My Certification Journey

My Certification Journey

I was about a year out from retiring from the military, sitting over a small workbench in my basement with my son building his new gaming PC when he said, "Why don't you do something with computers when you retire?" It was a weird place to be in the first place – 37 years old, getting ready to dispense with the profession that encompassed my entire adult life and to have no idea what I would be doing in a year or two.

So with this wisdom bomb dropped by my then 11-year-old, I said, "Hey! That makes sense." I had never pursued formal certification; I had dabbled in some college classes when cyber became the new hotness in the DoD. I had taken whatever level of computer literacy I had for granted. I grew up with a programmer for a mother and had access to PCs my entire life, from the Apple IIGS she bought us when I was 3 or 4 to the 386 I would commandeer a few years later.

What’s fascinating is that being able to run simple commands like ping or traceroute created a huge part of my success in certain positions in my Army career. Similar to immediate action on an M4, getting a workstation back online as quickly as possible had a measurable effect on the organization.

Back to certs. I looked at the Cybersecurity/IT landscape and asked myself what I found interesting. Penetration testing is what I found I gravitated to. I had been on TryHackMe for a while, had rooted a few machines in my youth (the 90s were rad, man). I came up with a goal: I would get my Offensive Security Certified Professional — the OSCP.

Setting a goal on a test with an estimated 20% pass rate was foolish, over the top, and exactly what I needed to force myself to focus. I enrolled in the Cyber Operations B.S. program at Dakota State University and scheduled my first test for the A+.

CompTIA A+ — I took the 220-1001 exam in January of 2021 straight from the couch and failed gloriously. Even 4 years later I maintain this was one of the harder exams. CompTIA asks questions in odd ways sometimes, and the breadth of knowledge on A+ is massive — from basic networking and memorizing TCP/UDP ports to MacOS and Windows commands. One question I remember that irritated me to no end was trying to determine the difference between DDR3 and DDR4 based upon the number of pins (240 and 288 respectively, if you were curious). Things that have been irrelevant in my Information Technology career thus far.

Anyway, I bought an iMac and spent the next 4 weeks actually studying and passed the first A+ exam the next month. Spent two additional months studying for the 220-1002 exam and passed that on my first go, earning the A+ certification.

I continued through the CompTIA triad for the last year before I retired, using Jason Dion's courses and passing both Network+ and Security+. I pursued these mainly because they were the baseline referred to by our own DoD technicians, and it gave me clear goals to keep developing/studying.

Back to A+: What’s interesting about this cert is even without a four-year or two-year networking degree, it really is enough to get you in a lot of doors. I transitioned to a Help Desk role as soon as I retired from the military, largely due to my A+ certification. An entry-level job making $45k a year wasn't really anything to write home about, but it was a job in IT and it was 100% remote. The job itself also gave me a breadth of experience on topics ranging from Wi-Fi, to DOCSIS, DSL, and Fiber, and it gave me lots of experience working with people who were not remotely tech-savvy.

After the CompTIA big three, I took a break from certs and focused on academic study, wrapping up an Associate's in Networking from Dakota State as a kind of half way point on the B.S.. This set me up for sitting for my CCNA in September of '22. The technical knowledge for the CCNA was huge. I was fortunate I had an advanced routing and switching class the summer of '22 that forced me to live in Cisco's Packet Tracer. I don't think I would have stood a chance on that exam without that lab time or the sheer amount of time I spent in CCNA books. The test requires you to know many things from Network+ and Security+ combined with a basic understanding of the Cisco IOS command line.

The CCNA led directly into my next IT role as a Network Operations Center Technician. This was similar to the help desk but focused on the infrastructure behind the scenes. Here the professional growth continued: learning how to read PDFs and circuit diagrams really fleshed out my understanding of networking technologies.

Anyway, from here it was full on OSCP madness, PEN-200 did a refresh in 2023 so I actually did the course materials twice, but I completed the bonus points and passed the exam my first try in September 2023. This led into a paid internship in the summer of 2024 working as a pentester for a large accounting firm, which taught me a) that yes that's what I want to do, b) The report writing and business side is completely under developed in most testers and c) I have zero desire to be back in an office.

Most of the other CompTIA certs were beta test to keep the original 3. OSWP was a trial run for submitting the report for my OSCP. I didn't want to take a massive 24 hour undertaking and fail because I didn't know how to hash the report from my VM.

TL;DR: The three certs that have led directly to new work opportunities are A+, CCNA, and OSCP. If I had it to do over, I'd probably just work on those. Also, my son is smarter than me.