kitestacks-homelab/homelab-mastery/certifications/roadmap.md

# Certification Roadmap — Cloud Engineering Track

Your goal: Cloud Engineer. This is one of the best-paid, highest-demand roles in tech.
Your project already demonstrates cloud engineering skills. Certs give you the vocabulary and credentials to prove it on paper.

---

## Your Path (In Order)

```
CompTIA A+ Core 1  ✅ DONE (highest score)
        ↓
CompTIA A+ Core 2  ← YOU ARE HERE
        ↓
CompTIA Network+   ← OPTIONAL (CCNA covers this and more)
        ↓
CCNA               ← Strong networking foundation
        ↓
AWS Solutions Architect Associate  ← Core cloud cert
        ↓
CompTIA Cloud+     ← Vendor-neutral cloud (optional, pairs well with AWS SAA)
        ↓
AWS SysOps Administrator Associate ← Operations focus (very relevant to homelab)
        ↓
Kubernetes (CKA)   ← Container orchestration (natural next step from Docker)
        ↓
AI / Prompt Engineering certs      ← After cloud foundation is solid
```

---

## Each Cert Explained

### CompTIA A+ Core 2 (In Progress)

**What it covers:** Windows OS, macOS, Linux basics, security fundamentals, troubleshooting, remote support  
**Why it matters:** Completes your A+ certification — required baseline for most IT roles  
**How it connects to your homelab:** Linux troubleshooting, OS concepts, security basics

**Study tips:**
- Professor Messer (free on YouTube) — best A+ resource, period
- Jason Dion practice exams (Udemy, ~$15) — take these until you consistently hit 85%+
- Focus on Core 2's security domain — it maps directly to your Authentik/SSO work

---

### CCNA (Cisco Certified Network Associate)

**What it covers:** TCP/IP networking, routing, switching, VLANs, subnetting, wireless, security basics, automation basics  
**Why it matters:** The gold standard networking cert. Hiring managers trust it more than Network+. Cloud engineering requires deep networking knowledge.  
**How it connects to your homelab:**
- Subnetting: your Docker bridge networks (172.x.x.x), Tailscale (100.x.x.x) are subnets
- DNS: you configured Cloudflare DNS for every subdomain
- Routing: Cloudflare Tunnel routes traffic to specific containers by hostname
- Firewalls: you configured ufw rules on kscloud1
- TCP/UDP: you opened specific ports, understand why services bind to certain ports

**Study resources:**
- *Jeremy's IT Lab* (free, YouTube + Packet Tracer labs) — best free CCNA content
- *Neil Anderson's CCNA course* (Udemy) — comprehensive paid option
- Cisco Packet Tracer (free simulator) — build labs, don't just watch
- Allan Johnson's *CCNA 200-301 Official Cert Guide* (Cisco Press) — the official book

**Timeline:** Plan 3–6 months of consistent study. Don't rush it.

---

### AWS Solutions Architect — Associate (SAA-C03)

**What it covers:** EC2, S3, VPC, IAM, RDS, load balancers, auto-scaling, serverless, storage, CDN, security  
**Why it matters:** Most in-demand cloud cert in the market. AWS powers ~33% of the internet. This cert is the entry point to cloud engineering jobs.  
**How it connects to your homelab:**
- Your Hetzner VPS is essentially what an EC2 instance is on AWS
- Your Cloudflare Tunnel is similar to AWS CloudFront + ALB
- Your Docker networking maps to AWS VPC concepts
- Your Tailscale private network maps to AWS VPC peering / PrivateLink
- Your Prometheus/Grafana stack maps to AWS CloudWatch
- Your active-active failover maps to AWS multi-AZ architecture

**Study resources:**
- *Stephane Maarek's AWS SAA course* (Udemy, ~$15 on sale) — the best, period
- *Tutorial Dojo practice exams* by Jon Bonso — most accurate practice exams for AWS
- AWS Free Tier — build the same things you built in your homelab, but on AWS

**Timeline:** 2–3 months after CCNA. Easier once you know networking well.

---

### AWS SysOps Administrator — Associate (SOA-C02)

**What it covers:** Monitoring, logging, automation, deployments, security, cost management, high availability  
**Why it matters:** More hands-on than SAA. Directly maps to what you did in your homelab — keeping systems running, monitoring them, troubleshooting.  
**How it connects to your homelab:** This is literally your homelab at enterprise scale. Prometheus → CloudWatch. Docker → EC2/ECS. Cloudflare Tunnel → ALB. Tailscale → VPC.

**Take this after SAA.** Many people skip it — don't. It makes you a better engineer.

---

### Certified Kubernetes Administrator (CKA)

**What it covers:** Container orchestration, Kubernetes cluster management, deployments, networking, storage, troubleshooting  
**Why it matters:** Docker Compose is what you use at home. Kubernetes is what companies use in production. This cert is highly valued at mid-to-senior level.  
**How it connects to your homelab:** You run containers with Docker Compose — Kubernetes is the enterprise version. Your `kitestacks` Docker network maps to Kubernetes namespaces. Your services map to Kubernetes Deployments.

**Study resources:**
- *Mumshad Mannambeth's CKA course* (KodeKloud) — industry standard
- KodeKloud labs — hands-on practice environment built specifically for this exam

**When to take it:** After AWS certs. Kubernetes before cloud fundamentals is backwards.

---

### AI / Prompt Engineering Certifications

Since you're already running Open WebUI + LiteLLM, you have a head start.

| Cert | Provider | Cost | Best For |
|------|----------|------|----------|
| **AWS AI Practitioner (AIF-C01)** | AWS | ~$150 | Cloud AI fundamentals, pairs with your AWS path |
| **Azure AI-900** | Microsoft | ~$165 | Broad AI concepts, vendor-neutral feel |
| **Google Generative AI Fundamentals** | Google Cloud | Free | Quick badge, good starter |
| **DeepLearning.AI — Prompt Engineering** | Coursera/DeepLearning | Free (audit) | Best hands-on prompt content |
| **Vanderbilt Prompt Engineering Specialization** | Coursera | ~$50 | Certificate for LinkedIn |

**Honest advice:** For prompt engineering, a portfolio beats a cert. Document your LiteLLM/Open WebUI setup. Show model routing configurations. Write about the decisions you made. That's more valuable than any certificate.

---

## Certification Timeline

Given where you are today:

| Timeframe | Milestone |
|-----------|-----------|
| **July 7, 2026** | **CompTIA A+ Core 2** — exam goal (hard deadline July 12) |
| Months 1–6 after A+ | CCNA |
| Months 7–9 after A+ | AWS SAA-C03 |
| Months 10–12 after A+ | AWS SysOps Associate |
| Months 13–16 after A+ | CKA (or CompTIA Cloud+) |
| Months 16+ after A+ | AI/ML certs |

---

## Why This Order Matters

**Networking before cloud:** AWS, Azure, and GCP are all just managed networking + compute. If you don't understand subnets, routing, and DNS, cloud will be confusing. CCNA first makes cloud certs 3x easier.

**Associate before specialty:** Don't skip to advanced certs. The associate level forces you to learn breadth. You'll encounter scenarios in the SysOps exam that directly map to what broke in your homelab.

**Hands-on alongside study:** The fastest way to pass any of these is to *build the thing* while you study. You already have a homelab. Use it. Every AWS service you study — ask yourself: "what's the equivalent in my homelab?"

---

## What These Certs Say to a Hiring Manager

| You Have | They Hear |
|----------|-----------|
| A+ | You know how hardware and OS work |
| CCNA | You understand networking deeply, not just surface level |
| AWS SAA | You can architect solutions in the cloud |
| AWS SysOps | You can keep cloud infrastructure running in production |
| CKA | You can manage container workloads at scale |
| Homelab project | You do this for fun, not just for a paycheck |

The last row is the most important one.