Thanks for sharing! Like a lot of things, the value of the OSCP depends on the situation/job as not all value it the same way. One common misconception that people have is that more experience will naturally qualify you for a management job. In fact, the deeper you get into the technical weeds, the less likely you are to become or want to become a manager because it's an entirely different job that requires different skills that you aren't going to develop by simply doing your job. That's a much longer discussion but something that it's important to be aware of as you progress.

@@JonGoodCyber this is insightful. Will keep this in mind, thanks.

BTLv1 isn't very powerful by itself, but in all honesty, certifications are just one piece of the puzzle when trying to be a competitive candidate who is attractive to employers.

In the US, that certification isn't really heard of. Best bang for the buck entry to "mid career" Security certs I heard from recruiters and skimming job openings over the last 4-5 years is Security+, CySA+, and OSCP. If you already have the related 4-5 IT experience +degree(satisfies 1 year requirement) requirements then CISSP is hands down best cert.

I would still recommend BTL1 over CySA+ though, but I for sure wouldn't go for it as a standalone cert. I think everyone should get at least Security+ to start out with.

@@PacketWatchDog Security+ really is to cybersecurity jobs what A+ is to help desk jobs. BTLv1 isn't recognized by the US government as 8410 compliant, so in many companies you are unemployable without a certification that meets that standard. Security+ will allow you to get past the HR gatekeepers. Then you will be selected from amongst your peers by your perceived competence on the technology they actually use depending on the job description, and some employers have zero interest in broadcasting that information for good reason. So, you need a Security+ and an in at a company. May I suggest you find a local meetup that focuses on cybersecurity so you can meet people that know people that are hiring and what they are hiring people to do? Then find the manufacturer's training, or a similar technology, e.g., Cisco and Juniper NGFW, and take that so you can show a certificate.

Interesting. Thats a cert I want to get after sec+

Fired is a bit extreme but everything we do is based on risk to the business and what's deemed an acceptable level of risk. Your comment regarding NIST is situationally dependent because there are industries/environments where you don't have a choice but that's a discussion for another day.

Excellent and thank you for sharing! I hope when the time comes, you consider using Cyber Training Pro to prepare. ( www.cybertrainingpro.com/ )

Certifications are simply one piece to the puzzle in making you a competitive candidate, regardless of if you have experience or not, but yes, at the end of the day you can't entirely replace real world experience no matter how much you lab. I'd be cautious about assuming that the Security+ will even get you a conversation with a company because that alone doesn't make you very competitive in today's job market...but it's a start.

@@JonGoodCyber I mean that’s where I started, I picked up some experience, the PJPT from TCM. I have had multiple interviews with just those two certifications and a little bit of experience that I have. More than anything that had to do with building a healthy professional network. Fast-forward one year, those same two certifications have me in the final phase for a junior penetration testing role. No, no hype. It took a ridiculous amount of sacrifice to get here.

@@Jesse_Johnson Great stuff, and congrats-I hope you land it! It certainly takes effort to succeed in this career field, but it's worth it. Although it's not true for every situation, things that take effort tend to set you apart from the crowd-and this couldn't be truer than it is in this career field.

Most companies don't have dedicated cloud security roles and prefer hiring cloud generalists. That means you need to work towards a professional level of understanding of at least one cloud platform AND be able to automate tasks but keep applying while you do this. Additionally, if you allow companies to dictate the types of jobs you apply to, you will miss out on opportunities. Just apply and see what happens.

Also, if you like Azure it may be good to look into getting the Cybersecurity expert certification and Breaching Azure cert after you acquire the Azure Security Engineer cert. Just make sure to post about your journey

it is.

If we're talking about somebody brand new to the career field, I never recommend starting with the Security+. Even if you pass the exam, you don't have enough of a foundation and would actually need to take steps backward to learn what you should already know. As somebody who went down that path, I know firsthand how that creates significant knowledge gaps...although I believe I had more training/knowledge than many attempting to do the same. For people already working in the career field or in something related like IT, my advice is much more situational because it's possible to be further along in your journey.

@@JonGoodCyber network+ and sec+ is what I recommend

@@JonGoodCyber so, cissp would be better as a first certificate than security+ ? 🤔

@@user-ou7uo8rl5d If you are just starting, you should follow the roadmap included in my free eBook ( jongood.com/getstarted/ ).

I've certainly done videos like this in the past. There are many different areas in cybersecurity, so are you looking for a specific area?

As I said in this video....this is if I had to choose one certification...not a direct comparison of specific situations or the content of specific certifications versus others. It's unlikely that you would/could only choose one certification but it was based on an objective analysis of the impact I've seen from various certifications. Since you mentioned the OSCP, did you know that people will call that an "entry level" certification? If you're just getting into the career field, you can find my recommended roadmap included in my free eBook ( jongood.com/getstarted/ ).

@@JonGoodCyber, thanks a lot for the clarification, i will check the video!

This video is based on the totality of my career, not specifically looking at entry level candidates. That said, even the OSCP is not something that you're going to jump into day 1 and although it can have some positive benefits if you can get certified, the differences don't tend to be quite as dramatic.

@@JonGoodCyber oh yeah.. I jumped into the deep end of the pool and I'm thinking maybe it was a bit bold but its kept me busy learning all sorts of things that's for sure.

Each of those is just one piece of the puzzle that can help make you a more competitive candidate. Depending on the situation, one can be more valuable than the other(s).

I recommend rewatching the video because there's a lot more information included to consider for YOUR career but the choice is yours.

If you are CISSP certified and not just an Associate of ISC2 (i.e., don't have the experience yet but passed the exam) along with two degrees, then on paper, at least, you'll appear overqualified for a junior role. Hence, it's no surprise you wouldn't get called for an interview. Additionally, I cannot stress enough that certifications, degrees, etc., are only one piece of the puzzle to make you a qualified candidate. Assuming you have the required skills listed for the job and are not massively overqualified but aren't getting interview calls, your resume has issues almost 100% of the time.

@JonGoodCyber I applied for everything from junior to senior. I passed my cissp in 2012 - the days of on paper and non adaptive. In a previous role I was the administrator (7 years) of firewalls, ids/ips, Cisco Asa, wsus, semantic endpoint and vpn to name a few - all on the resume. Which is why I feel it may be an issue with being in Poland vs US. The CISSP is largely unknown here.

If you have all that, you are overqualified for a junior role, and as I said in my previous comment, it's not a surprise they wouldn't call you. Getting interviews and landing jobs is about the complete package, and rarely is it about a single piece of the puzzle making the difference. Certainly, the adoption rate of all certifications varies based on the location. Still, as I said previously, it sounds like your resume/application is causing the issue, not the CISSP. This could be related to the format, the content you've included, or how it maps to the positions you're applying to. Based on the technologies you've listed, one of the first things I would do is ensure your resume reads like a cybersecurity professional and not an IT professional, as these can be vastly different.

I recommend visiting my Getting Started page ( jongood.com/getstarted/ ) and grabbing my free eBook where I've provided a roadmap of skills and certifications to obtain.

I recommend grabbing my free eBook ( jongood.com/getstarted/ ) and following the included roadmap of skills and certifications. This will give you a solid foundation for any area of cybersecurity and set the path for you to specialize.

In today's job market, you're going to have a very difficult time being competitive if you expect an employer to invest in you, if you aren't even willing to invest in yourself. Certifications aren't the only way, but it certainly makes things more difficult.

Honestly, that's quite a tight timeframe, especially given the limited skills/knowledge starting point, but I've seen people do it with a little bit of luck and a lot of hard work. I recommend starting with my free eBook ( jongood.com/getstarted/ ), which includes a roadmap of the required skills and knowledge you'll want to acquire for any job directly in Cybersecurity (and IT). It isn't easy to know if any other area requiring less technology-based knowledge would be a good fit since I don't know your work experience background. Still, project management might be another area to look into if you just want to work in tech. Also, keep in mind that remote jobs are significantly more competitive, so you'll need to really put in extra effort than somebody willing to work on-site... even then, it might not be an option as a new cybersecurity / IT professional.

Zero to Cyber Pro and the All-Access Pass both have many similarities but also differences based on what you're looking for. I recommend visiting the FAQ page ( www.cybertrainingpro.com/p/faq ) where we have frequently asked questions and answers provided. I also recommend looking at the offer pages for both of them as you can find more information about the different options.

I'm glad you enjoyed the content, and thanks for watching! It's definitely shot at 30 FPS, so it might be the quality KZbin is delivering it in. Either way, I'll take a look.

@@JonGoodCyber could be during editing, because the video takes from the intro are good

One of the challenges with creating advice content is that not all advice applies across the board and can be situationally dependent. This video is speaking in the totality of my career but certainly some of the specifics might change if I was only speaking with beginners.

@@JonGoodCyber When I heard about the four year year experience requirement, I put it on the back burner. I am an Associate member of ISC2 from my BS program at WGU and have my Associate SCCP and CSSP. My Trifecta of A+,Net+, and Sec+ expired because I got so involved with my schoolwork. I will recert them later on this year. I hope to get a remote SOC job when I go for my Masters in Cybersecurity. I should graduate sometime this year with my BS.

@@merlin-ju6fu nice! Definitely keep me updated on your progress, and don't be a stranger if you join the Discord server. I have some high expectations for the community and helping people get into the career field.

absolutely. Sec+ for Level 1 beginner. But CISSP is great after you have some experience

First of all, congratulations on passing the Security+ and completing your degree program because those are great achievements! Based on your comment, I can't tell if you are still in the military or left sometime during your degree program...but I'm guessing that you don't have any related experience gained at this point. Here are my recommendations to get you onto the right path: 1. Grab my free eBook ( jongood.com/getstarted/ ) and start addressing any gaps that you have compared to the provided roadmap. It's difficult to identify gaps without knowing more but what I can tell you is that almost every new professional without prior experience and even those with experience tend to be missing fundamental pieces of knowledge and/or skills. 2. Watch the video that I did on resumes so that you understand what a high-performing resume contains and should have. 3. Apply to ALL entry level help desk, IT, and cybersecurity jobs listing 0-3 years of experience. You don't know who will give you an opportunity but it's more important to figure out how to leverage the experience into your desired job than sitting around waiting for the dream situation. 4. Start preparing for interviews by watching my interview question videos. I highly recommend checking out Cyber Training Pro ( www.cybertrainingpro.com/ ) where we can help you dive deeper into your situation with more specific guidance tailored to your career. Good luck and I'm glad that you are part of this community!

Thanks for watching! I've figured out the issue and you're close!

Certifications are only one piece to the puzzle of making you a competitive candidate. That means if you are solely relying on certifications to get you a job or even just to get an interview, it's going to be a challenging road ahead. That fact becomes increasingly true both as the demand grows for certain jobs and as the level of the job increases.

I don't really agree with that statement but certainly the amount that you learn varies based on the certification and how much effort you put into it.

It’s unlikely to pass a professional certification exam without learning anything. The knowledge and skills tested are essential for the field. Like college degrees, these exams ensure a certain level of understanding and proficiency that is recognized industry-wide.

I recommend trying again and make sure that you follow all the instructions that are provided.

Nearly 100% of the time, a degree is not a firm requirement. Begin by following the roadmap in my free eBook ( jongood.com/getstarted/ ), and you'll be in a great position for a successful career.

@@JonGoodCyber thank you

Glad to see that you are serious about your career! There shouldn't be an issue, as far as I know, by using Canadian payment.

Interesting choices...what made you decide on those options?

@@JonGoodCyber I'm a Cyber security analyst, with a degree in cyber security and forensic Audit,,, with 2 years experience,,, To strengthen my cyber security background I will do CC/SSCP and since isc2 certs are more technical I would like to have hands on PNPT/OSCP ,, Later on CISSP

@@abelchigombetatenda4757 excellent start to your career! I always recommend that people grab my free eBook ( jongood.com/getstarted/ ) and check out the included roadmap to make sure you have the foundation that will be expected. With a few years of experience already under your belt, you are probably well on your way but it's not uncommon to have gaps, especially if you went directly into a cybersecurity role. Since you specifically mentioned the CC and SSCP, I will go ahead and address that. Based on your background, you definitely aren't the target market for the CC and likely won't get any value from it, just so you know. For the SSCP, you are likely the target audience; however, the number of employers that recognize or desire the SSCP is so minimal that I highly recommend reconsidering the Security+ instead. The comparison for demand isn't even in the same ballpark.

@@JonGoodCyber alright thanks a lot for the enlightenment,, I would like to be your student So you're saying it's a better option to start with Security+ then SSCP right? Then on the other hand I like hands on mostly,,, PNPT/OSCP Security+/SSCP/PNPT/OSCP

@@JonGoodCyber now i read your ebook,, i really appreciate,,, i think i will go for sec+/PNPT/OSCP instead of CC/SSCP/PNPT/OSCP but later on when i grow in cyber field and having enough experience,, i will choose CISSP

I have a lot of content on my channel about the CISSP, but as a quick answer, no because you won't even qualify if you somehow passed the exam. I recommend grabbing my free eBook ( jongood.com/getstarted/ ) and working through the included roadmap.

Short answer, no

Timestamps don't always make sense but I've added a few for you. Thanks for watching!

Having now finished the video, I completely understand, not having timestamps. I appreciate the effort, and always enjoy learning from your content.

@@Jesse_Johnson no worries...I'm glad you are getting value out of the content!

Awesome and what interests you about the CEH?

CEH is the 4x4 of the cyber industry. Fits in in most places.

@@JohnJohnson-ch6xq lol I've never heard that comparison. One thing to just be aware of is that it's lost a lot of it's appeal to actual cybersecurity departments, however HR departments do still like seeing it.

That's not exactly what I said, but certainly, certifications are only one piece of the puzzle to making you an attractive candidate to employers. Spending all your time chasing every possible certification and ignoring everything else is like trying to be a bodybuilder but only working out the same single muscle group every time you go to the gym.

@@JonGoodCyber I know I’m just kidding but yeah…if someone been 10+ yrs exp in the business , the sec+ and rest of the certs aren’t as important as the CISSP. 🙂

@@tommypham1101 valid point for sure. One of the challenges with creating advice content is that not all advice applies across the board and can be situationally dependent.

@@tommypham1101 dont you need 5 years of experience for cissp

@@myles5253 I never said you needed 5 yr exp to get the cissp. You can get the cissp whenever you want it’s a self study exam.