Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
The worldwide cybersecurity workforce has a gap of 3.4 million people, according to the latest (ISC)² Cybersecurity Workforce Study. There's never been a better time to be a cybersecurity professional, but with so many potential career paths, what skills should you focus on learning?
That’s the question CompTIA’s Direct of Products Patrick Lane answered during our recent webinar, “CompTIA career paths: Which certification is right for you?”
“I’ve spent my career working with the industry to try to standardize workforce skills throughout the globe, and CompTIA is a big part of it,” said Patrick. “All of our certifications are built around job roles. They’re about addressing the knowledge, skills and abilities someone should have to be successful in their career.”
Security+: Break into cybersecurity
CompTIA is a non-profit, vendor-neutral certification body that helps IT and security professionals of all experience levels. They also have the world's most popular entry-level cybersecurity certification, Security+, which recently passed a half-million certification holders worldwide.
“Security+ is listed in 10% of all cybersecurity job ads in the United States,” Patrick said. “The core job roles it covers are system administrator, network administrator and security administrator. The most basic level of cybersecurity is making sure your network is secure, and that’s essentially what this teaches.”
Once you’ve built a foundation of cybersecurity skills, you can move into many different potential career paths.
“Our research shows 80% of hiring managers, whether they're IT hiring managers or HR people who don't know anything about IT, are looking for certifications,” Patrick said. “If you get certifications you can get a better job, whether it be a promotion in your current job or an entirely new role, and even get a pay raise.”
During the webinar, Patrick focused on the three CompTIA certifications in the cybersecurity pathway: PenTest+, CySA+ and CASP+.
CySA+ vs. PenTest+: Blue team vs. red team
“Once you’ve gotten your Security+, the next logical step is to go into penetration testing and security analytics,” Patrick said. “These are considered red team and blue team skills.”
The Cybersecurity Analyst (CySA+) certification focuses on applying behavioral analytics to improve network threat visibility and keep networks and systems secure.
“This is the fastest growing cybersecurity job role in the United States,” Patrick said. “It’s about trying to find threats that are coming into your network. It’s about the blue team and defense. In many cases, you’ll use a security information and event management system, a tool used to try to find those anomalies.”
The PenTest+ certification is built around skills required to be proactive and test internal networks for vulnerabilities before the bad guys discover them.
“It’s a certification for intermediate-level cybersecurity pros who are tasked with hands-on penetration testing, also called ethical hacking. You’ll identify, exploit, report and manage vulnerabilities on a network,” Patrick said. “The goal is to attack the network and report weaknesses so those weaknesses can be fixed.”
CASP+: The most advanced CompTIA certification
The CompTIA Advanced Security Practitioner (CASP+) certification is ideal for technical professionals who wish to remain immersed in technology throughout their careers — and is the most advanced certification available from CompTIA.
“There’s a position called cybersecurity architect, and they’re the ones who would be in charge of the design of the network,” Patrick said. “If you consider yourself an engineer, if you like risk management, this is probably the job for you — especially if you love the technical integration of enterprise security and research and development.”
Still not sure which certification is for you? You can explore them all — plus hundreds more on-demand courses and hands-on labs — with a subscription to Infosec Skills. No matter what direction your career takes, there’s one trait that unites all cybersecurity professionals: the need to constantly learn and grow.
“If you're in cybersecurity, you’re going to have to learn for the rest of your life,” Patrick said. “So make it a point to be a career learner.”
What should you learn next?