
What's in this brief
- There is no single certification ladder
- The foundational entry: where almost everyone starts
- The three big tracks and where they lead
- How to pick your track by target role and salary
- Illustrative months to job-ready by track
- Reading a certification path by tier
- Cloud certifications and why they run hot
- Security certifications and the experience gotcha
- How long each tier really takes to study
- Where your certification time actually goes
- Stacking certs versus going deep
- Certifications versus a degree
- Certifications versus a bootcamp
- How employers actually weight certifications
- Recertification and expiry: the ongoing cost
- A worked example: an 18-month roadmap
- How to read your own roadmap before you commit
- The bottom line
Search for how to break into IT and the advice arrives as a pile of acronyms with no map: get this one, then that one, or maybe this other one first, each recommendation confident and none of them agreeing. The reason the advice conflicts is that people are answering a question you did not quite ask. There is no single certification ladder that everyone climbs. There is a foundational starting point almost everyone shares, and then the path forks into tracks that diverge hard, and the right order depends entirely on which track you are walking. Once you see the roadmap that way, the acronyms stop competing and start falling into sequence.
This brief lays out that sequence end to end: the vendor-neutral foundational certification that begins almost every IT career, the three big tracks that branch from it and where each one leads, the associate to professional to expert tiering that most vendors share, and the order to stack credentials so each one opens the role that funds and justifies the next. It is the sequencing companion to our ranking of IT certifications by cost, salary, and payback, which prices the credentials, and to our brief on degree versus certification, which weighs the whole path against a diploma. Run your own version of every stage against our certification ROI calculator as you read.
Key takeaways
- There is no single IT certification ladder: a shared foundational start, then three tracks (networking, cloud, security) that diverge, each with its own order.
- Start with a broad, vendor-neutral foundational certification, then pick a track by the role and pay you are actually targeting, not by prestige.
- Most vendors tier their credentials as associate, then professional, then expert, and each rung assumes the hands-on experience the one below it built.
- Some advanced security certifications require years of documented experience just to qualify, so the top of that track is a destination, not a starting move.
- Stack certifications in sequence early and go deep later: each credential should open a named role, and recertification is a recurring cost to plan from the start.
There is no single certification ladder
The first and most useful thing to understand about IT certifications is that the mental image most beginners carry, a single staircase everyone climbs in the same order, is wrong. What exists instead is a shared trunk and then branches. Almost everyone starts at the same broad, vendor-neutral foundational level, because that is the credential that proves general competence and unlocks a first role. From there the path splits into tracks that genuinely diverge: the networking specialist, the cloud engineer, and the security professional are walking different roads, studying different material, and stacking different credentials, even though they all began at the same trunk.
This is why generic “get certification X next” advice so often misfires. The correct next certification for a would-be network engineer is not the correct next one for a future cloud architect, and neither matches the path of someone headed into security. The roadmap is a tree, not a ladder, so the honest first question is never “which certification is best” but “which track am I on,” because that single choice reorders everything that follows. The rest of this brief walks the trunk, then each branch, then the tiering pattern that repeats inside every branch.
The foundational entry: where almost everyone starts
The trunk of the tree is the foundational certification, and its job is narrow and valuable: prove that a person with no formal track record understands the general-knowledge basics of hardware, operating systems, networking concepts, and support. These credentials are deliberately vendor-neutral, meaning they test the concepts common to the whole field rather than one company’s platform, which is exactly what makes them a universal starting point regardless of which track you eventually take. They are the cheapest tier, studyable in the smallest number of hours, and the most consistently listed in entry-role postings as a required or strongly preferred filter.
For a career changer with no technical history, that filter is the entire early game, because it converts an application that would be screened out into one a human actually reads. The foundational certification rarely commands an impressive salary on its own, and that leads some people to skip it in favor of something that sounds more advanced. That is the single most common sequencing mistake in IT, and it usually ends with an expensive certificate and no way to get the first interview that would have used it. The foundational rung is not glamorous, but it is the rung everything else compounds on, which is why almost every sensible roadmap starts here.
The three big tracks and where they lead
Once the foundational trunk is behind you, the path branches into three big tracks, and it helps to describe them by the work rather than by any one vendor’s trademark. The networking track leads toward roles that design, configure, and troubleshoot the connections between systems: the people who keep traffic flowing across an organization’s infrastructure. The cloud track leads toward roles that build and operate computing environments on the major hosted platforms, provisioning and securing infrastructure that no longer lives in a server room down the hall. The security track, sometimes called cyber, leads toward roles accountable for defending systems, managing risk, and meeting compliance obligations.
Each track has its own signature credentials at each tier, offered by both the platform vendors and the vendor-neutral bodies, and each has a characteristic pay and demand profile. Networking is the classic, stable backbone of IT and a reliable route into the field. Cloud runs hot on demand and pay because the market cannot hire fast enough. Security sits at the top of many salary rankings but gates its senior credentials behind years of experience. The tracks are not walled off from each other, and plenty of careers cross between them, but the certifications you stack differ by branch, so choosing a primary track is the decision that shapes your roadmap more than any single exam.
How to pick your track by target role and salary
Choosing a track is not a personality quiz, and it is not about which technology sounds most exciting in a marketing video. The reliable method is to work backward from real jobs. Pull a large sample of current postings for the roles you could realistically want in two or three years, in your actual market, and read what they ask for. Which track’s credentials appear most often as required or preferred? What salary bands do those roles sit in, and how do they compare across networking, cloud, and security in the places you would actually work? The track with the most postings you can plausibly reach, at pay you would be happy with, is your track, whatever its reputation.
This is where sequencing meets economics, and it is why the roadmap and the money are the same conversation. Our ranking of IT certifications by cost, salary, and payback prices each track family so you can weigh the lift against the hours before committing, and it makes the same core point from the money side that this brief makes from the sequence side: match the credential to a named role the market is hiring for, not to the biggest acronym. Pick the track first, because the track determines which certifications even belong on your list, and then let the tier ladder inside that track set the order. Run a specific target role’s numbers through our ROI calculator before you commit to a branch.
Illustrative months to job-ready by track
Different tracks reach the first hireable role on different timelines, mostly because the study and lab load differs by branch. The chart below shows an illustrative time to job-ready for each track, starting from little or no experience at a steady part-time study pace, and every bar is drawn to its value.
Illustrative months to job-ready by track
Rough time from a standing start to a first hireable role, at a steady part-time study pace. Every case differs.
Bars scale to the longest track. Figures are illustrative and assume a first role, not a senior one: support is fastest to enter, security slowest because its meaningful roles and credentials lean on more groundwork and experience.
Read the bars as time to the first job, not to the top of a track. Support is the fastest on-ramp precisely because its foundational credential is broad and its entry roles are the most numerous, which is why it so often serves as the trunk that feeds the other three. Security looks slowest because its meaningful entry roles, and certainly its senior credentials, assume more groundwork than a single exam. The tool alongside this brief converts your own track, starting level, and weekly study hours into a personalized version of this estimate, so the bars become your months rather than the average’s.
Reading a certification path by tier
Inside every track, the credentials repeat a tiering pattern, and learning to read it turns an intimidating catalog into a simple sequence. Most vendors label their certifications, from the bottom up, as associate, then professional, then expert or specialty, sometimes with a foundational or fundamentals level below the associate rung. The labels are not marketing decoration: they encode assumed experience. An associate credential assumes you can operate within a platform under supervision. A professional credential assumes you can design and administer it independently, which means it assumes the working experience an associate does not. An expert or specialty credential assumes deep, senior ownership of complex systems.
The practical value of the pattern is that it tells you the intended order at a glance. You are meant to earn the associate credential, then accumulate real hands-on experience, then earn the professional credential that the experience has now made both reachable and credible. Jumping tiers is possible on paper, because nothing physically stops you from booking a higher exam, but it defeats the purpose, since the higher credential assumes an experience base a technical interview will test for. When you look at any track’s list of certifications and feel overwhelmed, sort them by tier first. The order to earn them is usually the order the tier labels already imply, bottom to top, one rung at a time.
Cloud certifications and why they run hot
Cloud deserves its own stop on the roadmap because it is the track where demand most outruns supply, and that imbalance shapes the whole sequence. Organizations continue moving infrastructure onto the major hosted platforms, and the number of people who can architect, secure, and operate those environments has not kept pace, which keeps cloud roles well paid and cloud credentials genuinely screened for at the hiring stage. Within the track the tier ladder is unusually clear: an associate credential proves you can operate within a platform, a professional credential proves you can design and administer it, and an expert or specialty architecture credential proves you can own the design of large systems, where the headline salaries cluster.
The sequencing lesson for cloud is to climb the ladder in order rather than leaping to it. An associate cloud credential for someone already in an adjacent IT role tends to pay off quickly, because it moves them into cloud-tagged work at a real premium. The professional and expert credentials pay more but assume the operating experience that only the associate rung and the months after it can build, so buying them first, with no hands-on time behind them, is the classic route to a credential that interviews expose as hollow. The demand is real and the pay is real, but the compounding only works when each certificate sits on genuine platform experience. Price a specific cloud step against your current salary in our ROI calculator to see where the payoff lands.
Security certifications and the experience gotcha
Security is the track with the most attractive top-of-list salaries and the most important structural gotcha on the entire roadmap. The reason security pays is straightforward: security roles carry accountability for risk, breaches, and compliance, and organizations pay a premium for people they trust with that accountability. The gotcha is that several of the best-known advanced security credentials, the ones whose names appear at the top of illustrative salary surveys, require multiple years of documented, relevant work experience just to qualify for full award. They are not a first purchase. They are a credential you become eligible for after the career, not before it.
This reorders the security roadmap in a way beginners routinely get wrong. The correct entry is a foundational, vendor-neutral security credential that proves baseline literacy and carries no experience requirement, paired with an entry role that starts the experience clock the advanced credentials will later demand. Trying to leap straight to the senior credential fails twice over: you may not even qualify to be awarded it, and even if you pass the exam, the senior role it points to tests for hands-on judgment a fresh certificate cannot supply. The high-pay security path is genuinely there, but it is a path walked over years, and the experience requirement is a feature of that path, not an obstacle to route around.
How long each tier really takes to study
Timelines are where roadmaps meet reality, and the honest version is a range that grows quickly as you climb. A foundational certification commonly cites a study commitment in the dozens of hours for someone with adjacent experience, stretching well into the low hundreds for a true beginner, which at a steady part-time pace is a few weeks to a couple of months. An associate credential typically runs longer, often a few months of evenings, because it adds platform-specific depth on top of the general basics. Professional and expert credentials routinely assume hundreds of hours of preparation and, crucially, hands-on lab time, which spreads the work across many months even for someone already in the field.
The slow part is almost never the reading. It is the lab practice, the building and breaking and rebuilding of real configurations that turns memorized concepts into demonstrable skill, and that time cannot be compressed the way flashcards can. This is why the honest tier timeline is measured in months per rung, not weeks, and why the roadmap as a whole is a multi-year project rather than a season of cramming. Budget the hours per tier before you enroll, because a plan built on the exam fee and a hopeful weekend will collide with the lab hours the very first time an interviewer asks you to actually do the thing.
Where your certification time actually goes
It also helps to see how the study time inside a single track roadmap divides, because the split explains why the later rungs feel so much heavier than the first.
Where your certification time goes
Illustrative split of total study and lab hours across one track's roadmap, from foundational start to a specialization. Every case differs.
Segments sum to 100. The foundational start is the smallest block of hours even though it comes first: the track credential is the heaviest lift, and the specialization compounds on the experience the first two rungs built.
The decomposition carries a sequencing lesson. The foundational rung, the one everyone starts with, is the smallest slice of the total hours, which is exactly why skipping it to save time saves almost nothing while forfeiting the filter that opens the first door. The track credential is the heaviest single block, because that is where platform depth and lab practice concentrate. The specialization at the end is lighter than the track credential in raw hours, but only because it is standing on the experience the first two rungs produced, which is the compounding the whole roadmap is built to create. The tool beside this brief turns your inputs into your own total-hours figure so this split becomes concrete rather than illustrative.
Stacking certs versus going deep
A recurring roadmap question is whether to collect many certifications or master one, and the honest answer changes with where you are on the path. Early on, stacking in sequence wins, because a foundational credential plus a track associate credential opens the first role and the first specialization, and each is cheap relative to the salary step it unlocks. The stack is not random breadth: it is a deliberate sequence where each certificate opens the role that funds and justifies the next, the same compounding logic our coverage note on whether certifications are worth it describes in general terms, applied to a field that rewards it unusually well.
Later, once you are established in a track, depth tends to beat breadth. A single professional or expert credential backed by real experience gates higher roles more reliably than a scattered handful of unrelated certificates, because seniority is about demonstrable mastery, not a longer list. The failure mode to avoid is collecting credentials across tracks with no named role behind any of them, which feels productive and photographs well on a profile but competes for the same limited attention on a resume while the hours pile up and the pay barely moves. The test is always the same single sentence: name the exact role this next certificate unlocks. If you can, stack it. If you cannot, the hours belong in deepening the skill your track already rewards.
Certifications versus a degree
A roadmap built on certifications naturally raises the question of whether a degree should be on it at all, and IT is one of the few fields where the certification path genuinely competes with, and often beats, a four-year degree on cost and speed. The reason is that IT hiring screens for demonstrable, specific skills, and certifications map onto those skills more directly and far more cheaply than a multi-year program does. A stacked sequence of credentials plus a home lab and a first support role can reach a mid-level salary in a fraction of the time and cost of a degree, and for many support, networking, cloud, and security roles the market treats that route as fully legitimate.
The degree keeps its edge in specific corners: roles that formally require one, employers that use it as a filter regardless of skill, and the deeper theoretical foundations behind software engineering and research, which are harder to certify around. For most infrastructure and operations tracks, though, the certification roadmap wins on cost and speed because it prices so much lower and returns so much sooner. Our dedicated brief on degree versus certification runs the side-by-side math in full; for the roadmap here, the short version is that a degree is one optional branch, valuable when your target role treats it as a hard gate, and skippable when the market treats verified skill as sufficient.
Certifications versus a bootcamp
The other alternative route people weigh against a certification roadmap is an intensive bootcamp, and the two are not the same kind of thing, which is where confusion starts. A certification is a credential you earn by passing an exam, and it can be pursued through self-study, an employer, or a course, at your own pace and for a modest fee per tier. A bootcamp is a structured, time-boxed program you pay for as a package, and its output is skills and, sometimes, a certificate, but its real product is an accelerated schedule and support. They can complement each other: some people use a bootcamp to build the hands-on skill and then sit the certification exams that document it.
The decision usually comes down to money, structure, and time. A self-directed certification roadmap is the cheaper path and rewards discipline, while a bootcamp trades a larger upfront cost for pace and accountability, which suits people who struggle to self-study or who want to change careers quickly. The full economics of the bootcamp route, including the forgone income that dwarfs tuition, live in our brief on whether coding bootcamps are worth it. For this roadmap, the point is that a bootcamp is a way to travel the early rungs faster and with more support, not a replacement for the sequence, since the same track choice and tier ladder still govern where you go next.
How employers actually weight certifications
The roadmap only makes sense if you understand how employers actually read certifications, because the credential does a specific job and not others. At the resume-filter stage, IT hires screen for certifications more consistently than most fields, so a named credential in a posting is often a genuine gate: without it, the application does not reach a human. That is the certification’s core value, and it is why matching credentials to named postings matters more than accumulating impressive ones. But once you are past the filter and into the interview, the weighting shifts hard toward demonstrable skill, because technical interviews are built to test whether you can actually do the work.
This two-stage reality is the logic behind the entire roadmap. The certificate opens the door, and hands-on ability walks through it, which is why every rung on this path pairs a credential with the experience that makes it survive an interview. An employer weights a certification most when it is current, named in the role, and backed by a candidate who can perform, and weights it near zero when it is a stale acronym with no demonstrable skill behind it. The credential is a signal, not a substitute, and the roadmap is designed so that at every stage the signal is honest, because a certificate the interview exposes as hollow is worse than no certificate at all.
Recertification and expiry: the ongoing cost
A roadmap is not finished the moment you pass an exam, because many IT certifications expire, and holding them costs money and hours on a recurring schedule that belongs in the plan from the start. Vendor cloud and some networking credentials commonly lapse after a few years and require re-examination on updated content, which is both a fee and another block of study time. Many security and professional credentials instead use a continuing-education model, requiring a running total of credits earned through courses, conferences, or activities plus an annual maintenance fee, which quietly converts the credential into a subscription for as long as you hold it.
Those recurring costs deserve a place on the roadmap rather than in the fine print, because they change the long-run math. The discipline is a small renewal-time check, the same question as enrollment but cheaper to answer: is this certification still named in the postings I care about, still tied to my pay band, still worth its maintenance? A credential that keeps gating a role you hold or want is worth every renewal. One you renew on autopilot years after it stopped appearing in requirements is a recurring cost pointed at nothing, and letting it lapse while you redirect the budget toward a currently demanded credential is often the smarter move, especially in a field where the in-demand platforms shift. Our coverage note on whether certifications are worth it treats this ongoing cost as part of the honest price of any credential.
A worked example: an 18-month roadmap
Follow one illustrative roadmap end to end. A career changer with light technical background decides, after reading postings in her market, that cloud is her track, because the roles are plentiful and the pay bands are strong. Month one, she starts at the trunk with a broad, vendor-neutral foundational certification: an illustrative exam fee in the low hundreds, a self-study book and practice tests, and roughly 80 study hours over about two months. Around month three, with the foundational credential in hand, she lands an entry support role, which starts her real experience clock and, importantly, often unlocks employer help with future exam fees.
Months four through ten, while working, she studies for an associate cloud credential, adding platform-specific depth and, crucially, lab practice on a real environment, another few hundred dollars and well over a hundred hours. Around month eleven, the associate credential plus her support experience moves her into a junior cloud role at a meaningful step up in pay. Months twelve through eighteen, established and gaining hands-on time, she begins working toward a professional cloud credential, the rung that will later gate a senior role, knowing it will take more months of lab work and that the experience she is banking now is what makes it credible. Change one input and the story breaks: had she tried to sit the professional exam in month one, before any experience, she would have spent far more for a credential the interview would have exposed. The roadmap works because it is sequenced, each rung standing on the last. Build your own version, with your track and pace, in our ROI calculator.
How to read your own roadmap before you commit
Before you commit to any certification, run the same short sequence, in order, and the roadmap turns from a pile of acronyms into a plan.
- Pick the track: use real postings in your market to choose networking, cloud, or security, because the track determines which certifications even belong on your list.
- Find your starting rung: begin at the foundational trunk if you are new, or at the track associate rung if you already work in IT, one level below where your target postings begin.
- Sort the track by tier: associate, then professional, then expert, and read the tier labels as the intended order, because each rung assumes the experience below it.
- Budget the hours per rung: price the lab time honestly, remembering the track credential is the heaviest block and the foundational start is the lightest.
- Check the experience gates: especially in security, confirm whether a target credential requires years of documented work before it is even reachable.
- Plan the recurring cost: note which credentials expire and what renewal will cost in fees and hours, and let unneeded ones lapse.
Each step defuses a specific way roadmaps go wrong, and together they take less time than the first module of the course you were about to buy. Run the numbers for your chosen rung through our certification ROI calculator before you enroll.
The bottom line
The IT certification roadmap is a tree, not a ladder, and reading it that way is what turns a confusing pile of acronyms into a plan you can actually walk. Almost everyone starts at the same broad, vendor-neutral foundational trunk, then the path branches into networking, cloud, and security, and the right order from there depends entirely on which track your target roles point to. Inside every track the tiers repeat, associate then professional then expert, each rung assuming the hands-on experience the one below it built, which is why the credentials are meant to be climbed in sequence and why leaping ahead fails the interview even when it passes the exam.
The strategy that follows is simple to state and disciplined to run: pick the track from real postings, start one rung below where those postings begin, stack credentials in sequence early and go deep later, watch the experience gates in security, and plan for recertification as a recurring cost from day one. Cloud runs hot on demand, security pays at the top but gates its best credentials behind years of experience, and networking and support are the reliable on-ramps the whole tree grows from. Match every certificate to a named role, back it with real skill, and sequence it against the tier ladder. Do that, and the roadmap is one of the highest-return career plans available. Skip the sequence and chase the impressive acronym first, and you get the letters without the job.
CredYard publishes independent analysis for education, not to advise any individual: nothing in this brief is career, hiring, or financial guidance for your particular circumstances. Every timeline, study-hour estimate, cost figure, salary band, and roadmap example here illustrates the sequencing method rather than forecasting your result, and real outcomes move with track, vendor, specialization, region, employer, prior experience, and the state of hiring when you certify. Certification names, tier structures, exam and renewal fees, experience requirements, and continuing-education rules are set by the issuing vendors and bodies and change often, so verify the current path, prerequisites, and live demand for any specific IT certification directly with the source before you enroll, sit an exam, or renew.
Frequently asked questions
How many IT certifications are there?
There is no single authoritative count, and the honest answer is hundreds once you include every vendor, tier, and specialty. Major cloud, networking, and security vendors each maintain families of certifications spanning foundational, associate, professional, and expert levels, and vendor-neutral bodies add dozens more on top. The number is large enough that trying to survey all of it is the wrong move: what matters is not how many exist but which handful appear in postings for the specific role you want. Treat the total as effectively unlimited and let a target job, not a catalog, narrow it down.
Which IT certification should I get first?
For most people entering IT from scratch, the highest-value first move is a broad, vendor-neutral foundational certification that proves general competence in hardware, operating systems, networking basics, and support. It is inexpensive relative to later tiers, studyable in a modest number of hours, and frequently listed as required or preferred in entry-role postings. If you already work in IT, you can often skip straight to the associate certification for your chosen track. The rule is the same either way: start one rung below where the postings you want begin, not at the impressive top of a track you cannot yet reach.
Is there a set order for IT certifications?
There is a common pattern rather than a single fixed ladder, and understanding the difference is the whole point of a roadmap. Most vendors tier their certifications as associate, then professional, then expert, and they intend you to climb in that order because each level assumes the experience the one below it builds. Across the field, the broad sequence is foundational first, then a track-specific associate credential, then a professional or specialty credential once you have real hands-on time. What has no fixed order is which track you pick, because networking, cloud, and security diverge, and the right branch depends on your target role, not on prestige.
How long does it take to get IT certified?
It depends far more on the tier and your starting point than on the exam itself. A foundational certification commonly cites a study commitment in the dozens of hours for someone with adjacent experience, and well into the low hundreds for a true beginner, which can mean a few weeks to a few months of part-time study. Associate certifications tend to run longer, and professional or expert credentials routinely assume hundreds of hours of preparation and hands-on lab time spread over many months. As an illustrative planning figure, budget a few months per rung at a steady part-time pace, and remember that lab practice, not reading, is usually the slow part.
Do security certifications require experience?
Some of the best-known advanced security certifications do, and this is one of the most important gotchas on the whole roadmap. Several senior-tier security credentials require multiple years of documented, relevant work experience just to qualify to sit or to be fully awarded, so they are structurally out of reach for a newcomer no matter how well prepared. Foundational and entry security certifications carry no such requirement and are the correct starting point. The practical implication is that a security career is a multi-year path where the top credentials come after the experience, not before it, so plan the sequence around that timeline rather than trying to leap to the headline certificate first.
Are cloud certifications worth getting?
Cloud certifications sit near the top of most illustrative IT demand and salary rankings, and the reason is structural: organizations keep moving infrastructure onto major cloud platforms faster than the supply of people who can run those environments has grown. That imbalance keeps cloud roles well paid and cloud certifications genuinely screened for in hiring. The tiering is clear, from an associate credential that proves you can operate within a platform up to expert architecture credentials that gate senior design roles. They are worth it when you climb the ladder in order on real platform experience, and disappointing when bought ahead of the hands-on time an interview will test for.
Should I stack multiple certifications or go deep in one?
The highest-return pattern for most careers is to stack in sequence early, then go deep later, rather than choosing one strategy for all time. Early on, a foundational certification plus a track associate certification opens the first role and the first specialization, and each is cheap relative to the salary step it unlocks. Once you are established in a track, depth tends to beat breadth, because a single professional or expert credential backed by real experience gates higher roles more reliably than a scattered collection of unrelated certificates. Collecting certifications across tracks with no named role behind them is the common failure: it photographs well and moves pay very little.
Do IT certifications expire?
Many do, and the ongoing cost of keeping them current belongs in your roadmap from the start. Vendor cloud and some networking certifications commonly lapse after a few years and require re-examination on updated content, which is both a fee and another block of study hours. Many security and professional certifications instead use a continuing-education model, requiring a running total of credits earned through courses or activities plus an annual maintenance fee, which quietly turns the credential into a subscription. Budget for recertification as a recurring line, and let certifications you no longer need lapse so the renewal budget follows the credentials your target roles actually still ask for.