eLearnSecurity Web Application Penetration TesterOSCP, CREST, CEH, eWPTX, and the list goes on and on regarding cybersecurity certifications. How much do they really matter? Well, it depends on who you ask.
“Having some suitable certifications will be an added advantage for people with 1-4 years of experience while switching jobs or looking for new opportunities,” Core Pentester Harsh Bothra said.
Bothra said it’s a career-oriented choice to have certification and validates skills in a specific area. For example, having OSCP is a validation that someone knows how to perform the pentest engagement and write a report.
Core Pentester Apoorva Jois likes offensive security certificates like OSCP because they are challenging and hands-on.
“They offer detailed PDFs, multiple labs, and exams that extend 24+ hours,” she said.”I find that level of difficulty is highly beneficial as it pushes me to go above and beyond to find solutions.”
Cobalt Senior Security Consultant Gisela Hinojosa agrees that certifications are good when looking for a job.
“HR usually has it as a qualification, and it can make you stand out from other candidates,” she said.
On the other hand, there are some negative points on the topic, including how much the certifications teach. Hinojosa doesn’t think that having a certain certification beats experience.
“Some pentesters might take the certification and only memorize the content and never really learn,” Hinojosa said.
Cobalt’s Senior Director of Delivery Jay Paz said that while attaining a certification does relay your ability to learn, retain information, and pass a test and/or practical, it does not always relay your approach to learning and keeping up with the latest trends in security.
“I have seen my fair share of individuals working in this field and can attest that the best pentesters aren’t always those that hold all the certifications or have a college degree in the field,” he said.
Paz recommends looking for experienced testers in the technologies that are present in your environments. He said that experience will go much further than a one-and-done certification. Look for creativity, thoroughness, and that life-learner trait to indicate the tester’s ongoing capabilities.
“Don’t get me wrong, certifications can be a good way to find talent, and they should be celebrated when attained by members of your team (I’ve held my fair share),” he said. “There are times when specific certifications are needed, like PCI compliance or for other types of testing for regulatory entities.”
So which certificates are the most valuable to get?
“As a pentester, the OSCP is the most sought-after certification since it is very well known,” Hinojosa said. “However, some of the content is outdated. It depends on what level in your career you are at to choose the right one for you.”
Core Pentester Shubham Chaskar advises asking yourself what you want to do in the future and what skills you want to learn or develop.
“After evaluating this, read the certification syllabus or the page that shares what you will learn,” he said. “If it aligns with what you want, then go ahead.”
So what’s the verdict?
If you have the time and interest, certifications are a great thing to get. They can teach you a baseline of information you can build on with experience. Overall, if someone is looking at two candidates and one has 10+ certifications but little professional experience, and the other candidate has one or two certifications but years of professional experience, #2 is going to get the job nine times out of ten.
Recommended Pentester Certifications
Abbreviation | Certification | Summary |
eJPTv2 | eLearnSecurity Junior Penetration Tester | An introduction to penetration testing certification focused on hands-on experience. |
eWPT | eLearnSecurity Web Application Penetration Tester | A web application security certification focused on the latest web attack techniques. |
eCPPTv2 | eLearnSecurity Certified Professional Penetration Tester | This certification covers advanced testing techniques and methodologies. |
OSCP | Offensive Security Certified Professional | Practical penetration testing certification that focuses on real-world scenarios. |
eWPTXv2 | eLearnSecurity Web application Penetration Tester eXtreme | A security certification focused on topics such as API and cloud security best practices. |
OSWE | Offensive Security Web Expert | A web application security certification focused on the latest web attack techniques and methodologies. Read more about OSWE. |
CRTP | Certified Red Team Professional | A certification that covers the principles and techniques used by red teams during simulated attacks. |
eCPTXv2 | eLearnSecurity Certified Professional Penetration Tester Extended v2 | A penetration testing certification covering the latest tools and techniques in ethical hacking. |
CRTO | Certified Red Team Operator | A certification focused on providing hands-on sills and techniques used by modern red teams during simulated attacks. |
PNPT | Penetration Testing Professional | A certification focused on the principles and techniques of penetration testing and vulnerability assessments. |
CISSP | Certified Information Systems Security Professional | A comprehensive certification that covers the principles and best practices of information security management. |