Cybersecurity Certs are Dead

After you look through hundreds of resumes from cert factories (people who get one cert after another) they all just seem to blur together.

“How many certs do I need?”

or

“What kind of certs do I need?

The question comes up again, and again, and I’m here to tell you that cybersecurity certs are dead. I’m here to tell you that they won’t make you stand out anymore. While they are great achievements, it doesn’t make a hiring manager scream “THIS IS THE ONE”.

There are two things that will make you stand out:

1. A strong personal brand, and
2. Hands-on experience

A strong personal brand

Before the interview, a hiring manager will look over a resume. Before they know if you have hands-on experience, you have to make them want to email you back. Your two-page resume should scream, “You know you wanna talk to me”.

At the very top of your resume should be a link to your blog. If you have a link there, the hiring WILL click it. And they will briefly scan your blog to see what you’ve been up to.

Your blog should be personable. Against conventional advice, your blog should show your personality. You should write in language that is natural to you and let it not sound too formal.

Your blog should have walkthroughs and how-to’s of labs that you’ve done here at Cyber NOW®. Pick any one of the dozens of labs and write your own version of it. Change it up some, give credit to me (please) but do it.

Your blog should also contain reviews of Jump-start Your SOC Analyst Career, SOC Analyst NOW! and any other training that you’ve done. Write about how you felt the training went and what you learned about it, and how you will apply it to your career.

Your blog should be about your journey to becoming a SOC analyst. Write about your successes and failures. Be honest about areas where you can improve by writing about your shortcomings and what you’re doing about it. Write about how difficult it is to land a job in cybersecurity but it means so much to you.

In additional your blog, you should be attending local meetups. Places like Def Con groups, OWASP, 2600, BSides, hackerspaces and makerspaces and any conventions that are nearby. Get out of the house once a month and do this. You should find opportunities to present and volunteer at these meetups. There should be a section at the bottom of your resume for Volunteering/Presentations/Publications, whichever fit. This should lure the hiring manager into finding out more about you.

Also you should create a GitHub page with information about your projects you’ve worked on, information about your home lab, and involvement in the community. There should be a link at the top of your resume next to “blog” that says “github”.

You can try teaching by making short youtube videos, or creating a course on Udemy. Udemy requires a bunch of work, but its not as bad as you want. Your goal isn’t to make a bunch of money, it’s to list a course or training on your resume. Who cares if its not popular.

These are things that will spark the curiosity of the hiring manager to want an interview.

Hands-on experience

So you’ve got the interview now, and this is when your hands-on experience will shine. Wait? What hands on experience?

By now you should have been participating in the Cyber Range here at Cyber NOW® and completed the dozens of projects that we walk you through. The muscle memory with security analysis will help you answer questions in the interview about how you know if something is bad. The projects give you a ton of experience with system administration and the cloud. These are all topics they might ask you about in your interview.

Any experience with TryHackMe, HackTheBox, or LetsDefend, will go a long way, too.

If you do all of this you will be recognized as someone who walks the walk and isn’t just out to add letters to their name. It’s important to have a few key certs like the Sec+ even Net+ but more is not better. Its time to change up your strategy because the role of certifications and even education has changed. The jobs now go to who are most qualified to do the work, not necessarily who was able to afford a premium education or a bunch of certs. It doesn’t take much money to learn cybersecurity believe it or not. Be the only one who does a lot more with a lot less. In this declining economy that is how you will earn the respect of your superiors.

Tyler Wall is the founder of Cyber NOW Education. He holds bills for a Master of Science from Purdue University, and also CISSP, CCSK, CFSR, CEH, Sec+, Net+, A+ certifications. He mastered the SOC after having held every position from analyst to architect and is the author of three books, 100+ professional articles, four online courses, and regularly holds webinars for new cybersecurity talent.

You can connect with him on LinkedIn.

Get 20% off all courses in our On-Demand catalog with coupon code “Welcome20”

Download the Azure Security Labs eBook from the Secure Style Store. These labs walk you through several hands-on fun labs in Microsoft Azure, leaving you with the know-how to create a gig in Fiverr or Upwork to start your cybersecurity freelancing.

Also available in the Secure Style Store, download the Job Hunting Application Tracker for FREE to keep track of all your job applications.

Check out my latest book Jump-start Your SOC Analyst Career: A Roadmap to Cybersecurity Success published June 1st, 2024 and winner of the 2024 Cybersecurity Excellence Awards.