Let's Rethink Cyber Security Certifications for Candidates and Managers

Cyber security certifications have had an identity problem for a long time. That gap is only getting wider as LLMs become easily available to provide copy-paste answers. If certifications are going to stay relevant, they need to fundamentally change.

Let's Rethink Cyber Security Certifications for Candidates and Managers

By Tom Mohan - Content Engineering Manager, TryHackMe

Cyber security certifications have had an identity problem for a long time.

Many of them are broad, generic, and knowledge-heavy. They reward memorisation, multiple-choice recall, or exposure to “a bit of everything.” You come out knowing about cyber security,  but not necessarily able to do cyber security as a profession.

That gap is only getting wider as LLMs become easily available to provide copy-paste answers.

If certifications are going to stay relevant, they need to fundamentally change.

Certifications should validate actual readiness

A certification should mean something concrete. It should send clear signals to instructors and managers about what the individual having completed it is ready to do next.

Having studied cyber security is not in itself the achievement, but demonstrating understanding and the ability to apply it in practice is.

This is where many entry-level certifications fall down: validating that someone has been exposed to concepts, or that they have ticked boxes, but not clearly validating readiness.

That creates confusion for everyone. Candidates do not know where they stand, managers do not know what to trust, and  educational institutions struggle to point to meaningful milestones.

Foundations matter

Getting the foundations right is as critical for hiring organisations as it is for those hoping to build careers in cyber. Before someone is job-ready, they need to be career-ready.

They need to understand the cyber security landscape and have the foundational skills that allow them to apply what they are learning across a wide range of areas. They may not have depth yet, but they should be able to have real conversations about cyber and understand how the foundational pieces fit together.

If those foundations are not properly learned, learners struggle later. They hit gaps when they move into more specialised roles, and those gaps are much harder to fix further down the line, where they become blockers of career growth.

Gatekeeping at the entry level helps no one

Cyber security skills are not just a personal career concern. They matter to businesses, to economies, and to national security.

And there’s a clear skills shortage. People want to enter cyber security or transition into it, but the path in is often unclear. Entry-level gatekeeping is common, and it is usually unintentional.

People are told they are “not ready”, but there is no shared understanding of what ready looks like. Certifications exist, but their signals are often vague or inconsistent.

If we want stronger security outcomes, we need clearer, more accessible entry points that still maintain a high standard. Accessibility does not mean lowering the bar. It means being explicit about what is being validated.

Why TryHackMe is launching the Cyber security 101 certification

This gap at the foundation level is exactly why TryHackMe is launching the Cybersecurity 101 certification, also known as SEC1.

When we looked at the market, we did not see a certification that clearly validated readiness to start working in cyber security. There were certifications that were too generic and theoretical to be meaningful, and others that jumped straight to job roles without ensuring the foundations were in place.

Cyber security 101 is designed to sit between those two extremes, reflective of hands-on experience.

It is not a job-ready certification. It does not say someone is ready to work as a SOC analyst or a penetration tester. What it says is more specific and more honest.

If someone passes Cyber security 101, they have proven that they are ready to start pursuing a path in cyber security.

What Cyber security 101 validates

Cyber security 101 validates that someone has properly learned the foundational pieces of cyber.

It shows that they can apply what they have learned in hands-on, practical ways. That they understand the landscape well enough to engage meaningfully. That they are interested, but also serious about this journey.

They may not yet have the depth required for a specific role, but they have the foundation needed to move forward with confidence into junior roles or job-specific learning paths.

This is a milestone certification. It provides clarity at a point where clarity is often missing.

A signal that managers and educators can trust

If certifications are going to play a meaningful role in the future of cyber security, getting the foundations right is where it has to start.

We believe that certifications should be grounded in real skills, aligned to real outcomes, and clear about what they represent. This certification exists to make the entry point into cyber security more accessible and affordable, while ensuring that when someone earns a certification, it actually means something.

The role of an entry-level certification should be to validate actual readiness, at a point where the learner can start carving a more purposeful path in a particular niche of cyber. Cyber security 101 is designed to be useful not only for learners, but also for managers and educational institutions.

It provides a clear signal that foundational skills have been properly learned. It allows managers to trust that someone can be developed further. It gives educators a meaningful validation point that reflects real understanding rather than participation.

Most importantly, it reduces ambiguity at the start of the cyber career journey.


If building stronger foundations in cyber security matters to your organisation, it may be worth looking at how this translates beyond individual learners. TryHackMe for Business is designed to help teams develop practical, validated skills with clarity on progress and readiness.