Cybersecurity is a very broad discipline of IT, it might even feel overwhelming at times. The selection of jobs is very broad ranging from malware analyst to pentester and everything in between. This is important because many certifications and extra cirrriculum activities are aimed at a specific expertise. To make the process of picking which path to go down easier, i will include examples where possible.
During the day i have lead several QA team and this also means that i get to decide who I hire. Whenever i get a stack of resumes on my desk, there are certain things i look for and i'll dive deeper into them in this article.
Finally, you need to know there is difference between a red teaming job (offensive) or blue teaming (defensive) jobs. If you want to help defend and design new systems with all the security involved, a blue teaming job seems to be the right thing for you whereas if you are someone who prefers to make things work in unexpected ways, a red teaming job is probably the thing for you.
Certification carry a lot of weight in the cybersecurity industry and with a wealth of certifications to pick from, it can be hard to make a decision. I'll go over some of the most recognised certificates and what feelings they invoke in potential employers.
https://www.offensive-security.com/pwk-oscp/
This is one the most recognised certifications in the fields because you have to prove you can hack 5 machines in 24 hours in the exam. This is a certification that is aimed at people who like to pentestest servers as opposed to websites for example. This certification is certainly not entry level and you will have to learn how to look beyond the obvious and try harder. OSCP focusses heavily on red teaming.
https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/
This certification has gotten a bit of a bad name over time but i think it has redeemed itself recently and it's a certificate to be resepcted. The syllabus looks similar to OSCP but also contains things like Cloud computing and Operation technology. The exam contains a massive 125 question over the span of 4 hours + a 6 hour practical challenge with 20 questions and this certificate is aimed at hackers looking for a red teaming job.
This certification is aimed at the blue team hackers among us who aspire to built the fort which ohter hackers will later attack. It's an industry recongised program and the exam is six hours long and includes a mix of multiple-choice and advanced innovative questions.
What i really like about this certificate is that it's approved by the US DoD, they look at every detail to make sure things are in order and secure. The exame itself consists of a maximum of 90 questions with a duration of 90 minutes but do not underestimate this certification. It will take hard work and dedication to be able to pass this exam, even though it might not seem compared to the other certificates in this article. CompTIAA security+ is aimed at red teamers.
This is a more basic certificate that is aimed at beginners though that is not something negative. This certificate focusses very heavily on the practical side of hacking. The exam will be practical again and the machines you have to hack seem more dificult than the machines from the exam to most student. Many use this certificate as a stepping stone into the world of cybersecurity.