CySA+: Other certifications (Security+, PenTest+, CASP+) [updated 2021]

January 6, 2021 by Dan Virgillito


For anyone looking to become a cybersecurity analyst, CompTIA’s vendor-neutral CySA+ certification offers a pathway to gain the skills and knowledge needed to lead security operations in various enterprises. The intermediate/mid-career certification program lasts for three years and validates a person’s competency in using data analysis to identify threats, risks and vulnerabilities. In addition, the certification holder is also expected to be skilled in configuring and leverage threat-detection solutions, as well as securing companies’ applications and systems.

With that said, not everyone looking to break into the cybersecurity field need to start with CySA+. Depending on your level of experience, you can start with a lower level certification like Security+, take up an equivalent program like PenTest+ or aim for a higher-level exam like CASP+. Below is a detailed breakdown of each.

Lower level: Security+

CompTIA introduced this lower level vendor-neutral certification back in 2002. For more than a decade, the certification has validated the capabilities required to oversee and manage core security tasks involved in the information security profession. Individuals holding the Security+ certification are expected to be competent in:

  • Application, data and host security
  • Compliance and operational security
  • Network security
  • Threat and vulnerabilities
  • Cryptography
  • Identity management and access control

The exam for this certification is performance-based and comprises 90 multiple-choice questions. Candidates need to score a minimum of 750 points within an hour and a half to pass the exam. Although they aren’t required to fulfill any prerequisites to undertake this exam, CompTIA does offer first-time exam takers a few suggestions.

For example, gaining other core certifications like A+ and Network before taking the Security+ exam may provide candidates with the confidence needed to pass the test. Also, candidates are recommended to have at least two years of experience in IT administration, as well as some day-to-day technical information in information security.

Being a lower level exam than CySA+, Security+ is ideal for individuals who are looking for entry-level information security positions.

Intermediate level: PenTest+

CompTIA’s PenTest+ validates the certification holder’s competencies in discovering, managing, reporting and exploiting threats and vulnerabilities. The certification is equivalent to CySA+ in the sense that it requires candidates to have a professional experience of three to four years in the information security domain, along with a basic level certification like CompTIA Security+.

Another area where the two certifications differ is the nature of the exam. PenTest+ is more offensive-focused, while the exam for CySA+ is geared towards preventive and defensive security measures. However, PenTest+ is nothing similar to the other penetration testing certifications that a candidate may come across. CompTIA’s PenTest+ covers everything a qualified penetration tester should be skilled at, from project reporting and communication to project planning and scoping.

The exam for PenTest+ is performance-based and consists of 85 multiple choice questions. Candidates need to score 750 points on a scale of 100-900 within 165 minutes to pass the exam. Exam creators expect budding penetration testers to know everything from vulnerability management and assessment on targeted systems to managing the exploitation, planning and scope of weaknesses. 

Certified pentesters are typically recruited by companies to conduct penetration testing in varying environments such as cloud, desktop, mobile and more. Both the CySA+ and PenTest+ certifications are globally recognized and raise an individual’s prospects of landing a high-paying position in the field of information security. The best-of-the-breed candidates possess both certifications and, therefore, a complete skill set to protect their employers against cyberthreats. Acting as a penetration tester and a cybersecurity analyst can help firms to identify vulnerabilities in security implementations.

Higher level: CASP+

Information security professionals with a CySA+ certification can aim for CASP+. This is a higher-level certification that requires candidates to have 10 years of working experience in the IT admin area, as well as five years of practical experience in handling tasks related to technical security. The exam for the CASP+ certification covers the following five domains: 

  • Enterprise security architecture
  • Technical integration of enterprise security
  • Enterprise security operations
  • Risk management
  • Research, development and collaboration

Candidates get a maximum of 90 multiple-choice and performance-based questions which they need to answer in 165 minutes. CompTIA doesn’t currently reveal the passing score, but anything above 750 points should put you on your way to landing a coveted job in the field of enterprise information security. The certification validates the holder’s ability to lead research and collaboration, risk management, enterprise security operations and architecture, and the implementation of technical security strategies. In addition, candidates also get to apply critical thinking and acumen across a range of disciplines to deploy, recommend and suggest robust information security solutions.

Because it is a higher-level certification than CySA+, CASP+ also offers support for other specialist cybersecurity roles. For example, whoever gains the CASP+ certification can also apply for the cybersecurity architect role, which is growing in demand across the globe. Based on Enterprise Strategy Group’s research report, the skills gap in the field of cybersecurity is getting wider, and the only way forward for companies is to recruit IT professionals with certifications like CASP+.


CySA+, along with these three certifications, provides IT professionals with an opportunity to gain the skills needed to find a home in the ever-growing cybersecurity landscape. The best part is that there are multiple ways candidates can prepare for the exam, depending on their learning preferences. With the right approach to learning for the certification exam, candidates can gain the knowledge and skills they need to make it big in the cybersecurity industry. 



  1. Certifications, (ISC)2
  2. Is the CompTIA CySA+ Worth It? Cost, Comparison, Benefits, Start a Cyber Career
Posted: January 6, 2021
Dan Virgillito
View Profile

Dan Virgillito is a blogger and content strategist with experience in cyber security, social media and tech news. Visit his website or say hi on Twitter.

Leave a Reply

Your email address will not be published.