Introducing the CompTIA Cybersecurity Career Pathway

by Patrick Lane | Oct 11, 2016

The CompTIA Cybersecurity Career PathwayWith the upcoming release of the CompTIA Cybersecurity Analyst (CSA+) exam on February 15, 2017, CompTIA will enter uncharted territory. For the first time, a vendor-neutral CompTIA cybersecurity career pathway will exist for IT professionals to achieve cybersecurity mastery, from beginning to end. Make sure to visit the CompTIA Cybersecurity Hub for more information on IT security careers.

CompTIA CSA+ fills the skills gap between CompTIA Security+ and the CompTIA Advanced Security Practitioner (CASP) exam. Until now, many CompTIA Security+ certified professionals waited until they gained at least 5 years of IT security experience before sitting for the CASP exam. Either that, or they branched into vendor-specific exams, such as VMWare, Cisco or Microsoft. 

CompTIA Security+ certified professionals can take the next step by pursuing CSA+. It’s a new certification that assesses the skills needed to apply behavioral analytics to the IT security environment to improve the overall state of IT security. Tools, such as packet sniffers, Intrusion Detection Systems (IDS) and Security Information Event Managers (SIEM) are used in this job role. After the seminal Target attack of 2014, the IT security analyst or cybersecurity analyst job role has gained more importance. These skills are now essential for most organizations.

Why can IT pros take CSA+ after Security+? Because CompTIA Security+ mirrors 2 years of IT security experience and CSA+ mirrors 3-4 years. It is a logical progression. After CSA+, IT pros can pursue CASP to prove their mastery of hands-on cybersecurity skills required at the 5- to 10-year experience level.  

But what if you don’t have the skills or experience to start with CompTIA Security+ or CSA+? You’ll need to start earlier on the pathway. CompTIA Network+ is an important recommended prerequisite to CompTIA Security+. In order to secure a network, you must understand how the network functions. Otherwise, you are learning security skills and applying them to a network you don’t understand. If you haven’t taken CompTIA Network+, we recommend that you earn it, or gain the equivalent knowledge of nine-months’ networking experience.

Before you take CompTIA Network+, you need an understanding of the most common hardware and software technologies used on the network. After all, how can you support a network if you don’t understand what is attached to it? CompTIA A+ certification, which mirrors the skills of an IT pro with six months of IT experience, assesses the skills necessary to support IT infrastructures, which includes device hardware, software, networks and security, from an entry-level IT pro perspective.

If you are a beginner and don’t have CompTIA A+ or six months of IT pro experience, you can pursue the CompTIA IT Fundamentals exam. It is the beginning of the career pathway. If you want a career in IT and you are new to the profession, then IT Fundamentals is the best place to start. It helps you learn more about the world of IT and provides a broad understanding of the IT profession.

Now that we’ve covered the certifications in the cybersecurity pathway, let’s explore some of the common questions surrounding it.

 Questions about the Cybersecurity Pathway

Where do I start?

IT pros can enter the pathway at any point, depending on their IT experience, existing certifications, or course of study. There are no required prerequisites for these CompTIA certifications. For example, if you have 2 years of IT security experience or equivalent knowledge, you can jump into the pathway at CompTIA Security+ to prove your knowledge. If you already have CompTIA Security+, you can jump in at CSA+, etc. See the Recommended CompTIA Cybersecurity Career Pathway graphic.

Do you need to take these certifications in order? Do you need to take all of them?

No. It is a recommended pathway. Some people may skip CSA+ and go directly to CASP If they aren’t looking for IT security analyst skills. It depends on your job needs or interests. Some people will take CompTIA Network+ before A+ because that’s the way their class schedule worked out. In general, the pathway follows a hierarchy of skills needed for IT security; each certification builds upon the skills from the previous one.

Can you take these exams without IT experience?

Yes, you can. Many academic institutions base their IT courses on CompTIA certifications, which are part of diplomas, associate, bachelor’s and even master’s degrees. CompTIA certifications mirror the current job roles of IT professionals, so it makes sense to earn these certifications to gain the knowledge and hands-on skills currently being used in the workforce, whether you have job experience or not.   

Do these certifications replace on-the-job experience?

If you are an IT professional or an employer, you understand the value of on-the-job experience. IT certifications are a great place to start, but they are not a replacement. If you have CompTIA certifications and on-the-job experience, you have the best of both worlds.

In summary, the recommended CompTIA Cybersecurity Career Pathway offers guidance for IT pros, employers, trainers and students. You can start wherever it makes sense, depending on your personal background, job requirements, or course of study. The pathway is unique because it offers vendor-neutral skills for IT professionals to achieve cybersecurity mastery, from beginning to end. Visit the CompTIA Cybersecurity Hub for more information on IT security careers.

--

Patrick has received IT certifications from CompTIA (Network+, Security+ and i-Net+), (ISC)2 Certified Information Systems Security Professional (CISSP), Microsoft (MCSE, MCP+I and MCT), and CIW (Internetworking Professional and Server Administrator). He has also received a master’s degree in education and a California State Multiple Subject Teaching Credential with a Cross-Cultural Language and Academic Development (CLAD) emphasis. 

39 Comments

  • Cody

    Friday, October 14, 2016

    This looks like a very interesting exam. What is the recertification requirements on it going to be?

  • Damian McLin

    Saturday, October 15, 2016

    How long does it take to complete the path to IT fundamentals?

  • Patrick Lane

    Monday, October 17, 2016

    Thank you for your comments! In response to Cody, Richard and Damian: The CSA+ exam is planned to require 60 CEUs for renewal. Systems auditing is covered in CSA+, as detection is a key element of security analysis. If you are covering auditing from a governance perspective, you should download the objectives and see if that fulfills your needs. Regarding IT Fundamentals, it depends on your learning environment. Corporate training can get it done in 5 days or less, while an academic environment might require a quarter or semester class. Please let me know if you have further questions and I'm happy to help.

  • Patrick Lane

    Tuesday, October 18, 2016

    Thank you for your comments! In response to Cody, Richard and Damian: The CSA+ exam is planned to require 60 CEUs for renewal. Systems auditing is covered in CSA+, as detection is a key element of security analysis. If you are covering auditing from a governance perspective, you should download the objectives and see if that fulfills your needs. Regarding IT Fundamentals, it depends on your learning environment. Corporate training can get it done in 5 days or less, while an academic environment might require a quarter or semester class. Please let me know if you have further questions and I'm happy to help.

  • Americo Deno

    Thursday, October 20, 2016

    I will like to follow the path of Cyber security certification . The company that I work current will pay the cert . Can someone call me and let me know how I can take advantage of this situation with you guy with details Thanks Americo Deno

  • Patrick Lane

    Thursday, October 20, 2016

    Hello Americo, that is great you are interested in pursing CompTIA cybersecurity certifications. I suggest you visit our help page to learn about registration, exam requirements, and taking our tests at https://certification.comptia.org/help. You can also call our customer service dept at +1 (630) 678-8300 or +1 (866) 835-8020 and they can help you get started, with details.

  • Waseem Waheed

    Friday, October 21, 2016

    Need information on cyber security certification programs

  • Dane

    Tuesday, November 1, 2016

    Where can we find training material for the CSA+ and will it factor into the DoD 8570 requirements at all?

  • Elvin Sanchez

    Tuesday, November 1, 2016

    Please send me studies guide and info about the test. Thanks

  • Patrick Lane

    Wednesday, November 2, 2016

    To learn more about CompTIA's cybersecurity pathway certifications, go to certification.comptia.org/certifications and explore. CSA+ will be released on Feb. 15, 2017, at Pearson VUE testing centers. Regarding DoD 8570, CompTIA is performing the necessary processes for approval, such as satisfying the ISO/IEC 17024 requirement. The DoD must approve CSA+ before it can be adopted and we will announce any news as it occurs. All the exam details won't be known until January, but it is a performance-based and multiple-choice exam. The performance based questions are hands-on questions based on the security analyst job role.

  • Ravi Mathias

    Wednesday, November 23, 2016

    I am looking forward to the CSA+ exam being released. I recently recertified in Security+ (next month I will be sitting to recert in both Network+ and Server+). I already have official training materials purchased for CASP+ for 2017, but I would like to take on CSA+ first. Any idea when approved training material will be available for CSA+? It sounds like January at the earliest, but I'd like to be sure so I can hunt it down and get cracking on it. Thank you, and the best of luck to everyone out there considering the exam! Sincerely, Ravi Mathias

  • Javon V.

    Tuesday, November 29, 2016

    Hi, I am currently in training for my N+ and S+. I will finish my S+ in Feb. Should I get on the job training for at least six months or a year before going into the CSA+? I have no prior experience.

  • Sayantan C

    Friday, December 16, 2016

    Already I Cleared Security+ and CASP - Should I Opt for CSA+ Certification?

  • Raj

    Friday, December 16, 2016

    Will need recertification for Comptia security + coming April of 2017.Will taking CSA+ help me renew my S+

  • Friday, December 16, 2016

    Hi Raj! Yes, taking and passing the CSA+ exam would keep your Security+ certification current because it's a higher level exam. You can read more here: https://certification.comptia.org/continuing-education/how-to-renew

  • Mohammad Suhail.K.M

    Saturday, December 17, 2016

    Knowledge, IT security environment to improve the overall state of IT security.

  • Patrick Lane

    Monday, December 19, 2016

    It is great to see CSA+ interest in this forum. I can answer a few of the questions since I am the CSA+ product manager: 1) Training materials are scheduled to be available February 15, 2017, from Skillsoft (eLearning), IT Pro TV (eLearning), Practice Labs (hands-on live labs), Transcender (practice labs), and GTS Learning (instructor-led training). The remainder of the publishers should follow closely behind with traditional textbooks and instructor-led materials from Pearson, McGraw-Hill, Cengage, Wiley/Sybex, and Logical Operations. As training materials are "CAQC Approved" (CompTIA Approved Quality Content), it will be listed on the CompTIA Marketplace/Store. 2) CSA+ can be taken if you have the recommended experience or equivalent knowledge gained from Network+ and Security+. You can take CSA+ without experience, for example, if you are in a course of study and learning to be an IT professional. CSA+ should be taken after Security+ in the learning pathway. According to our contact at HP Enterprise, anyone working in IT security over the next 10 years needs the skills taught in CSA+. Security analyst skills have become essential for all IT security workers, whether they work full-time as an security analyst or not.

  • Salaudeen

    Thursday, January 5, 2017

    I already Cleared Security+ and CASP - Should I Opt for CSA+ Certification? I would like to become an expert vast in Risk and IT governance, privacy and the likes,

  • Smart Dork

    Thursday, January 12, 2017

    If this is your truth... "Do these certifications replace on-the-job experience? If you are an IT professional or an employer, you understand the value of on-the-job experience. IT certifications are a great place to start, but they are not a replacement. If you have CompTIA certifications and on-the-job experience, you have the best of both worlds." Then why do the certificates expire after taking the test and working for 3 years with the certificate?

  • Friday, January 13, 2017

    Great question! A lot can happen to technology during a three-year period, and we want to help you keep up with all the changes. We are constantly updating our exam content with the help of CompTIA Subject Matter Experts, IT pros who see the day-to-day work firsthand, to make sure CompTIA certifications cover the most current and relevant issues. This ensures that the certification you worked hard to earn will continue to be valued and trusted by employers and organizations, validating the skills and experience you've gained.

  • Patrick Lane

    Thursday, January 19, 2017

    Hello Salaudeen, if you want to focus more on IT governance, you should consider something else like CISSP. CSA+ is more hands-on. Risk is covered through the eyes of a technician working in the field, the one responsible for vulnerability testing. In addition, it covers blue team skills in cyber warfare such as "configure and use threat detection tools, perform data analysis, and interpret the results to identify vulnerabilities, threats, and risks to an organization." From a technical skills perspective, it makes a lot of sense to take CSA+ since you've already earned Security+ and CASP.

  • Caleb Cline

    Monday, February 13, 2017

    Does CSA+ comply with the ISO 17024 standard and will it be an approved DoD 8570 certification?

  • Michael Carter

    Wednesday, February 15, 2017

    How does this certification fit within the DOD 8750 framework, and will it be accepted within that framework?

  • Scott Dennis

    Wednesday, February 15, 2017

    Would it be safe to say that by using the plethora of study material already available for the CASP certification, we would be ready for the material in the CSA+?

  • Wednesday, February 15, 2017

    Hi, Michael and Caleb! To answer your questions, CSA+ is ISO/ANSI accredited, and we are working with DOD to get it approved. Stay tuned!

  • Wednesday, February 15, 2017

    Hi, Scott! Because CASP builds on CSA+, those materials will certainly help you prepare for the CSA+ exam as well as CASP. To learn more about CSA+, log in to our webinar later today: https://event.on24.com/eventRegistration/EventLobbyServlet?target=reg20.jsp&referrer=&eventid=1357297&sessionid=1&key=EFBDC9C0A2FAB9B32102303D829B6157®Tag=&sourcepage=register You can also download CSA+ sample questions and exam objectives to get an idea of what will be on the exam: https://certification.comptia.org/certifications/cybersecurity-analyst Good luck!

  • John Stone

    Wednesday, February 22, 2017

    Hello. I am going to be studying for a degree in software devel. However, i want to get certs as well. Are there comptia certs that would be helpful for a developer?

  • Thursday, February 23, 2017

    Hi, John! Thanks for your comment. CompTIA certifications focus primarily on IT infrastructure and security skills. Though none are in the developer realm, per se, a deep understanding of infrastructure makes for a better, more efficient developer. If you’re just starting out, A+ is a good place to establish a foundation in IT skills and can prepare you for a role in IT tech support. Check out the CompTIA Career Roadmap to see how certifications, from CompTIA and other organizations, align with different career paths: https://certification.comptia.org/why-certify/roadmap Good luck!

  • Matt Porter

    Friday, March 3, 2017

    I am only seeing two books as study material on the internet and they are both still in pre-order phase. Where can we find study material?

  • andrea

    Thursday, March 9, 2017

    Hi, i cannot see any book or study material ... in this way is not possible plan my exam. Thanks

  • Thursday, March 9, 2017

    Hi, Matt and Andrea! Thanks for your questions. As CSA+ is a brand new exam, new training materials are still being developed. That said, we do have some options available for you now! You can go to https://certification.comptia.org/training/self-study-training or https://certification.comptia.org/training/instructor-led-training and select CSA+ to see what's available. Your search will generate more results if you do not select a media type and just let the list fully populate. We will be updating these pages as new options become available. Good luck!

  • Mike Toth

    Friday, April 21, 2017

    So call me crazy, but i just want to make sure before I request the training: I just received my Security+ certification (8570 req). If I were to obtain the CSA+ certification, that should satisfy keeping my Security+ certification as well? (no need to do the CE's).... thanks in advance....

  • Friday, April 21, 2017

    Hi, Mike! Thanks for your email. You are correct in that if you earned CompTIA CSA+ within your three-year renewal cycle, it would renew your CompTIA Security+ certification. (And Network+ and A+ if you have those.) You can read more about how higher-level CompTIA certs renew lower-level ones here: https://certification.comptia.org/continuing-education/choose/renew-with-a-single-activity/earn-a-higher-level-comptia-certification. Good luck!

  • Frank Fazio

    Wednesday, May 10, 2017

    Need to obtain 50 ceu's to renew my CompTia secutity + certification How get I get started

  • Wednesday, May 10, 2017

    Hi, Frank! We recently updated the Continuing Education portion of our website to clarify what you need to do to renew your certification. You can start at the link below to learn all about the renewal process or go directly to Step 2: Choose Your Renewal Path to decide how you want to earn your CEUs. We have a variety of options, ranging from earning all of your CEUs at once with CertMaster CE or a recertification exam to earning CEUs here and there over time by completing activities like webinars and classes. You can learn more here: https://certification.comptia.org/continuing-education

  • wain

    Thursday, May 25, 2017

    Got my Network+ cert 3 year back. Can I straight away jump to CSA+ cert or do i need to get Sec+ 1st? Tq.

  • Thursday, May 25, 2017

    Hi, Wain! You can choose to take whichever one makes the most sense for you. If you already have 3-5 years of hands-on cybersecurity experience, CSA+ may be a better option for you. I would recommend downloading the sample questions and objectives for each exam to see where your experience falls and which one you are ready to take at this time. Good luck!

  • James

    Monday, June 19, 2017

    If I am prepared to take the Net+ exam, should I take the A+ exam first? Does having both certifications benefit me in any way more than having only Net+ ? Also, if I end up working my way up the pathway A+, Net+, Sec+, CSA+, CASP.... will re-certifying CASP automatically re-certify all of the lower level certs?

  • Monday, June 19, 2017

    Hi, James! While this article outlines the recommended path, people jump in at many points. If you have the knowledge, skills and experience for Network+, you may choose to bypass A+. It's really up to you! In terms of renewing certifications, you are correct. When you renew a higher-level certification, some of your earlier certifications will also be renewed. Check out this website to see which certifications automatically renew others. For example, if you click on CASP, you can see that it renews A+, Net+, Security+ and CSA+ : https://certification.comptia.org/continuing-education/learn/renewing-multiple-certifications

Leave a Comment

Boost your Career with a Certification

Find out more about our Certifications

How to get Certified

4 Steps to Certification

Already certified? Let us and others know!

Share Your Story