In 2013, I earned my first certification in Digital Forensics. For that first achievement, I had to make a significant investment — take a 40-hour course, study for a couple of weeks afterward, and finally take the exam. Was it worth it? No.
In the following years, I shifted my focus — mainly because security courses are expensive and my resources were limited. However, I believed certifications were the key to opening new doors and landing better jobs. So, for the next certifications, I started identifying which ones would actually help me get a new job and prepared for the exams on my own (by reading books and practicing).
Within 12 months, I obtained two new certifications: one in penetration testing and the other in incident response. Were the certifications worth it? No. But the process I used to earn them definitely was. I learned much more during those 12 months, contributed more at work, and defined the methodology I wanted to adopt for the next stages of my career.
Between 2015 and 2016, I earned a couple of certifications that truly made a difference in my professional profile — one in security management and another in risk management. I chose those certifications because I wanted to apply for the role of CISO (Chief Information Security Officer) at the company I was working for. My approach remained the same: I bought several books, created a career plan, and started executing tasks at work aligned with what I was learning. Every time I learned something, I applied it. I earned the certifications, got the role I wanted, and most importantly, I truly learned how to manage risk and lead security projects. That was definitely worth it.
Between 2013 and 2023, I accumulated around 20 security certifications, mainly in technical areas like malware analysis, incident response, cloud security, and so on. Were they worth it? Yes, because I followed the same process for 10 years. Each year, my goal was to earn at least two certifications — not because I needed them, but because I became addicted to taking exams as a way to evaluate what I was learning. At the same time, they helped open new doors in the job market.
So, in conclusion, are certifications worth it? No. What’s worth it is the learning process behind preparing for the certification. Studying just to pass an exam isn’t sustainable, and sooner or later, people will realize that you’re “certified” but you don’t actually know what you’re doing. Eventually, it can even lead to imposter syndrome.
Continuous learning and practical application of knowledge are what truly empower us to grow and contribute meaningfully to our industry and our society.