Cybersecurity Certificate Tier List (2024)
Summary
TLDRThis video ranks ethical hacking cybersecurity certifications from S-tier to F-tier, focusing on the specialized field of penetration testing, or 'red teaming'. The ranking is based on the Mad Hat metrics, which include reputation, difficulty, HR clout, and price. The script humorously critiques various certifications, highlighting the importance of practical skills over mere titles and emphasizing that the field is highly technical and demanding, not for the faint-hearted.
Takeaways
- π The video ranks ethical hacking and cybersecurity certifications from S-tier to F-tier, focusing on specialization for roles like penetration testing and red teaming.
- π The speaker emphasizes the difference between penetration testing and ethical hacking, noting that all penetration testing is ethical hacking, but not all ethical hacking is penetration testing.
- π¨βπ« The script discusses the importance of not just obtaining certifications, but also the practical knowledge gained from the courses and labs associated with them.
- πΌ The video warns about the potential confusion between job titles and responsibilities, advising viewers to check job descriptions carefully to avoid being misled into unrelated positions.
- π The rankings are based on an analysis of 100 job descriptions and 100 random job listings for penetration testers, ethical hackers, and red teamers.
- π° The 'Mad Hat metrics' are introduced as the criteria for ranking, including reputation, difficulty, HR clout, and price.
- π CompTIA certifications, while basic and broadly recognized, are considered too elementary for specialized ethical hacking roles and may not significantly enhance a resume in this niche.
- π TCM (The Cyber Mentor) certifications are highlighted as relatively new and positively received in the cybersecurity community, despite some pricing concerns.
- π The script points out that the Offensive Security Certified Professional (OSCP) is the most recognized and sought-after certification in the field, despite its cost and difficulty.
- π« The Certified Ethical Hacker (CEH) certification is criticized for its lack of practicality and is ranked low due to its perceived lack of value in the ethical hacking community.
- π The video concludes with advice on the importance of continuous learning and practical experience beyond certifications for those pursuing a career in ethical hacking.
Q & A
What is the main focus of the video?
-The video focuses on ranking various ethical hacking and cybersecurity certifications from S-tier to F-tier, specifically for roles in penetration testing, red teaming, and ethical hacking.
Why is specialization important for getting into ethical hacking?
-Specialization is important because ethical hacking requires substantial technical knowledge and skills that go beyond general cybersecurity principles and concepts.
What is the difference between penetration testing and ethical hacking according to the video?
-All penetration testing is considered ethical hacking, but not all ethical hacking is penetration testing. Ethical hacking is a broader term that includes red teaming, while penetration testing is a specific type of ethical hacking.
Why might someone be confused about job roles in ethical hacking?
-Confusion can arise due to the use of various titles such as penetration tester, ethical hacker, and red teamer, which are often used interchangeably but may have different job responsibilities.
What does the video suggest about the CompTIA trifecta and Security Plus certifications in the context of ethical hacking?
-The video suggests that while CompTIA trifecta and Security Plus are foundational, they are too basic for ethical hacking roles and may not be visible on resumes when applying for such jobs.
What is the general consensus on the Pentest+ certification from CompTIA according to the video?
-The Pentest+ certification is considered not very useful for red teaming, as it is a high-level multiple-choice exam without much hands-on aspect, making it less practical for the job.
What are the key differences between TCM Security's PJPT and PNPT certifications?
-PJPT (Practical Junior Penetration Tester) is an entry-level certification, while PNPT (Practical Network Penetration Tester) is a more advanced certification for those with more experience in the field.
Why does the video suggest that the eLearn Security certificates may not be the best choice currently?
-The video suggests that eLearn Security certificates have become outdated and less practical since the acquisition by INE, with exams not being updated regularly and a lack of continued educational units.
What is the main issue with the SANS Institute's red teaming certificates according to the video?
-The main issue is the high cost of the SANS Institute's red teaming certificates, which can be over $10,000 when including training and materials, and the exams being largely multiple choice with limited hands-on components.
What does the video suggest about the value of the Offensive Security Certified Professional (OSCP) certification?
-The video suggests that while the OSCP is a well-recognized and respected certification, it may not be necessary to skip the basics and go directly for the more advanced certifications like the OSCP.
Outlines
π Ethical Hacking Certifications Overview
The video script introduces a ranking system for ethical hacking and cybersecurity certifications, ranging from S to F-tier. It clarifies the distinction between general cybersecurity certificates and specialized ethical hacking ones. The focus is on penetration testing, often known as red teaming, which is a sought-after role in cybersecurity. The speaker emphasizes the importance of understanding job descriptions to ensure the right path is chosen, and mentions the Mad Hat metrics for evaluating certifications based on reputation, difficulty, HR clout, and price. The script also highlights the difference between penetration testing and ethical hacking, and the common misconceptions surrounding these terms.
π New and Established Ethical Hacking Certifications
This paragraph delves into specific certifications, starting with the CompTIA Pentest+, which is considered basic for ethical hacking roles. It then introduces newer certifications like TCM Security's PJPT and PNPPT, and compares them with e-learnsecurity's EJPT and ECPPT, which are more established but have seen a decline in quality and reputation. The discussion includes the importance of hands-on experience in these technical roles, the pricing of the certifications, and their recognition in the job market. The paragraph also touches on the issue of certificate expirations and the need for continued education.
π° High-Cost Certifications and Their Value
The script moves on to discuss high-cost certifications from SANS Institute, such as the GPEN and GXPN, which are expensive and have a significant reputation in the cybersecurity community but are criticized for their pricing and lack of hands-on components. It also mentions lesser-known certifications like Zero Point Security's Red Team Ops and Altered Security's CRTP and CRTE, which are more reasonably priced and cover both penetration testing and red teaming concepts. The paragraph emphasizes the importance of practical skills over certifications alone.
π Top-tier Certifications and the Importance of Practical Knowledge
The final paragraph focuses on the most recognized certifications in the ethical hacking community, particularly Offensive Security's OSCP and the lesser-known but highly respected CPTS from Hack The Box. It discusses the difficulty and comprehensiveness of these exams, the recognition they receive in the cybersecurity community, and their impact on job prospects. The script concludes with a warning about the Certified Ethical Hacker (CEH) certification, advising against it due to its lack of practical value and high cost. The importance of continuous learning and practical application of skills beyond certifications is stressed.
Mindmap
Keywords
π‘Ethical Hacking
π‘Certifications
π‘Penetration Testing
π‘Red Teaming
π‘CompTIA
π‘TCM Security
π‘GIAC
π‘Zero Point Security
π‘Offensive Security
π‘Certified Ethical Hacker (CEH)
π‘CISSP
Highlights
The video ranks ethical hacking and cybersecurity certifications from S-tier to F-tier.
Specialization is necessary for those wanting to enter ethical hacking.
Penetration testing is often confused with ethical hacking, but they are not the same.
Ethical hacking is a misunderstood niche in cybersecurity.
Job descriptions are analyzed to determine the value of specific certificates.
CompTIA Security Plus is not sufficient for ethical hacking roles.
Pentest+ is considered basic and not highly regarded in the ethical hacking field.
TCM Security offers the PJPT and PNPT certifications for ethical hacking.
E-learn Security's certificates are criticized for being outdated and expensive.
GIAC offers GPEN and GXPN certifications, but they are costly and impractical.
Zero Point Security and Altered Security offer lesser-known but valuable certifications.
Offensive Security's OSCP is the most recognized but not necessarily the best for job listings.
Hack The Box's CPTS is highly regarded within the cybersecurity community.
The Certified Ethical Hacker (CEH) certification is not recommended for serious ethical hackers.
The importance of continuing education and practical experience beyond certifications.
Certifications are meant to enhance resumes, but the real value lies in the knowledge gained.
The difficulty of breaking into the ethical hacking job market is highlighted.
Transcripts
in this video I'm going to be ranking
the best ethical hacking cyber security
certifications from s tier all the way
down to f-tier if you see my first tier
list video you'll already know about
General cyber security certificates but
as some of you might know if you've seen
any of my other videos If you want to
get into ethical hacking you're going to
need to specialize I'm learnning and
some of these certificates might help
you do just that this isn't for GRC or
blue team security operations this is
for arguably the most sought-after role
in cyber security penetration testing
often referred to as red teaming
otherwise known as ethical hacking
otherwise known as one of the most
misunderstood cyber security niches of
all now let's get real semantical right
now all penetration testing is ethical
hacking but not all ethical hacking is
penetration testing what but all ethical
hacking is red teaming bro what are you
talking about man same thing really
synonyms in this back assword language
we call English but HR has us all
confused with titles so check the job
description to make sure that you're not
getting lured into a Help Desk position
I think I'm going into penetration
testing I didn't know you liked writing
that much what do you mean it's just
writing reports all day it's hacking
into computers all day no it's hacking
into computers one day and then writing
reports the other four days you serious
yeah if you can't already tell I'm mad
hat a six-time security analyst as in
I've been offered six security
operations positions in my lifetime now
much like my previous rankings these
have been created using the Advanced job
description analysis I analyzed a 100
job descriptions in my previous tier
list but now we're checking everything
everything everything what I've
discovered through advanced query syntax
we can actually get a reliable list that
contain any one specific
certificate wait a minute but I also
pulled 100 perfectly random job listings
for penetration tester ethical hacker
and red teaming also so we can finally
answer the question on everyone's mind
who the fck is this guy how do I get
into this cyber Niche now I'll explain
my reasoning using The Mad Hat metrics
reputation difficulty HR clout and of
course price cuz this economy has us
living paycheck to credit card debt at
the end I'll summarize my thoughts on
this field and what you need to consider
when trying to get into this field very
important that you get to the end cuz
this field is not for the weak-minded
and the mini mad hats need some new
shoes let's get started and a lot of
ways the needs of ethical hacking are so
Technical and so in the weeds that
you're going to be digging through the
roots h get it
Roots whereas blue teaming security
analyst work requires more of a high
level knowledge or a more broad
understanding of basic cyber security
principles and Concepts to start working
in that Niche check out this video here
if you want to know what those are
getting a start in ethical hacking
require substantially more technical
knowledge because finding a
vulnerability in say a very hyp specific
process or subprocess to gain access and
then continue down the line to do things
like account privilege escalation to
lateral movement is hard all of this is
very difficult so for that reason the
CompTIA trifecta in our previously
goated Security Plus is not a part of
this
[Music]
list you got to know everything they
cover but sadly these might as well be
invisible on your resume when applying
to ethical hacking jobs so while it does
come up a handful of times in our sample
and an insurmountable amount of times in
other cyber security niches it is two
basic for this ntion now as the elephant
in the cyber security space ptia does
have an option for a red teaming
certificate the pentest plus which if
you ask our local Discord Legend it's as
useful as a poop sack poop sack and
unfortunately I have to agree with that
sentiment as it's purely a highlevel
multiple choice exam and at $44 it sits
as the D tier for doggy doooo no
Hands-On aspect which is crucial to test
on when having such a highly technical
job honestly this is designed to just
nudge you in the direction of red
teaming and red teaming
Concepts but largely unnecessary if
you're serious about getting into this
Niche now would have been an F tier
however it does appear a surprisingly
high amount of times in our sample and F
tier is saved for the especially heinous
of certificates coming up so consider
yourself lucky pentest Plus Moving On we
have the New Kids on the Block TCM
security founded in 2019 by Heath Adams
himself creator of the YouTube channel
the Cyber Mentor we have the PJ PT at
$249 the Practical Junior penetration
tester and its more advanced older
sibling riddled with fresh teenage angst
the PNP the Practical Network
penetration tester now these two
certificates somewhat similarly compare
to in security ejpt and E cptx which is
formerly known as e-learn Securities
Junior penetration tester which is
currently also $249 and e-learn
securities Advanced penetration testing
which was retired on October 1st of last
year bastards why so the closest thing
to the pnppt would be the ecpp PT the
certified professional penetration
tester at $399 currently they're having
a special where if you purchase the
voucher you get 3 months of Premium
access which by the way is required to
purchase this exam voucher outside of
any promos going on you would need to
normally purchase the $700 premium
subscription before you're even allowed
to purchase this exam voucher but as it
currently stands it is a little bit
cheaper than the pmpt but usually it's
way more now would be a good time to
mention certificate expirations I expire
after 3 years PCMS do not although we do
see a history of potentially bringing in
expirations to tcm's certificates to
comply with reputable accreditation
boards but currently they don't expire
and you also notice that TCM was
mentioning cus or continued educational
units you know educational credits that
renew your certificates yeah INE doesn't
have that you just straight up have to
retake the exam you took and Fork over
that hard-earned coin now this wouldn't
make sense if the exam was updated
regularly as technology changes but uh
yeah they're struggling to update
anything over there now as far as
reputation goes TCM has in beat by a
long shot when in acquired e-learn
security things went downhill fast labs
are breaking exams were getting outdated
fast lots of fans were hitting the shits
whereas TCM security is consistently
making improvements and adding content
to their courses and exams their
reputation is mostly positive in the
cyber security Community even when the
recent adjustments to their pricing with
P&P going up to
$499 but they still don't have any
premium money grabbing gatekeeping like
IE has neither of them really show up in
job listings yet just a few hits for any
one of them with all the complaints
covered lack of HR clout and highly
suspect pricing model IE you're going in
C tier or can't believe you tarnished
e-learn security certificates you suck
TCM good job you've earned a spot in the
B tier way to be better than INE walk
we meet again I've been far too generous
for guac CTS in the past and the last
thing guac and Sans Institute needs is
my generosity my money Sans of course
being the people who offer courses that
are essentially required to pass any one
of the guerts these expensive ass
courses now I won't get into another
rant about spending $10,000 on one
certificate but they do provide two red
teaming certificates worth mentioning
the guac penetration tester
certification and the gxpn the guac
exploit researcher and advanced
penetration tester both cost $979 for
the exam voucher but with the
essentially mandatory Sans training and
materials needed to pass this open book
exam it's more like $110,000 a piece
nuh-uh nope ain't paying that mm- if
your job can pay for it by all means but
I'm sure most of you are watching are
still trying to get into your first
cyber security job and don't have a job
that's willing to pay an arm and a
kidney for one certificate do get you
certified and also these are largely
multiple choice exams
with six quote unquote lab questions
which is how they address the Hands-On
side of things making these exams very
impractical as far as preparing someone
to be a penetration tester or an ethical
hacker sure the gpen appears the second
most often in our sample with the gxpn
appearing in roughly 10% of them but for
all the reasons outlined walk y'all shat
the beted on this one either make your
exam more Hands-On or reduce your
pricing for the sand courses now I know
what some of you might be thinking Mad
Hat these shirts are to prove that you
went through the sand course which are
highly respected in the Cyber SEC
Community eh you I say go watch my Mr be
Style video to see why that's not the
case C tier for gpen and since gxpn is
more complicated and proves you know a
little bit more about what you're doing
B tier but below TCM Sears through my
sweaty late night research I've
discovered some certificates that I've
never heard of that apparently appear in
some of these job listings I pulled zero
point Securities red team Ops and Red
Team Ops too this company is kind of
like the security blue team as it seems
as far as quality but for red teaming
similar in that they're both British boy
the general consensus on these CTS is
that they're harder than more wellknown
Sears coming up on this list While most
certificates focus on penetration
testing these exams cover that and red
teaming Concepts including an emphasis
on OPC which is keeping sensitive data
from the bad guys a concept that is
neglected in a lot of the searchs on
this tier list now the red team Ops 2
simply Builds on the knowledge gained
from the first exam the labs and exams
heavily utilize Cobalt strike beaconing
which which is neat basically they cover
more than what's covered on most of the
certificates on this tier list and at
$462 and $55 plus potential additional
lab costs these are pretty decently
priced certificates for what you're
getting a tier hey good job mate you're
a winner similar to zero point security
Sears we have another underground
company altered Securities crtp the
certified red team professional at only
$249 and the more advanced crte the
experts sir at $299
now these might seem cheap but the
30-day lab access for the cheapest
option might not be enough for folks and
the prices shoot up pretty quick if
you're not a fast learner now these
shirts are more or less Unknown by HR
and these were formerly certificates
provided under in Securities website but
the cour maker left shocking I know but
they were able to pull the rights back
to the materials in the exam from in's
hold now these are pretty extensive
exams but they're not quite as difficult
as Zero Point Security exam but they do
still cover similar material utilizing
Powershell instead of cobalt strike
these are of course B tier wedged
accordingly in between the TCM CTS but
above this doooo face now for the moment
I'm sure all of you have been waiting
[Music]
for offset offensive security is by far
the most commonly known certificate
agency by the red teaming cyber SEC
Community which was of course made
famous by its Golden Child the ocp the
offensive security certified
professional now following along the two
certificate per agent theme that we have
going on they also have a more difficult
exam the ep the offensive security
experienced penetration tester now the O
more or less just Builds on the
knowledge that you learned in the ocp so
not everything that's covered in the ocp
is covered in the O exam which makes
sense certificate agencies want you to
buy all of their CTS building one off of
the other it's a very logical and
lucrative business model now both of
these certificates cost the same to
obtain at
$1650 a pop unless you purchase is the
learn one or learn unlimited option
which does save you money if you plan on
taking both or more of off sex
Securities courses and certificates but
it's not easy to find time and
motivation to continuously study
throughout the year while working 9 to5
with 2 and A2 kids resisting the
temptation to use any ounce of time you
have remaining on Mindless yet so
satisfying video games anyways the ocp
is arguably less difficult and less
comprehensive than the crtp or the cr1
but but it is the de facto golden
standard for the basics of penetration
testing and it's the number one most
commonly found certificate in our sample
list W so of course the jacked older
brother the O is s tier right wrong it
doesn't come up in job listings I know I
know the world doesn't make any sense
I'm just trying to make sense of it the
best that I can but it's a tier the
immediate recognition of the ocp on a
resume is the only reason that ocp is s
tier and O is a tier I don't make the
rules I just try not to break them and
honestly I feel like skipping the ocp is
a bit of a disservice to yourself I mean
yeah the OSP is more difficult but in
some ways that's like skipping the
basics and if I recall in many many many
many of my previous math classes that
I've taken you're never taught the easy
way to solve an equation first you have
to learn the long ass complicated
version first now the certificate that
I've been waiting for p the Box
Academy's certified penetration test
specialist the
cpts now hack the box is very well known
in the cyers SEC Community but not the
HR community so this is rarely seen on
any job listings but this exam requires
that you complete the penetration tester
job roll path which is where the magic
happens completing all these modules and
boxes provides an invaluable amount of
knowledge and insight into penetration
testing all leading up to the exam which
is just like the OSP in that it's also
Hands-On entirely practical and it's
almost entirely agreed upon online to be
significantly harder than the OSP which
is most likely due to it being a 10day
exam whereas the OSP is only 24 hours
pair that with the fact that you can't
move on from one machine if you can't
solve it whereas in the ocp you can
bounce around and solve the easy ones
first you can't get past one machine in
the cpts exam you fail it's all or
nothing so if you're weak in one aspect
of penetration testing for you also it's
been said that if you pass the cpts you
can more or less immediately walk in and
past the ocp so for that reason alone
I've decided to take it upon myself to
Grant the cpts the honor nay the
privilege bestowed upon the greats and
put it in s tier you've done what none
of the other certificates could do
you've become so powerful not even the
HR Gates can stop you you're the
underground goats of the red team space
all because of the sheer amount of
technical knowledge practical skills and
sheer cyber security Community Clouts
gained will actually show in your
interviews now no list would be complete
without another well-known quote unquote
ethical hacking certificate the
certified ethical hacker certificate the
C if you're just looking to check a
government requirement box just get the
CSP it's cheaper at $750 has more HR
clout and is just as easy watch this
this video here and you'll pass in no
time oddly enough the cissp actually
shows up in 25% of our penetration
testing job sample what can I
say it's a popular certificate F tier my
guy you don't want to be like this this
is disgusting this is awful in every way
if I could kill it I would but I legally
can't but I've considered it you suck
and I don't care if you show up in
almost half the job listings in our
sample you're baggage is not worth it in
my masked opinion but hey I will throw
EC count Sol a bone they do have the C
Pence a certified penetration testing
professional exam a 24-hour Hands-On
exam similar to the OSP this is somewhat
new not listed in any job descriptions
but it seems to be an okay exam for
learning again can't deal with the
baggage but for learning's sake deter or
quit [Β __Β ] around EC Council and fix
your company's problems press shirts
these exist and are very British and can
be very expensive D tier sorry bro all
right so what do you need to consider
when going into ethical hacking consider
joining the Army cuz good luck getting
hired in this job
[Music]
market sorry I had to it's kind of
become a tradition at this point but
seriously certificates only serve one
purpose and one purpose only making your
resume look better now the courses
around the certificates if they're even
available are where you get your money's
worth you know the more you get the more
you feel your money worth from any of
the certificates mentioned in this tier
list Beyond completing all the courses
labs and obtaining a certificate it's
your responsibility to continue to build
on what you learned cuz when it's time
to interview if you just sound like a
guy who memorized exploits to pass the
exam it's going to show how does it
feel treat me like you
do when you play
Browse More Related Video
![](https://i.ytimg.com/vi/YeWYlp9JP6g/hq720.jpg?v=6485a5e4)
Cybersecurity Certificate Tier List (2023)
![](https://i.ytimg.com/vi/ngJEktjCPnk/hq720.jpg)
College Degree Difficulty Tier List (Most Difficult Majors Ranked)
![](https://i.ytimg.com/vi/L4lN4pFiyDw/hq720.jpg)
How to Learn Cyber Security FAST using ChatGPT as a Beginner: Using ChatGPT To Learn Cybersecurity
![](https://i.ytimg.com/vi/xEAGAKE0z_8/hq720.jpg)
The Top Student Tier List (Ranking 27 Study Skills)
![](https://i.ytimg.com/vi/wLgkX6F3ZDA/hq720.jpg)
Underrated Cyber Security Certs that WILL get you HIRED
![](https://i.ytimg.com/vi/NU9LNS3-rmo/hq720.jpg)
Cyber Security Certificate Tier List β UPDATED (2023)
5.0 / 5 (0 votes)