Cybersecurity Certificate Tier List (2024)

00:00

in this video I'm going to be ranking

00:01

the best ethical hacking cyber security

00:03

certifications from s tier all the way

00:06

down to f-tier if you see my first tier

00:08

list video you'll already know about

00:10

General cyber security certificates but

00:11

as some of you might know if you've seen

00:13

any of my other videos If you want to

00:14

get into ethical hacking you're going to

00:16

need to specialize I'm learnning and

00:20

some of these certificates might help

00:21

you do just that this isn't for GRC or

00:24

blue team security operations this is

00:26

for arguably the most sought-after role

00:28

in cyber security penetration testing

00:31

often referred to as red teaming

00:33

otherwise known as ethical hacking

00:35

otherwise known as one of the most

00:37

misunderstood cyber security niches of

00:39

all now let's get real semantical right

00:40

now all penetration testing is ethical

00:43

hacking but not all ethical hacking is

00:45

penetration testing what but all ethical

00:47

hacking is red teaming bro what are you

00:50

talking about man same thing really

00:51

synonyms in this back assword language

00:53

we call English but HR has us all

00:55

confused with titles so check the job

00:57

description to make sure that you're not

00:59

getting lured into a Help Desk position

01:02

I think I'm going into penetration

01:03

testing I didn't know you liked writing

01:05

that much what do you mean it's just

01:07

writing reports all day it's hacking

01:09

into computers all day no it's hacking

01:12

into computers one day and then writing

01:13

reports the other four days you serious

01:17

yeah if you can't already tell I'm mad

01:20

hat a six-time security analyst as in

01:22

I've been offered six security

01:24

operations positions in my lifetime now

01:26

much like my previous rankings these

01:28

have been created using the Advanced job

01:31

description analysis I analyzed a 100

01:33

job descriptions in my previous tier

01:35

list but now we're checking everything

01:37

everything everything what I've

01:40

discovered through advanced query syntax

01:42

we can actually get a reliable list that

01:44

contain any one specific

01:47

certificate wait a minute but I also

01:49

pulled 100 perfectly random job listings

01:52

for penetration tester ethical hacker

01:54

and red teaming also so we can finally

01:56

answer the question on everyone's mind

01:58

who the fck is this guy how do I get

02:00

into this cyber Niche now I'll explain

02:03

my reasoning using The Mad Hat metrics

02:05

reputation difficulty HR clout and of

02:07

course price cuz this economy has us

02:09

living paycheck to credit card debt at

02:11

the end I'll summarize my thoughts on

02:13

this field and what you need to consider

02:15

when trying to get into this field very

02:17

important that you get to the end cuz

02:18

this field is not for the weak-minded

02:20

and the mini mad hats need some new

02:22

shoes let's get started and a lot of

02:24

ways the needs of ethical hacking are so

02:26

Technical and so in the weeds that

02:27

you're going to be digging through the

02:28

roots h get it

02:31

Roots whereas blue teaming security

02:34

analyst work requires more of a high

02:35

level knowledge or a more broad

02:38

understanding of basic cyber security

02:39

principles and Concepts to start working

02:41

in that Niche check out this video here

02:42

if you want to know what those are

02:44

getting a start in ethical hacking

02:45

require substantially more technical

02:47

knowledge because finding a

02:49

vulnerability in say a very hyp specific

02:51

process or subprocess to gain access and

02:54

then continue down the line to do things

02:56

like account privilege escalation to

02:57

lateral movement is hard all of this is

03:00

very difficult so for that reason the

03:02

CompTIA trifecta in our previously

03:05

goated Security Plus is not a part of

03:08

this

03:08

[Music]

03:13

list you got to know everything they

03:15

cover but sadly these might as well be

03:18

invisible on your resume when applying

03:20

to ethical hacking jobs so while it does

03:22

come up a handful of times in our sample

03:24

and an insurmountable amount of times in

03:27

other cyber security niches it is two

03:29

basic for this ntion now as the elephant

03:31

in the cyber security space ptia does

03:33

have an option for a red teaming

03:35

certificate the pentest plus which if

03:37

you ask our local Discord Legend it's as

03:39

useful as a poop sack poop sack and

03:41

unfortunately I have to agree with that

03:43

sentiment as it's purely a highlevel

03:45

multiple choice exam and at $44 it sits

03:49

as the D tier for doggy doooo no

03:51

Hands-On aspect which is crucial to test

03:54

on when having such a highly technical

03:56

job honestly this is designed to just

03:58

nudge you in the direction of red

04:00

teaming and red teaming

04:02

Concepts but largely unnecessary if

04:05

you're serious about getting into this

04:06

Niche now would have been an F tier

04:08

however it does appear a surprisingly

04:09

high amount of times in our sample and F

04:11

tier is saved for the especially heinous

04:14

of certificates coming up so consider

04:16

yourself lucky pentest Plus Moving On we

04:19

have the New Kids on the Block TCM

04:21

security founded in 2019 by Heath Adams

04:24

himself creator of the YouTube channel

04:26

the Cyber Mentor we have the PJ PT at

04:28

$249 the Practical Junior penetration

04:31

tester and its more advanced older

04:33

sibling riddled with fresh teenage angst

04:36

the PNP the Practical Network

04:38

penetration tester now these two

04:40

certificates somewhat similarly compare

04:42

to in security ejpt and E cptx which is

04:46

formerly known as e-learn Securities

04:48

Junior penetration tester which is

04:50

currently also $249 and e-learn

04:53

securities Advanced penetration testing

04:55

which was retired on October 1st of last

04:58

year bastards why so the closest thing

05:01

to the pnppt would be the ecpp PT the

05:04

certified professional penetration

05:05

tester at $399 currently they're having

05:08

a special where if you purchase the

05:09

voucher you get 3 months of Premium

05:12

access which by the way is required to

05:14

purchase this exam voucher outside of

05:16

any promos going on you would need to

05:19

normally purchase the $700 premium

05:21

subscription before you're even allowed

05:23

to purchase this exam voucher but as it

05:25

currently stands it is a little bit

05:26

cheaper than the pmpt but usually it's

05:28

way more now would be a good time to

05:30

mention certificate expirations I expire

05:33

after 3 years PCMS do not although we do

05:36

see a history of potentially bringing in

05:38

expirations to tcm's certificates to

05:40

comply with reputable accreditation

05:42

boards but currently they don't expire

05:43

and you also notice that TCM was

05:45

mentioning cus or continued educational

05:48

units you know educational credits that

05:50

renew your certificates yeah INE doesn't

05:53

have that you just straight up have to

05:54

retake the exam you took and Fork over

05:57

that hard-earned coin now this wouldn't

05:58

make sense if the exam was updated

06:00

regularly as technology changes but uh

06:04

yeah they're struggling to update

06:06

anything over there now as far as

06:07

reputation goes TCM has in beat by a

06:10

long shot when in acquired e-learn

06:12

security things went downhill fast labs

06:15

are breaking exams were getting outdated

06:17

fast lots of fans were hitting the shits

06:19

whereas TCM security is consistently

06:22

making improvements and adding content

06:24

to their courses and exams their

06:26

reputation is mostly positive in the

06:28

cyber security Community even when the

06:29

recent adjustments to their pricing with

06:32

P&P going up to

06:34

$499 but they still don't have any

06:36

premium money grabbing gatekeeping like

06:38

IE has neither of them really show up in

06:41

job listings yet just a few hits for any

06:43

one of them with all the complaints

06:44

covered lack of HR clout and highly

06:46

suspect pricing model IE you're going in

06:48

C tier or can't believe you tarnished

06:51

e-learn security certificates you suck

06:53

TCM good job you've earned a spot in the

06:56

B tier way to be better than INE walk

07:00

we meet again I've been far too generous

07:02

for guac CTS in the past and the last

07:04

thing guac and Sans Institute needs is

07:06

my generosity my money Sans of course

07:09

being the people who offer courses that

07:11

are essentially required to pass any one

07:13

of the guerts these expensive ass

07:16

courses now I won't get into another

07:17

rant about spending $10,000 on one

07:20

certificate but they do provide two red

07:22

teaming certificates worth mentioning

07:24

the guac penetration tester

07:25

certification and the gxpn the guac

07:28

exploit researcher and advanced

07:30

penetration tester both cost $979 for

07:33

the exam voucher but with the

07:34

essentially mandatory Sans training and

07:37

materials needed to pass this open book

07:39

exam it's more like $110,000 a piece

07:41

nuh-uh nope ain't paying that mm- if

07:43

your job can pay for it by all means but

07:45

I'm sure most of you are watching are

07:46

still trying to get into your first

07:47

cyber security job and don't have a job

07:50

that's willing to pay an arm and a

07:51

kidney for one certificate do get you

07:55

certified and also these are largely

07:58

multiple choice exams

08:00

with six quote unquote lab questions

08:02

which is how they address the Hands-On

08:04

side of things making these exams very

08:06

impractical as far as preparing someone

08:08

to be a penetration tester or an ethical

08:10

hacker sure the gpen appears the second

08:12

most often in our sample with the gxpn

08:14

appearing in roughly 10% of them but for

08:16

all the reasons outlined walk y'all shat

08:19

the beted on this one either make your

08:21

exam more Hands-On or reduce your

08:23

pricing for the sand courses now I know

08:25

what some of you might be thinking Mad

08:26

Hat these shirts are to prove that you

08:28

went through the sand course which are

08:29

highly respected in the Cyber SEC

08:34

Community eh you I say go watch my Mr be

08:36

Style video to see why that's not the

08:38

case C tier for gpen and since gxpn is

08:41

more complicated and proves you know a

08:43

little bit more about what you're doing

08:44

B tier but below TCM Sears through my

08:47

sweaty late night research I've

08:49

discovered some certificates that I've

08:50

never heard of that apparently appear in

08:52

some of these job listings I pulled zero

08:54

point Securities red team Ops and Red

08:56

Team Ops too this company is kind of

08:58

like the security blue team as it seems

09:00

as far as quality but for red teaming

09:02

similar in that they're both British boy

09:04

the general consensus on these CTS is

09:06

that they're harder than more wellknown

09:07

Sears coming up on this list While most

09:09

certificates focus on penetration

09:11

testing these exams cover that and red

09:14

teaming Concepts including an emphasis

09:16

on OPC which is keeping sensitive data

09:18

from the bad guys a concept that is

09:20

neglected in a lot of the searchs on

09:21

this tier list now the red team Ops 2

09:23

simply Builds on the knowledge gained

09:25

from the first exam the labs and exams

09:26

heavily utilize Cobalt strike beaconing

09:29

which which is neat basically they cover

09:30

more than what's covered on most of the

09:32

certificates on this tier list and at

09:35

$462 and $55 plus potential additional

09:38

lab costs these are pretty decently

09:40

priced certificates for what you're

09:42

getting a tier hey good job mate you're

09:44

a winner similar to zero point security

09:46

Sears we have another underground

09:48

company altered Securities crtp the

09:51

certified red team professional at only

09:54

$249 and the more advanced crte the

09:57

experts sir at $299

09:59

now these might seem cheap but the

10:01

30-day lab access for the cheapest

10:03

option might not be enough for folks and

10:05

the prices shoot up pretty quick if

10:06

you're not a fast learner now these

10:07

shirts are more or less Unknown by HR

10:10

and these were formerly certificates

10:11

provided under in Securities website but

10:13

the cour maker left shocking I know but

10:16

they were able to pull the rights back

10:17

to the materials in the exam from in's

10:19

hold now these are pretty extensive

10:21

exams but they're not quite as difficult

10:23

as Zero Point Security exam but they do

10:25

still cover similar material utilizing

10:27

Powershell instead of cobalt strike

10:28

these are of course B tier wedged

10:30

accordingly in between the TCM CTS but

10:33

above this doooo face now for the moment

10:35

I'm sure all of you have been waiting

10:38

[Music]

10:41

for offset offensive security is by far

10:44

the most commonly known certificate

10:46

agency by the red teaming cyber SEC

10:49

Community which was of course made

10:50

famous by its Golden Child the ocp the

10:54

offensive security certified

10:56

professional now following along the two

10:58

certificate per agent theme that we have

11:00

going on they also have a more difficult

11:02

exam the ep the offensive security

11:05

experienced penetration tester now the O

11:08

more or less just Builds on the

11:09

knowledge that you learned in the ocp so

11:11

not everything that's covered in the ocp

11:13

is covered in the O exam which makes

11:16

sense certificate agencies want you to

11:18

buy all of their CTS building one off of

11:20

the other it's a very logical and

11:22

lucrative business model now both of

11:24

these certificates cost the same to

11:26

obtain at

11:27

$1650 a pop unless you purchase is the

11:29

learn one or learn unlimited option

11:31

which does save you money if you plan on

11:33

taking both or more of off sex

11:35

Securities courses and certificates but

11:37

it's not easy to find time and

11:38

motivation to continuously study

11:40

throughout the year while working 9 to5

11:43

with 2 and A2 kids resisting the

11:45

temptation to use any ounce of time you

11:47

have remaining on Mindless yet so

11:49

satisfying video games anyways the ocp

11:52

is arguably less difficult and less

11:55

comprehensive than the crtp or the cr1

11:59

but but it is the de facto golden

12:01

standard for the basics of penetration

12:03

testing and it's the number one most

12:04

commonly found certificate in our sample

12:06

list W so of course the jacked older

12:09

brother the O is s tier right wrong it

12:13

doesn't come up in job listings I know I

12:15

know the world doesn't make any sense

12:18

I'm just trying to make sense of it the

12:19

best that I can but it's a tier the

12:22

immediate recognition of the ocp on a

12:24

resume is the only reason that ocp is s

12:28

tier and O is a tier I don't make the

12:31

rules I just try not to break them and

12:33

honestly I feel like skipping the ocp is

12:35

a bit of a disservice to yourself I mean

12:37

yeah the OSP is more difficult but in

12:40

some ways that's like skipping the

12:41

basics and if I recall in many many many

12:44

many of my previous math classes that

12:46

I've taken you're never taught the easy

12:48

way to solve an equation first you have

12:50

to learn the long ass complicated

12:52

version first now the certificate that

12:55

I've been waiting for p the Box

12:56

Academy's certified penetration test

12:59

specialist the

13:03

cpts now hack the box is very well known

13:06

in the cyers SEC Community but not the

13:08

HR community so this is rarely seen on

13:10

any job listings but this exam requires

13:13

that you complete the penetration tester

13:15

job roll path which is where the magic

13:18

happens completing all these modules and

13:20

boxes provides an invaluable amount of

13:24

knowledge and insight into penetration

13:26

testing all leading up to the exam which

13:28

is just like the OSP in that it's also

13:31

Hands-On entirely practical and it's

13:33

almost entirely agreed upon online to be

13:36

significantly harder than the OSP which

13:39

is most likely due to it being a 10day

13:41

exam whereas the OSP is only 24 hours

13:44

pair that with the fact that you can't

13:46

move on from one machine if you can't

13:48

solve it whereas in the ocp you can

13:50

bounce around and solve the easy ones

13:52

first you can't get past one machine in

13:54

the cpts exam you fail it's all or

13:57

nothing so if you're weak in one aspect

13:59

of penetration testing for you also it's

14:02

been said that if you pass the cpts you

14:04

can more or less immediately walk in and

14:07

past the ocp so for that reason alone

14:10

I've decided to take it upon myself to

14:12

Grant the cpts the honor nay the

14:15

privilege bestowed upon the greats and

14:18

put it in s tier you've done what none

14:20

of the other certificates could do

14:22

you've become so powerful not even the

14:24

HR Gates can stop you you're the

14:27

underground goats of the red team space

14:29

all because of the sheer amount of

14:31

technical knowledge practical skills and

14:33

sheer cyber security Community Clouts

14:35

gained will actually show in your

14:38

interviews now no list would be complete

14:40

without another well-known quote unquote

14:43

ethical hacking certificate the

14:45

certified ethical hacker certificate the

14:48

C if you're just looking to check a

14:50

government requirement box just get the

14:52

CSP it's cheaper at $750 has more HR

14:57

clout and is just as easy watch this

14:59

this video here and you'll pass in no

15:01

time oddly enough the cissp actually

15:02

shows up in 25% of our penetration

15:05

testing job sample what can I

15:08

say it's a popular certificate F tier my

15:12

guy you don't want to be like this this

15:15

is disgusting this is awful in every way

15:18

if I could kill it I would but I legally

15:22

can't but I've considered it you suck

15:24

and I don't care if you show up in

15:26

almost half the job listings in our

15:28

sample you're baggage is not worth it in

15:30

my masked opinion but hey I will throw

15:32

EC count Sol a bone they do have the C

15:34

Pence a certified penetration testing

15:36

professional exam a 24-hour Hands-On

15:38

exam similar to the OSP this is somewhat

15:41

new not listed in any job descriptions

15:43

but it seems to be an okay exam for

15:45

learning again can't deal with the

15:46

baggage but for learning's sake deter or

15:49

quit [ __ ] around EC Council and fix

15:51

your company's problems press shirts

15:54

these exist and are very British and can

15:56

be very expensive D tier sorry bro all

15:59

right so what do you need to consider

16:01

when going into ethical hacking consider

16:03

joining the Army cuz good luck getting

16:05

hired in this job

16:07

[Music]

16:10

market sorry I had to it's kind of

16:13

become a tradition at this point but

16:14

seriously certificates only serve one

16:17

purpose and one purpose only making your

16:19

resume look better now the courses

16:20

around the certificates if they're even

16:22

available are where you get your money's

16:24

worth you know the more you get the more

16:26

you feel your money worth from any of

16:28

the certificates mentioned in this tier

16:30

list Beyond completing all the courses

16:32

labs and obtaining a certificate it's

16:34

your responsibility to continue to build

16:37

on what you learned cuz when it's time

16:39

to interview if you just sound like a

16:41

guy who memorized exploits to pass the

16:43

exam it's going to show how does it

16:48

feel treat me like you

16:51

do when you play