We know from experience how overwhelming it can be for you to choose between all the available cyber security certification options. Not only are there countless organizations claiming their certification is the best available, but there is also no end to the bad advice offered online. The number of times we’ve seen the CISSP certification recommended to beginners is criminal.
Our goal is to provide you with our list of the best entry-level cyber security certifications, tell you what career paths they are best suited for, and what training courses can help you achieve your goals.
Before moving forward, there is an important caveat we need to make clear: entry-level cyber security certifications are not the same as entry-level certifications.
While some of these certifications can be taken without any prior experience or credentials, others are for professionals looking to shift their career paths specifically to information security. We will make clear which is which and what you can do to prepare for each certification exam.
If you plan on getting into any information security role, you must gain foundational skills and a strong grasp of security concepts. These can apply to both the overall security landscape, and specifically to enterprise networking. Let’s examine the best certifications to start with.
Category: Best Cyber Security Foundation
According to the CompTIA website, Security+ is “the first security certification a candidate should earn. It establishes the core knowledge required of any cyber security role and provides a springboard to intermediate-level cyber security jobs.” We agree.
This 90-minute exam consists of no more than 90 multiple-choice and performance-based questions (PBQs). It is a vendor-neutral certification, meaning its concepts can be applied to any hardware manufacturer, operating system, or infrastructure.
The PBQs will have you perform some basic hands-on tasks in a simulated environment. This could mean adding specific firewall rules to a table or drag-and-dropping security hardware into the correct positions of a network map.
The multiple choice questions will often follow a “given this scenario” format where you are expected to look at the circumstances presented and choose the best course of action. Others may ask you to compare and contrast concepts (such as elasticity vs. scalability).
The exam covers the following domains:
Attacks, Threats, and Vulnerabilities (24%)
Architecture and Design (21%)
Operations and Incident Response (16%)
Governance, Risk, and Compliance (14%)
See our Security+ cheat sheet for a breakdown of the material and our 10 Tips to Pass the CompTIA Security+ exam.
There are no hard requirements to write this exam. However, it is expected that you are already familiar with enterprise-level networking. It is strongly recommended, by both CompTIA and us at StationX, that you hold a networking certification, such as the CompTIA Network+ or Cisco Certified Network Associate.
Why is this our choice?
There are many choices for a certification covering basic security principles. GIAC Security Essentials and (ISC)2’s Systems Security Certified Practitioner both fall into that category.
However, neither the GSEC nor SSCP certification holds the employer recognition of Security+. GSEC is dramatically more expensive than Security+, and SSCP requires provable paid work experience before you can claim accreditation.
Security+ covers all the essential concepts required to understand the terminology, function, and best practices an employer excepts from a cyber security professional.
We recommend the following courses and practice exams in this order to prepare for your CompTIA certification.
Cisco Certified Network Professional Security
Category: Best Network Security
Earning your CCNP Security requires passing two Cisco exams: the core and a concentration.
The core exam is “Implementing and Operating Cisco Security Core Technologies.” It is a 120-minute exam with between 90-110 questions covering
- Network Security
- Cloud Security
- Content Security
- Endpoint Protection and Detection
- Secure Network Access
- Visibility and Enforcement
The different concentration exams include
- Securing Networks with Cisco Firepower
- Implementing and Configuring Cisco Identity Services Engine
- Securing Email with Cisco Email Security Appliance
- Securing the Web with Cisco Web Security Appliance
- Automating and Programming Cisco Security Solutions
You can write any concentration exam of your choosing. Each is a 90-minute test consisting of 55-65 questions.
Whichever exams you choose, they will have a combination of multiple-choice and simulation-based questions.
$400 for the core exam and $300 for any of the concentration exams.
There are no requirements to pursue a CCNP certification, though many people earn the CCNA first.
Why is this our choice?
Cisco certifications have always been known to have a strong practical and hands-on requirement. While CompTIA exams are excellent for proving a conceptual understanding of a very wide range of topics related to the certification subject, Cisco requires its exam takers to get their hands dirty with more demanding lab simulations.
CCNP security requires not only a strong understanding of core practical security concepts, but demands you become proficient in a particular technology, whether that be firewalls, web security, or one of several others. You are becoming a specialist in a technology at an early stage in your career, which makes you much more valuable as an employee.
While we do not have courses specific to each Cisco security concentration, we recommend the following as preparation to begin your path to this certification. We also have many specialized courses which can be applied to the topics of each exam, so be sure to check out our offerings.
While it’s true that most of the internet runs on Linux, Microsoft is the operating system and domain/user management solution of choice for corporate environments. Regardless of the infrastructure you design, all roads eventually lead to Windows. Here are our choices for entry-level Microsoft security certifications.
Microsoft Certified: Security, Compliance, and Identity Fundamentals
Category: Best General Microsoft Security
This is a fundamentals exam, which Microsoft considers a stepping stone towards their other more advanced credentials. It is designed for students and business users.
The exam covers the following topics
- Describe the Concepts of Security, Compliance, and Identity (10-15%)
- Describe the Capabilities of Microsoft Azure Active Directory (Azure AD), Part of Microsoft Entra (25-30%)
- Describe the Capabilities of Microsoft Security solutions (25-30%)
- Describe the Capabilities of Microsoft Compliance Solutions (25-30%)
This certification shows you can manage the different elements of enterprise Microsoft products, including Azure, Windows Defender, and Microsoft 365.
It is a multiple-choice hour-long exam consisting of between 40 and 60 questions. The required passing grade is 70%.
There are no hard requirements to sit for this exam.
Why is this our choice?
Microsoft has retired many of its old certifications surrounding Microsoft Server and traditional operating systems in favor of its cloud platform, Azure, and subscription services, such as Microsoft 365.
This particular certification touches on a bit of everything. It is considered the foundation for all other Microsoft security certifications and covers the general concepts of (as you probably guessed from the name) security, compliance, and identity.
Combining the content with the lack of requirements, it is a fantastic entry-level certification for those interested in Microsoft-focused security.
Our SC-900 course is designed to prepare you for this certification exam.
Microsoft Certified: Identity and Access Administrator Associate
Category: Best Active Directory Security
The Identity and Access Administrator Associate exam is 120 minutes long and contains 40-60 questions based on the following knowledge domains
- Implement Identities in Azure AD (20-25%)
- Implement an Authentication and Access Management (25-30%)
- Implement Access Management for Applications (15-20%)
- Plan and Implement Identity Governance in Azure AD (20-25%)
It requires a passing score of 700/1000. It is comprised of multiple-choice and multiple-response style questions.
There are no hard requirements to write this exam.
Why is this our choice?
As stated above, Microsoft used to offer certifications for Active Directory and Windows Server but has since retired them in favor of Azure and cloud-related versions. This is part of their push to online and subscription-based services.
That’s not necessarily a bad thing. When it comes to Active Directory, most of the concepts and the practical tasks are the same regardless of whether they are physical on-premises servers or cloud-based Azure. Having the added experience with the latest cloud technology only increases your skill set.
A Microsoft Identity and Access Administrator configures and manages authentication and authorization of identities for users, devices, Azure resources, and applications.
In other words, you will be prepared to look at Azure Active Directory from a security perspective. Practically, you will be capable of managing permissions, authentication and single sign-on, password management, security defaults, and multi-factor authentication, and be able to review and monitor audit logs.
If you have a particular position in mind, pick the entry-level certification specific to that field of expertise. Here are our recommendations.
Offensive Security Certified Professional (OSCP)
Category: Best Pentesting Certification
Offered by Offensive Security (usually referred to as OffSec), OSCP is a beast of an exam.
Lasting just short of 24 hours in a lab environment and another 24 hours for report writing, the student is expected to hack into and gain administrator (root) access to three stand-alone machines (worth 20 points each) and acquire Domain Administrator control of a three-machine Active Directory network (worth 40 points total).
They will then have to provide a report showing step-by-step instructions for their hack (including screenshots) accurate enough that someone of reasonable skill could reproduce their results. A total of 70 points and a quality report are required to earn the title of Offensive Security Certified Professional.
There are no hard requirements for this exam. That said, the exam also comes with a training course that students are encouraged, but not required, to complete. You can not purchase a standalone exam.
- Option one: $1,499 for the course, one exam attempt, and 90 days of lab access or
- Option two: $2,499 for the course, a year subscription to the lab, two exam attempts, and access to their Kali Linux Certified Professional and Offensive Security Wireless Professional courses/exams
Why is this our choice?
This was a bit of a difficult choice. On the one hand, OSCP is more of an advanced certification than some other ethical hacking certifications on the market. It is certainly a difficult exam. There are also more beginner-friendly hacking certifications that prove your abilities with hands-on labs.
On the other hand, the accompanying Penetration Testing with Kali Linux (PWK) course begins assuming only networking, Linux command line, and basic programming knowledge. While a security-related certification or experience will certainly be a big help to those taking on OSCP, it isn’t required.
We are also looking to list here the best entry-level certifications available. It’s true that there are easier hacking certifications for beginners, and there are less expensive ones too. But when weighing all considerations, OSCP strikes a balance between demand, pay, and expected skill level. See our Best Ethical Hacking Certifications article for more information and options.
CompTIA Cybersecurity Analyst (CySA+)
Category: Best for Security Operations Center / Blue Team
Like most CompTIA exams, this 165-minute test is made up of both multiple-choice and performance-based questions, with a passing score of 750 out of 900. There is a maximum of 85 questions on the test.
CompTIA CySA+ focuses on proactively capturing, monitoring, and responding to network traffic findings, and emphasizes software and application security, automation, threat hunting, and IT regulatory compliance, which affects the daily work of security analysts.
This certification also meets the ISO 17024 standard and is approved by the U.S. Department of Defense to fulfill Directive 8570.01-M requirements. It complies with government regulations under the Federal Information Security Management Act (FISMA).
The content is broken down as follows:
- Threat and Vulnerability Management 22%
- Software and Systems Security 18%
- Security Operations and Monitoring 25%
- Incident Response 22%
- Compliance and Assessment 13%
There are no hard requirements to write this exam, although it is recommended to hold both the Network+ and Security+ certifications.
Why is this our choice?
This was a tough call for us. While there are other similar certifications, such as the ECSA, GMON, and CISA, they are either much more expensive or have prohibitive requirements. The other certification we went back and forth on was Cisco Certified CyberOps Associate.
The primary reason was the fact that CyberOps is an associate-level certification, meaning there are no hard or soft requirements, unlike CySA+, which recommends some previous credentials. CyberOps is designed to be studied for and taken without any other Cisco certifications to your name. So, why did we go with CySA+ as an entry-level certification?
The issue was twofold. Firstly, the CyberOps exam also covers a great deal of networking and general security subjects. It has a security concepts domain worth 20%, which is basically a condensed version of Security+ material. We viewed CyberOps as equivalent to writing Network+, Security+, and Cysa+ in a single sitting, which is a lot of information to cover.
Secondly, CySA+ has a much higher demand in the job market. Cisco certifications are certainly in high demand, but those tend to be the CCNA for entry-level CCNP Security on the security end. CyberOps, despite requiring more provable hands-on abilities than CySA+ (actually using the Cisco CLI to set rules and monitor traffic), isn’t being sought after.
If you want to get into blue teaming or a security operations center entry-level position, CySA+ is a highly sought-after certification and a much easier exam than Cisco CyberOps.
While the CySA+ prep course will be sufficient preparation, the blue team boot camp and Wireshark courses mentioned below will add a great deal to your understanding of the subject.
Want an entry-level certification that will get you callbacks from hiring managers? Keep reading to see our choice.
Certified Ethical Hacker (CEH ANSI)
Category: Best Name Recognition
Created in 2003 by EC-Council, Certified Ethical Hacker is a four-hour, 125-multiple-choice exam covering scanning and enumeration, exploiting vulnerabilities, malware analysis, penetration testing tools, and various attack strategies. There are no practical exercises involved.
To write the exam, you must meet one of the following criteria:
- Take an official EC-Council-partnered training course.
- Submit proof of two years of work experience and a $100 application fee.
$499 (plus an additional $850 if you need to take the training course). There is an annual membership fee of $80.
Why is this our choice?
We discussed this certification in our Best Ethical Hacking Certifications article, where we stated the pros and cons of becoming a CEH certification holder.
There are many issues with this certification. It advertises itself as a premium ethical hacking certification, yet it lacks any hands-on testing. It focuses solely on tools and techniques, ignoring equally important administrative tasks such as report writing, legal contracts, and client communication. It’s very expensive for what you get out of it.
Overall, people who work in cyber security do not respect this certification. So why am I mentioning it here at all?
Firstly, most pentesting and ethical hacking certifications are ones we would consider more on the advanced end. This is equally true for the CompTIA Pentest+, which the CEH is often compared to (see our Pentest+ vs CEH article here). CEH, on the other hand, remains just general enough in how it handles ethical hacking that we classify it as entry-level.
The second reason is that, despite the lack of recognition from actual industry professionals, hiring managers and human resource departments can’t seem to get enough of the CEH certification. Search CEH or Certified Ethical Hacker on any job board and see the results; it’s demanded for both offensive and defensive roles.
We’ve postulated reasons for this in the Best Ethical Hacking Certifications article previously mentioned, but it’s really irrelevant. Certified Ethical Hacker is simply a highly demanded certification that will open lots of doors to stage one interviews. Just be prepared to have additional skills and certifications ready when you meet the security department heads.
As we said in our introduction, there are many options for entry-level security certifications available. While we certainly don’t recommend earning every certification on this list, we encourage you to think about where you want to end up in your career and plan accordingly.
Be sure to visit our VIP members area for all the courses you need to jump-start your cyber security career.