Introducing the CompTIA Cybersecurity Career Pathway

by Patrick Lane | Oct 11, 2016

The CompTIA Cybersecurity Career Pathway
Looking for more info? Check out the September 2017 refresh of this article. 

With the upcoming release of the CompTIA Cybersecurity Analyst (CySA+) exam on February 15, 2017, CompTIA will enter uncharted territory. For the first time, a vendor-neutral CompTIA cybersecurity career pathway will exist for IT professionals to achieve cybersecurity mastery, from beginning to end. Make sure to visit the CompTIA Cybersecurity Hub for more information on IT security careers.

CompTIA CySA+ fills the skills gap between CompTIA Security+ and the CompTIA Advanced Security Practitioner (CASP) exam. Until now, many CompTIA Security+ certified professionals waited until they gained at least 5 years of IT security experience before sitting for the CASP exam. Either that, or they branched into vendor-specific exams, such as VMWare, Cisco or Microsoft. 

CompTIA Security+ certified professionals can take the next step by pursuing CySA+. It’s a new certification that assesses the skills needed to apply behavioral analytics to the IT security environment to improve the overall state of IT security. Tools, such as packet sniffers, Intrusion Detection Systems (IDS) and Security Information Event Managers (SIEM) are used in this job role. After the seminal Target attack of 2014, the IT security analyst or cybersecurity analyst job role has gained more importance. These skills are now essential for most organizations.

Why can IT pros take CySA+ after Security+? Because CompTIA Security+ mirrors 2 years of IT security experience and CySA+ mirrors 3-4 years. It is a logical progression. After CySA+, IT pros can pursue CASP to prove their mastery of hands-on cybersecurity skills required at the 5- to 10-year experience level.  

But what if you don’t have the skills or experience to start with CompTIA Security+ or CySA+? You’ll need to start earlier on the pathway. CompTIA Network+ is an important recommended prerequisite to CompTIA Security+. In order to secure a network, you must understand how the network functions. Otherwise, you are learning security skills and applying them to a network you don’t understand. If you haven’t taken CompTIA Network+, we recommend that you earn it, or gain the equivalent knowledge of nine-months’ networking experience.

Before you take CompTIA Network+, you need an understanding of the most common hardware and software technologies used on the network. After all, how can you support a network if you don’t understand what is attached to it? CompTIA A+ certification, which mirrors the skills of an IT pro with six months of IT experience, assesses the skills necessary to support IT infrastructures, which includes device hardware, software, networks and security, from an entry-level IT pro perspective.

If you are a beginner and don’t have CompTIA A+ or six months of IT pro experience, you can pursue the CompTIA IT Fundamentals exam. It is the beginning of the career pathway. If you want a career in IT and you are new to the profession, then IT Fundamentals is the best place to start. It helps you learn more about the world of IT and provides a broad understanding of the IT profession.

Now that we’ve covered the certifications in the cybersecurity pathway, let’s explore some of the common questions surrounding it.

Sign up to receive a discount on CertMaster or an exam voucherQuestions about the Cybersecurity Pathway

Where do I start?

IT pros can enter the pathway at any point, depending on their IT experience, existing certifications, or course of study. There are no required prerequisites for these CompTIA certifications. For example, if you have 2 years of IT security experience or equivalent knowledge, you can jump into the pathway at CompTIA Security+ to prove your knowledge. If you already have CompTIA Security+, you can jump in at CySA+, etc. See the Recommended CompTIA Cybersecurity Career Pathway graphic.

Do you need to take these certifications in order? Do you need to take all of them?

No. It is a recommended pathway. Some people may skip CySA+ and go directly to CASP If they aren’t looking for IT security analyst skills. It depends on your job needs or interests. Some people will take CompTIA Network+ before A+ because that’s the way their class schedule worked out. In general, the pathway follows a hierarchy of skills needed for IT security; each certification builds upon the skills from the previous one.

Can you take these exams without IT experience?

Yes, you can. Many academic institutions base their IT courses on CompTIA certifications, which are part of diplomas, associate, bachelor’s and even master’s degrees. CompTIA certifications mirror the current job roles of IT professionals, so it makes sense to earn these certifications to gain the knowledge and hands-on skills currently being used in the workforce, whether you have job experience or not.   

Do these certifications replace on-the-job experience?

If you are an IT professional or an employer, you understand the value of on-the-job experience. IT certifications are a great place to start, but they are not a replacement. If you have CompTIA certifications and on-the-job experience, you have the best of both worlds.

In summary, the recommended CompTIA Cybersecurity Career Pathway offers guidance for IT pros, employers, trainers and students. You can start wherever it makes sense, depending on your personal background, job requirements, or course of study. The pathway is unique because it offers vendor-neutral skills for IT professionals to achieve cybersecurity mastery, from beginning to end. Visit the CompTIA Cybersecurity Hub for more information on IT security careers.

--

Patrick has received IT certifications from CompTIA (Network+, Security+ and i-Net+), (ISC)2 Certified Information Systems Security Professional (CISSP), Microsoft (MCSE, MCP+I and MCT), and CIW (Internetworking Professional and Server Administrator). He has also received a master’s degree in education and a California State Multiple Subject Teaching Credential with a Cross-Cultural Language and Academic Development (CLAD) emphasis. 

46 Comments

  • Cody

    Friday, October 14, 2016

    This looks like a very interesting exam. What is the recertification requirements on it going to be?

  • Damian McLin

    Saturday, October 15, 2016

    How long does it take to complete the path to IT fundamentals?

  • Patrick Lane

    Monday, October 17, 2016

    Thank you for your comments! In response to Cody, Richard and Damian: The CySA+ exam is planned to require 60 CEUs for renewal. Systems auditing is covered in CySA+, as detection is a key element of security analysis. If you are covering auditing from a governance perspective, you should download the objectives and see if that fulfills your needs. Regarding IT Fundamentals, it depends on your learning environment. Corporate training can get it done in 5 days or less, while an academic environment might require a quarter or semester class. Please let me know if you have further questions and I'm happy to help.

  • Patrick Lane

    Tuesday, October 18, 2016

    Thank you for your comments! In response to Cody, Richard and Damian: The CySA+ exam is planned to require 60 CEUs for renewal. Systems auditing is covered in CySA+, as detection is a key element of security analysis. If you are covering auditing from a governance perspective, you should download the objectives and see if that fulfills your needs. Regarding IT Fundamentals, it depends on your learning environment. Corporate training can get it done in 5 days or less, while an academic environment might require a quarter or semester class. Please let me know if you have further questions and I'm happy to help.

  • Americo Deno

    Thursday, October 20, 2016

    I will like to follow the path of Cyber security certification . The company that I work current will pay the cert . Can someone call me and let me know how I can take advantage of this situation with you guy with details Thanks Americo Deno

  • Patrick Lane

    Thursday, October 20, 2016

    Hello Americo, that is great you are interested in pursing CompTIA cybersecurity certifications. I suggest you visit our help page to learn about registration, exam requirements, and taking our tests at https://certification.comptia.org/help. You can also call our customer service dept at +1 (630) 678-8300 or +1 (866) 835-8020 and they can help you get started, with details.

  • Waseem Waheed

    Friday, October 21, 2016

    Need information on cyber security certification programs

  • Dane

    Tuesday, November 1, 2016

    Where can we find training material for the CySA+ and will it factor into the DoD 8570 requirements at all?

  • Elvin Sanchez

    Tuesday, November 1, 2016

    Please send me studies guide and info about the test. Thanks

  • Patrick Lane

    Wednesday, November 2, 2016

    To learn more about CompTIA's cybersecurity pathway certifications, go to certification.comptia.org/certifications and explore. CySA+ will be released on Feb. 15, 2017, at Pearson VUE testing centers. Regarding DoD 8570, CompTIA is performing the necessary processes for approval, such as satisfying the ISO/IEC 17024 requirement. The DoD must approve CySA+ before it can be adopted and we will announce any news as it occurs. All the exam details won't be known until January, but it is a performance-based and multiple-choice exam. The performance based questions are hands-on questions based on the security analyst job role.

  • Ravi Mathias

    Wednesday, November 23, 2016

    I am looking forward to the CySA+ exam being released. I recently recertified in Security+ (next month I will be sitting to recert in both Network+ and Server+). I already have official training materials purchased for CASP+ for 2017, but I would like to take on CySA+ first. Any idea when approved training material will be available for CySA+? It sounds like January at the earliest, but I'd like to be sure so I can hunt it down and get cracking on it. Thank you, and the best of luck to everyone out there considering the exam! Sincerely, Ravi Mathias

  • Javon V.

    Tuesday, November 29, 2016

    Hi, I am currently in training for my N+ and S+. I will finish my S+ in Feb. Should I get on the job training for at least six months or a year before going into the CySA+? I have no prior experience.

  • Sayantan C

    Friday, December 16, 2016

    Already I Cleared Security+ and CASP - Should I Opt for CySA+ Certification?

  • Raj

    Friday, December 16, 2016

    Will need recertification for Comptia security + coming April of 2017.Will taking CySA+ help me renew my S+

  • dmccraw

    Friday, December 16, 2016

    Hi Raj! Yes, taking and passing the CySA+ exam would keep your Security+ certification current because it's a higher level exam. You can read more here: https://certification.comptia.org/continuing-education/how-to-renew

  • Mohammad Suhail.K.M

    Saturday, December 17, 2016

    Knowledge, IT security environment to improve the overall state of IT security.

  • Patrick Lane

    Monday, December 19, 2016

    It is great to see CySA+ interest in this forum. I can answer a few of the questions since I am the CySA+ product manager: 1) Training materials are scheduled to be available February 15, 2017, from Skillsoft (eLearning), IT Pro TV (eLearning), Practice Labs (hands-on live labs), Transcender (practice labs), and GTS Learning (instructor-led training). The remainder of the publishers should follow closely behind with traditional textbooks and instructor-led materials from Pearson, McGraw-Hill, Cengage, Wiley/Sybex, and Logical Operations. As training materials are "CAQC Approved" (CompTIA Approved Quality Content), it will be listed on the CompTIA Marketplace/Store. 2) CySA+ can be taken if you have the recommended experience or equivalent knowledge gained from Network+ and Security+. You can take CySA+ without experience, for example, if you are in a course of study and learning to be an IT professional. CySA+ should be taken after Security+ in the learning pathway. According to our contact at HP Enterprise, anyone working in IT security over the next 10 years needs the skills taught in CySA+. Security analyst skills have become essential for all IT security workers, whether they work full-time as an security analyst or not.

  • Salaudeen

    Thursday, January 5, 2017

    I already Cleared Security+ and CASP - Should I Opt for CySA+ Certification? I would like to become an expert vast in Risk and IT governance, privacy and the likes,

  • Smart Dork

    Thursday, January 12, 2017

    If this is your truth... "Do these certifications replace on-the-job experience? If you are an IT professional or an employer, you understand the value of on-the-job experience. IT certifications are a great place to start, but they are not a replacement. If you have CompTIA certifications and on-the-job experience, you have the best of both worlds." Then why do the certificates expire after taking the test and working for 3 years with the certificate?

  • Friday, January 13, 2017

    Great question! A lot can happen to technology during a three-year period, and we want to help you keep up with all the changes. We are constantly updating our exam content with the help of CompTIA Subject Matter Experts, IT pros who see the day-to-day work firsthand, to make sure CompTIA certifications cover the most current and relevant issues. This ensures that the certification you worked hard to earn will continue to be valued and trusted by employers and organizations, validating the skills and experience you've gained.

  • Patrick Lane

    Thursday, January 19, 2017

    Hello Salaudeen, if you want to focus more on IT governance, you should consider something else like CISSP. CySA+ is more hands-on. Risk is covered through the eyes of a technician working in the field, the one responsible for vulnerability testing. In addition, it covers blue team skills in cyber warfare such as "configure and use threat detection tools, perform data analysis, and interpret the results to identify vulnerabilities, threats, and risks to an organization." From a technical skills perspective, it makes a lot of sense to take CySA+ since you've already earned Security+ and CASP.

  • Caleb Cline

    Monday, February 13, 2017

    Does CySA+ comply with the ISO 17024 standard and will it be an approved DoD 8570 certification?

  • Michael Carter

    Wednesday, February 15, 2017

    How does this certification fit within the DOD 8750 framework, and will it be accepted within that framework?

  • Scott Dennis

    Wednesday, February 15, 2017

    Would it be safe to say that by using the plethora of study material already available for the CASP certification, we would be ready for the material in the CySA+?

  • dmccraw

    Wednesday, February 15, 2017

    Hi, Michael and Caleb! To answer your questions, CySA+ is ISO/ANSI accredited, and we are working with DOD to get it approved. Stay tuned!

  • dmccraw

    Wednesday, February 15, 2017

    Hi, Scott! Because CASP builds on CySA+, those materials will certainly help you prepare for the CySA+ exam as well as CASP. To learn more about CySA+, log in to our webinar later today: https://event.on24.com/eventRegistration/EventLobbyServlet?target=reg20.jsp&referrer=&eventid=1357297&sessionid=1&key=EFBDC9C0A2FAB9B32102303D829B6157®Tag=&sourcepage=register You can also download CySA+ sample questions and exam objectives to get an idea of what will be on the exam: https://certification.comptia.org/certifications/cybersecurity-analyst Good luck!

  • John Stone

    Wednesday, February 22, 2017

    Hello. I am going to be studying for a degree in software devel. However, i want to get certs as well. Are there comptia certs that would be helpful for a developer?

  • Thursday, February 23, 2017

    Hi, John! Thanks for your comment. CompTIA certifications focus primarily on IT infrastructure and security skills. Though none are in the developer realm, per se, a deep understanding of infrastructure makes for a better, more efficient developer. If you’re just starting out, A+ is a good place to establish a foundation in IT skills and can prepare you for a role in IT tech support. Check out the CompTIA Career Roadmap to see how certifications, from CompTIA and other organizations, align with different career paths: https://certification.comptia.org/why-certify/roadmap Good luck!

  • Matt Porter

    Friday, March 3, 2017

    I am only seeing two books as study material on the internet and they are both still in pre-order phase. Where can we find study material?

  • andrea

    Thursday, March 9, 2017

    Hi, i cannot see any book or study material ... in this way is not possible plan my exam. Thanks

  • dmccraw

    Thursday, March 9, 2017

    Hi, Matt and Andrea! Thanks for your questions. As CySA+ is a brand new exam, new training materials are still being developed. That said, we do have some options available for you now! You can go to https://certification.comptia.org/training/self-study-training or https://certification.comptia.org/training/instructor-led-training and select CySA+ to see what's available. Your search will generate more results if you do not select a media type and just let the list fully populate. We will be updating these pages as new options become available. Good luck!

  • Mike Toth

    Friday, April 21, 2017

    So call me crazy, but i just want to make sure before I request the training: I just received my Security+ certification (8570 req). If I were to obtain the CySA+ certification, that should satisfy keeping my Security+ certification as well? (no need to do the CE's).... thanks in advance....

  • dmccraw

    Friday, April 21, 2017

    Hi, Mike! Thanks for your email. You are correct in that if you earned CompTIA CySA+ within your three-year renewal cycle, it would renew your CompTIA Security+ certification. (And Network+ and A+ if you have those.) You can read more about how higher-level CompTIA certs renew lower-level ones here: https://certification.comptia.org/continuing-education/choose/renew-with-a-single-activity/earn-a-higher-level-comptia-certification. Good luck!

  • Frank Fazio

    Wednesday, May 10, 2017

    Need to obtain 50 ceu's to renew my CompTia secutity + certification How get I get started

  • Wednesday, May 10, 2017

    Hi, Frank! We recently updated the Continuing Education portion of our website to clarify what you need to do to renew your certification. You can start at the link below to learn all about the renewal process or go directly to Step 2: Choose Your Renewal Path to decide how you want to earn your CEUs. We have a variety of options, ranging from earning all of your CEUs at once with CertMaster CE or a recertification exam to earning CEUs here and there over time by completing activities like webinars and classes. You can learn more here: https://certification.comptia.org/continuing-education

  • wain

    Thursday, May 25, 2017

    Got my Network+ cert 3 year back. Can I straight away jump to CySA+ cert or do i need to get Sec+ 1st? Tq.

  • dmccraw

    Thursday, May 25, 2017

    Hi, Wain! You can choose to take whichever one makes the most sense for you. If you already have 3-5 years of hands-on cybersecurity experience, CySA+ may be a better option for you. I would recommend downloading the sample questions and objectives for each exam to see where your experience falls and which one you are ready to take at this time. Good luck!

  • James

    Monday, June 19, 2017

    If I am prepared to take the Net+ exam, should I take the A+ exam first? Does having both certifications benefit me in any way more than having only Net+ ? Also, if I end up working my way up the pathway A+, Net+, Sec+, CySA+, CASP.... will re-certifying CASP automatically re-certify all of the lower level certs?

  • dmccraw

    Monday, June 19, 2017

    Hi, James! While this article outlines the recommended path, people jump in at many points. If you have the knowledge, skills and experience for Network+, you may choose to bypass A+. It's really up to you! In terms of renewing certifications, you are correct. When you renew a higher-level certification, some of your earlier certifications will also be renewed. Check out this website to see which certifications automatically renew others. For example, if you click on CASP, you can see that it renews A+, Net+, Security+ and CySA+ : https://certification.comptia.org/continuing-education/learn/renewing-multiple-certifications

  • Tristan Washington

    Friday, July 28, 2017

    Hi, I need advice. I recently passed the CySA+ examination, I'm a bit older and have 20 years of IT experience, management experience, project management, leading a global IT network engineering team supporting Routers, Switches, satellite communications, while specializing in troubleshooting difficult server, network and application issues. Two questions: 1) What CompTIA certification would you suggest I take next? 2) What are potential good job opportunities I should explore with the CompTIA certifications?

  • dmccraw

    Friday, July 28, 2017

    Hi, Tristan! Congratulations on passing CySA+! With your experience and certification, you have lots of career possibilities to explore. This article may help you narrow down something in cybersecurity: https://certification.comptia.org/it-career-news/post/view/2016/10/04/5-cybersecurity-job-roles-to-look-for As for what cert to go for next, if you're interested in a career in cybersecurity, CASP, would be the next step. We are also developing a new certification for penetration testers, so stay tuned!

  • Eric Overby

    Thursday, August 17, 2017

    I have the SEC+, CySA+, and CASP. When will I be receiving my Cyber security Expert designation?

  • Dwayne

    Monday, August 13, 2018

    Hi, I am in Law Enforcement in Texas and interested in the Cyber Security field. I have no experience at all in this field. Where should I start. I have a bachelor's Degree in an unrelated field. I also see there are Certifications and Degree Programs. Any advice would be greatly appreciated, Thank you;

  • dmccraw

    Monday, August 13, 2018

    Hi, Dwayne! Thanks for your question. Everyone comes into IT in different ways, and you can still work in IT without a technical degree! ​Getting into IT may mean taking classes, self-study and hands-on practice, getting certified or starting in entry-level IT jobs. You may want to start with the fundamentals, like CompTIA A+, Network+ and Security+, and work your way up. You may also be surprised at how your law enforcement experience translates to IT and cybersecurity. We have a great article about getting into IT from law enforcement over in our career change section. Good luck! https://certification.comptia.org/career-change/switching-career-path/from-jobs/law-enforcement-to-it

  • Erick

    Monday, August 27, 2018

    Taking Network + soon, I wanted to be a certified ethical hacker but I see on the pathway that CySA+ or a Penetration tester would be the next step up after Network and Security + which is better? Any insight is appreciated!

  • Monday, August 27, 2018

    Hi, Erick! Thanks for your question. Taking Security+ first will give you a solid foundation of cybersecurity skills before moving into the more specialized certifications. CompTIA CySA+ and PenTest+ are intermediate cybersecurity certifications that focus on the two sides of cybersecurity. If you're considering CEH, read this article that compares CEH and PenTest+: https://certification.comptia.org/it-career-news/post/view/2018/08/08/how-does-comptia-pentest-compare-to-ceh Good luck!

Leave a Comment

Boost your Career with a Certification

Find out more about our Certifications

How to get Certified

4 Steps to Certification

Already certified? Let us and others know!

Share Your Story