CySA+: Comparable certifications (SSCP, GSEC) [updated 2021]
A pathway for a career in the cyber-realm
The field of information security is both wide and varied, with lots of career pathway options and many certifications that professionals can obtain to demonstrate their skills. This sector is also plagued by a dangerous shortage of qualified workers in the United States, with risks for the digital privacy and the infrastructure of many companies.
So, what is the best way to create the supply to fill that demand? Offering options for professionals to embrace a clear career pathway and to be able to prove the knowledge they have acquired is one of the important steps to take. Certifications can help in that effort.
Choosing the right certification for career success in cybersecurity
Studying for a credential has several advantages. First of all, the proper qualification can help professionals boost their resumes, stand out among candidates, and potentially earn more salary. They make them more competitive for any job vacancy by showing they have the up-to-date knowledge and the will to keep training that most employers are looking for.
A credential also helps professionals succeed in a niche of the vast IT world by highlighting specific expertise and serving as a guide for all topics needed to succeed in a particular area.
However, the important thing is for professionals to concentrate on the right certification that validates their security expertise. This needs to be a credential that fits their aspirations, career goals and level, and what is currently in need by potential employers who seek to hire top talents.
Comparable certifications: CySA+, SSCP and GSEC
So, what’s the next step in your career ladder? Let’s take a closer look at some popular and well-respected IT security certifications. This will help you easily select the one that most closely aligns with where you are now and where you want to be in the future.
Given the many certifications in IT security to choose from, how do you know where to start? If you already have a particular job or organization in mind, the obvious answer is to consider what the employer may require (or highly prefer) for specific roles. Then, there are many other considerations too, from the intended career path, previous knowledge, other certifications already obtained, formal education previously acquired, the cost of the exam and the length of time before they need to recertify.
It’s evident that certifications like CISSP that address a wider range of topics are listed on a higher number of vacancies, but looking at more specific credentials can give a professional a competitive edge that can make them stand out from the mass of jobs seekers. Certifications like CompTIA CySA+, GIAC GSEC and (ISC)² SSCP are more focused and geared towards IT professionals engaged in securing systems and networks.
Of course, one of the main considerations is whether you have the particular skills or experience needed to attempt the certification exam.
- Those with a minimum of four years of hands-on information security or related experience and planning on pursuing a cybersecurity technical track will find the Cybersecurity Analyst+ (CySA+) certification an excellent intermediate-level certification.
- Those with at least a year of experience in information systems security-related work that looks for cybersecurity generalist roles, and positions as IT administrators, managers, directors and network security professionals will realize the Systems Security Certified Practitioner (SSCP) certification covers a wide breadth of topics about security administration and operations.
- Those who have any minimum relevant work experience that can demonstrate they are qualified for a proactive IT security role will find the entry-level GIAC Security Essentials (GSEC) certification of interest because it focuses on evaluating an individual’s practical knowledge of information security with an exam that tests the candidate’s understanding and problem-solving skills.
How certifications align with careers
Let’s find out which credential you should pursue based on your experience and see if you have the basic technical skills sets needed to complete the security tasks at hand.
As a cybersecurity analyst, you might consider the CompTIA CySA+. This credential suits those who possess a handful of technical and analytical skills. It is suitable for those who have experience planning and activating security measures to help build cutting-edge solutions that prevent malicious hackers from penetrating corporate networks and compromising a business’s data system, or stealing their data. Read more: CompTIA CySA+ Certification: Overview and Career Path.
As a cybersecurity engineer, you will find the SSCP certification from (ISC)² is among the best qualifications. It gives professionals the specialized learning and hands-on involvement needed to execute organizations’ data security approaches and techniques. Candidates need to have basic knowledge of cryptography and malware, network monitoring, troubleshooting, communications, and backup and disaster recovery. Read more: SSCP Certification: Overview and Career Path.
Information security specialist
As an information security manager, GSEC might be a good choice. This credential focuses on utilizing essential security tools in the fight against cybercrime and teaches general information security best practices and methods for real-world applications. Anyone looking to take a role in an active defense response in hardening and monitoring a network, applying threat hunting and vulnerability scanning to identifying threats and working to create steps to defend against any suspicious activity would find the GSEC cert of interest. Read more: The GSEC Certification and Exam.
Industry-approved certification programs
If you want a qualification to carry weight, it has to be tied to an industry accreditation, and these credentials are. Each of the described certifications is ANSI/ISO/IEC 17024 (Accredited) and DOD-approved 8140 (DoDD 8570) for Level II IAT.
CompTIA Cybersecurity Analyst (CySA+)
The CySA+ certification is a rather new certification from CompTIA that is starting to get more attention. It has also been approved as Information Assurance (IA) baseline certifications for the IA Workforce by the Department of Defense (DoD). It is listed on the same level as the SSCP and GSEC certifications in some categories. The certificate is also valid for the following roles: CSSP Infrastructure Support, CSSP analyst, CSSP incident responder and CSSP auditor.
(ISC)² Systems Security Certified Practitioner (SSCP)
The SSCP certification suits IA jobs categorized as “Technical” level I and II. What’s more, the SSCP also falls under a DoD Cyber Security Service Provider (CSSP), similar to the CySA+, that has various job-specific functions. These include utilizing common security tools and techniques to implement, monitor and administer an IT infrastructure using information security policies and procedures — ensuring the confidentiality, integrity and availability of data. In that program, this credential is listed as valid for CSSP Infrastructure Support.
GIAC Security Essentials (GSEC)
The GSEC certification meets current industry standards and is DOD-approved 8140 (DoDD 8570) for Level II IAT. This means it’s globally recognized by military, government and industry leaders. The GIAC certification prepares individuals to assume hands-on roles concerning security tasks and is an excellent option for those who wish to prove their capabilities prevalently in technical matters.
Certifications and exam details
This section describes the certification and how to prepare for its exam.
This exam evaluates one’s ability to execute vulnerability and threat analysis. For the most part, the test is a validation of intermediate-level security skills and knowledge with a technical, “hands-on” focus on IT security analytics and intelligence, threat detection techniques, addressing vulnerabilities, analyzing data, suggesting preventative measures and incident response and recovery.
CySA+ consists of a maximum of 85 multiple-choice and performance-based questions, with 165 minutes to complete.
Passing score: 750 (on a scale of 100-900).
Price of exam: $370
Candidates are encouraged to use this document to help them prepare for the CompTIA Cybersecurity Analyst (CySA+) CS0-002 certification exam.
This exam reinforces one’s skills to manage and monitor IT infrastructures and apply security policies. The test validates proven technical skills and practical, hands-on security knowledge in operational roles, emphasizing security operations, access control, risk management, incident response, cryptography, and network and applications security.
SSCP consists of 125 multiple-choice questions with four choices each and uses a computer-based format. Participants will have three hours to complete the SSCP examination.
Passing score: 700 (out of 1,000)
Candidates are encouraged to use this document to help them prepare for the Systems Security Certified Practitioner (SSCP) certification exam.
This exam verifies one’s hands-on IT security capability with a focus on various topics, including access control, cryptography, AWS security, Windows and Linux security, virtualization and cloud security, penetration testing and wireless security.
GSEC has up to 180 multiple-choice and advanced questions. Participants will have up to 300 minutes to complete.
Note: GIAC exams are open-book format, but not open-internet or open-computer. It’s also important to know that no specific training is required for the GIAC Security Essentials certification. Still, professionals with technical mastery and practical experience might supplement their knowledge with relevant courses from a training partner.
Passing score: 73%
Price: $2,499 or $849 for GIAC certification attempts purchased in conjunction with SANS training. Alumni of a SANS training course wishing to attempt the associated GIAC certification later are instead eligible for a $1,250 discount. The GIAC Security Essentials exam is quite a bit more expensive than the comparable certs. Still, each certification attempt includes two practice tests that GIAC values at $358 and can help prepare for the exam efficiently.
Which security certification(s) should I get?
After reading the info above, you might already have a good idea of which certification to obtain. A decision, however, can only be made after fully understanding which topics (domains and exam objectives) are covered by each credential program.
One possible security certification progression career path is GSEC ￫ SSCP ￫ CySA+. Generally, GSEC is suitable for gaining knowledge, as the exam is focused on understanding key security concepts; on the other hand, the SSCP is a certification for the individual who must have some hands-on experience. That leaves the CySA+ credential, which goes beyond theory and tests more practical cyber-related skills and fits those in a mid-level role as a cybersecurity threat hunter or analyst.
Comparing certifications like SSCP and GSEC
Is a certification worth a professional’s time and effort? The answer is obviously yes, as employers frequently look to certification as an important measure of excellence and commitment to a career.
Choosing the proper certification can be difficult, and there is no one linear career path in an IT security role. Many of today’s credential holders find the SSCP is more well-known and respected amongst employers during the hiring process. At the same time, the CySA+ is more respected within the technical community itself, and GSEC has been a suitable option for someone just starting a career in the IT security field.
No matter where you start, though, obtaining a credential is a great way to attract companies looking for certified holders who can validate their expertise and dedication to the field. Relevant certifications such as CySA+, SSCP and GSEC can all be great options.