The CompTIA Cybersecurity Career Pathway: Employable Skills Found Here

by Patrick Lane | Sep 27, 2017

The CompTIA Cybersecurity Career Pathway: The Future of Cybersecurity Is HereWith the increase in cyberattacks and the number of new connected devices, the need for skilled cybersecurity professionals is growing at a rapid pace. In fact, the U.S. Bureau of Labor Statistics predicts that the number of information security jobs will increase 18 percent from 2014 to 2024, making it one of the fastest-growing fields. Employers, from government to Fortune 500 companies, value CompTIA as an authority in cybersecurity certifications.

How to Get into Cybersecurity

The CompTIA Cybersecurity Career Pathway helps IT pros achieve cybersecurity mastery, from beginning to end. The centerpiece is the CompTIA Security+ certification. It establishes the core knowledge required of any cybersecurity role and provides a springboard to intermediate-level cybersecurity jobs.

Next month, we’ll release an update to CompTIA Security+ (exam code SY0-501). The new version continues to validate the foundational skills necessary to perform core cybersecurity functions. With performance-based questions, it emphasizes the hands-on practical skills used by junior IT auditor/penetration testers, systems administrators, network administrators and security administrators.

After earning CompTIA Security+, cybersecurity professionals can take the next step by pursuing CompTIA Cybersecurity Analyst (CSA+). It assesses the skills needed to apply behavioral analytics to networks to improve the overall state of IT security. The certification covers tools such as packet sniffers, intrusion detection systems (IDS) and security information and event management (SIEM) systems. After the seminal Target attack of 2014, the security analyst job role has gained more importance, making these skills essential for most organizations.

The progression from CompTIA Security+ to CompTIA CSA+ is logical because Security+ assesses the knowledge, skills and abilities (KSAs) an IT professional demonstrates after two years of cybersecurity field work, and CSA+ assesses three to four years of cybersecurity field work.  

After CompTIA CSA+, IT pros can pursue CompTIA Advanced Security Practitioner (CASP) to prove their mastery of cybersecurity skills required at the 5- to 10-year experience level. CASP is the pinnacle of cybersecurity certifications and includes performance-based questions. It is intended for those who wish to remain immersed in hands-on enterprise security, incident response and architecture, for example, as opposed to management of cybersecurity policy and frameworks.

The Building Blocks of Cybersecurity

But how do you get into cybersecurity with no experience? If you aren't quite ready to start with CompTIA Security+, then you’ll need to start earlier on the pathway.

If you are new to IT, start with CompTIA IT Fundamentals. It provides a broad understanding of the IT profession. It helps answer the question, “Would I enjoy a career in IT?”

If you already know that IT is right for you, begin with CompTIA A+. It validates understanding of the most common hardware devices and software technologies in business and certifies the skills necessary to support complex IT infrastructures. Consider the large number of devices connected to networks that must be supported by IT help desks, including smart phones, internet of things (IoT) devices and laptops.

That fact makes CompTIA Network+ the next logical step. It validates the essential knowledge and skills needed to design, configure, manage and troubleshoot wired and wireless networks. To best support devices that exchange information on your network, you must understand how the network functions.

The progression is logical because CompTIA A+ assesses the KSAs that an IT professional demonstrates after six months of field work, and CompTIA Network+ assesses nine months of field work.

CompTIA Network+ is also an important recommended prerequisite to CompTIA Security+. Before you can secure a network, you must understand how it functions. In other words, you shouldn’t skip algebra to start with calculus. Otherwise, you are learning security skills and applying them to a network you don’t understand.

Now that we’ve covered the certifications in the cybersecurity pathway, let’s explore some of the common questions surrounding it.

Questions About the CompTIA Cybersecurity Career Pathway

Where should I start on the CompTIA Cybersecurity Career Pathway?

The pathway is intended to help people get into the field of cybersecurity. IT pros can enter at any point, depending on their IT experience, existing certifications or course of study. There are no required prerequisites for these CompTIA certifications. For example, if you have two years of IT security experience or equivalent knowledge, you can jump into the pathway at CompTIA Security+ to prove your knowledge. If you already have CompTIA Security+, you can jump in at CompTIA CSA+, etc. See the CompTIA Cybersecurity Career Pathway graphic to find your place on the pathway.

Do I need to take these certifications in order? Do I need to take all of them?

No. This is a recommended pathway, but it’s not a requirement. Some people may skip CompTIA CSA+ and go directly to CASP if they aren’t looking for IT security analyst skills. It depends on your job needs or interests. Some people will take CompTIA Network+ before CompTIA A+ because that’s the way their class schedule worked out. In general, the pathway follows a hierarchy of skills needed for IT security; each certification builds upon the skills from the previous one.

Can I take these exams with no IT or cybersecurity experience?

Yes, you can. Many academic institutions base their IT courses on CompTIA certifications, which are part of diplomas, associate, bachelor’s and even master’s degrees. CompTIA certifications mirror the current job roles of IT professionals, so it makes sense to earn these certifications to gain the knowledge and hands-on skills currently being used in the workforce, whether you have job experience or not.   

Do these certifications replace on-the-job experience?

If you are an IT professional or an employer, you understand the value of on-the-job experience. IT certifications are a great place to start, but they do not replace hands-on experience. If you have CompTIA certifications and on-the-job experience, you have the best of both worlds.

In summary, the recommended CompTIA Cybersecurity Career Pathway offers guidance for IT pros, employers, instructors and students. You can start wherever it makes sense, depending on your personal background, job requirements or course of study. The pathway is unique because it offers vendor-neutral skills for IT professionals to achieve cybersecurity mastery, from beginning to end.

Ready to start your cybersecurity career? Check out CompTIA Security+.

Patrick Lane, M.Ed., is a director of products for CompTIA. He manages IT workforce skills certifications, including CompTIA Security+, CompTIA Cybersecurity Analyst (CSA+), the forthcoming CompTIA Penetration Tester (CPT+), CompTIA Advanced Security Professional (CASP) and CompTIA Server+.

He is a participant of the U.S. White House’s National Cybersecurity Alliance (NCSA) and has worked directly with the former director of cybersecurity policy at the U.S. National Security Council (NSC) for the “Lock Down Your Login” campaign. He has implemented a wide variety of IT projects, including an intranet and help desk for 11,000 end users.

Patrick is an Armed Forces Communications and Electronics Association (AFCEA) lifetime member, most recently assisting the Defense Information Security Agency (DISA) with scalable SIEM techniques from the private sector, and has authored and co-authored multiple books, including Hack Proofing Linux: A Guide to Open Source Security (Syngress/Elsevier). Patrick holds CompTIA Network+, CompTIA Security+, (ISC)2 CISSP, Microsoft MCSE and CIW Internetworking Professional and Server Administrator. 


  • Adonica Heard

    Thursday, October 5, 2017

    I have a voucher for Sec+ SY-401. How long do I have before it expires since 501 will be coming out in Oct? I saw online there is normally a grace period for a few months but I wanted to check.

  • Thursday, October 5, 2017

    Hi, Adonica! For about six months, we'll have both versions on the market, so you still have plenty of time to take SY-401. Good luck!

  • Thembani Dyomfana

    Monday, October 9, 2017

    Good day Sir / Madam I'm interested in IT Fundamentals

  • Monday, October 9, 2017

    Hi, Thembani! Thanks for your comment. That's great that you're interested in IT Fundamentals! Check out the web page to learn more: On the site, you can download sample questions and exam objectives to help you study (under Exam Details), find training materials and classes (under Preparation) and buy a voucher for the exam. Good luck!

  • Matt

    Monday, October 9, 2017

    Hello! I was going to purchase the CompTIA Security+ Deluxe Bundle, then noticed that it applies to the SY0-401 certification exam only. Given I have not yet started any training, I don't think it would be in my best interest to purchase a voucher for an exam that expires in a few short months, considering the vouchers usually last 1 year. My employer approved my request to fund the Deluxe bundle, but not everything individually which would be much more costly. Any suggestions for what my best option(s) might be? Thanks!

  • CompTIA

    Tuesday, October 10, 2017

    Hi, Matt! Thanks for your comment. The two versions of Security+ will overlap for about six months, so you do still have some time to prepare for and take the 401 exam. Once you pass a CompTIA exam, your certification is good for three years, so it wouldn't be a waste either way. That said, cybersecurity has changed a lot in the past three years, and the CompTIA Cybersecurity Career Pathway has as well! When we developed SY0-401, there was no CSA+, so Security+ had to cover a wider spectrum of cybersecurity topics. Only you can decide which would be the best option for you. You can either purchase the SY0-401 bundle now, study and take the exam within six months, or, if you can wait until mid-November, we'll have a new bundle when the updated CertMaster for Security+ comes out. Good luck!

  • Ashutosh

    Friday, October 13, 2017

    Awesome information

Leave a Comment

Boost your Career with a Certification

Find out more about our Certifications

How to get Certified

4 Steps to Certification

Already certified? Let us and others know!

Share Your Story