Go find someone with 10 certifications who has an open award banner on LinkedIn. I bet you don't find one. I bet you don't find one.

There's not many of them out there. Certifications, still highly relevant. There's so many influencers out there, so many people talking about how certifications are overrated, you don't need certifications.

And I think they're properly rated, guys. The fact is, when you go to Indeed or you go to LinkedIn and you check out the job requirements, there's usually 5, 6, 7, or 8 certifications that they're less than. Welcome to The Hacker's Cache, the show that decrypts the secrets of cybersecurity one byte at a time.

I'm your host, Kaiser Clark, and thank you so much for tuning in. Guys, I want to go ahead and jump right into this one. No guest, just me, solo episode.

And this is the message that I believe many of you need to hear. And I'm going to go ahead and just start saying it. You need to take charge of your cybersecurity career.

What does that mean? So, I've been seeing an epidemic of what I would consider dumb questions on my YouTube channel. A lot of questions that I answer in the video that is being commented on, right? So, for example, and if you're the person that made this comment, I'm not picking on you, but this is an example of that. So, in my Network Plus versus CCNA video, they asked, hey, do you think I should get CCNA or Network Plus for a stocking on this role? And I literally said that in that video.

And it's frustrating me because it's like people are asking questions and they just want the answer real quick. They just want the answer like that. And they have the answer there.

You just got to watch a 20-minute video. That's all you got to do. And everything you need to know is there.

But there's an epidemic of people trying to break into this field who literally need to be spoon-fed information. They need to be handheld through their entire career. That's why I say you need to start taking charge of your cybersecurity career because guess what? No one cares about your career more than you do.

And most people don't care about your career. And me, I try to help you, but when I keep getting the same questions, it gets frustrating for me. So, the reason why I'm making this episode, well, I was due for an episode, so I needed to make something.

And this is the message that needed to be said. And I have spent probably a month thinking about what to say for this particular episode. And it's been hard for me to make a new episode because a lot of the stuff that you need to break in this field and grow your career has already been said.

Matter of fact, if you watch every single minute of all my content, you would not have a single question. You could just go off of that and you'd be good. But a lot of people don't want to put in the work.

They don't want to put in the time. They want easy answers. And I'm here to tell you, if you're that person who does need easy answers, who needs to be spoon-fed information, who needs to be handheld, you're not going to make it in this field.

And that's the harsh reality, but it is the truth. You know, oftentimes when I give someone like, oh yeah, you can get this certification, this certification, and this certification. You have these three options and all three of them are similar.

They're different in their own ways. And people are like, well, do you, should I go with this one or should I go that one? And it's like, it don't really matter. Just pick one.

Just pick one. Pick one, whatever excites you. That's the one you should go for.

Or pick the one that's cheaper. A lot of times it doesn't really matter what certification you go after. There's over 400 certifications.

There's so many similarities between certifications. Now they're all unique. They all have their differences.

But there's a lot of overlap between certifications. And you don't need all of them. And I have a lot, but you definitely don't need as many as I do.

If you want to get as many as I do, great, because I plan on getting more. Right now I'm at like 19 certifications and I plan on getting more. But the point I'm trying to make is, you know, should you get this certification or that certification? A lot of times it's both.

A lot of times it's both. And having both is going to be better than having one. And if you can't get both for whatever reasons, maybe it's a financial thing, then just get whatever one excites you the most.

Whatever one's going to actually make you go in the labs. We've said it before on the podcast many times on this show, there's no right path. There's no best course.

There's no best certification. There's only, hey, these are the categories. Like, for example, if you want to be a pen tester, which many of you do because this is the Hacker's Cache, it's tailored towards offense security professionals.

But you can definitely benefit if you want to be a blue team or another type of security professional, or even another type job for that matter. But let's use pen tester, for example, because that's what I am and that's what I know the most. So, you know, there's a handful of certifications.

You got the OSCP. You got the CPTS from Hack the Box. You got the PMPT from TCM Security.

And those are what I would consider the three, the big three certifications at that mid-level. And it's like, well, which one do you get? Well, so we'll just pick one, right? I only have one, OSCP. Now I am planning on getting the other two, but like, there's not a real urgency to get them because like, I don't really need them.

I'm already a pen tester. And it really, those would just be more for sharpening my skills rather than leveling up my career. And if you want to get more than one, go for it.

But you can get one and be fine. And when it comes to other certifications, you know, for example, people ask me, hey, should I get Network Plus or Security Plus? Well, it's like they're both different certifications. Get both.

I have both. I would recommend both. But if you had to pick one, you know, go Security Plus.

And there's not a right answer. There's no best certification. There's no best path, right? There's infinite paths in this field.

I say that so many times. And a lot of times when I make my videos, I don't recommend like, oh yeah, you need this certification. This is the best certification.

I never say that language because there isn't a best certification. There is no certification you need. They are all optional.

They all do help you in some way, shape or form. And in my opinion, the more you have, the better you're off. The better off you are in landing a job or getting that promotion or getting that raise or whatever you're trying to do.

But I leave you to decide for yourself because it's your career. It's your goals. It's your life.

You have to make that decision. I can't make that decision for you. I don't know what your bank account looks like.

I don't know what you can afford. I don't know what your learning style is. I don't know what your goal is, right? And when you drop a comment, is this certification or this certification better? There's not a lot of context.

Now, some people do drop comments and they'll give me like a paragraph of their scenario. Those kinds of questions I actually enjoy answering because, all right, I got some context and I can help you figure out what's the best. But then when you say, hey, this certification or that certification better, I really can't, I don't know.

I need to ask you 20 more questions before I can help you answer that question. And like I said, it's a little frustrating to me because I feel like I'm getting the same questions over and over again. And I'm getting questions that I answered.

Like I said, I made a 20 minute video. Your answer to your question is in that video and you're still asking me what I would consider a bad question. Now, they say there's no such thing as bad questions, but there is.

There is bad questions because it was already answered. It was already answered. And you're just needing me to confirm your suspicions, I guess, which that's another type of problem that I would say a lot of people face.

They just, they know what to do. They just need someone else to say it. And I struggle with that myself too a little bit, but you need to start making your own decisions, right? And like I said, it's your career, it's your goals, it's your life.

And many people, you know, I say, hey, get this certification and this certification. I give you a handful of certifications to choose from. People always tell me, but I don't have time.

But I don't have time. I got kids. It's like bull crap.

Yes, you do. You have time. Now, I don't have kids, but there's plenty of people who are raising children that are absolutely killing it in their cybersecurity career and other fields as well.

But anybody you look up to, a lot of them have kids. A lot of them have kids. And I hate when people use their kids as an excuse to get out of the work.

I can't do that. I don't have time to go back to school because I got kids. I can't get that cert because I have kids.

And that's one thing that drives me nuts. And like I said, I don't have kids, so maybe I don't really know. But what I do know is there are people out there who are absolutely killing it who have kids.

And that is a fact. And next thing I've been seeing a lot lately is this fake influencer stuff, man. It drives me insane.

Now, I don't like to be called an influencer. I do make content. I'm technically, by definition, an influencer due to my following.

I don't like being called an influencer. I am a practitioner who happens to make content. I don't make a living off of this.

Matter of fact, I'm still net negative on the amount of money I spent versus how much money I made. I don't really make any money off of this show or any of my other content. I'm starting to get ad revenue, but I was in the hole for so long that I'm still in the hole to this day.

And one day I'll get out of it, get out of the hole. But I'm not making money on my content. I literally just make content to help people who were in the past me's shoes.

And a lot of these, quote unquote, fake influencers are people who, what I would say, is giving out bad advice. I see things all the time. You don't need certifications.

You don't need a network. There's really a video out there that says you don't need certifications. You don't need a network.

You don't need a college degree. You don't need to know how to code. It's like, what do you mean? Yes, you need all of that.

And it drives me nuts when I saw that because like, well, if no one is basically saying like you don't need to do anything, you just get a job. And it's not the truth, guys. It's not the truth.

There's so many influencers. This is what drives me bonkers. So many influencers out there who are telling you lies and like, oh, it's easy to break in the field.

You don't need to get a certification. You don't need a college degree. You don't need to know how to code.

You don't need to work on your technical skills. And there's people that say all of that, by the way. And well, if you follow that advice, then you're not going to land a job, guys.

You're not going to land a job and you're not going to level up. And people are eating up this advice because it's the easy route. People love shortcuts to success.

And I said on a previous episode, there is no shortcut to success. The shortcut to success is accepting that there are no shortcuts and getting to work as soon as possible. You have to put in the work.

You have to get a ton of certifications. You need to get degrees. You need to start networking.

You need to get your technical skills up. You need to capture the flags. You need to do all this stuff.

It's a hard field to break into. And that's one reason why my content doesn't take off as much as some other people's contents because I'm going to tell you it's not easy. It's not easy.

And I understand a lot of people's pain points like, oh, I can't break into the field. But I promise you, I promise you, if you go out and you get seven, eight certifications and you get a degree and you get a high ranking on Hack the Box and a high ranking on Triacme, go get a CBE, go get a bug bounty, whatever. If you do all this stuff, you will find a job as long as you can somewhat talk to people.

That is, it's so simple. It's hard to do because there's so many things you have to do. It takes a long time to get all that right.

It's going to take you multiple years. But if you just do that, you are basically guaranteed a job because so many people are trying to find shortcuts to success. They get one certification and they're like, oh, I can't find a job.

Oh man, this job market is so bad. And they just quit or they complain online. And that's not how it works, right? One certification is not going to do it.

Two or three or four. There's people that get like three or four certifications, still can't find a job. That's why I recommend getting five, six or seven or eight.

Get a degree on top of it. And you're probably thinking like, wow, that's a lot. Like, yeah, it's a lot, right? This field pays well for a reason.

There is a lot of information you need to know and a lot of experience that you need to have to break in this field and to level up if you're already in the field. So like I said, certifications still highly relevant. I can't, there's so many influencers out there.

So many people talking about how certifications are overrated. You don't need certifications. And I think they're, they are properly rated guys.

And the reason why I say they're properly rated is because I mean, I've been on the job market for over a year now and I haven't applied for a job in over a year. But the fact is when you go to Indeed or you go to LinkedIn and you check out the job requirements, there's usually five certifications listed. It's not one or two or three.

It's usually five, six, seven or eight certifications that they're listing out. And that's why I think it's in your best interest to literally get as many certifications as you can. And you're gonna get a lot of crap about quote unquote stack inserts and people are gonna say, oh, it's not real experience.

And yeah, it's not real experience. Of course not. But it is knowledge that is pretty applicable to the real world guys, right? I mean, I went in my first pen testing job and I felt like I knocked it apart.

Now don't get me wrong. I made my fair share of mistakes. But overall, I didn't feel lost in the sauce, right? I didn't just get in on my first pen test and not know what to do 100%, right? Because the certifications really helped me out.

And like I said, people will bash certs, they'll bash cert stackers. But here's a fact. Go find someone with 10 certifications who has an open work banner on LinkedIn.

I bet you don't find one. I bet you don't find one. There's not many of them out there.

But if you go and you find someone without certifications or someone with an open work banner, they typically don't have a certification or they have very few. And when I say very few, I'm talking about like three or under, right? I truly do think that you should have more than three certifications. People are like, oh, you only need one or two.

I'm sorry to say that one or two in today's competitive marketplace just isn't going to cut it. There's so many people competing for these jobs, right? When I was entering the field, when I was in the military, the United States Air Force, and I was, this is back in 2019, and I was applying for school. One of my first classes was to figure out like the job prospects for my future career, which is cybersecurity.

And in my research that I did, it was like, oh, there's millions and millions of unfilled jobs. The unemployment rate is 0%. And that might've been true at the time.

It's definitely not true now. And there's still this narrative saying, oh, there's all these millions of unfilled jobs. And that's just not true.

I would say, I saw some statistics saying like over 30% of jobs are ghost jobs, which are basically fake jobs. And of most cybersecurity jobs, they're looking for senior level people, or they're looking for true experts in the field. There's very few entry-level jobs.

And a lot of people will even say there's no entry-level cybersecurity roles. And I tend to agree with that. And you need to come from a tech background before you get your first cybersecurity job.

But it's not easy, right? Like I said, I keep seeing people post on LinkedIn. I keep seeing on YouTube. You don't need to do anything.

You don't need to do anything, guys. You can just sit around and do nothing. You don't need search.

You don't need a degree. You don't need a network. You don't need to know how to code.

You don't need technical skills. And you don't land a job in cybersecurity. There's people actually are saying this and it drives me nuts.

And I'm not jealous that they get more views than me, but it just makes me mad because it's a lie. It's a lie. And I guess what makes me mad is when I see these people capitalizing on people's ignorance.

It's essentially what they're doing. And it feels, they're scammers, guys. And these fake influencers, and even some of them have worked in cybersecurity, but they didn't work in cybersecurity for very long because they didn't have what it took.

And they got laid off or they got fired. And then now they're making content. It's like, oh, I worked as a slot key analyst for three months.

I didn't like it, so I quit. But really they got fired and they just make content now. Or there's other people that are like a software developer trying to make cybersecurity content.

And they think they know a lot about cybersecurity because they were a software developer for three years and they don't know anything about cybersecurity. Or like they were a network engineer and they could be a really good network engineer, but they never worked in cybersecurity and they're trying to tell you how to get cybersecurity jobs. There's all kinds of these fake influencers out there.

That would be like me trying to tell you someone, like I have seven years of cybersecurity experience and I'd make a video saying, oh, this is like a software developer job. And it's like, dude, I don't know the first thing about becoming a software developer, bro. You know what I mean? Like I know the basics of coding and that's it, but I couldn't tell you how to make a career out of it.

And I don't want to touch that kind of content because I haven't done it, right? And I think that's, you guys need to be careful who you follow. You need to be careful who you take advice from. And even me, right? I don't know everything about everything, right? I'm figuring out as I go, but I mean, seeing as I have seven years experience in the field and I'm doing pretty well on my pen testing role now and I get recruiters and hiring managers calling me, emailing me, sliding my DMs, like four or five times a week with job opportunities.

I think I know what I'm doing. I think I know what I'm doing. My track record speaks for itself.

But if you don't wanna take my advice, fine. But because I'm not everyone's cup of tea and that's okay. And I don't wanna be everyone's cup of tea.

I'm not here to impress a bunch of people. I'm here to help you. And this is what I believe to be the truth is.

And if you don't like it, then it is what it is. But back to the core topic of what I started with here. You need to take charge of your cybersecurity career.

You need to stop asking dumb questions that you can easily search yourself. And you need to put in a little bit of research, right? And you need to make a decision for yourself because like I said, it's your job, your career, your life, your goals, and everyone's different. And what works for me might not work for you.

And what works for Billy might not work for you. Okay, everyone's not the same. And like I said, just to reiterate on what I said, there could be multiple certifications.

Everyone's like, oh, should I get this or that? And it's like, just pick one or even get both and you're gonna be okay. You just need to start learning and stop overanalyzing everything. Stop overanalyzing what certs to get, what courses to take.

Now you do need to make sure that it's legitimate, right? I personally don't recommend courses that don't have a certification attached to it. Certifications are legitimate because it takes a long time to make a certification. And any certification that's popping up on job postings, and I mean any certification that's popping up on job postings, is worth considering.

That includes a CH. We bash the CH all the time for being not practical. But at the end of the day, it's still on job postings.

HR people are still looking for that certification and it's still worth considering. I have the CH and I've bashed it several times. It's actually funny to bash it.

I've made several memes about bashing it. But at the end of the day, it's still popping up on job postings, guys. And that's why I got it.

Now I'll probably let it expire, but it's, and it doesn't really do anything for me now. But at the time when I was trying to transition out of the military, I thought it was, worth getting into. Like I said, it's taken me a month to make this episode because I just didn't know what to say.

Because everything that you need to know to break in this field and grow your career, I've already said it. And a lot of the things I've said multiple times over all my podcast episodes and in my videos, and if you guys really want to know my opinion, start watching my other content. I think a lot of people, they just, which I get it.

You find one video, you have a question, but when the question can be answered by watching two more minutes of the video, then that's, that just tells me that you don't have what it takes to be in this field, right? You need to start thinking for yourself and make decisions for yourself because when you're in the real world, cybersecurity, like there's no black and white answers. Hardly ever. Everything's nuanced.

Everything, it depends on the context, okay? And it's hard, right? Like for me, one of the hardest things for me to do when it comes to being a pen tester is I find a vulnerability. And one of the hardest things for me to do is to determine how severe is this issue? Is it low, medium, high, critical? What is it? And then another thing that I've learned is that you can label something a certain rating. Like say, for example, I label it a high.

Client will be like, well, this should not be a high. This should be a low. Can you downgrade it? And I'm like, you know, we'll look into it.

I might downgrade it. Sometimes I do, sometimes I don't. And sometimes I'll label something a low and I want it to be bumped up to a medium.

And I get the severity wrong a lot. For me, that's one of the things that's hard to do because it's nuanced, right? What's a high severity finding for one client might be a low severity for another client and vice versa. And there's no textbook answer to like, oh, this is how you rate this vulnerability, right? Like cross-site scripting.

Like in this instance, it's a high. In this instance, it's a critical. In this instance, it's a low.

In this instance, it's a medium. It just depends on the application and the network and the context around it. And that's why it's really important for you to like really figure out how to think for yourself.

And I know I make content to help people and that's what I do. And the questions are to be expected, but I just, I've been seeing an influx of just what I would consider bad questions and questions that if you would've just watched a video for five minutes, you would've got the answer to your question, dude. So keep that in mind as you are progressing through your career.

Now, I'm not saying don't ask me questions. I absolutely love when I get good questions in my comments. And a lot of my Q&A episodes, actually all my Q&A episodes have been questions that I thought were good and I brought them on the show because they were good questions.

But I haven't seen a good question for a while, guys, if I'm honest with you. And maybe that's not you, right? Maybe you're not a commenter. Maybe you're not asking questions, but if you are one of those people asking questions, really think about like, is the answer to the question three minutes later in a video? Is that at the end of the video? Because sometimes the final bullet point is at the end of the video, right? That's where the final conclusion is, right? For example, network plus versus CCNA, I gotta weigh the pros and cons of each cert and then I give you the final verdict at the end and you couldn't even skip to the end and get the answer.

Come on, man. It's really frustrating for me, but I don't mind the questions. What I do worry though is that a lot of you guys aren't taking charge of your career and you need spoon-fed information.

You need to be handheld. And if that's you, I highly recommend that you make it not the case anymore because like I said, it's your career, your job, your life, your goals and cybersecurity that's filled with tons of hard decisions that aren't black and white and they don't have a right or wrong answer and it's very nuanced. So that being said, guys, thanks for listening.

Thanks for watching. If you haven't reviewed the show, please rate the show five stars if you're enjoying this type of content and share the show with your friends. And if you're on YouTube, give it a like and subscribe.

Hope I see you on the next episode. Until then, this is Kaiser. Signing off.