I’ve been a System Administrator for five years and I’m looking to pivot into security. Would pursuing a formal ethical hacking certification help me get a higher salary, or is it better to just build a portfolio on platforms like TryHackMe? I want to know what recruiters are actually looking for in 2025.
3 answers
Having a background as a SysAdmin gives you a massive advantage in ethical hacking because you already understand how systems are supposed to work. A certification like the CEH or OSCP acts as a "filter" for HR departments and can definitely lead to a 15-20% salary bump. However, the portfolio is what gets you through the technical interview. Recruiters want to see that you can actually find a vulnerability and, more importantly, explain how to fix it. I’d suggest doing both: get the paper to get noticed, and do the labs to prove you have the skills.
Which specific ethical hacking certification are you looking at? Some are much more respected in the industry for hands-on skills than others that are mostly multiple-choice.
OSCP is tough but highly valued. If you can pass that, you’re basically guaranteed an interview for an ethical hacking role at most top-tier firms.
I agree with Wayne. Christina's advice to combine the cert with lab work is the perfect roadmap for someone coming from a SysAdmin background.
I was looking at the OSCP because I heard it's purely practical. It sounds intimidating to spend 24 hours in a lab, but I feel like it would prove my ethical hacking abilities more than a written exam. Do you think it’s too difficult for a beginner, or is my SysAdmin experience enough of a foundation to start training for it?