Home / Certifications

Certifications Roadmap

Microsoft and vendor‑neutral certifications aligned with your blue‑team homelab and SOC journey.

Skills & exams

Overview Phased certification path

Phase 1 — Foundations

  • CompTIA Security+ Completed
  • AZ‑104: Azure Administrator Completed

Phase 2 — Microsoft Cloud Security

  • SC‑500: Microsoft Cybersecurity Architect (Security Engineer successor)
  • SC‑200: Security Operations Analyst
  • SC‑300: Identity & Access Administrator

Phase 3 — Vendor‑Neutral Blue Team

  • CompTIA CySA+
  • eJPT / eCDFP
  • GIAC GCIA or GCED

Phase 4 — Senior Architecture

  • SC‑100: Cybersecurity Architect Expert
  • CISSP (optional)

Microsoft Cloud Security Security engineering and identity protection

SC‑500: Microsoft Cybersecurity Architect (Successor to AZ‑500)

The modern Microsoft Security Engineer certification, replacing AZ‑500. Focuses on designing and implementing security controls across Microsoft Defender XDR, Entra ID, and cloud workloads.

Deep‑dive content

Skills Measured

  • Design and implement Zero Trust security strategies
  • Secure identities with Entra ID, PIM, Conditional Access
  • Configure Microsoft Defender XDR and threat protection
  • Secure cloud workloads and hybrid environments
  • Implement data security and governance

External Links

Study Guides & Videos (Free)

Homelab Tie‑Ins

Integrate Defender XDR, configure Conditional Access, deploy PIM, and simulate attacks to validate detection and response workflows.

SC‑200: Security Operations Analyst

Focuses on threat detection, investigation, and response using Microsoft Sentinel and Defender XDR.

Deep‑dive content

Skills Measured

  • Investigate threats using Defender for Endpoint, Identity, and Office 365
  • Configure and use Microsoft Sentinel (SIEM/SOAR)
  • Hunt for threats using KQL
  • Automate response with Logic Apps playbooks

External Links

Study Guides & Videos (Free)

Homelab Tie‑Ins

Deploy Sentinel, connect Azure/M365/on‑prem data sources, write KQL queries, build analytics rules, and create SOAR playbooks.

SC‑300: Identity & Access Administrator

Covers identity security with Microsoft Entra ID: Conditional Access, identity governance, privileged access, and hybrid identity.

Deep‑dive content

Skills Measured

  • Implement and manage identity & access
  • Configure authentication & SSO for apps
  • Plan and implement identity governance
  • Manage external identities (B2B/B2C)

External Links

Study Guides & Videos (Free)

Homelab Tie‑Ins

Configure Conditional Access, MFA, PIM, access reviews, and test identity‑based attack paths such as password spray and legacy authentication.

Vendor‑Neutral Blue‑team and attacker fundamentals

CompTIA CySA+ (CS0‑003)

A vendor‑neutral certification focused on behavioral analytics, SIEM operations, threat hunting, and incident response. Complements SC‑200 by broadening your detection engineering foundation.

Deep‑dive content

Domains

  • Threat & vulnerability management
  • Security operations & monitoring
  • Incident response
  • Compliance & assessment

External Links

Study Guides & Videos (Free)

Homelab Tie‑Ins

Run Sentinel + Wazuh/Elastic, simulate attacks, tune detections, and practice full IR cycles from alert triage to containment.

eJPT / eCDFP

Hands‑on attacker fundamentals: recon, exploitation, and post‑exploitation. Essential for understanding attacker TTPs and improving your defensive detections.

Deep‑dive content

Topics

  • Reconnaissance & enumeration
  • Network & web application attacks
  • Exploitation fundamentals
  • Post‑exploitation & pivoting

External Links

Study Guides & Videos (Free)

Homelab Tie‑Ins

Build a small attack range (Kali + vulnerable VMs), run controlled attacks, and correlate them in Sentinel/Defender to design better detections.

GIAC GCIA / GCED

GCIA focuses on network forensics and IDS/IPS analysis; GCED focuses on enterprise‑scale defense and monitoring. Both are highly respected in blue‑team and SOC roles.

Deep‑dive content

Topics

  • Packet analysis & protocol behavior
  • IDS/IPS tuning & alert analysis
  • Log analysis & correlation
  • Threat hunting & enterprise defense

External Links

Study Guides & Videos (Free)

Homelab Tie‑Ins

Deploy Suricata/Snort, Zeek, and a packet capture pipeline; analyze PCAPs, tune IDS rules, and feed alerts into Sentinel for correlation.

Architecture & Leadership Advanced certifications

SC‑100: Cybersecurity Architect Expert

Validates the ability to design enterprise‑scale security strategies across identity, data, applications, networks, and infrastructure using Microsoft solutions and Zero Trust principles.

Deep‑dive content

Skills Measured

  • Design a Zero Trust strategy and architecture
  • Evaluate governance, risk, and compliance (GRC)
  • Design security for infrastructure, data, and applications
  • Design security operations strategies

External Links

Study Guides & Videos (Free)

Homelab Tie‑Ins

Treat your lab as a mini‑enterprise: design a reference architecture, document trust boundaries, implement Zero Trust controls, and map detections to MITRE ATT&CK.

CISSP (Optional)

A broad, management‑leaning certification covering eight domains of security, often used for senior roles, architects, and security leaders.

Deep‑dive content

Domains

  • Security & risk management
  • Asset security
  • Security architecture & engineering
  • Communication & network security
  • Identity & access management
  • Security assessment & testing
  • Security operations
  • Software development security

External Links

Study Guides & Videos (Free)

Homelab Tie‑Ins

Use your lab to model CISSP concepts: policies, risk assessments, BCP/DR, and mapping controls to your deployed technologies.