Professional development

Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2021]

March 18, 2021 by Jeff Peters

The worldwide cybersecurity workforce needs to grow by 89% to effectively defend organizations’ critical assets. That’s more than 500,000 new jobs in North America, according to the latest (ISC)² Cybersecurity Workforce Study. There’s never been a better time to be a cybersecurity professional, but with so many potential career paths, what skills should you focus on learning?

That’s the question CompTIA’s Direct of Products Patrick Lane answered during our recent webinar, “CompTIA career paths: Which certification is right for you?

“I’ve spent my career working with the industry to try to standardize workforce skills throughout the globe, and CompTIA is a big part of it,” said Patrick. “All of our certifications are built around job roles. They’re about addressing the knowledge, skills and abilities someone should have to be successful in their career.”

Security+: Break into cybersecurity

CompTIA is a non-profit, vendor-neutral certification body that helps IT and security professionals of all experience levels. They also have the most popular entry-level cybersecurity certification in the world, Security+, which recently passed a half-million certification holders worldwide.

“Security+ is listed in 10% of all cybersecurity job ads in the United States,” Patrick said. “The core job roles it covers are system administrator, network administrator and security administrator. The most basic level of cybersecurity is making sure your network is secure, and that’s essentially what this teaches.”

Security+ Boot Camp

Once you’ve built a foundation of cybersecurity skills, you can move into many different potential career paths.

CompTIA certification career pathway

“Our research shows 80% of hiring managers, whether they’re IT hiring managers or HR people who don’t know anything about IT, are looking for certifications,” Patrick said. “If you get certifications you can get a better job, whether it be a promotion in your current job or an entirely new role, and even get a pay raise.”

During the webinar, Patrick focused on the three CompTIA certifications in the cybersecurity pathway: PenTest+, CySA+ and CASP+.

PenTest+ vs. CySA+: Red team vs. blue team

“Once you’ve gotten your Security+, the next logical step is to go into penetration testing and security analytics,” Patrick said. “These are considered red team and blue team skills.”

The PenTest+ certification is built around skills required to be proactive and test internal networks for vulnerabilities before the bad guys discover them.

“It’s a certification for intermediate-level cybersecurity pros who are tasked with hands-on penetration testing, also called ethical hacking. You’ll identify, exploit, report and manage vulnerabilities on a network,” Patrick said. “The goal is to attack the network and report weaknesses so those weaknesses can be fixed.”

PenTest+ Boot Camp

The Cybersecurity Analyst (CySA+) certification focuses on applying behavioral analytics to improve network threat visibility and keep networks and systems secure.

“This is the fastest growing cybersecurity job role in the United States,” Patrick said. “It’s about trying to find threats that are coming into your network. It’s about the blue team and defense. In many cases, you’ll use a security information and event management system, which is a tool that’s used to try to find those anomalies.”

CySA+ Boot Camp

CASP+: The most advanced CompTIA certification

The CompTIA Advanced Security Practitioner (CASP+) certification is ideal for technical professionals who wish to remain immersed in technology throughout their careers — and is the most advanced certification available from CompTIA.

“There’s a position called cybersecurity architect, and they’re the ones who would be in charge of the design of the network,” Patrick said. “If you consider yourself an engineer, if you like risk management, this is probably the job for you — especially if you love the technical integration of enterprise security and research and development.” 

CASP+ Boot Camp

Still not sure which certification is for you? You can explore them all — plus hundreds more on-demand courses and hands-on labs — with a subscription to Infosec Skills. No matter what direction your career takes, there’s one trait that unites all cybersecurity professionals: the need to constantly learn and grow.

“If you’re in cybersecurity, you’re going to have to learn for the rest of your life,” Patrick said. “So make it a point to be a career learner.”


Cybersecurity Workforce Study 2020, (ISC)²

Posted: March 18, 2021
Jeff Peters
View Profile

Jeff Peters is a communications professional with more than a decade of experience creating cybersecurity-related content. As the Director of Content Marketing at Infosec, he focuses on developing materials to help cybersecurity practitioners and cybersecurity leaders improve their skills, level up their careers and build stronger teams. His primary duties include overseeing the Infosec Resources website, working with the team of Infosec Skills instructors to share their expertise, and shepherding the Cyber Work series, which aims to help people break into cybersecurity, get hands-on experience, and create a community for aspiring and existing cybersecurity professionals.

Leave a Reply

Your email address will not be published.