CySA+: Other certifications (Security+, PenTest+, CASP+) [updated 2024]
For anyone looking to become a cybersecurity analyst, CompTIA’s vendor-neutral CySA+ certification offers a rewarding CySA+ salary and pathway to gain the skills and knowledge needed to master security analytics, intrusion detection and response. This mid-career certification validates your competency in using data analysis to identify threats, risks and vulnerabilities — and suggest preventative measures to effectively respond to and help recover from incidents. You're also expected to be proficient in configuring and leveraging threat-detection solutions to secure companies’ applications and systems. In return, you can expect a respectable CySA+
That said, CySA+ is not designed for beginners in cybersecurity. Depending on your experience level, you should start with another CompTIA certification like Security+ or even consider more IT-focused certifications like Network+. A few CompTIA certification alternatives are outlined below.
Earn your CySA+, guaranteed!
Lower level: CompTIA Security+
The CompTIA Security+ is the most popular cybersecurity certification in the world. It validates your capabilities around overseeing and managing core security tasks. This includes the ability to:
- Assess the security posture of an enterprise environment and recommend and implement appropriate security solutions
- Monitor and secure hybrid environments, including cloud, mobile and IoT
- Operate with an awareness of applicable laws and policies, including principles of governance, risk and compliance
- Identify, analyze and respond to security events and incidents
The exam for this certification comprises 90 multiple-choice and performance-based questions to be answered within 90 minutes. Candidates must score at least 750 points (on a scale of 100–900) to pass the exam. CompTIA recommends having at least two years of work experience in IT systems administration with a focus on security, hands-on technical information security experience, and broad knowledge of security concepts to be eligible for this test.
CompTIA does offer first-time exam takers a few suggestions. For example, gaining other core certifications like Network+ before taking the Security+ exam can help you master network fundamentals and security concepts essential in the profession and make you more confident in tackling this credential.
As a lower-level exam than CySA+, Security+ is ideal for individuals looking for any entry-level cybersecurity role, explains Patrick Lane, Director of Products at CompTIA. For more information, view our Security+ hub and watch our webinar, CompTIA Security+: Everything you need to know about the SY0-701 update.
Intermediate level: PenTest+
CompTIA’s PenTest+ is suitable for working as a security consultant, penetration tester or network and security specialist-type roles. Whereas the CySA+ is a defensive-focused certification, the PenTest+ focuses on offensive skills like identifying vulnerabilities and testing attack techniques across networks. The credential verifies your competencies in discovering, managing, reporting and exploiting threats and vulnerabilities.
The updates to PenTest+ implemented at the end of 2021 reflect newer pentesting techniques for the latest attack surfaces, including the cloud, hybrid environments and web applications, as well as more ethical hacking concepts, vulnerability scanning and code analysis. There’s also more focus on planning, scoping, and managing weaknesses, not just exploiting them.
The CompTIA PenTest+ certification validates your ability to:
- Plan and scope a penetration testing engagement
- Understand legal and compliance requirements
- Perform vulnerability scanning and penetration testing using appropriate tools and techniques, and then analyze the results
- Produce a written report containing proposed remediation techniques
- Effectively communicate results to the management team and provide practical recommendations
The PenTest is one of several potential penetration testing certifications to consider. It's newer than some like the Certified Ethical Hacker (CEH), but being backed by CompTIA it has grown in popularity in the industry since its 2018 launch.
The exam for PenTest+ comprises 85 performance-based and multiple-choice questions. Candidates need to score 750 points (on a scale of 100-900) within 165 minutes to pass the exam.
Certified pentesters are typically recruited by companies to conduct penetration testing in varying environments such as cloud, desktop, mobile and more. Both the CySA+ and PenTest+ certifications are globally recognized and can help raise an individual’s prospects of landing a high-paying position in the field of cybersecurity. The candidates possess both certifications and proven experience in the field.
For more information, view our PenTest+ hub.
Higher level: CASP+
Cybersecurity professionals with a CySA+ certification can aim for the CompTIA CASP+ (see CySA+ versus CASP+). This higher-level certification is recommended for those with ten years of general hands-on IT experience and at least five years of broad hands-on security experience. The exam for the CASP+ certification validates you have the knowledge required to do the following:
- Architect, engineer, integrate and implement secure solutions across complex environments to support a resilient enterprise
- Use monitoring, detection, incident response and automation to proactively support ongoing security operations in an enterprise environment
- Apply security practices to cloud, on-premises, endpoint and mobile infrastructure while considering cryptographic technologies and techniques
- Consider the impact of governance, risk and compliance requirements throughout the enterprise
The certification covers your ability to lead research and collaboration, risk management, enterprise security operations and architecture, and the implementation of technical security strategies. In addition, you should be able to apply critical thinking and acumen across various disciplines to deploy, recommend and suggest robust information security solutions.
Candidates get a maximum of 90 multiple-choice and performance-based questions, which they must answer in 165 minutes. This test has no scaled score and is pass/fail only.
Because it is a higher-level certification than CySA+, CASP+ can help you advance to more senior technical roles like security architect and senior security engineer, where you effectively design, implement, and manage cybersecurity solutions on complex enterprise networks.
For more information, view our CASP+ hub.
Earn your CySA+, guaranteed!
CySA+ certification summary
So, which certification is best for you? That depends on your job role, your experience level and your career expectations. CompTIA does an excellent job laying out a potential career progression for cybersecurity professionals, but you may not have to follow it exactly, depending on your goals.
CySA+, along with these three certifications, provides an opportunity to advance from entry-level to intermediate-level and higher-level options for your future.
If you're ready to train for your CompTIA certification, check out your live and on-demand CompTIA training options with Infosec.