Cybersecurity Certificate Tier List (2023)
Summary
TLDRこのビデオでは、サイバーセキュリティ認証のSからFまでのティアランキングを紹介します。無数のリクエストに応えて、業界で最も価値のある認証を解析し、それぞれの評価基準を説明します。CompTIAからCISSP、CCNA、CEH、OSCPなど、入門レベルから上級レベルまで幅広くカバーし、認証の評判、コスト、取得難易度、そして実務での役立ち具合を考慮してランク付けします。また、Googleのサイバーセキュリティ認証やクラウドセキュリティに関する認証も取り上げ、職場での実用性やHRの視点からの価値についても議論します。最終的に、認証が就職活動にどのように役立つか、そして実際に業界で成功するための鍵が技術の習得にあることを強調します。
Takeaways
- 🔑 サイバーセキュリティの認証は、入門レベルから専門レベルまで多岐にわたり、それぞれが特定の職種への道を開く可能性がある。
- 📊 認証を選ぶ際は、その評判、コスト、取得難易度、そして実際の仕事で役立つ知識がどれほど含まれているかを考慮することが重要。
- 📈 CompTIAのSecurity+は、多くの職に「ゲートキーパー」として要求される入門レベルの認証であり、広く認知されている。
- 💡 サイバーセキュリティの職に就くためには、特定の認証が必要とされることが多いが、それだけが職を得るための全てではない。
- 🎓 CISSP(Certified Information Systems Security Professional)は、高い評価を受け、幅広い職種で求められる上級レベルの認証である。
- 🌐 クラウドセキュリティの認証(CCSKやCCSPなど)は、現在の技術トレンドにおいて高い需要があり、重要性を増している。
- 💼 特定の認証は、経験豊富なプロフェッショナル向けに設計されており、実際の職場での経験を補完する。
- 🔍 認証を取得する主な目的は、面接の機会を増やし、最終的に職を得る確率を高めることにある。
- 📚 ただ認証を取得するだけでは不十分で、取得した知識を実際のプロジェクトやハッキングツールの構築に応用し、専門性を示すことが重要。
- 🚀 一つの認証が全てを解決するわけではなく、個々のキャリア目標や専門分野に合わせて適切な認証を選択する必要がある。
Q & A
動画の目的は何ですか?
-サイバーセキュリティ分野における最適な認定資格をSランクからFランクまで評価し、それぞれの資格が職を得るためにどのように役立つかを解説することです。
CompTIA A+ 資格がサイバーセキュリティの職にどう影響しますか?
-CompTIA A+ 資格はサイバーセキュリティの職に直接つながらないが、一般的なIT知識が要求されるため、基礎としては有用です。
なぜSecurity+が多くの職において「ゲートキーパー」とされるのですか?
-Security+は広く認知されており、多くの職では基本的なセキュリティ原則の理解を証明するために求められるためです。
Googleのサイバーセキュリティ認定資格がSecurity+と組み合わせて推奨される理由は何ですか?
-Googleのサイバーセキュリティ認定資格は基本知識を提供し、Security+の試験に合格するための準備を助け、さらにSecurity+の試験費用を30%割引します。
CASP+ 資格はどのような経験を持つ人に向けられていますか?
-CASP+は、10年以上のIT経験と5年のセキュリティ経験を持つ人を対象としていますが、試験を受けるための必須条件ではありません。
CiscoのCCNAとCompTIAのNetwork+の間にどのような違いがありますか?
-CCNAはCisco固有の知識を深く掘り下げる中級レベルの資格であり、Network+よりもネットワークに関する理解が深まります。
OSCP認定資格の特徴は何ですか?
-OSCPは実際のネットワークへのペネトレーションテストを含む24時間の試験を要求し、一生有効である点が特徴です。
CISSP資格を取得するための要件は何ですか?
-CISSPを取得するためには、8つのドメインの2つ以上で最低5年の実務経験が必要ですが、特定の資格や学位を持っていれば1年の経験が免除されます。
CCSKとCCSPの主な違いは何ですか?
-CCSKはクラウドセキュリティの知識に関する最初の認定であり、オープンブック試験であり、CCSPはより広範なガバナンスのトピックをカバーし、特定の職業経験が必要です。
サイバーセキュリティの資格だけで仕事を得ることは可能ですか?
-資格は面接を通過し、実際の職に就くための能力を示す必要があるため、単独で仕事を保証するものではありません。資格は職を得るためのオッズを高めるためのものです。
Outlines
😀CompTIAの認定試験の概要
CompTIAの認定試験の種類とそれぞれの概要について解説しています。A+やNetwork+といった入門レベルの試験から、Security+やCySA+といった上級レベルの試験まで幅広くカバーしています。
😃侵入テストの認定試験
侵入テストを行う職種向けのCEHとOSCPという2つの認定試験について比較しています。OSCPの方が評価は高く、コストもCEHと大差なく永続的な資格なので、OSCPの方がおすすめだと述べています。
🤔政府関連のコンプライアンス試験
政府や企業のセキュリティコンプライアンスに関するISACAとGIACの認定試験を紹介しています。有名度や価格の面で他の試験に劣るものの、実務的な内容を含む試験もあると述べています。
😎CISSPとCSSP認定試験
最も有名でかつ包括的なCISSPとCSSPの2つの認定試験を取り上げ、詳細な解説をしています。5年の実務経験が必要だが、最も需要の高い試験の1つであることを強調しています。
💪認定資格の意義
単に試験に合格するだけでなく、知識を実践で活用し、ポートフォリオを構築することが大切だと述べています。認定資格が面接に呼ばれる確率を高める助けにはなるが、それだけで仕事を保証するものではないと警告しています。
Mindmap
Keywords
Please replace the link and try again.
Highlights
Introduction to the best cybersecurity certifications, addressing the confusion over which ones are necessary for a job in the field.
Explanation of the ranking system used to evaluate cybersecurity certifications based on job listings, reputation, cost, difficulty, and practical usefulness.
CompTIA A+ certification discussed as necessary knowledge but not directly leading to a cybersecurity job.
Network+ certification viewed as foundational but not sufficient alone for securing a cybersecurity position.
Security+ certification highlighted as a key entry-level certificate with significant job market value.
Recommendation to pair Security+ with Google's cybersecurity certificate for enhanced job prospects.
CySA+ and PenTest+ certifications discussed for their focus on defense and offense in cybersecurity, respectively.
CASP+ certification mentioned for experienced professionals, with a note on its relative value compared to other options.
CCNA certification recommended over Network+ for those interested in network-focused cybersecurity roles.
CEH certification's high cost and HR appeal contrasted with its community reception.
OSCP certification praised for its practical, lifelong validity and high respect in the cybersecurity community.
ISACA certifications recognized for their global respect and focus on governance and risk management.
GSEC certification noted for practical content but limited by its price and reputation.
CISSP certification presented as highly prestigious, versatile, and valuable for advancing in the cybersecurity field.
Discussion on cloud security certifications, highlighting the CCSK and CCSP for their relevance in the growing cloud domain.
Transcripts
in this video I'm going to be going over
the best cyber security certifications
from s tier all the way down to F tier
I've gotten millions of requests to go
over the best certifications to get into
the field and I get it I mean come on
look at this what the actual is
going on are you supposed to get all
these to get a job well you could and
collect certifications like Pokemon for
the rest of your life pretentiously
claiming to be smarter than everyone
else around you by virtue of you being
able to memorize questions to answers
for tests as if you're going to be given
four multiple choice options when
someone breaks into your network now if
you don't already know who I am good
because nobody does I'm just that guy in
a mask who is currently a cyber security
analyst or an a-tier Fortune 500 company
sorry boss we had an S tier alright
enough Shenanigans let's get started let
me preface this rating system if you
disagree with me that's okay you're
wrong no no but the method that I use to
rank this system is this I took a random
perfect sample size of a hundred job
listings I pulled every certificate they
mentioned and I did some salty late
night research on Reddit on YouTube on
blog sites and I mixed in my own
experience applying for jobs my old
co-workers my old professors and my boss
all to finally answer the age-old
question which one is best and answer
whatever the hell this job listing means
by grade a security certificate what the
hell is even that increase your odds of
Landing that first time interview and
eventually the job I'll explain my
reasoning for each ranking and if you
disagree then please leave a comment
down below it's going to help everyone
if you comment now every rating is going
to take into consideration reputation as
in how well is it known cost difficulty
of obtaining the certificate and most
importantly how useful is the
information inside of the certificate
going to help you practically speaking
at the end of this tier list I'm going
to further explain why having any one of
these certificates can actually do for
you so don't miss the end take away from
all of this alright let's get started
with the elephant in the room CompTIA
keep in mind that all CompTIA certs as
well as a ton of other ones I'm going to
cover only last for three years and have
to be renewed after that I'll go
overview new certs that don't expire but
as security evolves so does the cert a
plus this won't get you a job in cyber
security definitely after and don't get
me wrong you do need to know everything
that is on the test but you're gonna
have one hell of a time getting past the
hiring Gates if this is all you have you
could land a general I.T job from it but
this isn't a tier list for General IT
jobs next is Network plus and this is
like the a plus is lifelong best friend
hello I love you you'll learn the basics
of networking and could get a job as a
network intern or associate but good
luck Landing a security job with just
this plus you do need to know everything
that is on this test and in my sample
size I saw it asked for one time and for
that reason alone it's a detier for
definitely not going to get you a job
security plus oh boy this is that one
popular kid in class gets all the
attention but really isn't all that
smart this one is the goaded gatekeeper
of a massive amount of jobs by
gatekeeper I literally mean it is
sometimes required for you to have the
job now something that I discovered on
LinkedIn that maybe a lot of people
don't know is that the parsing for the
search bar sucks a good amount more than
indeed if I had to rank job boards
LinkedIn you're losing points for this
now searching for CompTIA Security on
LinkedIn brings up this it's Hit or Miss
whether or not you're actually gonna get
a job that asks for CompTIA or Security
Plus whereas using indeed's job search
you get less garbage and more relevant
job listings as you can see here there's
thousands of jobs that we can search for
and my job listing sample had about 30
percent asking for this certificate now
this is an entry level certificate and
for that reason it's not going to
guarantee a job but it's sure going to
help based on how widely known it is and
asked for at this point it's just
something HR lists as like a check box
in the same way that a college degree
proves that you're capable of showing up
to a place consistently for four years
this search shows that you're capable of
retaining security principles
the things I'm smart and the Security
Plus certificate is only 392 dollars
which might be a lot for some of you but
compared to some of the other shirts
we're gonna go over it's a very
reasonably priced cert for how well it
is widely known because of everything
mentioned this is definitely an
eight-tier certificate it's widely known
and it gives you a solid base
understanding of security that a lot of
jobs unfortunately require if you want
some extra credit and you want to bump
this up to an A plus I highly recommend
pairing the Security Plus with the new
and shiny Google cyber security
certificate that's available for
basically free on Coursera that I went
over in this video here and for two
reasons the Google cert gives you vital
basic knowledge that will allow you to
prepare yourself to pass the Security
Plus and it gives you a discount voucher
for 30 off of the Security Plus so
pairing it seems kind of like a
no-brainer to me and there's a reason
it's the highest ranked cert on Coursera
right now I mean 4.9 out of five
God you're beautiful so check out that
video if you're just starting out on
cyber security moving on we have uh is a
plus and Pen test plus I Clump these
together because while they are roughly
the same as far as difficulty they do
vary in higher ability for some
different reasons the scissors goes over
defense through incident detection and
response whereas the pen Test Plus
focuses on offense through penetration
testing and vulnerability assessment
generally speaking the difficulty of the
two like I said is pretty on par with
each other it just focus on different
aspects of cyber security and it just
depends on what you want to go into both
tests are the same price as a Security
Plus at 392 dollars and now as far as
higher ability I would say based on all
the research I've done and everything
I've experienced in my drive application
process that the sizza plus is a little
bit better as far as being able to land
you a job because generally security
analyst positions are more entry level
and easier to get into whereas
penetration testing positions which the
pen Test Plus certificate is for are a
lot harder to get into and more
mid-level they're going to be looking
for more information than just the pen
tests and it doesn't help you quite as
much to land that interview or that job
so C tier for sizza plus and D tier for
pen test but only by a little post your
complaints down on the bottom but this
is how I make sense of the certification
storm that we're in right now and yeah
yesterday the last CompTIA sir I want to
mention is the Casp plus this is
designed for someone with 10 years plus
experience in it and five years
experience in security but unlike other
certs this isn't a mandatory requirement
this is just something that they
recommend you have before you try it so
anybody can take it exam is very Broad
and covers a lot of domains and at the
price point of 494 dollars it's only
slightly cheaper than another cert
coming up vastly Superior than this one
and far more well known so this one's a
b because there's a better option it's
arguably well less known than that one
and rarely does this come up in job
listings and how would be remiss if I
didn't go over the highly controversial
Cisco CCNA this tier list is for higher
ability Cisco is so widely used that
even with new technologies hitting the
scene if you plan on taking a network
certificate anyways because you want to
become something like a security network
engineer then I would always recommend
this CCNA cert over the network plus
cert as it's better than the network
cluster and it's Cheaper by fifty
dollars don't believe me well this chart
doesn't lie the CCNA is an intermediate
certificate and that it dives into more
difficult configuration Concepts albeit
their Cisco proprietary but still gives
you a far better understanding of
networking than the network plus goes
into I mean I had four Cisco networking
classes through my bachelor's degree in
college so there's a lot of people
backing up Cisco it's easier to get a
job with it in the networking Community
because of how well known it is in there
therefore it's ranked as a c which is
very fitting for Cisco now if you're
looking to become a penetration tester
then you're going to want to look into
these next two certs the ceh the
certified ethical hacker this tends to
be over hyped and put down a lot by the
cyber security Community but I don't
think they can argue how widely known it
is and what it lacks from support in the
security Community it makes up for an HR
clout unfortunately it does come at a
high cost of 1199 and that's if you can
get the 850 ceh course waived to be
considered for testing without the
course you have to submit an application
to the EC Council which requires you to
have at least two years of experience
working in the information security
domain so this cert is a solid C and
that's largely in part due to the high
cost of this cert I'll look down upon it
is and even with the HR clout it carries
there is a far superior better option
than I'm about to go over it has a
bigger better and more badass respected
older sibling and we're of course
talking about the oscp the offensive
security certified professional this
does come at a higher cost and at one
point it was apparently available for
like a thousand bucks but they've upped
their prices the self-guided individual
course is 1599 which includes 90-day lab
access and one exam attempt the learn
one subscription is 2499 a year and
provides a lab access for one year and
two exam attempts and if you're
absolutely loaded and have bottomless
Pockets then for 5499 a year you get
unlimited attempts to pass the test now
this test requires you to do live
Network penetration testing for 24 hours
with questions as part of the open
security certification program this cert
is for life so unlike the previously
mentioned ones this one does not expire
and this kind of confirms its
superiority to the certified ethical
hacker certification just because it
lasts forever that means that it has to
be far more difficult given how more
respected the certificate is and how it
only costs a little bit more than the CH
cert this makes it far more Superior it
carries just as much HR clout as the ceh
and it's not looked down upon this is an
a-tier certificate my boss looks down at
the CH and says that if I can get this
sir it's like an immediate promotion for
me let's talk government compliance
certs isaka certs the information
systems audit and Control Association is
a globally recognized and highly
respected organization isaka offers four
certs that are very commonly looked for
there is the certified information
security auditor certified information
security manager a certified risk in
Information Systems control and
certified governance of Enterprise I.T
now I'm pumping all these together as
they're similarly designed but they're
just for different niches in the cyber
security space that being said the
content provided by these certs is
extensive with cism arguably hardest one
of the tests as it's geared towards
information security managers and HR
will often take this interchangeably
with another cert I'm going to be going
over that is an S tier cert but sadly
these are all just a tier certs they're
reasonably priced at 760 dollars a pop
they're well respected and well known
they're just not quite living up to
other certs that you could get that
provide the same and more clout and more
reputation and higher ability now below
ISAC asserts are GX certs Global
information assurance certifications
there's only a couple issues with these
the price and they're not as well known
as other certs it's a shame because they
are on par with the other certs but
because of the aforementioned issues we
have to rank them below the ice hackers
accordingly in my job sample list the
the G sex cert was only found one time
and it's just as difficult as a Security
Plus but costs three times more CT sorry
it just didn't do better the remaining
GX certs are incredibly practical as far
as the content and provide far more bang
for your buck for that 949 price point
so for that reason the rest are B tier
now if you can get any of these GX certs
paid for by your current employer then
they're a tier for practical content
only hindered by their lack of
reputation if a man in the middle of a
forest earns a certificate and no one
knows about it does he get a job now
something I didn't mention about the
previous certs and that is a pro for the
GX certs is that they do offer a slight
discount at 100 off your retake test
whereas the competea and the isak
asserts do not have that you only get
one attempt to take it if you fail
you'll lose the money that you've spent
towards the cert so don't fail but at a
starting cost of 949 dollars it's not
really that much incentive if you only
get a hundred dollar discount on the
next test the next cert deserves a drum
roll ladies and gentlemen boys and girls
the search you've all been waiting for
foreign
[Music]
[Applause]
information system security professional
if you haven't heard of it before then
you live under a boulder
[Music]
then you'll live under a rock but that's
okay because that's why you're here now
this cert is widely known and that is an
understatement it's well respected and
is arguably the best bang for your buck
cert that you can get right now coming
in at only 749 now I studied for this
exam like crazy before I got my current
position and honestly after making this
video it's making me rethink trying to
get back into it and getting this served
now the requirements of the serve to be
fully recognized as a cissp are a bit
more difficult than what we've covered
so far you have to have a minimum of
five years work experience working in
two or more of the eight domains covered
in the cisp exam luckily you can drop
that requirement by one year if you
either have a four-year college degree
or you obtain one of the approved
certificates from the ISC approved list
this is the approved list and you'll
notice that the Security Plus is
actually on here so folks do you see
here I'm going with this get your
Security Plus first then all you need is
four years oh and then the other
requirement is you have to DM someone
with the cisp to back you up that part's
easy though just find someone with a
cissp who can vouch for your mad skills
and well soon you guys will have me to
vouch for you and if you want me to
vouch for you then I can be reached by
my Mad Hat membership in my patreon link
down below just kidding about the
vouching part the patreon's real but
there's nothing on it yet so don't worry
about it now a candidate who doesn't
have the five years requirement to get
this fully fledged cssp can still take
the test and pass it to earn an
Associates of ISC you'll have six years
to complete the aforementioned
requirements this cert covers a ton of
information it covers eight domains and
the only cert that comes close to
covering this much information is the
GSE which isn't a typical certification
it's a portfolio of certs that requires
you to obtain six of the GX certs I
mentioned before and if you've been
paying attention that is six times nine
hundred and forty nine dollars yeah so
that's not really a standalone own
certificate but if you want to challenge
job security for life and you have
bottomless pockets it's arguably the
best certificate that you can get since
it's six certs in one the ciss piecer is
often interchanged in job listings with
the associate of the ISC because HR
knows that the only difference between
you and the cissp holders is five years
help desk experience or something and
looking in my job samples there's far
more jobs asking for the cssp than the
Security Plus so this one's an S tier
for sure think of the cssp as one of the
most versatile certifications that you
can get it's relevant to more job roles
than pretty much any other suit you can
get out there now ISC has a few other
certs though not as prestigious as the
cssp are still okay I have to mention
the cyber security certified cert it
offers this is great for beginners and
it's currently free if you join the ISE
membership which has an annual fee of 50
so it's not technically free but this is
kind of a worse version than the Google
search I mentioned earlier it does
prepare you for the Security Plus but it
doesn't cover nearly as much as the
Google search and it doesn't give you a
30 discount for the Security Plus cert
so not really worth it for that
inferiority reason and the fact that
nobody asks for this cert and will not
land you an interview this is similar to
the A Plus sir it's an F my dude next up
is the system security certified
practitioner that they offer this test
is easier than Security Plus and it's
less known so this is a solid d-minus
let's talk the cloud this is where the
real money is at right now this is where
everything is headed and the level of
demand for cloud security certs is going
through the roof right now because it is
arguably the newest domain in cyber
security isc's ccsp the certified Cloud
security professional which is fabulous
absolute Banger of assert but there's
only one problem it's not the OG Cloud
cert the title of mother of all Cloud
certs is given to the ccsk which is the
certificate of cloud security knowledge
this is quite literally the industry's
first exam elimination of cloud security
knowledge when it was released back in
2010 so the ccsk covers comprehensive
knowledge of cloud security while the
ccsp covers the same knowledge with a
lot more of cssp governance topics and
domains mixed in the ccsp also requires
the same five years of work experience
in security domains in order to obtain
the official title of ccsp whereas the
ccsk has been around for longer costing
395 dollars compared to the ccsp's 599
dollars it can be taken from the comfort
of your own home and it's an open book
exam where you have 60 minutes to answer
90 questions for that reason it is
easier but it is impossible to research
every single question in that amount of
time but that is why it is significantly
lower in difficulty on the list here
with the ccsp being at 599 dollars which
is significantly more but is certainly
agreed that it is more prestigious of
assert to obtain ICS even writes one
important distinction to know is is that
the ccsp is a certification and the ccsk
is a certificate oh ISE that is
semantically pompous of you now in my
opinion the ccsk is an S tier cert
it's well known it's easy to get it's
more bang for your buck and it lasts
forever whereas the ccsp has the 5V
requirement and you have to renew it
regularly and a lot of times in job
requirements they're taken
interchangeably so HR is going to look
pretty similarly at the two certs so
obviously that makes the ccsp an a tier
right below maybe maybe a plus if we're
being semantically generous and while
we're on the subject of cloud certs
Azure security certifications these are
legitimately slept on my ex-co-worker
landed a job as a Azure engineer with
just a an associate sir alone and for a
hundred and sixty four dollars and a
significant amount of companies
utilizing Microsoft software this is a
solid a choice it's arguably just as
easy to land a job within Azure
certificate as the Security Plus
certificate so I really have no choice
but to put it in this tier considering
it's cheaper than the other mentioned
certs Azure also offers multiple paths
to advance in your certificates and you
can build your knowledge and Advance
into the Microsoft certified cyber
security architect expert now I know
some of you are thinking what about AWS
well AWS doesn't have quite as many
certificate paths so for that reason I'm
not even going to mention it sorry you
didn't make the cut there's also
Google's Professional Security Cloud
engineer cert that you can get at 200
this is a decent option although not as
widely known or as sought after as the
Azure certs it's also significantly
easier than the Azure sir as you can see
on the list here so for that reason we
got to bump it down a few because it's
not as well known and it's probably not
going to land you a job so we're gonna
have to bump it down to the C tier
that's enough for cloud we're
approaching the end of the list and
there's only a couple special mentions
left ITIL certs
these exist d e and D suck Blue Team
level one I've actually been asked about
this a lot after researching its
offerings and reputation everyone agrees
it's far more practical and useful
for preparing for working as a security
analyst compared to its closest
comparable match the shiza plus the only
problem is that HR has no clue
what it is and it costs more than this
is a plus at 500 so for that reason it
just has to rank lower than this is a
plus sorry blue team you're great but
you're going in the deter all right so
as promised the obvious takeaway from
this ranking is to just obtain an S tier
sir right wrong certs are useless just
go to college
[Music]
ah gotcha no but seriously none of these
shirts are gonna guarantee you a job
because you still have the interview for
the job to get through and even if any
one of these magical certs gets you past
the HR Gates and into a zoom call with
the hiring manager if all you did was
cram for a test and fail to apply the
knowledge to building a portfolio of
security projects of hacking tools or
documenting anything along the way then
you're going about it all wrong you'll
most likely sound like someone who
doesn't know what they're doing and not
fully committed to the field and now
this is especially true for the
entry-level search mention generally
speaking the certification is lower on
the list are less likely to get you that
first time interview or much less a job
so really the whole purpose to getting a
cert is just to increase your odds of
getting a job and the Heart of the test
the more likely you're able to retain
some assemblance of proficiency in
whatever you learned and the easier it
is the more likely you're going to
forget everything that you crammed for
as it probably took less Blood Sweat and
late night tears to obtain in this chart
you can expect the bottom to probably
increase your odds of getting in
interview by zero to ten percent and it
goes up from there exponentially and at
the very top of the list we have the
very last cert that I wanted to go over
before all of you forget this video ever
existed the god tier certificate
I've done it
they said it couldn't be done
are they going to be rich
Please Subscribe hit the Bell like this
video share it to your friends thank you
so much for watching everyone we'll see
in the next video
[Music]
foreign
5.0 / 5 (0 votes)