GIVEAWAY
Win the ultimate AI security check with a free pentest giveaway!
GIVEAWAY
Win the ultimate AI security check with a free pentest giveaway!

Cybersecurity Certifications, how much do they really matter?

Cybersecurity certifications can benefit individuals with 1-4 years of experience when looking for new job opportunities. Certifications alone don't necessarily make someone a good pentester and should be considered in conjunction with professional experience.

eLearnSecurity Web Application Penetration TesterOSCP, CREST, CEH, eWPTX, and the list goes on and on regarding cybersecurity certifications. How much do they really matter? Well, it depends on who you ask.

“Having some suitable certifications will be an added advantage for people with 1-4 years of experience while switching jobs or looking for new opportunities,” Core Pentester Harsh Bothra said.

Bothra said it’s a career-oriented choice to have certification and validates skills in a specific area. For example, having OSCP is a validation that someone knows how to perform the pentest engagement and write a report. 

Core Pentester Apoorva Jois likes offensive security certificates like OSCP because they are challenging and hands-on. 

“They offer detailed PDFs, multiple labs, and exams that extend 24+ hours,” she said.”I find that level of difficulty is highly beneficial as it pushes me to go above and beyond to find solutions.” 

Cobalt Senior Security Consultant Gisela Hinojosa agrees that certifications are good when looking for a job.

“HR usually has it as a qualification, and it can make you stand out from other candidates,” she said. 

On the other hand, there are some negative points on the topic, including how much the certifications teach. Hinojosa doesn’t think that having a certain certification beats experience. 

“Some pentesters might take the certification and only memorize the content and never really learn,” Hinojosa said. 

Cobalt’s Senior Director of Delivery Jay Paz said that while attaining a certification does relay your ability to learn, retain information, and pass a test and/or practical, it does not always relay your approach to learning and keeping up with the latest trends in security.

“I have seen my fair share of individuals working in this field and can attest that the best pentesters aren’t always those that hold all the certifications or have a college degree in the field,” he said.  

Paz recommends looking for experienced testers in the technologies that are present in your environments. He said that experience will go much further than a one-and-done certification. Look for creativity, thoroughness, and that life-learner trait to indicate the tester’s ongoing capabilities.

“Don’t get me wrong, certifications can be a good way to find talent, and they should be celebrated when attained by members of your team (I’ve held my fair share),” he said. “There are times when specific certifications are needed, like PCI compliance or for other types of testing for regulatory entities.”

So which certificates are the most valuable to get? 

“As a pentester, the OSCP is the most sought-after certification since it is very well known,” Hinojosa said. “However, some of the content is outdated. It depends on what level in your career you are at to choose the right one for you.”

Core Pentester Shubham Chaskar advises asking yourself what you want to do in the future and what skills you want to learn or develop.

“After evaluating this, read the certification syllabus or the page that shares what you will learn,” he said. “If it aligns with what you want, then go ahead.” 

So what’s the verdict?

If you have the time and interest, certifications are a great thing to get. They can teach you a baseline of information you can build on with experience. Overall, if someone is looking at two candidates and one has 10+ certifications but little professional experience, and the other candidate has one or two certifications but years of professional experience, #2 is going to get the job nine times out of ten. 

Recommended Pentester Certifications 

Abbreviation Certification Summary
eJPTv2 eLearnSecurity Junior Penetration Tester An introduction to penetration testing certification focused on hands-on experience.
eWPT eLearnSecurity Web Application Penetration Tester A web application security certification focused on the latest web attack techniques.
eCPPTv2 eLearnSecurity Certified Professional Penetration Tester This certification covers advanced testing techniques and methodologies.
OSCP Offensive Security Certified Professional Practical penetration testing certification that focuses on real-world scenarios. 
eWPTXv2 eLearnSecurity Web application Penetration Tester eXtreme A security certification focused on topics such as API and cloud security best practices.
OSWE Offensive Security Web Expert A web application security certification focused on the latest web attack techniques and methodologies. Read more about OSWE.
CRTP Certified Red Team Professional A certification that covers the principles and techniques used by red teams during simulated attacks.
eCPTXv2 eLearnSecurity Certified Professional Penetration Tester Extended v2 A penetration testing certification covering the latest tools and techniques in ethical hacking.
CRTO Certified Red Team Operator A certification focused on providing hands-on sills and techniques used by modern red teams during simulated attacks.
PNPT Penetration Testing Professional A certification focused on the principles and techniques of penetration testing and vulnerability assessments. 
CISSP Certified Information Systems Security Professional A comprehensive certification that covers the principles and best practices of information security management.

 

New call-to-action

Back to Blog
About Shelby Matthews
Shelby Matthews is a Community Content Associate at Cobalt. She works to empower the Cobalt Core of professional pentesters, by providing them with a platform to produce content and showcase their expertise. She graduated from the University of Missouri with a degree in Journalism and uses it to bring the Cobalt Core's stories to life. More By Shelby Matthews
Getting Started in Pentesting
Interested in pentesting but don't know where to start? Our Core Pentesters have you covered. Read to hear their tips and advice on how to get started.
Blog
Feb 16, 2023
Pentester Spotlight: Armaan Pathan
Armaan Pathan, a passionate cybersecurity professional, joined Cobalt's Core team in 2019 after being involved with the company during its bug bounty program phase. With a focus on identifying security flaws rather than building applications, Armaan has extensive experience in penetration testing and web application testing. He is dedicated to continuous learning, staying ahead of emerging threats, and providing comprehensive reports and strategic recommendations to clients.
Blog
Jun 29, 2023
2023 Q1 Pentester of the Quarter: Sanyam Chawla
Congratulations to Sanyam Chawla for winning the Pentester of the Quarter Award for Q1. Sanyam was nominated by his peers due to being a great teammate and leader in the Core.
Blog
Jan 6, 2023