You've decided to jump into cybersecurity. You've done the research. You know you need a certification.
But now you're stuck. Three names keep coming up: Security+, CEH, and OSCP. The internet is full of strong opinions. Reddit says "OSCP or nothing." Your advisor says "Security+ is safer." Your pen testing friend says "CEH is a scam."
Who's right? All three are valuable. They're just for different people.
This guide cuts through the noise and shows you which cert is right for your situation, how much each one costs, and most importantly: which one gets you hired for the job you want.
The Quick Answer
Security+: Easy, £240, 6–8 weeks. For career changers and first roles. +£5–8K salary.
CEH: Medium, £800–1,000, 3–4 months. For pen testers and hands-on roles. +£10–15K salary.
OSCP: Very hard, £800 exam + £400 labs, 6–12 months. For elite pen testers. +£15–25K+ salary.
CompTIA Security+ — The Foundation
Who It's For
Career changers, first security job seekers, compliance and GRC roles, government/defense contractors (DoD 8570 requirement).
What You Learn
CIA Triad, cryptography, network security, identity/access, threat management, incident response, compliance frameworks.
Employer Demand
Highest of the three. DoD 8570 mandate requires it. Large enterprises list it as baseline. Startups don't care but it doesn't hurt. Pen testing firms: not interested.
Salary Impact
Entry level: £28K → £33K (typical bump).
Reality Check
Strengths: Opens doors (DoD requirement is huge), fair difficulty, widely recognized.
Weaknesses: Too basic for hands-on roles, multiple-choice only (tests knowledge, not skills), alone it's not enough for advanced positions.
Bottom line: If you want a job within 6–12 months, Security+ is your starter cert.
CEH (Certified Ethical Hacker) — The Hands-On Path
Who It's For
Aspiring penetration testers, red teamers, application security specialists, anyone who wants to actually hack (legally).
Salary Impact
Entry level: £35K → £45K. Pen testing specialist: £45K → £55K+.
Reality Check
Strengths: Hands-on (you actually hack), respected in pen testing, more challenging than Security+.
Weaknesses: Harder to find jobs requiring it at junior level, overlaps with Security+ content, expensive exam, pen testing jobs often expect CEH + experience.
Bottom line: If you want to be a pen tester, CEH is a step forward, but you'll probably need practical experience first.
OSCP (Offensive Security Certified Professional) — The Gold Standard
Who It's For
Serious penetration testers (3+ years into career), red teamers, advanced researchers, elite hiring.
Salary Impact
Pen testing specialist: £45K → £60K+ (and further). OSCP holders earn 15–20% more than CEH in pen testing roles.
Reality Check
Strengths: Genuinely hard (elite), exam is 24 hours of actual hacking, highest respect, significant salary bump.
Weaknesses: Very expensive (£1,200+), requires prerequisite knowledge, 6–12 month commitment, only relevant for pen testing, low pass rate (~65%).
Bottom line: OSCP is elite. Worth it if you're 100% committed to penetration testing. Overkill otherwise.
The Hiring Reality
Startups: Care about hands-on skills. Prefer CEH or OSCP.
Enterprise (500+): Care about compliance. Prefer Security+.
Pen Testing Firms: Care about proof you can hack. Prefer OSCP.
Government/Defense: Require Security+ (DoD 8570).
Your strategy: Find the job posting for the role you want. The cert they list is the one you need.
The Sequencing Strategy
Zero certs, want a job in 6–12 months: Security+ (6–8 weeks), build portfolio (8–12 weeks), land job.
Want to be a pen tester, career changer: Security+ → entry analyst job (1–2 years) → CEH → pen testing roles → OSCP (elite).
Already a sysadmin with 3+ years: Skip Security+, go CEH (12 weeks).
Already a pen tester: Get OSCP (6–12 months).
Your Decision Framework
Ask yourself three questions:
1. What job do I actually want? Junior analyst → Security+. Pen tester → CEH/OSCP. GRC → Security+ only.
2. How much time do I have? 3 months → Security+. 6 months → Security+ + portfolio. 12+ months → CEH. 18+ months → OSCP.
3. What's my starting point? Zero security → Security+ (mandatory). Help desk/sysadmin → CEH or skip to Security+. Already in security → CEH/OSCP.
Answer those three, and you know your cert path.
The Bottom Line
Security+ is the safest, fastest path to a job. Get it.
CEH is for people serious about penetration testing. Harder and riskier, but respected.
OSCP is elite. Only pursue if you're 100% committed to pen testing and have 6–12 months.
The certs matter, but *execution* matters more. Get the cert. Build proof. Apply intentionally. Land the job.
For a detailed breakdown of which cert fits your situation, check out the Cybersecurity Career Jump — it walks you through the decision, the study plan, and the job search strategy for each path.
You've got this.
Go deeper
Cybersecurity Career Jump
Detailed breakdown of cert paths, sequencing strategies, and job search strategy for each path.
Get the guide →