Some people regard certifications as overrated. But given the number of resumes human resources departments get, having the certifications listed in the job description, even if the description calls them desirable and not required, really helps. You need something to make you stand out, and certifications are an effective way to do that. Here are the 16 best certifications to get, in my 20 years of experience in IT.
If you already have an IT position but don’t have some of these certifications, these certifications can be good goals to put on your annual review. Most of them are attainable within a year, and they increase your value to your present employer, so a good employer is willing to pay for the training and examination fee as long as you agree not to leave within a certain period of time.
Also, there’s no reason to think you need to get all of these. You can have a long and productive career with one or two of them. The key is which two. But you’ll know which ones apply to your situation and which ones don’t.
CompTIA offers a selection of entry-level certifications that most HR departments and hiring managers recognize and value. They don’t make you an expert, but they demonstrate a baseline level of knowledge and competency to get you in the door. When I see a couple of CompTIA certifications on a resume, I assume someone who can come in as a junior-level staffer and contribute right away.
These exams tend to be 75 questions and take a couple of hours to complete. They cost around $330. The cost is non-trivial
A+ covers the basics of computer hardware. Someone with A+ certification knows how computer hardware works and can do most troubleshooting on their own, without having to contact the manufacturer unless they need to exchange a component under warranty. A holder of A+ can install an operating system and get it working on the corporate network.
Most computer repair shops require A+, and having A+ gives you an advantage if you apply for a desktop support position at a large company. If your job is going to involve working on computer hardware to any extent, this is one of the best certifications to get because you’ll use this knowledge your entire career, not just to get in the door.
Network+ covers the basics of computer networking. Someone with Network+ certification knows how computer networking equipment works together and knows the difference between a router, firewall, and a switch. If you want to go beyond desktop support and don’t know if you want to work on servers or network equipment, Network+ is a good certification to get, as it’s relevant to both fields and will expose you enough to both to help you decide which direction to go. Much of the knowledge from Network+ also applies to security certifications, if you decide to go that route.
This certification applies so widely, it’s one of the best certifications to get early in your career, period.
Server+ is an entry-level certification covering servers. It’s vendor-neutral, so it doesn’t make you an expert in Windows or Linux or any other server operating system. It makes you more of a generalist. That said, it helps you understand a lot of different functions of a server, making it one of those certifications that remains useful even after you move beyond entry-level positions. Getting Server+ can definitely help you become a system administrator.
Security+ is the most recognized entry-level certification for security. This certification is essential for making the jump into security from an infrastructure field, but it’s a useful certification to have regardless, since it helps you understand how your company’s security department thinks.
U.S. government IT contracts generally require everyone to have this certification because it demonstrates a fundamental understanding of security. Even if you don’t work in government contracting, this is among the best certifications to get because it opens so many doors for you, in addition to making you more valuable wherever you are.
Vendor-specific infrastructure certifications
Once you’re a system administrator and have the required experience, getting a vendor-specific certification helps you specialize and move up in the pay scale.
CCNA is Cisco’s certification for network engineers. It’s a good certification for network engineers to get if their shop has Cisco equipment, which most does. Even non-Cisco equipment tends to imitate Cisco equipment, making this a useful certification.
MCSA is Microsoft’s lower-level certification for system administrators. This is an extremely useful certification that demonstrates proficiency in Microsoft operating systems, which are still in use everywhere, even if Microsoft’s years of hypergrowth are behind it. Specializing in Windows is anything but a career-limiting move.
MCSE is Microsoft’s higher-end certification. There was a time when outsourcing shops used their count of MCSEs as a unit of measure for how successful and proficient they were. Like MCSA, this certification is no longer what it once was, but it’s still something that higher-level Microsoft specialists are expected to have.
RHCE is Red Hat’s answer to MCSE, a certification that demonstrates proficiency in Red Hat Enterprise Linux. Most large companies have a fair number of Red Hat machines and its installed base is growing, perhaps even faster than Microsoft’s installed base. Red Hat also has numerous workalikes, which improves this certification’s applicability.
Project management certifications
Once you move beyond entry-level jobs, you end up having to work with project managers a lot. This can be difficult, as project managers think differently from the rest of IT. Getting one of these certifications, or at least studying the material, helps you work with project managers much more effectively.
Project management is also a good career path. One or both of these certifications is helpful for managers in general. And project management gives you a path in and out of IT, since every industry uses project management.
Project+ is CompTIA’s entry-level project management certification. Few job descriptions require it, but having this certification helps you work effectively with project managers and even do your own project management when circumstances require it. Under some circumstances, this can be an inexpensive alternative to PMP.
I hesitate to call this one of the best certifications to get as HR doesn’t value it as much as I do. But I still think this certification is a good career move regardless of what HR departments think.
PMP is the gold standard for project management certification. The best project management jobs require PMP. I also know many managers, outside of project management, who have this certification. Every company needs PMPs, and not just in the IT department. So PMP does a lot to increase your marketability. PMP is an expensive and difficult certification, but its payoff can be large. PMP is easily one of the very best certifications to get.
You can work in security without any certifications. I know people at the highest levels, in fact, who have no certifications. But I don’t recommend it. Many security jobs require certifications, and most of the people you compete with for job openings will have them. I recommend starting with Security+ and then starting work toward a more advanced certification.
Any SANS certification
The SANS Institute offers training and certification in dozens of specialized sub-fields of security. These certifications are incredibly hands-on. While expensive, they carry a great deal of respect. SANS doesn’t offer a certification in every area of specialization just yet. But if SANS offers one that applies to you, get it.
CISSP is the most (in)famous security certification. The popular description of it being a mile wide and an inch deep is accurate. A CISSP truly is an expert in nothing, but knows just enough about enough things to ask good questions.
It’s also highly sought after. At any given time, there are about 10,000 job openings that either require CISSP or list it as highly desirable.
I can personally vouch for CISSP being the best thing I ever did for my career. In a slow month, I receive about two unsolicited inquiries from recruiters. Since getting CISSP in 2012, I’ve averaged a promotion to a higher pay grade approximately every two years.
At 250 questions over six hours, CISSP is an incredibly difficult test. But I highly recommend it. I don’t just think CISSP is one of the best certifications to get. I think it’s probably the best one to get.
CISM is a security certification for managers. It covers about half the ground CISSP does, but goes into more depth in regards to management. If you are more interested in management than in being a hands-on practitioner, CISM is an incredibly useful certification.
I’ve seen people use CISM as an alternative to CISSP, but I also know plenty of CISSPs who also have CISM. There is considerable overlap in the material, but if you want to specialize in management, having both can be very helpful.
At least half of security is auditing, and CISA is the most sought-after certificate for security auditors. It’s not the most glamorous security work, but the demand for it is extremely steady. The CISAs I know get more unsolicited job queries than they know what to do with.
If you have an accounting background but are also interested in IT, and especially IT security, getting CISA is the quickest way to get into a lucrative area of specialization. All of the Big Four firms need CISAs desperately, but so does every Fortune 500 company.
If you want to go straight into security without spending time working in infrastructure, CISA may be the fastest way to do it. That alone makes CISA one of the best certifications to get.
OSCP is the most difficult certification here. Every pen tester I know aspires to pass OSCP, but few do. This is a hands-on test that requires actual hacking of live systems, including writing your own exploits. It demonstrates high-end penetration testing skills that go well beyond book knowledge.
OSCP isn’t as well-known as CISSP. But if you want to know who CISSPs look up to, it’s the people who have this cert.
CRISC is a risk management certification. Security isn’t about building impenetrable computer systems. It’s about lowering the risk of something going wrong to a level everyone is willing to accept. CRISC is about risk management.
I’ve only met a handful of CRISCs, and it’s generally higher-level people who get it. If you’re a CISSP and you’ve topped out, CRISC is one of the best certifications to get to continue progressing, especially if OSCP isn’t for you.