This spring, Google announced that they had a brand new professional certificate course, the Google Cybersecurity Certificate program. I am not the target demographic for this course, as I am already working in security, but I was so excited to check it out that I took it myself!

What follows below are my thoughts after completing all coursework for this new and exquisite offering from Google.

“But soft, what light through yonder window breaks?
It is the east, and Google’s Cybersecurity Certificate is the sun.” 
— Shakespeare(-ish)

For years now I have seen countless posts from individuals who have been searching for a job in cybersecurity. Often times aspiring security professionals vulnerably share how they have been searching for junior/entry-level security positions with no success. They may speak about how they have never heard feedback from potential employers after a rejection, or reflect on the frustration they feel after filling out hundreds and hundreds of applications for seemingly no reward.

Do you want to know what the large majority of people jumping into security have? The CompTIA Security+ certification.

Now, this is no knock on achieving this certification. Becoming certified after long hours of study, investment into study materials, surrendering lots of your own time, then sitting down to pass a long, formal exam, is absolutely something to celebrate! If you earned certifications then you should be proud of your accomplishments. But, many people earn certifications, especially the Security+, thinking that a specific certification is the gateway into a new job or breaking into a tech/IT career. Thinking that certifications will equal a new job, or a promotion, mayor frequently lead to disappointment.

The Security+ isn’t going away any time soon. So, what are people to do?

Below I will talk about how I think Google’s new Cybersecurity Certificate program far outshines self-study for the Security+ alone. I’ll share my thoughts on why I think the Security+ alone should carry less weight with learners, why Google’s new training is top notch, and how this new course and the Security+, when combined, could make for a very strong candidate.

What gives… you’re against the Security+?

No, not at all! The crux of my argument is not so much against the Security+ itself — as it is a valid certification granted from a legitimate body, CompTIA, and an actual requirement for some government/military positions— but against the perpetuation of the idea that the Security+ is the best way to get started as you jump off the diving board and into

The Security+ will definitely help you get familiar with fundamental security knowledge and get you into the professional vernacular, but it won’t help you develop skills.

A quick bit on learning

Allow me to digress for a second (sorry, I get really excited about this stuff!).

I have always felt that the pursuit of knowledge is a noble pursuit; an educated individual is an empowered individual. However, when it comes to one’s professional life, one must consider whether or not knowledge alone is the best path forwards toward career development and future success. This was the case in music and is certainly the case in tech. If you are going to work so hard to build knowledge, like with studying for the Security+, you owe it to yourself to be equally prepared to work just as hard on skills development.

Knowledge, separate from application, is theory; having knowledge by itself means that you have theoretical knowledge. Knowledge directly applied towards something, tied directly towards something you can do, means that you have a practical means of applying that knowledge. Thus, practical knowledge.

Knowledge + Intentional application of knowledge = Skills development

Am I a behavioral science expert-person? No. But, I am a person who learned an entirely new set of skills as an adult and knows how learning is a battle. I also know that time is limited, so picking the best route towards learning is crucial.

Regardless of discipline, building knowledge, devoid of a practical approach in how to apply that knowledge, is a lonely endeavor. What good is having tons of knowledge if you have no way to demonstrate that knowledge, other than reciting facts or taking an exam? If you’re learning something just to gain the knowledge, there’s nothing wrong with that, but when it comes to professional development you want to have that practical piece of the puzzle, too.

That’s my main point. Studying for the Security+ may net you new knowledge about security concepts and terminology, but the Security+ in and of itself leaves you naked in the cold when it comes to skills. You worked hard for that piece of CompTIA paper, yet may not have the skills to back to up. Worse yet, training courses are geared towards helping you pass a test and may not be geared towards teaching you the concepts in full.

Perhaps there are better ways to gain a proper security knowledge foundation aside from simply grabbing a Security+ book.

That’s where Google’s Cybersecurity Certificate program comes in — trying to teach you new things while also allowing you to apply those new things.

Google’s Cybersecurity training is great and you should take it

What I’m advocating for is not to cut out the Security+ entirely, or to even circumvent job requirements in some way when the Security+ is expected. What I am encouraging is, if we were to think of a learning journey in phases, put the Security+ certification effort as a Phase II in your learning journey. I believe Google’s Cybersecurity Certificate could be Phase I.

Why am I saying this Google training is great? Because I took it myself and I think that is great!

I was familiar with almost all of the material, but I treated it like a refresher, a chance to help fill some knowledge gaps in my fundamentals.

I wanted to finally have something solid to recommend to entry-level people and to know that my recommendation comes from me doing the work, diving into it myself.

I won’t go into tons of detail about the Google course since I have an entire blog post about it, but I will share the main points that make Google’s curriculum an attractive one.

Below are six reasons why I think this course is great.

Reason you should take it #1: You craft a professional portfolio

Almost immediately, Google has students preparing a professional portfolio. The entire curriculum is geared towards a total beginner who may have little to no technical knowledge or experience. Google had this in mind, I believe, since Google knows that demonstrable skills can come in handy when formal experience is limited. After all, Google and other companies are known to hire standouts who can perform extremely well but who may not have a specific academic pedigree. By the end, students will have a professional portfolio that includes, among others:

• Completed risk assessment

• Dashboards of security metrics

• Incident response journal, with details from several different incidents

• Writings about Linux commands and how they may be used in the workplace

• And lots, lots more

Now students who complete the program will have a diversified, professional portfolio they can showcase to prospective companies. I love this approach, as the end goal isn’t just to say, “I took Google’s Cybersecurity Certificate program,” but to say, “I took Google’s Cybersecurity Certificate program and here’s a link to the portfolio of my work!”

And I think that’s really neat.

Reason #2: You’re handed a full curriculum

Not everyone is a self-study superstar. I know people that can pick up concepts remarkably quick and are extremely intelligent folks, but us mere mortals may struggle with approaching new topics.

Even if you have all of the best learning materials, from study guides, to practice exams, to online lab portals, you still need to formulate an approach for how you will start learning something new. Some people may do this naturally, yet many may struggle.

Google does that hard work for you by having a ready-made curriculum covering all of the important, foundational security topics. All you need to do is follow their lessons step-by-step.

Think about it like baking a cake. If you want to research how to bake a cake, I’m sure you could find tons of content online about appropriate ratios of different ingredients, how much or how little flour is needed, what goes into creating flavored batter, etc. I have no doubt that you’d learn so much in doing that. But, if you buy a box of cake mix, what do you have on the back? All you need to do is follow the steps, add a couple small ingredients, pop it in the oven, and voila! You have a delicious cake.

Google’s security course is like buying the cake mix. Let them do the hard work required to flesh out lesson plans. All that’s required from you is to follow the path they’ve laid out for you and complete the steps.

Great, now I’m hungry for cake!

Reason #3: Google covers Security+ content

The normal approach to studying for your Security+ certification is to buy the official study guide (many people buy more than one study guide), buy/find a video course to watch, and perhaps adding on expensive performance-based question labs.

Aside from the labs, which are extremely limited in functionality, you’re simply absorbing, memorizing, and attempting to comprehend new content that is separate from application (remember me mentioning Theoretical vs. Practical?). There’s a possibility that you’ll learn many new things, yet the aim is to pass an exam, not to set the groundwork for security skills.

So, why not go after a study path that begins with a combination of listening to and watching content, in addition to the hands-on goodness of labs? Reading about things is great but you need that practice of applying something in order to soak everything in. You may read about Linux permissions and memorize them for the test, but will you remember them when it comes time to modify a user’s access in production?

Google’s coursework touches on the Security+ objectives and them some. The inclusion of heavy Python material is amazing, since programming is a skill that many security professionals rely on.

If you ask me, I’d use this course from Google as Phase I of my Security+ prep, then dive into full-on study of purely Security+ material as Phase II. That way you have a foundation of how to apply everything before you drown in a myriad of dry certification material.

Important: if you take Google’s course and want to jump into getting your Security+, you should absolutely grab a study guide or two. Google’s classes are wonderful, but I would by no means recommend that someone take the Security+ after taking their classes alone. Supplement that learning with Security+-specific study and you’ll be good to go.

Reason #4: For the money, it’s the best way to start

A Security+ study guide, depending on which book you buy, will likely run you $25–50 USD. One month of Coursera Plus will run you $59 USD (at the time of this writing).

If you dedicate 1–2 hours per day, plus several hours of your weekend each week, I believe most people would be able to work a great amount of the Google Cybersecurity content.

The goal isn’t to take the course, or any on-demand course, as quickly as possible, the goal is to take your time. Take advantage of on-demand learning to learn at the pace that works best for you.

I say it’s the best way to start for the money because, if you’re truly entering the course from Level 0, you’ll be given a more gentle introduction to topics AND be given the chance to be hands on with Linux and other important tech. Remember, too, that you’ll be building a portfolio as you complete certain assignments. Pretty cool, right?

If you spend your hard-earned money just on a Security+ book alone, you may have an excellent resource on your hands, but you’ll miss out on the chance to gets your hands dirty with the tech itself. For someone new, getting hands on experience early can make learning something new all the more exciting.

Reason #5: Finish Google’s course, get 30% off the Security+ exam

Let’s say you really want to earn your Security+. That’s the goal. Well, consider that paying for one CompTIA Security+ exam voucher will cost you $392 USD (as of this writing — check out the official exam page here for current info). Completing the Google certificate will net you a 30% discount off of the exam cost.

$392 x 0.3 = $117.6 USD off of your exam!

For a lot of people, that’s a huge discount, especially considering how most people who switch careers have bills to pay, perhaps even a family to take care of. How to wisely invest your money towards your learning should always be a part of your plan.

Reason #6: Not everyone actually needs to get the Security+

You will see the Security+ listed on tons of security-related roles, but, is it required? Examples of positions that may formally require this certification are roles within the United States’ federal government or jobs within the military. Here, you have to either hold the certification prior to being hired (you won’t be considered for the role if you don’t have it), or you commit to earning it within a certain timeframe after starting the job. This is what most Security+ training is aimed towards, since there are thousands and thousands of people who truly need to get the certification to get, or keep, their jobs.

If you don’t absolutely have to get a certification then I would consider if the cost, both of your money and time, is worth it. Your resources are finite, so I’d encourage you to see if a position you’re aiming for will require it or not. If not, there’s no harm in learning the material without committing to taking the exam.

I respect how each person’s journey is their own. As you take the time to figure out how you will learn, you’ll likely see varying opinions from individual to individual.

“Nathan,” you may say, “I completely disagree with you and I’m going to go straight for my Security+ certification.” That’s great! You will likely see posts and opinions that differ from my own, as you should. You are responsible for doing your homework and taking a look at your current situation, needs, and resources. You need to follow the path that is best for you.

Regardless of what you choose to do, go after it! Be tenacious in your learning and the knowledge and skills will come.