home
  • Introduction
    • Things you should know
    • The strategy
  • Paths into Cybersecurity
    • First steps
    • SWOT Analysis
    • How much time do you need?
    • Calculate& Evaluate Knowledge
    • Imposter syndrome
    • Time Management
    • Cybersecurity Domains
    • Cloud Security
    • Financial advice >
      • Credit score
    • The salary
    • Advocacy for underrepresented groups
  • Goal Setting & Career paths
    • Find your career in 5 steps
    • Cybersecurity career options
    • Career finding with LinkedIn
    • Transferable Skills (general)
    • Transferable IT Skills
    • Find a path with job descriptions
    • The I do not know path
    • Do you know “garbage” jobs?
    • “Bonus” knowledge
    • Learning & Motivation
    • Particular vs. any job
    • Pentester path (start)
    • Pen Testing as Career
    • SOC Analyst as career
    • Security Engineer as career
    • Compliance & Risk as career
    • How to find a career (IAM Engineer)
    • Find a company
  • Networking
    • Networking like a pro
    • LinkedIn
    • Referrals & Skills
    • LinkedIn Recruiters >
      • Working with a recruiter
    • Cyber Community
    • Networking University
    • Mentoring
    • Build your personal brand
    • Goal of Networking
  • Hands-on
    • The home lab >
      • Designing a home lab
      • Ways to create a home lab
      • Hypervisors >
        • VirtualBox
        • VMWare Player
        • QEMU/KVM
      • Docker
      • Operating Systems >
        • Kali Linux >
          • Installing Kali with VirtualBox
        • Parrot
        • BlackArch
        • Red Hat Enterprise Linux >
          • RHCSA
        • Security Onion >
          • Installation Security Onion
        • Metasploitable2
        • Ubuntu
        • Windows >
          • Windows in a VM
          • Windows with Virtual Machine Manager
          • Preparing Windows logging
          • John Strand's ADHD VM
      • Firewalls >
        • pfSense Installation
        • pfSense configuration for Security Onion
    • Volunteer Work
    • Note Taking
    • Red labs >
      • Cyberseclabs
      • HackTheBox >
        • HackTheBox Academy
      • INE red side
      • RangeForce
      • Offensive Security
      • TryHackMe
      • Virtual Hacking Labs
    • Red tools & techniques >
      • Atomic Red Team
      • DVWA
      • Metasploit
      • OSINT tools
      • OWASP Juice Shop
    • Blue labs >
      • Blue Team Labs Online
      • DetectionLab (free)
      • INE
      • Letsdefend >
        • LetsDefend password stealer
      • Opensecuritytraining (free)
      • PurpleLabs
      • RangeForce
    • Blue tools >
      • Install a Canary Token
      • CyberChef
      • EDR Lima Charlie installation
      • EDR LimaCharlie configuration
      • EDR Velociraptor (free)
      • EDR Bluespawn (free)
      • DeepBlueCLI (logs Powershell, free)
      • Raccine (ransomware protection, free)
      • Install RITA (detects C2 traffic, free)
      • Sandboxes >
        • Joe's Sandbox
      • SIEM ELK Stack
      • SIEM Graylog >
        • Getting started with Graylog
        • Install Graylog
        • Graylog Windows agent
        • Graylog Linux agent
        • Graylog as application
      • Suricata with RangeForce
      • Identifying IoCs with RangeForce
      • What2Log
  • Certifications, Degree & Courses
    • Overview
    • Free & Affordable Resources
    • Pick your cert
    • Skill Assessment
    • Get a cheap degree
  • (Employment) fraud & scams
    • Suspicious Offer
    • Second Offer
    • Certification Scams
    • Fraud with courses
  • Analyzing a job ad
    • The Header
    • Building a Bridge
    • The Responsibilities
    • Desired Skills
    • Preferred Qualification
    • Benefits
    • Own skills vs job ad
    • Dealing with poorly written job ads
  • Resume writing
    • Templates
    • Building a draft
    • Resume in Detail
    • Understand the company
    • ATS and tailoring
    • Last Step
  • Cover letter
    • Writing a cover letter
  • Preparation & Interview
    • Organize your job hunt
    • SWOT Again (interview)
    • Twitter
    • The interview
    • Interview Questions Designed To Trick You
    • Post interview tasks
  • I did it all, but...
    • You are not alone
    • Try Something New
    • Why You'll Fail in Cyber Security
  • Yes, I got a job!
    • Two, or more offers?
    • Continued learning
    • Moving up
    • Lessons learned
  • Conclusion
  • Additional things
    • Reviews (labs, courses, certs) >
      • CompTIA A+
      • CompTIA Network+
      • CompTIA Security+
      • CompTIA Server+
      • CompTIA PenTest+
      • DroneSec DSOC
      • Defensive-Security Purple Labs
      • FAA Part 107
      • INE eCPPT & PTP
      • Letsdefend review
      • Microsoft AZ-500
      • RangeForce SOC 1
      • RangeForce SOC 2
    • Work In A Different Country >
      • The Work Permit
      • Working in the US
      • Studying in the US
      • Studying in Germany
      • Work in a different country
    • Other Resources >
      • Useful Links >
        • All about careers
        • Red resources
        • Blue resources
      • YouTube
      • Twitch
      • Podcasts
      • Books
      • Udemy
      • Thanks
    • Contributors
  • Stefan Waldvogel, where can I help?
  CYBERSECURITY JOB HUNTING GUIDE

Overview

Author: Stefan Waldvogel

Cybersecurity certification jungle

This topic is an enormous field, and many have different opinions. You can find many IT certifications here: https://pauljerimy.com/security-certification-roadmap Paul’s website is very dynamic. He constantly adds new and more certifications. His web page is interactive and offers much more details, including the pricing.
Picture
This list is crazy, isn't it?
Paul's list is enormous, but still, some certs are missing or even complete areas. How can you use this map? Many people start with CompTIA A+, Network+ and Security+ and this picture explains why this is not a bad idea. You get the basics in a lot of fields. If you do it right, you understand a lot of topics. You cover Network Security, Security Architecture, Asset Security, Risk Management, Security Assessment, Security Software, and Security Operations with these three certs. Of course, you only know a little, but you can talk and use the correct terms. You are building your foundation.

Can you make money with it? 
It depends but most likely, many people have the same skills and fight for few jobs. This disadvantage reduces the salary. You can use Robert Half (https://www.roberthalf.com/salary-guide) or a different resource to see the pay. I use Robert Halfs (outdated) numbers, but if you want to see the most accurate numbers, register and download the report.
Picture
These are numbers. Each city and area has an own modifier. If you want to know more, download the newest guide. Here, you can see with A+ and Network+, and you start with $35K. You do not want such a job, right? You are looking for something like this:
Picture
The bad news is, it is not possible to start with such a salary. Yes, some people are lucky and get a higher-paid job, but most are not fortunate.
Do you need good news? Yes, if you are smart, you can pick the right way to reach this level without going through a $35K to $45K job. Your goal is to gain valuable and rare knowledge. Salary is defined by supply and demand. A+, Net+ and Sec+? Everyone has it… → often low salary. You want to know how bad it right now is, look at this resource: https://www.Cybersecurityseek.org/heatmap.html
Picture
This map offers more data, and I recommend using the link to get the most out of it. Hint: Do not forget the Career Pathway.
Certifications like CISA, CISM, and CISSP bring you in a much better position, but you cannot take these certs without having five years in IT / Cybersecurity.
Most people want to know more details about technical certifications. There are many courses and certification paths, and I will highlight three training companies. INE, RangeForce, and Offensive Security. All three have a free part, and before you pay for the course, you can try the free part first or use their free products.

INE:
Picture
HR relevant: No, but this is changing
Advantages: A wide variety of modules (with labs) and it is impossible to do all in a year. The price is very competitive. The Unofficial eLearnSecurity discord is great. The PTS path is an excellent starting point for Cybersecurity.
Disadvantage: You need your own Kali, and this is sometimes a problem because Kali gets upgraded every three months, and the courses are more static. The support is sometimes slow unless you use the discord. Certifications are separate and cost $400.
Recertification costs: None, unlimited valid

RangeForce:
Picture
HR relevant: No
Advantages: ~500 modules, it is cloud-based; you get an always working environment, labs have internet access, pricing for students is incredible good.
Disadvantages: You get a badge, but that is not an actual certification. Talk to a salesperson to gain access, and I wouldn't say I like this approach. Sometimes they call you. They hide the pricing, therefore it is hard to compare, but I guess you can negotiate the price.
Recertification costs: The badge is valid for two years; the "recertification" process is unknown.


Offensive Security:
Picture
HR relevant: YES, as a pen-tester, you need OSCP in many countries.
Advantages: Well-known, well respected in the industry, it is the golden standard, the pricing is okay, it is hard to cheat, they record and try to protect their exams. 
Disadvantages: OSCP is a CTF exam and therefore not 100% useful for a pen-tester. The exam is gambling. If you are lucky, you study 500 hours, get 5 “easy” machines, and in 12 hours, you are done. If you are unlucky, you learn over 1000 hours, do each HTB machine in under 4 hours, and cannot pass the exam. Sometimes, you get two or more machines with multiple databases and multiple web pages… with one way in. This fact is the reason why people think so differently about the level.
Another disadvantage is the price if you need more attempts. It can get costly.
You are not allowed to use standard enumeration tools like linPEAS (specific versions)/SQLmap -> the exam does not have much to do with a real pen test outside of CTFs, it is more or less a relevant paper for HR.
Recertification costs: None, unlimited valid.
Bonus hint: If you want OSCP, study as much as you can with free materials before starting the course. PWK 365 is available but costly ($2148).

The exam restrictions:
Source: www.offensive-security.com/offsec/understanding-pentest-tools-scripts/
Picture
As you can see you cannot use Burp Pro (it is commercial), but a tool like ZAP (which is even more powerful than Purp Pro) might be okay, but maybe not.
--> I would take this certification if it reflects what I am doing in the real world but I do not see the value in risking my money in a gambling exam.
As a pentester it is the golden standard for HR but this might change sooner or later.

Other certifications
There are more course providers. If you have an excellent employer, they will pay for SANS courses. These courses are ultra-expensive, but the certifications are HR relevant, and some of them can increase your salary a lot.
Next: Free & affordable courses
© 2021. This work is licensed under a CC BY-SA 4.0 license​