Let me be real with you.
I have seen a lot of people in this field: beginners, students, even some experienced folks, chasing certifications like they are some kind of magic ticket. And I get it. When you are starting out, you want proof. You want something to put on your LinkedIn, something to show an employer, something that says “I know what I am doing.“
But here is the thing nobody tells you: not all certifications are created equal. In fact, most of what gets called a “certification” these days is not really a certification at all.
The Problem: Courses Dressed Up as Certifications
There is a pattern I keep seeing online. Platforms launch a course, slap a badge on the end of it, and call it a certification. Free to do, MCQ-based, theoretical, and in most cases, you can finish it with the help of ChatGPT in an afternoon.
I am not going to name names. You already know which ones I mean. You have probably seen them all over LinkedIn, people posting shiny badges from platforms that handed out “certifications” for watching a few videos and answering multiple-choice questions.
Here is my honest take: that is not a certification. That is a course completion badge.
And that is completely fine: if you treat it that way.
Learn from these courses. Seriously, some of them are designed by genuinely experienced instructors, and the content is solid. Do them for skill growth. Do them to fill gaps. Do them because you are curious. But do not list them on your resume as certifications alongside OSCP or eWPT. That actually hurts you; it shows employers you do not understand the difference, and it cheapens the real work you have done.
What Makes a Certification Actually Worth Something?
Before I break down which organizations matter and which do not, understand this simple principle:
The value of a certification is directly tied to the value and reputation of the organization that issued it.
That is it. That is the whole framework.
If an employer has never heard of the organization, or if the exam can be passed by Googling answers, or if there is no hands-on component, it holds no hiring weight. Period.
A real certification should:
- Come from an organization with a recognized name in the industry
- Involve practical, hands-on assessment, not just MCQs
- Be difficult enough that passing it actually means something
- Be recognized by the people doing the hiring
Now let’s talk organizations.
The Organizations That Actually Matter
OffSec – The Gold Standard
OSCP is the benchmark (and Other Offsec Certs). 24 hours of active exploitation, a professional report at the end, no MCQs. You either pop the boxes, or you don’t. Every technical hiring manager in offensive security knows what it means. If you are serious about pentesting as a career, OSCP belongs on your roadmap. No shortcuts.
INE / eLearnSecurity – Solid Foundations
This is where many of us, including me, start. The eJPT (Read My Review) is hands-on, affordable, and a legitimate first cert. The eWPT holds real weight for web application pentesting roles. Not at OffSec’s level, but one of the most legitimate entry points available.
EC-Council – Mostly a Name
CEH has name recognition with HR departments and corporates. Technical hiring managers? Not so much. The exam is MCQ-heavy, the content is outdated, and the price does not match what you actually get. If a job posting specifically requires it, fine. Otherwise, do not chase it expecting to impress anyone technical.
TCM Security – Good Training, Limited Recognition (For Now)
Heath Adams built something genuinely solid. The PNPT is a real, practical exam that tests actual skills. The problem is that most recruiters have not heard of it yet. Technical people in the community respect it, but that is not universal. Great for learning, decent proof of skill to the right audience.
HackTheBox – Technical Respect, Niche Reach
CPTS and other HTB certs are genuinely challenging and respected by technical people. A recruiter from HR probably won’t know what it is. Whether that matters depends on where you’re applying. Technical teams? It lands well. Standard hiring pipelines? Don’t count on it.
TryHackMe – Train Here, Cert Elsewhere
Best beginner learning platform out there. Seriously. But the THM cert itself carries minimal weight. Use THM to build your foundation, then go get certified somewhere with market recognition.
GIAC / SANS – Elite, but Expensive
Among the most technically respected certs in the world, GPEN, GCIH, GCFA. Recognized globally, especially in enterprise and government. The problem is cost: $5,000–$9,000+ with SANS training. Realistically, this is employer-sponsored territory. If your company is paying, take it without hesitation. Self-funding? Prioritize OffSec or INE first.
Blue Team – BTL1 and GIAC
Defensive path: SOC, IR, threat hunting; look at BTL1 from Security Blue Team. It is hands-on, scenario-based, and gaining real recognition for SOC roles. For forensics and IR at a senior level, GIAC GCFE/GCFA are the premium options if budget allows.
ISC2 – The GRC Path
CISSP is globally recognized, but not for pentesters. It is for people heading toward security management, GRC, or CISO-track roles. If that is your direction, ISC2 is exactly where you should be. If you are chasing red teaming, it is not your concern right now.
CompTIA – The Compliance Checkbox
Security+ (other Certs) is MCQ-based but broadly recognized, especially for enterprise IT and government roles where DoD 8570 compliance matters. Not a standalone move for offensive security, but it serves a specific purpose in certain career paths.
The Emerging Platforms Problem
New platforms are popping up constantly, practical, hands-on, built by people who know their stuff. But no matter how good the content is, if the organization has no name in the market yet, the cert carries no weight. It takes time to build that trust with employers. Do these for skills, not for your resume. Use them to grow, then validate with a recognized name.
Final Thoughts
Here is what I want you to walk away with:
The certification landscape in cybersecurity is full of noise. Platforms know that people crave validation, and they monetize that craving by selling badges.
But at the end of the day, a cert is only as valuable as the name behind it.
Do the free courses. Learn from everything. But when it comes to certifications, you list professionally, only put things on your resume that a technical hiring manager would recognize and respect.
You worked hard. Make sure that the work is visible in the right way.