With the increase in cyberattacks and the number of new connected devices, the need for skilled cybersecurity professionals is growing at a rapid pace. In fact, the U.S. Bureau of Labor Statistics predicts that the number of information security jobs will increase 18 percent from 2014 to 2024, making it one of the fastest-growing fields. Employers, from government to Fortune 500 companies, value CompTIA as an authority in cybersecurity certifications.
How to Get into Cybersecurity
The CompTIA Cybersecurity Career Pathway helps IT pros achieve cybersecurity mastery, from beginning to end. The centerpiece is the CompTIA Security+ certification. It establishes the core knowledge required of any cybersecurity role and provides a springboard to intermediate-level cybersecurity jobs.
Next month, we’ll release an update to CompTIA Security+ (exam code SY0-501). The new version continues to validate the foundational skills necessary to perform core cybersecurity functions. With performance-based questions, it emphasizes the hands-on practical skills used by junior IT auditor/penetration testers, systems administrators, network administrators and security administrators.
After earning CompTIA Security+, cybersecurity professionals can take the next step by pursuing CompTIA Cybersecurity Analyst (CSA+). It assesses the skills needed to apply behavioral analytics to networks to improve the overall state of IT security. The certification covers tools such as packet sniffers, intrusion detection systems (IDS) and security information and event management (SIEM) systems. After the seminal Target attack of 2014, the security analyst job role has gained more importance, making these skills essential for most organizations.
The progression from CompTIA Security+ to CompTIA CSA+ is logical because Security+ assesses the knowledge, skills and abilities (KSAs) an IT professional demonstrates after two years of cybersecurity field work, and CSA+ assesses three to four years of cybersecurity field work.
After CompTIA CSA+, IT pros can pursue CompTIA Advanced Security Practitioner (CASP) to prove their mastery of cybersecurity skills required at the 5- to 10-year experience level. CASP is the pinnacle of cybersecurity certifications and includes performance-based questions. It is intended for those who wish to remain immersed in hands-on enterprise security, incident response and architecture, for example, as opposed to management of cybersecurity policy and frameworks.
The Building Blocks of Cybersecurity
But how do you get into cybersecurity with no experience? If you aren't quite ready to start with CompTIA Security+, then you’ll need to start earlier on the pathway.
If you are new to IT, start with CompTIA IT Fundamentals. It provides a broad understanding of the IT profession. It helps answer the question, “Would I enjoy a career in IT?”
If you already know that IT is right for you, begin with CompTIA A+. It validates understanding of the most common hardware devices and software technologies in business and certifies the skills necessary to support complex IT infrastructures. Consider the large number of devices connected to networks that must be supported by IT help desks, including smart phones, internet of things (IoT) devices and laptops.
That fact makes CompTIA Network+ the next logical step. It validates the essential knowledge and skills needed to design, configure, manage and troubleshoot wired and wireless networks. To best support devices that exchange information on your network, you must understand how the network functions.
The progression is logical because CompTIA A+ assesses the KSAs that an IT professional demonstrates after six months of field work, and CompTIA Network+ assesses nine months of field work.
CompTIA Network+ is also an important recommended prerequisite to CompTIA Security+. Before you can secure a network, you must understand how it functions. In other words, you shouldn’t skip algebra to start with calculus. Otherwise, you are learning security skills and applying them to a network you don’t understand.
Now that we’ve covered the certifications in the cybersecurity pathway, let’s explore some of the common questions surrounding it.
Questions About the CompTIA Cybersecurity Career Pathway
Where should I start on the CompTIA Cybersecurity Career Pathway?
The pathway is intended to help people get into the field of cybersecurity. IT pros can enter at any point, depending on their IT experience, existing certifications or course of study. There are no required prerequisites for these CompTIA certifications. For example, if you have two years of IT security experience or equivalent knowledge, you can jump into the pathway at CompTIA Security+ to prove your knowledge. If you already have CompTIA Security+, you can jump in at CompTIA CSA+, etc. See the CompTIA Cybersecurity Career Pathway graphic to find your place on the pathway.
Do I need to take these certifications in order? Do I need to take all of them?
No. This is a recommended pathway, but it’s not a requirement. Some people may skip CompTIA CSA+ and go directly to CASP if they aren’t looking for IT security analyst skills. It depends on your job needs or interests. Some people will take CompTIA Network+ before CompTIA A+ because that’s the way their class schedule worked out. In general, the pathway follows a hierarchy of skills needed for IT security; each certification builds upon the skills from the previous one.
Can I take these exams with no IT or cybersecurity experience?
Yes, you can. Many academic institutions base their IT courses on CompTIA certifications, which are part of diplomas, associate, bachelor’s and even master’s degrees. CompTIA certifications mirror the current job roles of IT professionals, so it makes sense to earn these certifications to gain the knowledge and hands-on skills currently being used in the workforce, whether you have job experience or not.
Do these certifications replace on-the-job experience?
If you are an IT professional or an employer, you understand the value of on-the-job experience. IT certifications are a great place to start, but they do not replace hands-on experience. If you have CompTIA certifications and on-the-job experience, you have the best of both worlds.
In summary, the recommended CompTIA Cybersecurity Career Pathway offers guidance for IT pros, employers, instructors and students. You can start wherever it makes sense, depending on your personal background, job requirements or course of study. The pathway is unique because it offers vendor-neutral skills for IT professionals to achieve cybersecurity mastery, from beginning to end.
Ready to start your cybersecurity career? Check out CompTIA Security+.
Patrick Lane, M.Ed., is a director of products for CompTIA. He manages IT workforce skills certifications, including CompTIA Security+, CompTIA Cybersecurity Analyst (CSA+), the forthcoming CompTIA Penetration Tester (CPT+), CompTIA Advanced Security Professional (CASP) and CompTIA Server+.
He is a participant of the U.S. White House’s National Cybersecurity Alliance (NCSA) and has worked directly with the former director of cybersecurity policy at the U.S. National Security Council (NSC) for the “Lock Down Your Login” campaign. He has implemented a wide variety of IT projects, including an intranet and help desk for 11,000 end users.
Patrick is an Armed Forces Communications and Electronics Association (AFCEA) lifetime member, most recently assisting the Defense Information Security Agency (DISA) with scalable SIEM techniques from the private sector, and has authored and co-authored multiple books, including Hack Proofing Linux: A Guide to Open Source Security (Syngress/Elsevier). Patrick holds CompTIA Network+, CompTIA Security+, (ISC)2 CISSP, Microsoft MCSE and CIW Internetworking Professional and Server Administrator.