by Patrick Lane | Sep 27, 2017

The CompTIA Cybersecurity Career Pathway: The Future of Cybersecurity Is HereWith the increase in cyberattacks and the number of new connected devices, the need for skilled cybersecurity professionals is growing at a rapid pace. In fact, the U.S. Bureau of Labor Statistics predicts that the number of information security jobs will increase 18 percent from 2014 to 2024, making it one of the fastest-growing fields. Employers, from government to Fortune 500 companies, value CompTIA as an authority in cybersecurity certifications.

How to Get into Cybersecurity

The CompTIA Cybersecurity Career Pathway helps IT pros achieve cybersecurity mastery, from beginning to end. The centerpiece is the CompTIA Security+ certification. It establishes the core knowledge required of any cybersecurity role and provides a springboard to intermediate-level cybersecurity jobs.

Next month, we’ll release an update to CompTIA Security+ (exam code SY0-501). The new version continues to validate the foundational skills necessary to perform core cybersecurity functions. With performance-based questions, it emphasizes the hands-on practical skills used by junior IT auditor/penetration testers, systems administrators, network administrators and security administrators.

After earning CompTIA Security+, cybersecurity professionals can take the next step by pursuing CompTIA Cybersecurity Analyst (CySA+). It assesses the skills needed to apply behavioral analytics to networks to improve the overall state of IT security. The certification covers tools such as packet sniffers, intrusion detection systems (IDS) and security information and event management (SIEM) systems. After the seminal Target attack of 2014, the security analyst job role has gained more importance, making these skills essential for most organizations.

The progression from CompTIA Security+ to CompTIA CySA+ is logical because Security+ assesses the knowledge, skills and abilities (KSAs) an IT professional demonstrates after two years of cybersecurity field work, and CySA+ assesses three to four years of cybersecurity field work.  

After CompTIA CySA+, IT pros can pursue CompTIA Advanced Security Practitioner (CASP) to prove their mastery of cybersecurity skills required at the 5- to 10-year experience level. CASP is the pinnacle of cybersecurity certifications and includes performance-based questions. It is intended for those who wish to remain immersed in hands-on enterprise security, incident response and architecture, for example, as opposed to management of cybersecurity policy and frameworks.

Ready to Start Your Cybersecurity Career?

Check out the new CompTIA Security+ or download the exam objectives for any of our cybersecurity certifications to see which one is right for you.

The Building Blocks of Cybersecurity

But how do you get into cybersecurity with no experience? If you aren't quite ready to start with CompTIA Security+, then you’ll need to start earlier on the pathway.

If you are new to IT, start with CompTIA IT Fundamentals+. It provides a broad understanding of the IT profession. It helps answer the question, “Would I enjoy a career in IT?”

If you already know that IT is right for you, begin with CompTIA A+. It validates understanding of the most common hardware devices and software technologies in business and certifies the skills necessary to support complex IT infrastructures. Consider the large number of devices connected to networks that must be supported by IT help desks, including smart phones, internet of things (IoT) devices and laptops.

That fact makes CompTIA Network+ the next logical step. It validates the essential knowledge and skills needed to design, configure, manage and troubleshoot wired and wireless networks. To best support devices that exchange information on your network, you must understand how the network functions.

The progression is logical because CompTIA A+ assesses the KSAs that an IT professional demonstrates after six months of field work, and CompTIA Network+ assesses nine months of field work.

CompTIA Network+ is also an important recommended prerequisite to CompTIA Security+. Before you can secure a network, you must understand how it functions. In other words, you shouldn’t skip algebra to start with calculus. Otherwise, you are learning security skills and applying them to a network you don’t understand.

Now that we’ve covered the certifications in the cybersecurity pathway, let’s explore some of the common questions surrounding it.

Questions About the CompTIA Cybersecurity Career Pathway

Sign up to receive a discount on CertMaster or an exam voucherWhere should I start on the CompTIA Cybersecurity Career Pathway?

The pathway is intended to help people get into the field of cybersecurity. IT pros can enter at any point, depending on their IT experience, existing certifications or course of study. There are no required prerequisites for these CompTIA certifications. For example, if you have two years of IT security experience or equivalent knowledge, you can jump into the pathway at CompTIA Security+ to prove your knowledge. If you already have CompTIA Security+, you can jump in at CompTIA CySA+, etc. See the CompTIA Cybersecurity Career Pathway graphic to find your place on the pathway.

Do I need to take these certifications in order? Do I need to take all of them?

No. This is a recommended pathway, but it’s not a requirement. Some people may skip CompTIA CySA+ and go directly to CASP if they aren’t looking for IT security analyst skills. It depends on your job needs or interests. Some people will take CompTIA Network+ before CompTIA A+ because that’s the way their class schedule worked out. In general, the pathway follows a hierarchy of skills needed for IT security; each certification builds upon the skills from the previous one.

Can I take these exams with no IT or cybersecurity experience?

Yes, you can. Many academic institutions base their IT courses on CompTIA certifications, which are part of diplomas, associate, bachelor’s and even master’s degrees. CompTIA certifications mirror the current job roles of IT professionals, so it makes sense to earn these certifications to gain the knowledge and hands-on skills currently being used in the workforce, whether you have job experience or not.   

Do these certifications replace on-the-job experience?

If you are an IT professional or an employer, you understand the value of on-the-job experience. IT certifications are a great place to start, but they do not replace hands-on experience. If you have CompTIA certifications and on-the-job experience, you have the best of both worlds.

In summary, the recommended CompTIA Cybersecurity Career Pathway offers guidance for IT pros, employers, instructors and students. You can start wherever it makes sense, depending on your personal background, job requirements or course of study. The pathway is unique because it offers vendor-neutral skills for IT professionals to achieve cybersecurity mastery, from beginning to end.

Ready to start your cybersecurity career? Check out CompTIA Security+.

Patrick Lane, M.Ed., is a director of products for CompTIA. He manages IT workforce skills certifications, including CompTIA Security+, CompTIA Cybersecurity Analyst (CySA+), the forthcoming CompTIA Penetration Tester (CPT+), CompTIA Advanced Security Professional (CASP) and CompTIA Server+.

He is a participant of the U.S. White House’s National Cybersecurity Alliance (NCSA) and has worked directly with the former director of cybersecurity policy at the U.S. National Security Council (NSC) for the “Lock Down Your Login” campaign. He has implemented a wide variety of IT projects, including an intranet and help desk for 11,000 end users.

Patrick is an Armed Forces Communications and Electronics Association (AFCEA) lifetime member, most recently assisting the Defense Information Security Agency (DISA) with scalable SIEM techniques from the private sector, and has authored and co-authored multiple books, including Hack Proofing Linux: A Guide to Open Source Security (Syngress/Elsevier). Patrick holds CompTIA Network+, CompTIA Security+, (ISC)2 CISSP, Microsoft MCSE and CIW Internetworking Professional and Server Administrator. 


  • Adonica Heard

    Thursday, October 5, 2017

    I have a voucher for Sec+ SY-401. How long do I have before it expires since 501 will be coming out in Oct? I saw online there is normally a grace period for a few months but I wanted to check.

  • Thursday, October 5, 2017

    Hi, Adonica! For about six months, we'll have both versions on the market, so you still have plenty of time to take SY-401. Good luck!

  • Thembani Dyomfana

    Monday, October 9, 2017

    Good day Sir / Madam I'm interested in IT Fundamentals+ 

  • dmccraw

    Monday, October 9, 2017

    Hi, Thembani! Thanks for your comment. That's great that you're interested in IT Fundamentals+! Check out the web page to learn more: On the site, you can download sample questions and exam objectives to help you study (under Exam Details), find training materials and classes (under Preparation) and buy a voucher for the exam. Good luck!

  • Matt

    Monday, October 9, 2017

    Hello! I was going to purchase the CompTIA Security+ Deluxe Bundle, then noticed that it applies to the SY0-401 certification exam only. Given I have not yet started any training, I don't think it would be in my best interest to purchase a voucher for an exam that expires in a few short months, considering the vouchers usually last 1 year. My employer approved my request to fund the Deluxe bundle, but not everything individually which would be much more costly. Any suggestions for what my best option(s) might be? Thanks!

  • CompTIA

    Tuesday, October 10, 2017

    Hi, Matt! Thanks for your comment. The two versions of Security+ will overlap for about six months, so you do still have some time to prepare for and take the 401 exam. Once you pass a CompTIA exam, your certification is good for three years, so it wouldn't be a waste either way. That said, cybersecurity has changed a lot in the past three years, and the CompTIA Cybersecurity Career Pathway has as well! When we developed SY0-401, there was no CySA+, so Security+ had to cover a wider spectrum of cybersecurity topics. Only you can decide which would be the best option for you. You can either purchase the SY0-401 bundle now, study and take the exam within six months, or, if you can wait until mid-November, we'll have a new bundle when the updated CertMaster for Security+ comes out. Good luck!

  • Ashutosh

    Friday, October 13, 2017

    Awesome information

  • Steve

    Tuesday, October 17, 2017

    If we have current Security+ certification, does the CySA+ fulfill requirements of Security+ re-certification?

  • dmccraw

    Tuesday, October 17, 2017

    Hi, Steve! Thanks for your question. CySA+ fully renews Security+. You can read more about how getting a higher-level certification can renew lower-level certifications here:

  • Lamanday

    Wednesday, October 18, 2017

    Good Evening, My bachelor's degree is in psychology with a double minor in sociology and criminal justice studies. My master's is in counseling. I am interested in making a career change into the IT field, specifically into security. I have no prior knowledge of IT, at all. I recently completed a Intro to Cyber Security and I am scheduled to begin the IT Fundamentals+ course in 2 weeks. What path would you take to eventually end up with a CEH and eventually a CISSP certification? Would you recommend that I take the fundamentals course or is it possible to start a little further along on the path. Any suggestions are greatly appreciated!

  • dmccraw

    Wednesday, October 18, 2017

    Hi, Lamanday! Thanks for your question. Congratulations on taking the first steps to a career in IT! As for where to start, it really depends on your level of expertise. Some people need IT Fundamentals+ (ITF+) to provide a solid foundation of IT knowledge, while others can jump right in CompTIA A+. Take a look at the exam websites and download the sample questions and exam objectives to see where your skill level is. In terms of a cybersecurity pathway, the CompTIA Certifications Career Roadmap can help you plan out your certification journey. Look under the Information Security section to see what certifications can help you work your way up to CEH and CISSP. In the CompTIA pathway, Network+, Security+ and CySA+ would all be good options leading up to CEH. Good luck!

  • Bahar Bozorgkhoo

    Thursday, October 19, 2017

    Hi, I have very little experience in IT, I am going to change my career and start cyber security, what is the first step?

  • aziz

    Friday, October 20, 2017

    excellent & helpful information

  • dmccraw

    Friday, October 20, 2017

    Hi, Bahar! Congratulations on getting started in IT and cybersecurity. Our cybersecurity hub has some great resources for getting into cybersecurity: If you need to build up your foundational IT skills, you'll probably want to start with CompTIA A+, or even CompTIA IT Fundamentals+. We offer CertMaster training for both of those, which is interactive, online training that will not only prepare you for the exam but help you gain the skills you need to further your career. Good luck!

  • Jamiu A Ahmed

    Thursday, October 26, 2017

    I am CompTia LX0-103 and 104 Certified, and currently studying privately for CySA and would like to register for the course and the certification. Kindly send me the link to register. God bless. Jamiu Ahmed.

  • Krishna

    Thursday, October 26, 2017

    Hi, I have 15 yrs of experience in IT. I want to appear for Seurity+ exam but confused between SY0-401 and SY0-501. Can you please give more information on these two. How they are different or if similar. Also, if SY0-501 exam is taken then will it include SY0-401? I still need to prepare for exam before registering for the exam. From where can I download require book/exam material and which is the official course book. Thanks

  • dmccraw

    Friday, October 27, 2017

    Hi, Krishna! Thanks for your comment. SY0-401 was developed before we had CySA+, so it had to cover a much broader range of security topics. Now that CySA+ serves as an intermediate cybersecurity exam, SY0-501 covers foundational cybersecurity knowledge, including risk management, data and host security, and cryptography. You can read more about the new exam here: You can also download exam objectives and sample questions for both versions from the Security+ product page and compare them to see what would be the best option for you: This page also includes training materials, including CertMaster, an interactive, online training tool. If you choose the 401 exam, you can start CertMaster now. If you choose 501, you'll have to wait a few months until we release CertMaster for the new exam. Good luck!

  • do you have training center in turkey..?

    Saturday, November 4, 2017

    if you have a centers in turkey so plz provide me the adresses so i can joining comptia as soon as possible. thanks.

  • Robert

    Sunday, November 5, 2017

    Being already Security+ certified, and having a few months of industry experience, is CySA+ really required/recommended, or can I go straight to CASP? Also, why doesn't CASP have a "+" on the end of it - is this an oversight?

  • Tuesday, November 7, 2017

    Hello! Yes, we have testing centers in Turkey. Go to this link to find the nearest testing center:

  • dmccraw

    Tuesday, November 7, 2017

    Hi, Robert! Everyone takes a different path to certification. Some people find that going from Security+ to CySA+ to CASP is best for them while others may skip around. CASP is recommended for cybersecurity professionals with at least 5 years of experience, whereas CySA+ is for those with 3-4 years of experience. Check out the exam objectives for both to determine where your skills like and which certification is best for you: Also, CASP without the plus is not an oversight. CASP stands for CompTIA Advanced Security Practitioner - no plus required.

  • K

    Thursday, November 9, 2017

    Thank you for this guide, I've been looking for some direction as to what is required for penetration testing. Your assistance has been invaluable.

  • A.J.

    Tuesday, November 14, 2017

    I'm finding that many employers are not familiar with your top-tier security certifications. Very few job postings list the CASP, and I've had to add explanatory notes on resumes and in cover letters. Yet, two years after earning my CASP certification (on top of a career with 20+ years of experience, including security experience), I've had few interviews and recruiters keep asking if I plan to get better known certifications, like the CISSP or CISA. What good are the certifications if employers don't value them?

  • Thursday, November 16, 2017

    Hi, A.J.! CASP is gaining popularity as a hands-on alternative to CISSP. It's a unique certification for a unique audience: the U.S. Navy requested its development to assess the advanced technical skills of cybersecurity pros who didn’t want to go into management. The Navy found its “tech geeks” wanted to remain at the command line close to the data centers. As with A+, Network+ and Security+, it can take many years for a cert to reach global awareness. CASP will probably never reach the popularity of Security+ because it appeals to a much smaller audience – advanced cybersecurity pros. We are working with enterprises and governments to raise the awareness of CASP. As more people take the exam and CompTIA continues to promote it, you should see an increased awareness of it.

  • Matt

    Friday, November 24, 2017

    Does the CompTIA CySA+ certification renew the A+, Network+, and Security+ ?

  • dmccraw

    Monday, November 27, 2017

    Hi, Matt! Yes, CySA+ renews A+, Network+ and Security+. You can read more here:

  • Alfredia

    Friday, January 5, 2018

    I am currently pursuing my bachelor degree in information system with a concentration of cyber security. I currently have the Comptia A+ certification since 2010. I have six classes left, currently in two of the classes. I haven't worked in cyber security yet, just wanted a career change. I am looking forward in learning more about my career. Any suggestion on the start of my job opportunity in this field.

  • Gman

    Friday, July 6, 2018

    Although, Security 401 is expiring on July 31, 2018. Do they still keep this test active for a few minutes? If so, is it active until December 31, 2018? Can I still take Security + 401 by September 28, 2018? If possible Thanks,

  • Tuesday, July 10, 2018

    Hi, Gman! Thanks for your question. We released Security+ (SY0-501) in October 2017, so there was already a period of overlap where both exams were available. When SY0-401 retires on July 31, 2018, it will no longer be available. If you've purchased a voucher, be sure to take the exam before July 31. If you haven't purchased a voucher, check out the exam objectives and practice questions for SY0-501 so you can adjust your studies and take that exam when you're ready. Good luck!

Leave a Comment

Boost your Career with a Certification

Find out more about our Certifications

How to get Certified

4 Steps to Certification

Already certified? Let us and others know!

Share Your Story