GSEC vs. CySA+
Introduction
Degrees are a good way to get yourself going up the corporate ladder, but in the world of cybersecurity, they will only get you so far. Eventually, most will have to back up their knowledge and skills with a professional certification that will verify an elevated level of cybersecurity knowledge.
This article will compare and contrast two of the leading intermediate-level cybersecurity certifications — the GIAC®️ Security Essentials Certification (GSEC) and CompTIA’s Cybersecurity Analyst+ (CySA+) certification. We will explore each certification’s prerequisites, material covered and exam details, and conclude with a well-founded recommendation for which certification you should earn.
FREE role-guided training plans
About GSEC
GSEC is a cybersecurity certification hosted by GIAC and is considered one of the top cybersecurity certifications on the market. This certification is composed of questions created by Subject-Matter Experts (SME) that put their questions up against a Job Task Analysis (JTA) process. This process verifies that the questions reflect current industry standards, to real-world duties in the field, and that the skills are necessary to best perform job responsibilities.
According to GIAC, GSEC validates the certification holder’s information security knowledge beyond that of simple concepts and terminology. This translates into a hands-on information security-centered exam with emphasis placed on real-world information security tasks likely to be encountered on the job.
GSEC prerequisites
GIAC does not require any specific prerequisites to take the GSEC certification exam. With that said, training is recommended in order to avoid having to retake it. There are several good study guides available, but nothing will beat training for the GSEC.
Candidates should keep in mind that GIAC requires a much larger exam registration fee than other hosting organizations, and GSEC is no exception.
GSEC material covered
Instead of presenting the covered material as domains of knowledge, GIAC presents GSEC material as objectives and outcome statements. Don’t let this minor difference make you take this certification exam less seriously — GSEC covers an extensive amount of information security knowledge and skills, covering nearly every subdiscipline in the realm of cybersecurity. This material covers:
- Access control and password management
- Active defense
- Contingency plans
- Critical controls
- Cryptography
- Cryptography algorithms and deployment
- Cryptography application
- Defense-in-depth
- Defensible network architecture
- Endpoint security
- Enforcing Windows security policy
- Incident handling and response
- IT risk management
- Linux security: Structure, permissions and access
- Linux services: Hardening and securing
- Linux: Monitoring and attack detection
- Linux: Security utilities
- Log management and SIEM
- Malicious code and exploit mitigation
- Network device security
- Network security devices
- Networking and protocols
- Securing Windows network services
- Security policy
- Virtualization and cloud security
- Vulnerability scanning and penetration testing
- Web communication security
- Windows access controls
- Windows as a service
- Windows automation, auditing and forensics
- Windows security infrastructure
- Wireless network security
GSEC exam details
The GSEC certification exam covers 180 multiple-choice questions, and the minimum passing score is 74%. Those sitting for the exam will have five hours to pass. After passing the certification exam, certification holders will have to renew their certification every four years.
About CySA+
The Cybersecurity Analyst+ (CySA+) certification is a strong addition to the world’s roster of cybersecurity certifications. Since its debut in 2017, CySA+ has been one of the most cutting-edge certifications – especially since it applies the relatively new technology of behavioral analytics to cybersecurity. This is a first in the industry, which may lead an increasing number of certification candidates to CySA+.
This sounds good, but can CySA+ contend with GSEC? Let’s examine this certification further so you can see for yourself.
CySA+ prerequisites
Unlike GSEC, CySA+ has some distinct prerequisites that a candidate must satisfy before being eligible for this certification exam. First, certification candidates must have four years of hands-on, full-time information security experience. Second, candidates are expected to have earned both the Network+ and Security+ certifications or have gained the equivalent knowledge. This knowledge can conceivably be earned during the years of hands-on experience, but only you will know if this applies to yourself.
CySA+ material covered
CySA+ covers a broad swath of cybersecurity knowledge and skills covering nearly all of cybersecurity’s subdisciplines, much like GSEC. This material is divided into objectives or domains of knowledge, each containing their own sub-objectives. These domains of knowledge (and their respective weight on the exam) are:
- 1.0 Threat and Vulnerability Management (22%)
- 2.0 Software and Systems Security (18%)
- 3.0 Security Operations and Monitoring (25%)
- 4.0 Incident Response (22%)
- 5.0 Compliance and Assessment (13%)
CySA+ exam details
The CySA+ certification exam is composed of a maximum of 85 questions. A minimum score of 750 points out of 900 must be earned to pass the exam. The questions are made up of both multiple-choice and hands-on, performance-based formats, and certification candidates will have 165 minutes to complete the exam.
FREE role-guided training plans
Conclusion
Normally, one certification has an easier time blowing the other out of the water, but not in this case. Both GSEC and CySA+ cover approximately the same amount of material, spanning practically every corner of cybersecurity.
With that said, there are two caveats that may swing your decision. If you are new to cybersecurity (with one to two years of experience), CySA+ would be out of your reach, making GSEC your only option. However, these certifications are intermediate-level, leaving very few early-career professionals equipped with the knowledge and skills to pass the certification exams.
And if your focus is on behavioral analytics, CySA+ is the clear winner, as it places emphasis on this emerging approach to information security.
Sources
- CompTIA Cybersecurity Analyst (CySA+) Certification Exam Objectives, CompTIA
- Security Certification: GSEC, GIAC
- Best Information Security Certifications 2019, Business News Daily
In this Series
- GSEC vs. CySA+
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity