I am currently working as a Junior Network Administrator and I want to transition into a dedicated security role by the end of the year. I’m confused between starting with the Security+ or going straight for the Certified Ethical Hacker (CEH). Most job postings for SOC Analysts mention both, but CEH is significantly more expensive. Which one provides more practical value for a first-time security professional?
3 answers
For someone in your position, I would strongly suggest starting with the CompTIA Security+. It provides a broad, vendor-neutral foundation that covers everything from cryptography and risk management to identity access. Most importantly, it is a DoD 8570 compliant certification, which is mandatory for many government-related contract roles. The CEH is more specialized toward tools and "hacking" methodology, but many hiring managers feel it doesn't go deep enough into the "why" of security. Get the Security+ first to prove you understand the architecture; it’s a much better return on investment for your first security badge.
Brenda, do you think the CEH still holds weight in the private sector for Red Team roles, or has the OSCP completely taken over that space in terms of industry respect?
I passed my Security+ last month and managed to get three interviews within two weeks. It really is the "key" that opens the door to the security industry for newcomers.
That's amazing, Austin! It just goes to show that the industry still values a strong grasp of the basics over expensive, flashy certifications when you're just starting out.
Michael, the OSCP is definitely more respected for technical Red Teaming because it is a 24-hour hands-on exam. However, the CEH still appears in many HR filters for general security roles. If you want to be a "hacker," go for OSCP. If you want a well-rounded resume that passes the initial recruiter screen for a variety of roles, the CEH still has its place, though Security+ remains the best starting point for the fundamentals.