Young People in IT
Go back

The Certifications Actually Worth Getting Before You're 25

Certifications are one of the most debated topics in IT. Here’s my take, filtered specifically for people in the first few years of their career.

Table of contents

Open Table of contents

The Principle

Certifications are not a substitute for skills. They’re evidence of skills for people who haven’t seen you work. Their value depends on:

  1. Whether they’re recognised by employers in the roles you want
  2. Whether the studying actually made you more capable
  3. Whether the cost (time + money) is worth the signal they send

Early career, certs matter more because you have less track record. As you build experience, they matter less. Stack them now.

The Ones Worth Getting

CompTIA Security+

Best for: Anyone interested in security, regardless of specific direction

SY0-701 is the current version. Broad coverage of security concepts — threats, cryptography, network security, identity, cloud. It’s not deep on anything, but it proves you know the vocabulary and have engaged with the fundamentals.

Almost universally recognised. Often a hard requirement for government and DoD contracts if that direction ever becomes relevant. Worth doing before any more specialised certs.

Cost: ~£350 exam. Study time: 2-3 months if starting from scratch.

Microsoft AZ-900 (Azure Fundamentals)

Best for: Anyone who isn’t already working in Azure

It’s a foundations cert and it’s easy. But it establishes a baseline and it’s cheap. More importantly, the Microsoft learning path for AZ-900 is genuinely good for understanding cloud concepts.

If you’re in a Microsoft stack environment, the progression is AZ-900 → AZ-104 (Administrator) or AZ-500 (Security). Do AZ-900 first even if it feels basic.

Cost: ~£100. Study time: 2-4 weeks.

AZ-500 (Microsoft Azure Security Technologies)

Best for: Security professionals working with Microsoft/Azure

If your environment uses Azure, this is the cert. It covers identity and access, platform protection, security operations, and data/application security — all in the context of Azure.

Harder than AZ-900. Requires real hands-on practice in Azure (use the free tier). Worth doing once you have 6+ months of Microsoft stack experience.

Cost: ~£150. Study time: 6-10 weeks.

SC-200 (Microsoft Security Operations Analyst)

Best for: SOC analysts, anyone working with Sentinel or Defender

Directly relevant to day-to-day security operations in a Microsoft environment. Covers Sentinel, Defender for Endpoint, Defender for Cloud, and security investigation workflows.

If you’re in a SOC using Microsoft tooling, this should be on your list.

Cost: ~£150. Study time: 6-8 weeks.

CompTIA Network+

Best for: Anyone whose networking fundamentals are shaky

Before you specialise in anything, you need to understand networking. If you didn’t grow up configuring routers or you went straight into a role without a networking foundation, do Network+ before Security+.

Some people find they can skip it if they pick up networking knowledge on the job. Be honest with yourself about whether your networking knowledge is actually solid or just good enough to get by.

Cost: ~£320. Study time: 2-3 months.

The Ones to Approach Carefully

OSCP (OffSec Certified Professional): Genuinely valuable and respected in offensive security. But it’s expensive (£1,200+), intense, and requires significant preparation. Not a first cert. Get there via eJPT and PNPT first.

CISSP: For experienced professionals. Has a requirement for 5 years of experience. Not relevant to you yet. People suggesting you study for it as a junior are wasting your time.

Vendor-specific certs beyond Microsoft: Palo Alto, Splunk, Cisco, etc. are valuable if your employer uses that vendor’s products and is willing to pay for them. Not something to pursue out of pocket early on unless you’re certain of the direction.

The Ones Not Worth Your Time Early

CEH (Certified Ethical Hacker): Widely regarded in the industry as low-quality for the cost. The theory it covers is available for free, the practical element is weak, and experienced practitioners don’t rate it. If someone suggests CEH, they probably haven’t been in a hiring conversation recently.

ITIL Foundation (unless your employer requires it): Valuable in IT management/service desk contexts, but if you’re trying to move into technical roles it won’t differentiate you.

Practical Notes

Get your employer to pay. If you’re employed, put a business case together for every cert you want to do. Most employers will fund relevant certifications. The worst they can say is no.

Do the practice exams. For Microsoft certs especially, MeasureUp and Whizlabs practice exams are close to the real thing. You’ll see which topics to revisit before you sit the exam.

Don’t cert-stack without experience. A person with Security+, AZ-500, and SC-200 but no actual work experience is less employable than someone with less impressive credentials and 18 months in a real environment. Certs support experience; they don’t replace it.

Share this post on:
Share this post via WhatsApp Share this post on Facebook Share this post on X Share this post via Telegram Share this post on Pinterest Share this post via email
Previous Post
Getting Started with Microsoft Sentinel: A Practical Guide
Next Post
Being 23 in a Room Full of 40-Year-Olds: Career Observations