Basic IT Certification Study Tips for Career Changers

Quite a few people on Discord have been discussing switching careers to IT. I was able to make the jump last year quite successfully by getting a few certifications and tailoring my Resume and Cover Letter to detail my server/home lab experience.

I am going to detail a few tips and resources for how I studied for those certifications and made the jump. My ultimate goal is to get into the DFIR (Digital Forensics and Incident Response )space of cybersecurity, so everything for me is leading up to that; Your chosen path is probably different, so once past the basics the methods and process will change.

Prior to moving into IT, I worked for about a decade in the bicycle industry, culminating in a job managing the demo program for a high end mountain bike manufacturer. This is how I started:

AZ-900

• I started with the AZ-900 Azure Fundamentals Certification. My reason for taking this was wanting to give myself a leg up for organizations who heavily use Azure.
• I do not know if I would recommend taking this, most of what I use on a day to day basis can be learned pretty quickly by reading the Microsoft Docs, but being able to talk about it during interviews didn’t hurt.
• I studied using a course on Udemy that has apparently been taken down.
• The test was $100

A+

• This is a 2 part test, both tests are a maximum of 90 questions, a mix of multiple choice and performance based, and scored out of 900. The first test requires a 675 to pass and the second requires a 700.
• Test #1: I studied using this course, it can be bought for $12-19 usually. I then took these practice exams, again a cost of $14-20 is usually available.
• Test #2: I changed it up and studied using these videos for free. I then used these practice exams ($14-20)
• Test vouchers can be bought from two sources: Source #1 they cost ~$215 each, with the option to add a retake voucher for $69 (nice) if you are nervous. Source #2 sells them for $199, but these expire in the next 30 days and have no option for retakes.
• I studied for and passed both tests in about a month and a half for a total cost of $475

It was at this point that I started applying for jobs, I applied for somewhere between 10 and 20 Help Desk Jobs. I also re-wrote my resume and cover letter. I got 2 interviews and received an offer from both, I took a WFH (Work From Home) job at $47k a year doing Tier 1/2 Help Desk

Network+

• After a break of about a week, I started studying for the Network+
• This is a single test certification. Max 90 questions, scored out of 900. 720 required to pass.
• My main resource was this course.
• I also used this free video series to brush up on some things and add additional memorization
• This video series and quiz series helped drill subnetting into my head. I used a combination of their method and Jason’s to subnet on my hands. I never drew a table during the exam.
• I used these practice exams
• Vouchers can be purchased here and here, same stipulations as with the A+. Prices range from $273-$313.
• In total, I studied for 3 weeks and spent $350

Security+

• Took about 2 weeks off between N+ and S+. Including a week vacation in Florida
• 1 test, 750/900 to pass.
• I used this course and these practice tests.
• Vouchers can be purchased here and here, same stipulations as above. Prices range from $321-$343.
• I spent about a month on this one and $370

This is enough to get you started in IT, from here you can move onto studying whatever you feel like. I do recommend the LPIC-1 (Linux Professional Institute Certification) if you want to learn more Linux and be able to move into the SysAdmin space. I started doing InfoSec things at this point

Bonus InfoSec Content:

• At this point, I moved onto THM (TryHackMe) and completed all of their learning paths. I did pay $100 for a year subscription and did everything learningwise they offered. I moved slow and spent 3 months doing these
• I also did BTLO (Blue Team Labs Online) and went through most of their Challenges and Investigations. I spent about a month doing ~75% of their content available at the time
• I highly recommend both THM and BTLO
• I knew I wanted to move into a SOC (Security Operations Center) Role, so I also took my Splunk Power User Certification, I used This course to study as Splunk paywalled their learning content. There are no practice tests I can recommend, as I tried 3 or 4 different sets and they all gave different answers to the same questions. Somehow I passed the test though. I spent a week and a half studying for this exam, the exam costs $125.
• I then started studying for the BTL1 Certification (Blue Team Level 1), I bought this on Black Friday for $390. I very very highly recommend this certification.
• I also took a 16 hour Pay What You Can training on SOC Core Skills. Again I can not recommend this course enough.
• I also worked through Splunk’s BOTS (Boss Of The SOC) v1-v3, this helped me immensely with the BTL1

While studying for the BTL1, I did 2 interviews for SOC Tier 1 jobs. Both Interviews resulted in offers, and I took a WFH job at an MSSP (Managed Security Services Provider) at $60k. I start this job next week.
After accepting the job I went on to pass my BTL1. It took me 6 hours (out of the 24 hours given to you) and I scored 90% which is good enough to get the gold coin

• I am currently working my way through a CySA+ study course, I plan to take that exam in the next month.
• I am also starting to study for the PNPT (Practical Network Penetration Tester) and doing the Burp Suite Web Security Academy, you have to know offense to play defense in my opinion.
• Additionally I do plan on taking Several more Anti-Syphon Courses in the Near Future.

One of my next big (expensive) focuses will be SANS (SysAdmin, Audit, Network, and Security Institute) courses. Once I get settled into my new job and can request time off to attend classes, I plan on taking full advantage of their Work Study program. My goals are to take the SEC504, SEC560, SEC660, FOR500, FOR508, FOR572, FOR308, and FOR610 courses. Being as my ultimate goal is to do DFIR with a focus on Malware Analysis.

I am planning on attending WGU (Western Governors University)for a Bachelors in Cybersecurity. Mostly because I never went to college.

Events:

• Splunk’s .conf22 is in June and I am going to participate in this years BOTS competition live.

• I am hoping to attend DefCon this year if I can get work to agree to the time off; Going to DefCon has been a dream of mine since I first heard about it when I was 13 years old (that was during DefCon 8).

This is how in almost exactly 1 year I went from working in the Bike Industry to Working on a Help Desk to Working in a SOC.

• I took the AZ-900 (my first IT exam) on April 28th, 2021
• I started my first Help Desk Job on August 9th, 2021
• I start my first SOC job on April 18, 2022

Hopefully this is able to help many of you on the path and give some guidance on how/what to study, I will update as things happen on my end. My goals are big and I probably won’t reach half of them, but I have always aimed high knowing there is a chance I miss.

I will gladly help anyone here edit their resume or cover letter. I am not a writer or an expert, But I have seen a good amount of success from mine.

Note: I have zero affiliation with any of the companies, courses, or exams mentioned. I do participate in the SBT (Security Blue Team), BTLO, BHIS (Black Hills Information Security), and Anti-Syphon Discord servers though offering assistance to others.