hashtalk 005: budget-friendly guide to cybersecurity certifications
By Eva Georgieva
Hi bugs, this one is a little late, but quality over quantity right? I wanted to make you a proper research and bring you the best that is out there when it comes to cybersecurity certifications in one tiny guide. I do feel it is important that you don’t need to sell a kidney, while trying to prove to an automated machine that reviews CVs, that you do in fact have some skills.
Okay, so you could notice that I am not a huge fan of certifications and *external validation*, although still working on the second one, but there might be a few certs out there that could improve your skills, knowledge, confidence and give you a solid boost of dopamine for a job well done.
Anyways, doing hard things is important, scientists say.
On that note, the budget-friendly cybersecurity certification guide is here, use at your own risk.
On the menu
Today’s hashtalk’s topics:
- Cybersecurity certificates for cloud, red or blue team specialities
- Certifications, the good ones, are supposed to be treated as an endurance training, if it doesn’t make you sweat, it’s not worth the money
- Mix and match is not only for fashion
Foundational Certifications
If you are just starting with cybersecurity and/or transitioning from a completely different field, getting into the foundations first can save you some time while navigating it all and finding your place in the field.
For this, I still consider the Security+ to be the most important book.
- CompTIA Security+
Best for: Beginners in cybersecurity.
Cost: Around €390.
Why it’s worth it: Security+ covers cybersecurity fundamentals that are essential through different roles and its going to give you a good starting point on which you can build upon.
Certifications for Red Teaming (Offensive Security)
For those aiming to specialize in offensive security, these certifications cover hacking, penetration testing, and exploitation.
- PNPT (Practical Network Penetration Tester) by TCM Security
Best for: Penetration testers focusing on network security.
Cost: €300.
Why it’s worth it: PNPT offers realistic, hands-on testing and is a practical way to learn network and cloud penetration techniques. The course linked with the exam is sufficient to pass the exam and really dives deep into the different topics discussed. - Hack The Box Certified Penetration Testing Specialist (CPTS)
Best for: Red teamers looking for a hands-on, budget-friendly certification.
Cost: €140 for the exam; modules are sold separately.
Why it’s worth it: CPTS tests offensive security skills in real-world environments, applicable to both on-premises and cloud systems.
Certifications for Blue Teaming (Defensive Security)
Blue team certifications provide defensive skills for SOC analysts, incident responders, and threat hunters.
- CompTIA Cybersecurity Analyst (CySA+)
Best for: SOC analysts and cloud security analysts.
Cost: €390.
Why it’s worth it: CySA+ covers threat detection and response, applicable to both traditional and cloud environments. It’s great for entry-level SOC analysts and aligns well with cloud platforms. - Blue Team Level 1 (BTL1) by Security Blue Team
Best for: SOC analysts focusing on cloud security monitoring and incident response.
Cost: €450.
Why it’s worth it: BTL1 focuses on practical SOC tasks, including log analysis and threat detection, relevant to cloud environments. It includes lab-based exercises that simulate real-world SOC scenarios.
Cloud Security Certifications for Cybersecurity Professionals
Cloud security certifications are especially important for those managing cloud infrastructure or securing cloud-based data and applications. The common mistake that security engineers make is going directly for the security specific cloud certificate. While that is great if you’re already familiar with the cloud environment, it is quite important to understand your environment before trying to secure it, regardless of which side, offensive or defensive. So the list below includes that as well.
- Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900)
Best for: Beginners to cloud security, specifically Microsoft Azure environments.
Cost: Around €99.
Why it’s worth it: SC-900 introduces fundamental concepts in cloud security, identity management, and compliance, ideal for professionals working in Microsoft-centric organizations. - AWS Certified Cloud Practitioner
Best for: Cloud newcomers aiming to understand AWS and basic security concepts.
Cost: Approximately €100.
Why it’s worth it: This entry-level certification covers essential cloud computing topics on AWS. Though not heavily security-focused, it provides a necessary foundation for more advanced cloud security certifications. - Certified Cloud Security Professional (CCSP) by ISC²
Best for: Intermediate professionals focusing on cloud-specific security roles.
Cost: Exam costs approximately €500.
Why it’s worth it: CCSP is a comprehensive certification covering cloud architecture, compliance, risk, and application security across cloud platforms. While it’s on the upper end of our budget, CCSP’s broad cloud security topics make it a worthwhile investment. - Azure Security Engineer Associate (Microsoft)
Best for: Security engineers working within Azure environments.
Cost: Around €165.
Why it’s worth it: This certification focuses on securing data, identity, and applications within Azure. Ideal for those working with Azure environments, it covers compliance, threat protection, and security posture management specific to Microsoft’s cloud.
Brain’s Endurance Training
Certifications are often thought as “sprints”, we set a deadline, schedule the exam, and try and remember the material as best as we can in order to pass it. But, if we treat the exam more like an endurance challenge, for example a marathon training, that could lead to better information retention and longer lasting knowledge.
Now, to make this more convincing, let me tell you what scientist say about how the brain works.
The Neuroscience of Endurance Learning
Endurance study works because our brains need time and repetition to store information in long-term memory. When you stretch out your learning, focusing on understanding concepts deeply rather than cramming, you strengthen neural pathways. Neuroscientists explain this process as “spaced repetition,” where revisiting topics over time helps build strong, lasting connections in the brain.
Research also shows that distributed practice — spreading study sessions over weeks or months — significantly improves retention. When studying for certifications, spacing out study sessions over time allows your brain to consolidate information more effectively. Each revisit strengthens the memory trace, reinforcing your knowledge as if training a muscle over time rather than exhausting it in one go.
When treating certifications as a marathon, you’re not just aiming to “pass the test” — you’re building resilience and deep knowledge, also training your nerves and working on the discipline and consistency. The idea is not to pass the exam, the idea is to be able to incorporate your knowledge in your day to day work.
Mix and Match
One of my favorite things to do when learning a new concept, building a new skill, or studying for a certificate is to find my own content from different places, create my own path until I am so sure that I know the topic, that I can explain it to anyone in the simplest form.
Now, when it comes to certificates, we would expect that the course material provided should be sufficient to pass the exam, but that doesn’t mean that you can’t build your own path.
So for example if you’re studying Active Directory Concepts for an exam, you can start with the one in the exam course, then maybe you’d feel like you lack some knowledge on BloodHound, so you can find a lab on a platform like TryHack and dive deeper into that, or maybe enhance your knowledge on Lateral Movement by adding a few labs on that from HackTheBox. You get the concept. Mix and match content from different places and build your own learning path. You don’t need to only rely on the content provided. Remember, you are not doing this to pass the exam, you are doing this to act as a smartass in front of an aspiring cybersecurity enthusiast that thinks you’re the coolest person they know.
Let’s keep in touch
I’d always be willing to discuss more, exchange ideas and continue the hash talk.
Reach me at: evaincybersec@gmail.com
