IT Certifications: From Start to Finish

Making sense of IT certifications is not easy, and you'd be forgiven to be confused about them.   

What do all those letters mean? (This is a legitimate albeit humorous question, CCSK CCISO CCIE ...none of those are by the same company) 

What do they apply to? 

Which one should I choose to study for?  

All of those are fair questions. 

Let's get at what certifications are, and what they are not.   

Certifications are:  

• A measurable way of validating knowledge 
• A way of enhancing authority on certain topics 
• A useful tool for recruiters or organizations to verify your level of competency 
• A forcing function to maintain expertise in the field (CPE requirements, I'll touch on those later) 
• A replacement for experience/education at junior levels of the field 
• Within the DoD, a way of categorizing privileged access authorization levels (IAT, IAM, etc.) 

They are not, however: 

• Undeniable proof of expertise in the field 
• Cheap (can't emphasize this enough, the maintenance fees on some are massive) 
• A guarantee of job hiring 
• A replacement for hands-on experience 

A certification has as much value as others place on it. This isn't to belittle the accomplishment of getting one, but to simply acknowledge that the value of it is situationally dependent.  Certain certifications weigh very heavily in a position, while others are just nice-to-haves. Ultimately, they need to align with your business function or they might not be appropriately valued.   

There are 3 power players in the IT certification industry, and although there are a lot more, the most common are: 

• ISC(2): SSCP, CISSP, CCSP 
• CompTIA: A+, Net+, Sec+, Cloud+, PenTest+, CASP 
• ISACA: CISA, CISM, CRISC 

Some more focused (and technical) ones include:  

• Cisco: CCNA, CCNP, CCIE 
• Microsoft: MCSA, MCSE 
• VMWare: VCP, VCE 
• AWS: AWS SAA, AWS DevOps Associate 
• MS Azure: Azure Fundamentals, Azure Solutions Architect 
• Google Cloud: GCP 

Yes, I know, lots of acronyms. If you want to learn more about each one, punch them in on Google and see what they are.  

The most common path for someone with zero experience in the IT field is this, with some exceptions:  

A + > Network+ > Sec+ > CASP 

This is just ONE path, and is by no means restrictive. In fact, I wouldn't recommend this for everyone because it's very linear! How should you decide what you want to study for?   

Important things to figure out first:  

• What's my level of experience?  
• What are my interests?   
• Do I like hands on work or managing?  
• How much time can I commit to this?  

Depending on the certification, these answers can be wildly different. Your career path might also take you in a direction you never intended because interests change as you learn more, so getting certifications that hold value in a variety of positions is important until you can figure out exactly what you want to do.   

Say you are interested in networking, and you have enough experience to pass the A+ exam already. You could take the Net+ exam to get your feet wet. The Net+ exam is vendor-neutral, meaning that it doesn't train you on any specific technology, which makes it a good first choice for the aspiring Network Engineer.   

After that, it would be worth considering something substantive and technical to ground you and get a lot more "deep" knowledge of the networking space. Cisco Certified Network Associate (CCNA) is a perfect certification to get. It gets you a) much needed hands-on experience configuring routers and switches and b) subject matter expertise in Cisco equipment, which is the most common in the networking field today.   

Following CCNA, you could choose to further cement your understanding by pursuing harder Cisco certifications like CCNP, or if you want to broaden your horizons could look into Cloud Networking via Amazon Web Services (AWS), Azure or Google Cloud. 

You could also choose to broaden and manage networks. Now that you have a solid understanding of networks, you can build a security career with a technical background too. You might choose to get your Sec+ as a starter and then eventually summon the courage to go after the Certified Information Systems Security Professional (CISSP) exam, which is the gold-standard for Cybersecurity Professionals.   

In all of this, it's important to remember what certifications do NOT do for you. They don't allow you to skip the hard conversations you will need to have when people ask you questions about how to fix something, or bypass the work that needs to be done when you get tasked to do something hard. They might get you into the room to have the conversation, or land you in the position to do the work, but the confidence which comes with mastering something goes way beyond certifications.  

Here's a IT Certification Roadmap by CompTIA which I think paints a solid picture of many of the common certification pathways.  

----- 

What comes with a certification?   

...A question not commonly asked until you've already passed, but it should definitely be asked beforehand.   

Certifications come with:  

• Responsibility (you now represent that accrediting body, so you have to abide by an ethical code) 
• Expenses (yearly fees to maintain, as well as continuing education credits (CPEs) which can cost a lot of money) 
• An expiration date (most do, 3 – 5 years is typical, and although you can renew them with enough CPEs it's worth reviewing their value to you before they expire) 

CISSP for example is a yearly maintenance fee of 125$, and requires 120 CPEs (that's a lot!) to maintain over 3 years (40/year).   

A CPE (Continuing Professional Education) for reference is a credit for time spent studying/researching/publishing a related topic. This can be done a lot of ways, whether by a professional course, a seminar, conference, etc. Every credentialing institution has their own rules for how these can be added/approved. However, while there are a lot of free ways to get CPEs, at some point you will almost inevitably have to pay, and it might not be cheap.   

While easier certifications don't demand quite this much, it's worth weighing them before you get them.   

As an ISC(2) member or ISACA member, you will need someone to vouch for your level of expertise who is also a member, as well as a proven amount of job experience that they can audit at any time. These certifications do not come free, even if you get a voucher!

----- 

So you've decided on a certification path, and you're willing to pay the price to be a cert holder. What now?  

Pick a date to test and cough up the money. This is super important and DO NOT skip it. Having a date makes it real and allows you to backwards-plan towards the date. Paying for it also incurs a cost to you if you don't study for it (you lose your money with nothing to show!).   

Study, study, study. Get your hands dirty. Read relentlessly, and scour the internet for resources that will help you pass. There are so many resources that can be found just with a simple Google search. I recommend courses on Udemy.com, Cybrary, A Cloud Guru, Linux Academy, and of course all the FREE Army Skillport training you can do. Reddit and Youtube also have very active communities of people working towards certifications.  

I also advise taking practice tests throughout your study. They're invaluable to getting you familiar with the "phraseology" of a lot of these tests, which are not so much "pick the correct answer" as "which one of these would be least feasible?" Or "which is the most correct solution?" This is especially important for the ISC(2), ISACA and AWS certifications.  

----- 

Your day has come! 

Test day is brutal. But if you've prepared correctly, you have nothing to fear. You'll do your best and pass.   This mindset is so crucial to being successful.

Show up early and bring some supplies like food and water. You'll usually need 2 forms of ID at the site (Pearson Vue sites which are almost everywhere in the continental US, and even overseas too), and I recommend packing light since you'll have to lock your stuff up when you test. 

Once the test is on, it's on. Get in the mindset to do your best. 

Do not spend time on questions you don't know the answers to. It will hurt your confidence and slow you down, especially if you are a careful test taker.   

Read each question twice and try to pick it apart for key words. For example, words like "confidentiality" should point you towards thinking about encryption based answers. Words like "asymmetric" should queue you off to just a handful of possible answers, and if you know what algorithms involve asymmetric encryption methods you'll slam dunk that question.   

Eliminate definitively wrong options and get down to the usually 2 answers which make sense...just by doing that your odds are now 50/50 even if you aren't sure.  

Go through every question, put your best answer, and flag ones that don't make sense to you. 

My pro tip is to keep a count of flagged questions where you just don't know the answer and ensure that they do not surpass the amount you can afford to miss. I rest easy towards the end of the test if I see I haven't flagged a lot of questions, because I know I probably know enough to get it to 50/50 at which point I'll probably get 50% of them correct and pass.   

It's worth it if you have time to go through every single question again. Put a confidence rating on your answer. If it's 100, move on. If it's 50, review it but do not change your answer unless you have some sort of realization that it's definitely wrong. Your gut is right a lot more often than you give it credit for. This is not the time to chase shiny objects! 

If you don't know the answer, you don't know it. Pick the best answer, trust yourself and let it go.  

Once your review is done, it's time to hit submit. Just a few clicks away!

Oh, and here's the part where you usually get nailed with a post-test survey while your heart is still racing...

----- 

If you passed, congrats! Get your application forms filled out and follow the path to get your certification according to the accrediting authority.   

If you failed, don't beat yourself up. Identify the questions and subject matter which caused you the most issues and practice them until you can't anymore. There's no excuse to not get back on the horse and get after it again as soon as you can. Retest soon so you don't lose that valuable experience! 

Certifications are not easy to get! Do not kid yourself in this process. If you pass, it's because you worked hard to do it.   

----- 

I hope this guide can help you get your first certification, or if you already have, to get another one that will help you move along in your career. If you have any questions about getting after certs, please reach out to me here on LinkedIn. Or if you spot an error/correction, please let me know immediately so I can make the correction!