With cybercrime on the rise and vulnerabilities constantly being exposed, it is imperative that organizations take a proactive stance to protecting assets and employing skilled cybersecurity professionals. In fact, the U.S. Bureau of Labor Statistics predicts that the number of information security jobs will increase 28 percent from 2016 to 2026, making it one of the fastest-growing fields. Jobs requiring cybersecurity skills continue to grow rapidly, with more than 313,000 cybersecurity job openings, according to Cyberseek. Employers, from government to Fortune 500 companies, value CompTIA as an authority in cybersecurity certifications.
How to Get into Cybersecurity
The CompTIA Cybersecurity Career Pathway helps IT pros achieve cybersecurity mastery, from beginning to end. The centerpiece is the CompTIA Security+ certification. It establishes the foundational knowledge required of any cybersecurity role and provides a springboard to intermediate-level cybersecurity jobs. With performance-based questions, it emphasizes the hands-on practical skills used by junior IT auditors, systems administrators, network administrators and security administrators.
After earning CompTIA Security+, cybersecurity professionals can take the next step by pursuing an intermediate skills-level cybersecurity certification, such as CompTIA Cybersecurity Analyst (CySA+) or CompTIA PenTest+.
The CompTIA Cybersecurity Analyst certification assesses the skills needed to apply behavioral analytics to networks to improve the overall state of IT security. The certification covers tools such as packet sniffers, intrusion detection systems (IDS) and security information and event management (SIEM) systems. After the seminal Target attack of 2014, the security analyst job role has gained more importance, making these skills essential for most organizations.
While CySA+ focuses on defense through incident detection and response, CompTIA PenTest+ focuses on offense through penetration testing and vulnerability assessment. It involves launching attacks on systems, discovering the vulnerabilities and managing them and is intended for cybersecurity professionals tasked with identifying, exploiting, reporting and managing vulnerabilities on a network.
The progression from CompTIA Security+ to CompTIA CySA+ and/or CompTIA PenTest+ is logical because Security+ assesses the knowledge, skills and abilities (KSAs) an IT professional demonstrates after two years of cybersecurity field work, and CySA+ and PenTest+ assess three to four years of cybersecurity field work.
IT pros can pursue CompTIA Advanced Security Practitioner (CASP+) to prove their mastery of cybersecurity skills required at the 5- to 10-year experience level. CASP+ is the pinnacle of cybersecurity certifications and includes performance-based questions. It is intended for those who wish to remain immersed in hands-on enterprise security, incident response and architecture, for example, as opposed to strictly managing cybersecurity policy and frameworks.
Ready to Start Your Cybersecurity Career?
Get started with CompTIA Security+! Purchase the Official CompTIA Security+ Study Guide on Amazon, check out the new CompTIA Security+ or download the exam objectives for any of our cybersecurity certifications to see which one is right for you.
The Building Blocks of Cybersecurity
But how do you get into cybersecurity with no experience? If you have limited experience in IT and aren't quite ready to start with CompTIA Security+, then you’ll want to start earlier on the pathway.
CompTIA A+ validates the skills employers look for in new and aspiring IT support professionals. In addition to covering today's core technologies in operating systems, cloud, data management and more, the new CompTIA A+ Core Series covers baseline security skills at the end point device level, including malware detection and removal, privacy concerns, physical security and device hardening.
Where CompTIA A+ considers connectivity from the perspective of the user and their device, CompTIA Network+ focuses on the connections from (and between) the core systems to the endpoint devices. It validates the essential knowledge and skills needed to design, configure, manage and troubleshoot wired and wireless networks. To best support and ultimately secure the systems that exchange information on your network, you must first understand how the network functions.
CompTIA A+ and CompTIA Network+ follow a progression consistent with the KSAs an IT professional exhibits as they move from an early career technical support role with 9 to 12 months of general IT experience to one with 1 to 2 years of general IT experience, and with a significant part of that specific to network support and administration.
CompTIA Network+ is also an important and strongly recommended prerequisite to CompTIA Security+. Before you can secure a network, you must understand how it functions. In other words, you shouldn’t skip algebra to start with calculus. Otherwise, you are learning security skills and applying them to a network you don’t understand.
Now that we’ve covered the IT certifications in the cybersecurity pathway, let’s explore some of the common questions surrounding it.
Questions About the CompTIA Cybersecurity Career Pathway
Where should I start on the CompTIA Cybersecurity Career Pathway?
The pathway is intended to help people get into the field of cybersecurity. IT pros can enter at any point, depending on their IT experience, existing certifications or course of study. There are no required prerequisites for these CompTIA certifications. For example, if you have two years of IT security experience or equivalent knowledge, you might start with CompTIA Security+ to prove your knowledge. If you already have CompTIA Security+, you can move ahead to CompTIA CySA+, CompTIA PenTest+ or CASP+. Find your place on the CompTIA Cybersecurity Career Pathway.
Do I need to take these certifications in order? Do I need to take all of them?
No. This is a recommended pathway, but it’s not a requirement. It depends on your job needs or interests. In general, the pathway follows a hierarchy of skills needed for IT security; each certification builds upon the skills from the previous one. You can find the recommended level of experience for each certification on the page, Which Certification Is Right for Me?
Can I take these exams with no IT or cybersecurity experience?
Yes, you can, however we recommend a minimum amount of hands-on experience before taking any of our certifications. (Each one has different recommendations, found in the Exam Details section of the certification webpage.) But hands-on experience doesn’t have to be on-the-job experience. It could mean any hands-on work, including practical experience gained while taking a class or through self-study or by helping friends, family or local nonprofits with their IT and cybersecurity issues. CompTIA certifications mirror the current job roles of IT professionals, so it makes sense to earn these certifications to validate the knowledge and hands-on skills currently being used in the workforce, whether you have job experience or not.
Do these certifications replace on-the-job experience?
If you are an IT professional or an employer, you understand the value of on-the-job experience. IT certifications are a great place to start, but they do not replace hands-on experience. If you have CompTIA certifications and on-the-job experience, you have the best of both worlds.
In summary, the recommended CompTIA Cybersecurity Career Pathway offers guidance for IT pros, employers, instructors and students. You can start wherever it makes sense, depending on your personal background, job requirements or course of study. The pathway is unique because it offers vendor-neutral skills for IT professionals to achieve cybersecurity mastery, from beginning to end.
Ready to start your cybersecurity career? Check out CompTIA Security+.
Patrick Lane is a director of product management for CompTIA. He manages IT workforce skills certifications, including CompTIA Cybersecurity Analyst (CySA+), CompTIA PenTest+ and CompTIA Advanced Security Professional (CASP+). He has implemented a wide variety of IT projects, including an intranet and help desk for 11,000 end users. Patrick has received certifications in CompTIA Network+, Security+, (ISC)2 CISSP, Microsoft MCSE and CIW Internetworking Professional and Server Administrator.
Jen Blackwell also contributed to this article. She is a senior products marketing manager at CompTIA and oversees the certifications along the CompTIA Cybersecurity Career Pathway.