Career Roadmaps

Cybersecurity Certification Roadmap

A structured, role-based progression guide for cybersecurity certifications.

Pros

•Clear, structured progression from Beginner to Expert
•Aligns certifications with specific cybersecurity roles
•Prioritizes practical, hands-on exams

Cons

•Certifications alone do not guarantee jobs
•Hands-on certifications require significant lab time

Certification Roadmap

Legend: Theory Practical HR Filter

Certification	Organization	Purpose	Type
ISC2 CC	ISC2	No-experience entry cert	Theory
CompTIA Network+	CompTIA	Networking fundamentals	Practical + HR
CompTIA Security+	CompTIA	Baseline security knowledge	Practical + HR

Certification	Organization	Purpose	Type
SSCP	ISC2	Operational security	Practical + HR
CySA+	CompTIA	SOC Analyst, threat detection	Practical + HR
PenTest+	CompTIA	Intermediate pentesting	Practical + HR
eJPT	INE	Hands-on pentesting	Practical
PNPT	TCM Security	Network pentesting	Practical
BTL1	Security Blue Team	SOC, IR, detection	Practical
SC-200	Microsoft	Sentinel, Defender	Practical + HR

Certification	Organization	Purpose	Type
OSCP	OffSec	Industry benchmark pentest	Practical
GPEN	GIAC	Enterprise pentesting	Practical
GCIH	GIAC	Incident handling	Practical
GCFA	GIAC	Digital forensics	Practical
AWS Security	AWS	Cloud security	Practical + HR
CCSP	ISC2	Cloud governance	Theory + Practical
CISA	ISACA	Info systems auditing	Theory / HR
CKS	Linux Foundation	Kubernetes security	Practical

Certification	Organization	Purpose	Type
CISSP	ISC2	Gold standard senior roles	Theory / HR
CISM	ISACA	Security management	Theory
OSEP	OffSec	Advanced exploitation	Practical
OSED	OffSec	Exploit development	Practical
SecurityX	CompTIA	Advanced architecture (CASP+)	Practical + HR
CSSLP	ISC2	Secure software lifecycle	Theory / HR

Role-Based Paths

Penetration Tester

eJPT →PNPT →OSCP →OSEP

SOC Analyst

Security+ →CySA+ →BTL1 →GCIH

Incident Responder

CySA+ →BTL1 →GCIH →GCFA

Cloud Security

Security+ →Azure →AWS →CCSP

DevSecOps Engineer

Security+ →AWS/Azure →CKS →CSSLP

GRC / Auditor

Security+ →CISA →CRISC →CISM

Security Engineer

Security+ →CySA+ →Cloud →CISSP

Minimum Certifications to Get a Job Fast

The shortest path from zero to employed in cybersecurity.

Security+

CompTIA

Pass HR filters for entry-level

BTL1

SBT

SOC Analyst job-ready fast

OSCP

OffSec

Offensive role benchmark

SC-200

Microsoft

Microsoft SOC skills

AWS Security

AWS

Cloud security roles

Certifications to Avoid

CEH

Overpriced, theory-based, lacks respect in technical community

Beginner cert stacking

CC + Security+ + others simultaneously = low ROI

Vendor-overlap certs

Multiple similar certs from same cloud provider = diminishing returns

Practical Decision Matrix

Want a job fast? Security+, OSCP

Weak foundation? Partner Training + Vendor Exam

Low budget? Self-Study + Direct Exam

Want hands-on? OffSec / GIAC / BTL1

Want HR filtering? ISC2 / CompTIA / ISACA

Common Mistakes

Collecting certs without hands-on lab experience
Relying solely on theory exams to prove competency
Pursuing advanced certs without foundational knowledge
Stacking overlapping beginner certifications
Assuming a cert guarantees immediate employment

Best Practices

Prioritize practical lab-based exams over theory tests
Align certs with target job description requirements
Build a homelab to validate concepts hands-on
Get one foundational cert then move to intermediate
Contribute to open source or write blogs as a portfolio

Maintaining Certs (CPEs)

Track expiration dates! Certs expire every 3 years.
Earn Continuing Professional Education (CPE) credits.
Attend security conferences (BlackHat, DefCon, B-Sides).
Complete free vendor webinars for easy credits.
Write security articles or blog posts for CPEs.

Core Rule: Always Choose Official Vendors

If a certification is NOT issued by a recognized vendor, treat it as learning — not a certification. HR only checks the issuing organization.

ISC2CompTIAOffSecGIACISACA