When trying to secure a job in the field of cybersecurity, having a shiny certification should not be the main point of focus. In fact, it should not be your focus AT ALL if you are trying to break into the industry. Instead, focus on acquiring tangible & technical cybersecurity skills and learn to showcase that during an interview.
According to Paul Jerimy, there are 460 cybersecurity certifications (and growing) as of August 2022. Not all certifications are helpful in the eyes of hiring managers and employers.
Entry-level Certifications Do Not Help With Employment
What's worse is many entry-level certifications, such as the Certified Ethical Hacker (CEH) and CompTIA Security+, do not reflect a candidate's technical abilities. Often, hiring managers ignore candidates whose only reflection of their cybersecurity abilities is such certifications.
There's even a Twitter profile dedicated to spreading the word about how bad CEH certification is - https://twitter.com/thecehsucks.
These certificates are granted based on multiple-choice questions (MCQs) as the final exam. Needless to say, cybersecurity in the real world is not MCQ-based.
Simply put, if you were in the shoes of a hiring manager, would you put your organisation's security in the hands of a candidate whose only reflection of their cybersecurity ability is based on an MCQ test? Of course not.
This is the harsh reality for many individuals who have gone for cybersecurity courses that focus on attaining these low-level certifications. They are constantly rejected by hiring managers and cannot secure their first cybersecurity job.
The Cybersecurity Certification Obsession
The obsession with certifications is a detriment to individuals trying to break into cybersecurity. Why?
Certifications are only one aspect of a candidate's skills and experience. Employers are looking for candidates with technical and non-technical skills, hands-on experience and practical skills. Candidates who only have certifications without displaying technical abilities through project portfolios will not catch the eyes of employers and hiring managers.
Certifications are not always up-to-date or relevant. The field of cybersecurity is constantly changing and evolving, so certifications may not always reflect the latest technologies, threats, and best practices. Therefore, having a certification does not necessarily mean that you are knowledgeable and experienced in the latest developments in the field.
Certifications do not always provide practical skills and experience. Many certifications focus on theoretical knowledge and may not provide hands-on experience or practical skills.
Therefore, having a certification does not necessarily mean that you have the skills and experience needed to perform a cybersecurity job's tasks and responsibilities.
Don't get us wrong. Specific cybersecurity certifications have their place in your repertoire. Some certifications, such as the OSCP, CISSP and OSDA, genuinely reflect the technical ability of the certificate holder, as these are only attainable via extremely challenging, practical examinations and are typically attained by individuals with several years of cybersecurity experience under their belt.
So, what should you do if you want to break into cybersecurity?
Prioritise acquiring technical and practical cybersecurity skills.
Showcase your technical abilities through projects
Get in touch with current cybersecurity professionals, recruiters and hiring managers.
Kickstart Your Cybersecurity Career
We specialise in helping mid-career individuals secure a cybersecurity career in 6-months. Speak to us today to find out more.