Post

Is cybersecurity certification a scam ?

Is it a scam ?

Recently, I have successfully passed a certification, namely Practical Network Penetration Tester (PNPT) from TCM Security. Today, I want to share with you my opinion on Certificates or Diplomas in cybersecurity. Is it just a scam or merely a money-grabbing scheme?

In the world of cybersecurity, we know there are many types of certificates from various companies for different types of positions. For example, for a SOC Analyst, you can obtain certs like Comptia Sec+ or Splunk User (if using Splunk) or for Threat Intelligence, MITRE ATT&CK, and also for Penetration Tester, OSCP, or PNPT, etc.

So, the question is, is it a scam and is it worth it to spend a lot of time and money to obtain these certificates?

My Opinion

In my opinion, it is worth it if someone has no background in cybersecurity. By that, I mean no diploma or degree in cybersecurity or IT in general. This is because having those certificates can help someone without a cybersecurity background to get past the HR filter compared to others who might be proficient in hacking but without a certificate, it’s difficult to get an interview call because they can’t get past the HR filter.

If someone has a diploma or degree in cybersecurity or IT, in my opinion, it’s not necessary, but it is encouraged because it can distinguish your portfolio from other degree holders in the eyes of HR.

What makes these certificates considered a scam is the lack of or minimal value of the certificate itself. This is because there are some certificates that are mainstream and prestigious only by name but the value is not worth it because of outdated knowledge or exams that only require memorization. Therefore, before taking any certificate, make sure that the certificate has value either in the knowledge needed to obtain the certificate or the value of the certificate itself.

Certificate is not everything

However, don’t just rely on certificates alone. You must still understand all the knowledge and be able to apply that knowledge and do related projects in cybersecurity such as setting up labs or blogging. This not only gives you a deeper understanding but can also make it a portfolio to highlight on your profile.

What are your opinions on certificates in cybersecurity or IT in general?

This post is licensed under CC BY 4.0 by the author.