I write a lot about the value of certifications on the road to landing your first cybersecurity job. However, on the internet you’ll see plenty of people loudly proclaiming that certifications are BS and the only thing that matters is hands-on experience. So which is it? In order to make yourself marketable, should you pursue certifications or hands-on experience? The short answer is: both.
Value of Certifications
A cybersecurity certification provides more than a fancy piece of paper, a colorful badge, or resume filler. It provides a roadmap to learn something new. For example, let’s take the Certified Ethical Hacker (CEH) certification. You could absolutely learn about ethical hacking without the CEH. The benefit you get from the certification is a curated agenda of skills and knowledge to work with.
Admittedly, passing a certification exam isn’t a demonstration of expertise in a given subject area. After all, the passing score for most certifications is somewhere around 70%. Back in your school days your parents wouldn’t have been particularly impressed with a report card touting 70%. What passing a certification does demonstrate is that you understand the topic to a widely understood, acceptable standard. The CompTIA Security+ exam is the same exam around the world. On the other hand, your college course or individual learning will vary in covered topics and depth.
Detractors claim that passing a certification simply demonstrates that you’re good at taking certification exams. There’s a bit of truth there. The exams are often in a familiar computerized, multiple choice format. (We’ll carve out an exception for the Offensive Security Certified Professional (OSCP) certification. I’ve never heard anyone claim this 100% hands-on exam is anything less than challenging.) All things considered, you’ll have an advantage if you’re good at standardized tests. That skill is not enough though. You need to actually learn the material.
Honestly, the loudest critics of cybersecurity certifications are a bit disingenuous about the realities of landing a job with no prior cyber or IT experience. Breaking into cybersecurity is hard. The HR software and recruiters are screening most people out based on the content of their resumes. In the absence of professional experience, certifications are valuable in helping get your resume to the hiring manager. Certifications help in the recruiting process.
Value of Hands-On Experience
While certifications provide a great roadmap to learn new skills, the best way to actually learn new skills is by doing. Build things. Take things apart. Break things. Fix things. Watching a demonstration is useful. What’s more useful? Working to get things to work on the second, third or fourth attempt. Those lessons will stick with you more than a demonstration. You get a lot of value from hands-on experience. After all, real life isn’t a multiple choice test.
How do you get hands-on experience? There are three effective ways to go about it:
Join a cybersecurity bootcamp
Use an online cybersecurity lab environment
Build a cybersecurity lab environment
There are pros and cons to cybersecurity bootcamps. They can be worthwhile, but you’ll really want to do your research. Not all bootcamps are created equal. Here’s some with checking out.
Online Cyber Lab
Want something easy to get your feet wet? Looking for a taste of cybersecurity to see, if it’s really for you? Online cybersecurity labs are a painless way to get access.
Home Cyber Lab
Nothing says “hands-on experience” like building your own cybersecurity lab. Obviously, you don’t know what you don’t know. So leverage some quality online guidance on how to build a home cybersecurity lab.
When pursuing your first cybersecurity job, it really shouldn’t be a decision between certifications or hands-on experience. You’ll want to do both. They each have benefits, which complement each other like peanut butter and chocolate.
If someone comes to an interview with a couple certifications on their resume and they’re prepared to talk about their hands-on experience, that person will be in an advantageous position. Sure it takes more time to do both. It’s an investment in yourself.