Home / Certifications

Certifications Roadmap

Microsoft and vendor‑neutral certifications aligned with your blue‑team homelab and SOC journey.

Skills & exams

Overview Phased certification path

Phase 1 — Foundations

  • CompTIA Security+ Completed
  • AZ‑104: Azure Administrator Completed

Phase 2 — Microsoft Cloud Security

  • AZ‑500: Azure Security Engineer
  • SC‑200: Security Operations Analyst
  • SC‑300: Identity & Access Administrator

Phase 3 — Vendor‑Neutral Blue Team

  • CompTIA CySA+
  • eJPT / eCDFP
  • GIAC GCIA or GCED

Phase 4 — Senior Architecture

  • SC‑100: Cybersecurity Architect Expert
  • CISSP (optional)

Core Certifications Security+ and Azure Administrator

CompTIA Security+ (SY0‑701)

Establishes foundational security knowledge: threats, vulnerabilities, controls, identity, and incident response.

Domains

  • Threats, attacks, vulnerabilities
  • Architecture & design
  • Implementation
  • Operations & incident response
  • Governance & risk

Study Resources

  • Official Security+ exam page
  • Free practice tests
  • Full‑course video walkthroughs

Homelab Tie‑Ins

Build a small Windows/Linux network, enable logging, and practice basic incident response workflows.

AZ‑104: Azure Administrator Associate

Validates Azure identity, networking, compute, storage, and monitoring — the operational foundation for all Microsoft cloud security work.

Skills Measured

  • Azure identities & governance
  • Storage & compute
  • Virtual networking
  • Monitoring & Log Analytics

Study Resources

  • Official AZ‑104 exam page
  • Microsoft Learn paths
  • Full‑course video walkthroughs

Homelab Tie‑Ins

Deploy VNets, NSGs, VMs, storage accounts, and Log Analytics workspaces.

Cloud Security Azure Security Engineer

AZ‑500: Azure Security Engineer

Focuses on implementing and managing security controls across Azure workloads using Defender for Cloud, Entra ID, and platform protection.

Skills Measured

  • Identity & access (Entra, PIM, RBAC)
  • Platform protection
  • Security operations
  • Data & application security

Study Resources

  • Official AZ‑500 exam page
  • Microsoft Defender for Cloud documentation

Homelab Tie‑Ins

Enable Defender for Cloud, configure policies, NSGs, JIT access, and Key Vault integration.

SOC & Detection Microsoft Security Operations

SC‑200: Security Operations Analyst

Focuses on threat detection, investigation, and response using Microsoft Sentinel and Defender XDR.

Skills Measured

  • Mitigate threats using Defender for Endpoint, Identity, and Office 365
  • Mitigate threats using Defender for Cloud Apps
  • Configure and use Microsoft Sentinel (SIEM/SOAR)
  • Hunt for threats using KQL

Study Resources

  • Official SC‑200 exam page
  • Microsoft Sentinel documentation
  • Sentinel hunting queries (GitHub)

Homelab Tie‑Ins

Deploy Sentinel, connect Azure/M365/on‑prem data sources, write KQL queries, build analytics rules, and create SOAR playbooks.

SC‑300: Identity & Access Administrator

Covers identity security with Microsoft Entra ID: Conditional Access, identity governance, privileged access, and hybrid identity.

Skills Measured

  • Implement and manage identity & access
  • Implement authentication & SSO for apps
  • Plan and implement identity governance
  • Manage external identities (B2B/B2C)

Study Resources

  • Official SC‑300 exam page
  • Microsoft Entra ID documentation

Homelab Tie‑Ins

Configure Conditional Access, MFA, PIM, access reviews, and test identity‑based attack paths such as password spray and legacy authentication.

Vendor‑Neutral Blue‑team and attacker fundamentals

CompTIA CySA+ (CS0‑003)

Focuses on behavioral analytics, SIEM operations, threat hunting, and incident response — a strong vendor‑neutral complement to SC‑200.

Domains

  • Threat & vulnerability management
  • Security operations & monitoring
  • Incident response
  • Compliance & assessment

Study Resources

  • Official CySA+ exam page
  • Free practice tests
  • Full‑course video walkthroughs

Homelab Tie‑Ins

Run Sentinel + Wazuh/Elastic, simulate attacks, tune detections, and practice full IR cycles.

eJPT / eCDFP

Provides hands‑on attacker fundamentals: recon, exploitation, and post‑exploitation — essential for understanding attacker TTPs and building better detections.

Topics

  • Reconnaissance & enumeration
  • Network & web application attacks
  • Exploitation fundamentals
  • Post‑exploitation & pivoting

Study Resources

  • Official eJPT exam page
  • INE learning path
  • Exam prep walkthroughs

Homelab Tie‑Ins

Build a small attack range (Kali + vulnerable VMs), run controlled attacks, and correlate them in Sentinel/Defender to design better detections.

GIAC GCIA / GCED

GCIA focuses on network forensics and IDS/IPS analysis; GCED focuses on enterprise‑scale defense and monitoring. Both are highly respected in blue‑team roles.

Topics

  • Packet analysis & protocol behavior
  • IDS/IPS tuning & alert analysis
  • Log analysis & correlation
  • Threat hunting & enterprise defense

Study Resources

  • GCIA certification page
  • GCED certification page
  • SANS training courses

Homelab Tie‑Ins

Deploy Suricata/Snort, Zeek, and a packet capture pipeline; analyze PCAPs, tune IDS rules, and feed alerts into Sentinel for correlation.

Architecture & Leadership Advanced certifications

SC‑100: Cybersecurity Architect Expert

Validates the ability to design enterprise‑scale security strategies across identity, data, applications, networks, and infrastructure using Microsoft solutions and Zero Trust principles.

Skills Measured

  • Design a Zero Trust strategy and architecture
  • Evaluate governance, risk, and compliance (GRC)
  • Design security for infrastructure, data, and applications
  • Design security operations strategies

Study Resources

  • Official SC‑100 exam page
  • Microsoft Learn training paths
  • Exam prep walkthroughs

Homelab Tie‑Ins

Treat your lab as a mini‑enterprise: design a reference architecture, document trust boundaries, implement Zero Trust controls, and map detections to MITRE ATT&CK.

CISSP (Optional)

A broad, management‑leaning certification covering eight domains of security, often used for senior roles, architects, and security leaders.

Domains

  • Security & risk management
  • Asset security
  • Security architecture & engineering
  • Communication & network security
  • Identity & access management
  • Security assessment & testing
  • Security operations
  • Software development security

Study Resources

  • Official CISSP exam page
  • Full‑course video walkthroughs
  • Cybrary CISSP training

Homelab Tie‑Ins

Use your lab to model CISSP concepts: policies, risk assessments, BCP/DR, and mapping controls to your deployed technologies.