Cybersecurity Mentors Podcast

In this podcast we discuss mentoring in cybersecurity, information for those that are looking to get into cybersecurity, and tips for those that are looking to advance their careers.

Check out our community: https://www.skool.com/the-cybersecurity-mentors

All Episodes

Cybersecurity Mentors Podcast

Cybersecurity Certifications That Hiring Managers Actually Care About (2026 Guide)

April 02, 2026 • Cybersecurity Mentors • Season 6 • Episode 11

0:00 | 31:47

Trying to figure out which cybersecurity certifications are actually worth it in 2026?

In this episode of the Cybersecurity Mentors Podcast, we break down the best certifications for every path in cybersecurity — whether you're just starting out or trying to level up.

We cover:

The foundational certs you should start with (and why fundamentals matter)
The best certifications for SOC / Security Analyst roles
What to pursue for GRC (Governance, Risk, and Compliance)
The most valuable paths for Cloud Security (AWS vs Azure)
Hands-on certifications for Penetration Testing & Ethical Hacking
Certifications that are overhyped vs actually useful
Why certifications alone won’t get you hired (and what will)

If you're overwhelmed by all the options out there, this episode will help you focus, save money, and build a clear roadmap.

Come hang out with us in the Cybersecurity Mentors Skool community. It’s free to join.

Free Your Mind Cold Open

SPEAKER_00 0:03

Did you teach me? First learn stand. Then learn fly. Teacher rule dying stuff. I know what you're trying to do. I'm trying to free your mind, yeah. But I can only show you the door. You're the one that has to walk through it. What is the most inspiring thing I ever said to you? Don't be an idiot. Changed my life.

SPEAKER_02 0:37

Welcome back to the Cybersecurity Mentors Podcast. We are back today with a topic that surprisingly a lot of people have asked about certifications. What kind of certifications should I focus on? What should I go get, depending on what I want to do when I grow up, basically? So today we're going to talk a little bit about some of the certifications that we, in our opinion, are good certifications depending on where you're starting, what you're focusing on, whether that is, hey, I'm trying to be a stock analyst, I'm trying to get into GRC, I'm trying to do cloud, I'm trying to do pen testing, whatever it is, we will give you our opinions on what you should focus on. That's the focus of today's episode.

SPEAKER_01 1:17

Yep, that's it. Well, I think I'll cover at least the fundamentals. And we talked about this with Ed SCOTUS. He talked about this specifically because I asked him, I said, hey, what would you recommend if people ask you how do we how do you get into cybersecurity? And you know, he's like, you got to know your network, you got to know your operating systems, you got to know the fundamentals, you gotta know how those core pillars that I've talked about, right? You've got your operating systems, you've got your network, you've got your application, your developer, your scripting. Um, and then and then really now there might be a fourth pillar over here hiding out, the AI pillar. Uh you gotta add these things into it. I think that's that's it should be it's really gonna be fundamental going forward. So yeah, I think that if you start out with the fundamentals in mind before you get to the security, you don't have to, but I think it it makes more sense when you understand those basics of those things that we're I just talked about. What do you think, Steve?

A Plus And Network Foundations

SPEAKER_02 2:20

No, I completely agree. So I'm curious to hear what certifications you think will achieve that for you know our listeners.

Linux And Scripting For Real Skills

SPEAKER_01 2:28

Yeah, I think you know, if you're starting out at zero zero and you have you're like, I'm not I can turn a computer on, right? Then you need something like the A plus certification. And and I'm I'm I think Comtia does a good job of giving you a foundation of a lot of things, and specifically IT and security, which we'll get there. But I think A plus, you know, there's the two exams, the core one, core two. You combine those together. We've talked about those before and how they give you the understanding of troubleshooting uh operating system, you know, they give you the scenarios that you're you're being called in to help fix the problem. What do you need to know? Right? A little bit of networking. I think all those are good to get you to a point where you kind of get it, right? That's not all uh ethereal. What is it, what would I do if this happened, what would I do if that happened? Um and you might already have some of that, and that's okay. You can you can kind of evaluate the criteria and the and the curriculum to see if you need anything in there. Um and you can always just beef that up if you need to without having to go full A plus. But if you really are starting at at the scratch at zero, it will be good to have the A plus certification. I I got my A plus certification like a very long time ago when it was a way version different, but it was very helpful for me to have that. And from there I was I felt like I was ready to go get a basic desktop support job and could go do some troubleshooting and help um build computers and you know, replace parts and things like that, and uh and it it was very helpful. So I think that's one thing I think on top of that if you build onto and and this is what I mentioned what Ed said is your network fundamentals, the network plus or something like the network plus, everything runs on the network, and you need to be able to understand not every little detail, but you need to understand it well so that when you're in security or wherever you are, you know how it works, you know how TCP IP works, you know how there's how those protocols work, you know when you see um 3389 what that port is, right? You need to know what port 23 is for, right? You need to be able to see that as you're thinking about the big network and how to not just troubleshoot it, but how you're connecting the dots, how things flow across the network. I think outside of that, um Windows, there's not a lot of great Windows certs that I was looking at, and and maybe you saw something, but I haven't found one that like this is the perfect Windows certificate. But Linux, there's several. And I really, my opinion, it I would really recommend that you do get a Linux, at least training. You may not need the full cert, but it won't hurt to get like the Linux Plus. Again, back to CompTIA. I think it doesn't have to be that, it could be the the um other certificates that are out there, but a Linux search is you can feel comfortable at the command line. You can feel comfortable being able to understand if I need to run these terminal programs or run a bash script or uh troubleshoot Linux, you can get that. Because that's probably I mean, Windows is complicated too, but if you're doing things, a lot of times you come back to that level of command line functionality. So I think the Linux a Linux cert will be helpful. It would be my recommendation just do it, you know, knock it out, and then now you've built that level up of competency. So when you do build on top of it, you're not starting, like for example, if you started with a pen test cert, a lot of the tools they're gonna use are Linux or run on Linux, and you if you don't have that fundamental layer there, then now you're figuring out Linux at the same time you're trying to figure out security, right? Um, there are some AI certs out there, uh, believe it or not. Um, and I don't I don't have enough information to kind of tell you which one is the best one, but there Compt again has an an AI one. It's like the the AI fundamental cert. Um check it out. I can't tell you if it's good or bad, but I think there's something to that. I think definitely having a a general understanding of what is what is it and how do you use it is good. There are more and more of these that are popping up. I think Google has their own AI cert. I don't know that you have to fully get certified, but look at the curriculum, look at the learning. Maybe you take a course that's pretty easy, but you have that understanding again the fundamentals of what is it? How do I use it? What's the difference between one and another? And it's not just the magic box that you get things out of, right? Um, so I think that covers most of everything. Oh, uh, and then I think it's good to pick something that's like Python or PowerShell and or both. Um, and and pick a training at least that gives you some level of proficiency in both of those. I think if you do that, then now you've got your scripting and a little bit of programming that you can build from that you're not just relying on AI to write code for you. Um, I think that would help a lot too, and then you can just kind of build from there. You know, you can keep going deeper. Um, and we'll come back to this. Another thing Ed said that I really liked, he said you could pick something for a month, go deep for a month, dive deep, and then you know, bounce from there because you know you can get burnt out too.

AI Certifications Proceed With Caution

SOC Analyst Certs That Hire Well

SPEAKER_02 8:46

Yeah, no, I agree with absolutely everything you said. The only thing I would say is um I was doing some research on AI stuff and certificates and even training. And some of the stuff that I mean, even I, when I do my research, I look to see what other people that I trust say, right? And what other people are recommending and what other people are promoting, and then do my look my research from there. And one of the things that I just felt a little unsure about was there seems to be just AI is the hot topic right now, right? AI is the hot topic, and there's just a lot of things that are being thrown out there. And I didn't feel comfortable enough to say, I recommend you take this because things are changing so fast. There's just things are just people look, I'm not saying everybody's like this, but some people are just trying to make a quick buck. And even organizations like even Camtia and other organizations like that, they know that hey, AI is the hot topic right now. Let's throw something out there. And I haven't taken any of this training myself, so I can't personally say I took it, I've learned so much, I've I've vetted it, I trust it. So I just say be cautious. It is the hot topic right now. I am sure there are stuff out there that is worth it. That, hey, if you're listening to this and you say, hey, Steve, John, I've taken this and I truly liked it and I enjoyed it and I learned something, please shoot it to us in the comments, let us know. But with the quick research I did, I just couldn't find something that I would say, I have this, I put my stamp of approval on this. So I was curious if you had anything, which it sounds like kind of the same boat. Um, but other than that, like listen, learning the fundamentals A plus, and this is not sponsored by Comptea or anybody, okay? We're just literally talking about certifications that we know that we we have experience with, that that we see as hiring managers as well, and um in position descriptions and just things that stand out when we're hiring somebody. But anyway, I do agree with the fundamentals, the A, the um, the network plus, the scripting, um, Linux, Windows, I agree, but still I feel like a lot of people grow up on a Windows machine. So you kind of learn some stuff here and there. But if there is anything specific that's more in-depth to um to Windows, absolutely, I would recommend that as well. But yeah, I mean, I thought I thought you did great hitting all the the basic fundamental stuff. So moving on to you know, what are some of the things that I would fo that I would recommend someone focus on if they are trying to become a SOC analyst or a security analyst, just entry-level cybersecurity work. Obviously, the number one, I mean, the the daddy of all the entry-level certs, Campia Security Plus. I mean, it's just it's just so well known. And it does a pretty good job. It does a good job of just getting you introduced into what cybersecurity could be, touching on a lot of different areas, different domains within cybersecurity to give you an idea of like, hey, this is what it would be. Now, I there are others on here that are a little bit more hands-on. This one is literally just book smarts, I call it, right? It's just a lot of learning, repetition, memorization type of stuff, even to take the certification. But it holds a lot of weight. It holds a lot of weight in the workforce right now. When you're applying to positions, a lot of position descriptions have it. A lot of HRs are familiar with it. So it just carries a lot of weight. And there's it's just the entry-level cert for cybersecurity. So it's definitely one you have to go after. Your thoughts on that, John?

SPEAKER_01 12:31

No, I I think that's good. I can't really argue with that. And I do think it is good. I do think it is a good certificate and covers the fundamental basics to help build on again, but for security specifically.

SPEAKER_02 12:45

Yep, absolutely. So I had on here the other two was another Comtia one, the SISA Plus one. Um, so this focuses on specifically stock-related tasks. Um, you're gonna be doing a lot of threat detection, incident triage, incident response. It builds on the security plus. Um, it's literally designed for security analysts, for stock roles. Like you will be learning and going through the steps of things that you will actually do in your day-to-day job, which is why I have it on here. Um, focus heavily on sim analysis, log monitoring, threat hunting, you name it. It is basically what you're gonna do while you're at you're in your job. Um, the other third one I had on here was the Blue Team Level One. So if you haven't checked that out yet, check it out. Um, it is again very practical, very focused on real-world defensive security. So it is very it is hands-on, it is way more hands-on um than the previous two. So that is also why I like it. And I know a few people who have actually gone through the training, have gotten the certification, and they came out feeling way more confident in what the day-to-day life is of a of a blue team member. Um, so yeah, I definitely, definitely recommend it.

Pen Testing Certs And CEH Reality

SPEAKER_01 14:07

Yeah, no, I agree. Um, I was thinking about again about the Sans roadmap. I really like that as an idea when you're not sure what you should what you should do next. Yes, if you have the money, SANS is great. I'm not, I mean, I got my start with SANS certificates, SANS training. Uh, I think it is very good. It is top-notch, it's not cheap. But use the roadmap. If you go Google SANS Cybersecurity Skills Roadmap, it gives you a great breakdown of fundamentals for security. And they have literally security essentials, it's like one of the courses. Then you've got the monitoring detection, the blue team, it's literally colored blue, right? Um, and that's like network detection, threat detection, those kind of things. But you don't if you can't take that class, just think of okay, I want to focus on like the C S C plus, right? It's focused on blue team. Okay, then you've got the red team section, like the fundamentals of penetration testing, things like that. Sans 504, those are great. Well, if you can't do that, then find something that's similar, again, spread it out a little bit to kind of see what you like. Um, I'll come back to one I would recommend for offensive security, but then it goes into instant response and threat hunting, a little bit more advanced, blue team like middleware, you know, that's actually gray in here. Um, how to do forensics and things like that, right? That's a skill that it takes a lot to get good at. Um, and then you then there's like that's tier one, and then you move up to the next more advanced tiers of those things. But if you if you look at that roadmap, you can be like, okay, well, I did some blue team stuff, you know, now I'm gonna go do some red teams, red team stuff. Okay, great. Now I'm gonna go do some threat hunting stuff and more deep dive into forensic stuff. Um, you know, you can just kind of bounce around there and use that roadmap as a general idea of where am I weak, where am I strong, what can I work on in the whole security framework. What I'll say about offensive stuff, and just another thing to to take to to look at is TCM, right? The what you get for TCM for the dollar value is in my opinion very, very good. You could really sign up and take all these courses in a year and and get certified, and I don't think you're you're gonna your return on an investment is worth it. They have several free classes you can go take. They have an AI fundamentals class, they have a Linux Linux Fundamentals, they have a help desk class, practical security fundamentals, programming fundamentals, and even soft skills for a free class. And then they have the they're they're kind of shaded more toward the office of security. I have done the um, I think it's like the practical ethical hacking. Yes, I've done that course. Great. I like it because it's a lot of hands-on. It's not just book knowledge, it's actually getting you to do things and walking you through how to do those things. In my opinion, anything that helps you walk through and do, not just read, is better. You know, you need the book knowledge, but if you can get to the point where you are shading that, even as you're as you're doing the book knowledge, you can shade into the things that you can do in your lab or in a course. That's gonna be my preference. But I really like TCM. I mean, it's not it's changed a little bit, you know, the ownership's changed a little bit, but still the content is solid, the price per course is very reasonable, right? So something to consider.

SPEAKER_02 17:47

Yeah, no, I agree. And I had them on my list actually for penetration testing, ethical hacking certifications. I had their practical network penetration tester for TCM because it is so hands-on. And with something like offensive security, that is you need hands-on. Like in order to be successful and really pick up the stuff. I mean, I don't know how people learn out there. I'm a doer. I gotta do the thing to learn it. I also had the Comptia Pent Test Plus. I had that on my list as well as something you could take a look at to get your feet wet and to learn if offensive security is something that interests you. One that I kept seeing up come up uh over and over and over and over again when I was doing my research was this EJPT one, um, which was very super beginner-friendly, hands-on. It's focused on method out methodology, but also like practical exploitation. Um, and it was it was ranked very high by a number of people that I reached out to and view their um their feedback on certifications. One that I I left on here was the Certified Ethical Hacker certification, because I know John loves this one. But this is a good example of what unfortunately, when you are applying for positions, you know, the people on the other side, like HR or or even some of these hiring managers, they're they're not keeping up with a lot of these new certifications and a lot of these new things that are coming up and that are very solid and strong and actually teach people the skills that they need. They are relying on what has been here the longest and what is known. In my opinion, and I think John would agree, certified ethical hacker is not that good of a certification for you to have. If if your your focus is to get into uh offensive security penetration testing, I personally don't believe that that is where you should focus or put your money into. Now, people may say, and some recruiters watching this may be like, ooh, but that's like one of the top ones out there if you're going into government work, if you're trying to um to do like defensive work, DOD three-letter agency work, like they have that on the list and it's a check the box for HR and all of these different recruiters and stuff. I get it, but that's that's where you kind of have to see the difference, right? One is am I doing the certification because I'm actually going to learn what the heck I'm gonna be doing? Or am I doing the certification because this certification is well known, has been around for so long, may not be the best to teach me what I want to learn, but it will open doors just because it has established itself at that level. And I personally think this certification has established itself with some organizations and some some some areas where it does carry weight. So it could still open doors for you, but it may not be one of the first ones that I would say, go get this if you're trying to learn how to actually be an offensive security professional.

SPEAKER_01 20:55

Yeah. So um, I mean, I took the course the a long time ago. I was definitely not impressed at that time. Maybe they've improved in what they do and how they teach, and and I'm looking at the modules here. It's all fine. I don't see anything that I would like disagree with what they include in the modules. Um, but my experience at that time was very, very high uh shallow and more tool tool specific. Oh, use this tool, and then you gotta use this tool, and then you gotta use this tool, and like and you gotta use this tool, versus the methodology, the thought process, how you're doing a penetration test, why you use that tool over that, over this tool, like it was just in my opinion, a shallow, high-level view of tool overload. Here's every tool you can think of, and not why this tool was the right tool at the right time. So maybe it's changed. I don't know, but that was my experience. Uh again, it's been a while. But um, if somebody came to me and they said, Oh man, I got my CEH, I've done that. Okay, yeah, tell me tell me about why it was good, and then maybe they can convince me otherwise.

GRC And Cloud Cert Strategy

SPEAKER_02 22:02

Well, hey, if you're listening to this and you have a different opinion or you have a different experience or anything, please share it in the comments. Let us know. Again, this these are our opinions, and yeah, we'd love to hear if you've had better experience with it. So let us know. Moving on to some GRC certifications. For this, it was kind of Uh, you know, back kind of back to the basics. I mean, uh, Comptist Security Plus was one that I would say you have to get that to kind of get a good understanding of where you're gonna start. I also saw where there was a lot of recommendations for the IST Square certified cybersecurity certification, just because, again, that's very beginner-friendly, covers a lot of security fundamentals and governance, and it is a little bit focused more on governor governance, risk and compliance. So that was a good starter, other than the security plus. And then, you know, do you know, going out and doing some GRC certifications that are a little more hands-on that will give you an idea of what GRC work is actually like, maybe things that you would do day in and day out, not just theory, not just book smarts, but kind of what gives you examples and kind of have has you walk through some of the things that you will actually do as a GRC professional. And one of the ones from our friend Jerry, Simply Cyber, he's got a good GRC training um program that you can check out. And all everything that we've listed here, what we'll we'll share in the description. But yeah, that is kind of where I'm at with GRC. What do you think, John?

SPEAKER_01 23:37

Yeah, I would throw in there the Isaac, the C risk as well. I I haven't taken it, but I've heard some folks we've talked to said it was good and very helpful from a from a GRC and risk perspective. So I would recommend that one too. Yeah, perfect.

SPEAKER_02 23:56

Now, the last area that we want to talk about is cloud security. So this is a very important area. You know, we are doing a lot of work ourselves with in this area in our in our day jobs. Um so one of the things that I would say is I was actually asked, I was like, hey, uh, hey Steve, what would do you recommend in terms of what cloud um certification should I go? Should I go after? Should I focus more on AWS? Should I should be more Azure? Should I be Google? Like what should I focus on? Or should I do a little bit of both? And honestly, in a perfect world, I would tell someone, if you are able to, do a little bit of both, at least the top two, which in my opinion are AWS and Azure. Do a little bit of both. Know the basics for both, but then choose one and focus on that one heavily, and then take your career down that route. That's what I would recommend someone to do. Now, I would say, you know, in my opinion, and you know, John, let me know what you think. I would say AWS is probably the route I would take, just because um, from what I've seen, that it's just it's just it's just it's just a big daddy when it comes to cloud. Now, I mean, I think Azure's putting up a fight, Microsoft's putting up a fight. And depending on what industries you work in, and um, you know, you might be heavier AWS, heavier Azure, you know, it might depend. I know we are technically using both. We're using one for one specific thing, one for the other, but we're using them both. And our guy who we have is in charge for both both areas. So he needs to know a little bit of AWS and a little bit of Azure. So I would say if you are able to learn a little bit of both, at least those two, in my opinion, that would make you a very valuable individual. But I would say at some point you want to focus on just one and become an expert of one. And if you ask me right here, right now, I would say become an expert in AWS.

Budget Study Options And Next Steps

SPEAKER_01 26:07

Yeah, I I don't disagree with that. I think I think um maybe you pick, you try a little bit of each one, and maybe there's one you just like better, right? Maybe you like the way Microsoft does it versus the way that um AWS does it, and you like the way that they use and the terminologies and just that structure. You maybe you have a preference based off of trying each one. That would be my recommendation. I do think AWS seems to be the more popular, but you know, there's a lot of people that use Azure too. Um and if you like it, go that route. Go deep, like set pick one, go a month in, see what you think, and then uh and then you can bounce from there. I wanted to to share real quick my screen for I c I came across somebody shared this with us and I shared it in our our school community. But this humble bone humble bundle program, um, man, it I I actually I ended up buying it because of the value, but it has so many different things, it's almost way too many, honestly. But and you can buy different bundles of it, but they have AWS, like five different certificates in AWS. They've got like five different certificates for Azure, a few certificates for Google, they've got Comp T uh A Plus, they've got Security Plus, they've got CISA Plus. Um, it's got a lot in here. They've even got offensive security, it's got Linux Plus, it's got AI, it's got Red Hat, I mean, it's got a ton of stuff that's like I said, it's almost too much, but you can choose kind of pay what you what you want, and you get all this. You get all this, all this training, and you get practice tests bundled in to take for each certificate. So you could pay uh you know, pay for this and then try each course out and see what you think. Oh, let me go try the AWS, let me go run through that, unpack it, right? And then you have it for life. So you can go back if you need just a as a reference, use it as a reference. You could go back in here. Let me go watch that video on whatever that topic is. Um, they've even got um, like I sent mentioned offensive security, they've got pen test plus as well in here. It's it's a ton of stuff for what you can get in this bundle, the humble bundle. So if you like it, if you think it's interesting, take a look at it. It goes to a good cause. Um, girls who code, so there you go. You're also helping a good cause. But for the what you get out of it, it's pretty good. So that's the kind of thing you can do and maybe check these different paths out, but they have a good mixture in this of pretty much everything that we talked about. A plus is in here, um, server plus is in here. So you will you won't have a lack of things. There's not a lack of of paths. There's not a lack of things to study. It's just the commitment to do it and finding going into it and sticking with it until you level up to a certain level. You don't have to stay with it forever, but then you gotta you know keep building, keep building.

SPEAKER_02 29:15

Absolutely, I agree. And one thing I want to say again, these are our opinions, right? We will link everything for each one of these sections in in our our description. And it's also you can find more information about this in our school community. If you haven't joined, check it out, it's completely free. But one thing I will say, right? Certificates only get you so far. You have to continue to, you know, put in the work, put in the heavy lifting, and you know, definitely pair certificates with actual training, whether it's building your own home lab or working within your home lab, doing things like hack the box, try hack me, and other training platforms like that. You have it's a combination of all of those things that will get you into the right setting, make sure that you are prepped, confidence level, making sure that you're putting the reps in, like John says all the time. It's a combination of all those things. Just certifications alone will not get you the job. We know that, we've seen that you have to you have to go above and beyond. So it's a combination of all these things that will help you in the end land that dream job that you're wanting, that you're looking for. So that is it. I mean, anything else from you, John?

SPEAKER_01 30:24

Nope. Yeah, I think you said it great. Just um tie this into practical experience, keyboarding on these things as you learn them, try to bake that into what you can do on the keyboard, right?

SPEAKER_02 30:36

I definitely recommend that. Absolutely. So if you have any questions about what we went over, if you want to get more in-depth, ask us some questions, you know, shoot us a message, join our school community. It's completely free. Other than that, we want to hear from you. If you guys disagree, if you guys have other thoughts, other recommendations, please share them, comment on this video. We'd love to hear it because we're also learning and you might have gone through a different experience. And all that is important because it could help someone when you least expect it. So, with that, thank you all for tuning in. Until next time. Thank you for tuning in to today's episode of the Cybersecurity Mentors Podcast.

SPEAKER_01 31:12

Remember to subscribe to our podcast on your favorite platform so you get all the episodes. Join us next time as we continue to unlock the secrets of cybersecurity mentorship.

SPEAKER_02 31:22

Have questions, topic ideas, or want to share your cybersecurity journey? Join our school community, Cybersecurity Mentors, where you don't have to do this alone. Connect with us there and on YouTube. We'd love to hear from you. Until next time, I'm John Hoyt. And I'm Steve Higaretta. Thank you for listening.