A lot has been written about certifications and whether you should have them or not. For me it is pretty simple, certifications helped me finding jobs and improving my career.
As a penetration tester I made OSCP and OSCE, for getting a bit more into DFIR I made the CHFI certification. At the beginning of my career I did CompTIA Network+ and Security+ for learning and prooving my skills. At some companies it is simply a door opener. I know enough people who never certified and are great at their jobs and also don’t have problems making a good career.
But of course there are other ways to show your motivation:
- have projects or a blog that are showing your skills
- have you found vulnerabilites? write them down in your CV
- found something great? consider to give a talk at a conference
- maybe you are a great CTF player?
- don’t forget your personal network
Besides that, what certification you want to do strongly depends on your career path and the budget. SANS courses & certs cost a ton if you have to pay for yourself and are mainly useful if you want to go into DFIR.
On the other end there are certifications from EDX or coursera that are cheap but of course not that recognized. Certifications from securitytube are also worth a look.
After all it is the mix of certifiations, courses, experience, personality, connections and so on that enables your career.
We learn Security! 