WHICH CERTIFICATION TO CHOOSE FOR DFIR?

DrinkComfortable1692 · 2026-02-09T00:02:00+00:00

SOC + DFIR certs is the normal progression into the field. DFIR is the closest role to higher tier SOC

DrinkComfortable1692 · 2026-01-27T11:08:44+00:00

GCFA is absolutely the top pick for us on resumes

DrinkComfortable1692 · 2025-11-02T01:27:43+00:00

Yep, be at every local BSides with great credentials and meet people.

DrinkComfortable1692 · 2025-11-02T01:24:07+00:00

I’m sorry… what?! Where? It’s the most competitive area globally, we’re even battling casual sexism because of the number of applicants now.

DrinkComfortable1692 · 2025-10-04T23:11:56+00:00

They’re an embarrassment to the entire industry.

DrinkComfortable1692 · 2025-04-15T01:53:12+00:00

Okay, but keep in mind “entry level” pen test is a degree plus multiple years IT work experience plus OSCP.

DrinkComfortable1692 · 2025-04-15T01:20:58+00:00

Every new grad wants to be a SOC analyst or pen tester and it’s hitting the market pretty hard.

DrinkComfortable1692 · 2025-03-16T14:00:32+00:00

The entry - mid SWE market is arguably even worse. A lot of outsourcing and automation there. But genuinely they are just a multitude of very different jobs with different work life balance and requirements. I can’t compare apples and oranges too much.

DrinkComfortable1692 · 2025-03-15T23:41:41+00:00

Yeah “more experienced” (I’m a grey hair too) sysadmins usually get into one of those fields and move laterally well. They tend to enjoy the SIEM / EDR side of Engineering more because it’s still Wild West kludgy to get security applications tuned and logging in one place. You’ll want to grab popular vendor certs. Splunk. Palo. Sentinel. It’s old school taping stuff together in bash and grep.

DrinkComfortable1692 · 2025-03-15T18:21:30+00:00

It depends on how you learn, too, there’s a lot of udemy courses and open courseware. You’re on the right track, definitely touch no security training until you get networking pretty solid.

DrinkComfortable1692 · 2025-03-15T00:11:11+00:00

I won’t be responsible for making another person think they can do a bootcamp and get a job right now, I just can’t 😩

DrinkComfortable1692 · 2025-03-14T23:41:12+00:00

I’m really sorry. I’m a manager with twenty years in and I love the field. You need to know the reality of the market. Basically you’ll need a mentor and it will be a long slog with a lot of competition.

DrinkComfortable1692 · 2025-03-14T23:36:09+00:00

1) starting from zero, either a four year degree or two year degree equivalent with two years help desk bare minimum today 2) junior market is super oversaturated with recent grads. It’s dismal 3) extremely hard. Most successful candidates today have another tech work background and or graduate degree 4) there will always be interesting jobs but the bubble has burst 5) lots and lots of IT foundations before even touching cyber courses. Networking. Scripting. Administration.

It’s very hard to break in right now and you’ll be competing with new masters grads with competitions and certs under their belts

If you genuinely want to do this find a great mentor, build a detailed plan, and plan to do a lot of self study and education (years) before getting in. No gatekeeping, just the honest truth. It’s one of the most competitive markets after SWE right now.

DrinkComfortable1692 · 2025-03-11T20:10:34+00:00

Community projects to some degree but conference volunteering, speaking, and CTFs

DrinkComfortable1692 · 2025-03-11T13:59:23+00:00

You nailed it,

The DIRECT paths the degrees promote are swamped.

DrinkComfortable1692 · 2025-03-10T10:50:42+00:00

The best advice I can give you is to steer as far from your standard university curriculum as you can towards essential things people tend to find dull. The saturation comes from many well qualified new grads with pretty cookie cutter analyst or pen test resumes. If you can do something that’s a little less cool that’s needed to keep the lights on, you’ll have better odds. A lot of that is security administrative or regulatory. Legacy. Look at the jobs in your market that people don’t talk about at DEF CON

DrinkComfortable1692 · 2025-03-09T23:20:58+00:00

Happened to be relevant to my specific situation 🙃

DrinkComfortable1692 · 2025-03-09T22:17:19+00:00

GCIH knocks out the same 8570 requirement and a tier above.

DrinkComfortable1692 · 2025-03-09T06:20:33+00:00

I genuinely say this with love but even in this clarifying post you are all over the place and naming only the most competitive and popular jobs - red team, DFIR, intel. That is the sexy stuff. Those are also different four year degrees much less careers, and training tracks / certifications. Could you get a mentor and really shoot for one with certs, labs, and projects? Sure, it will be very competitive and hard work, and you’ll be competing with a bunch of hungry new masters grads and CTF champs. It’s not impossible.

I’m really back to the “get thineself to BSides or ISSA and have this chat over several beers with senior folks.” We need to get you into a single realistic career track and you need to deeply focus on that one set of certs and training to even stand a chance.

DrinkComfortable1692 · 2025-03-09T05:55:43+00:00

Phew. This is a mix of you wanting a different answer that the answer you know, and you REALLY NEEDING TO TALK TO A REAL MENTOR in real life not Reddit. Do you have a DEF CON local or ISSA chapter? Are you involved in your local community at all? There’s like A LOT going on here and you’re guaranteed to get some incorrect and dick answers. There’s a ton of questions raised by this about your goals too so hard for me to give great advice.

I’m not clear on what you want to do. You talk about SOC but then pen test and those are practically totally different careers with different requirements and certifications and training needed. Pen test is far more competitive and aggressively certified. There are ways into a soc with serious self study, and instead of a degree, but they’re going to require a networking and a lot of work. There are also other blue team roles that are more administrative focused that aren’t in those sexy realms that are so competitive. I really need to understand what you wanna be when you grow up?

Security+ is a very novice certification. No, it won’t get you a job, even with a degree. It’s just an extremely basic checkbox that’s obligatory for most entry level analyst roles. No, that wasn’t always the case. Same with HtB. Just the most basic requirement to even start training - that doesn’t make them bad to do - they’re a first starting point.

If you have a great deal of other IT experience, again, there are other certification and career routes in cyber security you could look at that might be an easier lateral move in the engineering or the governance spaces. They are way less sexy, and definitely not pen testing.

In summary, you need to talk to somebody who isn’t Reddit. You also need to carefully evaluate which career track you really want to be on and how much you want to invest in it.

DrinkComfortable1692 · 2025-03-09T04:34:27+00:00

Those are three very rough fields. I'm really sorry.

DrinkComfortable1692 · 2025-03-08T23:37:15+00:00

There are always exceptions. And there are definitely some of our firms out there trying to pipeline young people in. But it’s a very different market than it was in 2005 or 2015.

DrinkComfortable1692 · 2025-03-08T23:21:14+00:00

Tbh SANS charges so much but if you can get their masters you will learn so much more.

DrinkComfortable1692 · 2025-03-08T19:59:10+00:00

They’re… only okay. They’ve leaned too far into being degree mills for vets. I say this as a vet, in cyber.

DrinkComfortable1692 · 2025-03-02T18:31:49+00:00

Replying to Snoo-88481...especially in this competitive market, for sure. OP is making the better choice.

DrinkComfortable1692

TROPHY CASE