We’ve talked about CompTIA certifications like the Security+ and CySA+ in many articles before, but in the article, I want to address the larger question of whether CompTIA certifications, in general, are worth the time, effort, and money that it takes to earn them.
So, are CompTIA certifications worth it? CompTIA certifications are beneficial for entry to mid-level IT and cyber professionals because they are highly recognizable and attainable. Seasoned cybersecurity professionals will probably benefit more from other non-CompTIA certifications, however, such as the CISSP and OSCP, among others.
Let’s go into a little more detail about the overall benefits of CompTIA certifications.
Benefit #1: CompTIA Certifications Start at Entry Level
The biggest benefit of CompTIA exams for those of us that are at the beginning or intermediate stages of our cybersecurity careers is that these certifications are positioned at that exact level. The majority of CompTIA certifications recommend three years or less of experience in the field, and they cover core IT and cybersecurity concepts, such as introductory networking, security, hardware, and software. This means that they are right in line with the experience and background that someone would have at the beginning stages of their career.
Additionally, CompTIA certifications are vendor-neutral, which forces them to focus more on the core concepts of technology than on how technology is implemented on a specific vendor’s platform. This vendor-neutral approach has the effect of keeping many of the CompTIA certifications more theoretical, which many exam takers will find easier, as it can be learned via memorization instead of requiring substantial experience.
Benefit #2: CompTIA Certifications are Cheaper than Others
One of the best benefits of CompTIA exams is their low cost. Many higher-level certifications in the IT and cybersecurity space get rather expensive, sometimes nearing or even exceeding $1,000 or more. CompTIA has kept the majority of their certification exam prices lower, usually in the $350 range total needed to earn the certification. It’s much more difficult for an entry-level professional to justify spending money on certifications when they don’t have the career track or income to support it, so the lower cost of CompTIA certifications makes them an attractive option.
Benefit #3: No Application Fees and No Documented Experience
If you take a look at the fine print of many advanced-level certifications, you’ll find that they will have two requirements in particular. First, they will have a non-refundable application fee, and second, they will require that an applicant have documentable experience, sometimes as much as five years or more. Although less common, others even require sponsorship from an existing certification holder in order to apply. And some even require that you pay for and take their proprietary training in order to sit for the exam.
All of these things make those certifications stronger because they exclude the beginners that can’t swing those options or don’t have the experience or contacts. For CompTIA certifications, however, there are none of those same requirements. With a CompTIA certification, you can sit for any exam in any order at any time, without having to apply or document your background.
CompTIA’s policy benefits certification takers in a big way. With CompTIA certifications, you can take whichever exam you feel most comfortable with, whenever you want, and prepare for it in any way that you choose. Additionally, you can take as many of them as fast as you would like too. The benefit here is that for experienced and focused professionals, earning several CompTIA certifications in the matter of a few months is very achievable.
With the general benefits of CompTIA certifications now covered, I now want to review the most common certifications from CompTIA, their pros and cons, and how they can help current or aspiring cybersecurity professionals improve and advance their careers. Let’s get started.
First Steps: The CompTIA A+
The CompTIA A+ has been around for a long time. And it still has its legacy purpose and format after all of these years. The only CompTIA certification that requires two exams, the A+ was and still is intended for anyone getting started in the IT field or that want to work in a technical support role, such as a computer repair technician or help desk analyst.
The A+ has adapted some over the years, with each iteration adding newer and increasingly more technical concepts, such as networking and security, which weren’t prevalent in earlier versions. But the A+ was developed long before the necessity of cybersecurity when IT departments didn’t have to worry much about security and only focused on hardware, software, and users. Because of this, it’s impact on modern technology departments is somewhat minimized, even though it is still highly recognizable.
One common complaint of the CompTIA A+ is that there is too much memorization required for minutiae that doesn’t matter in the field, such as the number of pins on a connector or legacy cabling that wouldn’t be seen nowadays. But it does serve professionals well to have that solid foundation of hardware and software that the A+ is known for because everything in IT and cybersecurity builds on that.
Pros of the CompTIA A+
- Highly recognizable by HR and IT hiring managers
- Separates you from others that do not have any certifications
- Perfect for aspiring help desk and computer technicians
Cons of the CompTIA A+
- It takes two exams to earn the certification
- There is limited career growth from the certification
Who Should Earn the A+?
Anyone looking to get into the IT field and preferring to work with hardware, general IT support, and end-users.
Who Should Skip the A+?
Anyone with networking, systems administration, or cybersecurity aspirations, as well as current IT and cybersecurity professionals.
Beginning Networking: The CompTIA Network+
Like the A+, the CompTIA Network+ has been around for a long, long time. Besides offerings from Cisco, the Network+ became the de facto standard for entry-level networking certifications. While it is lacking in practicality because of its vendor-neutral approach and lack of an in-depth hands-on assessment, the Network+ is well known and well respected for entry to lower-level positions that may or may not be working on the network.
The challenge with the Network+ is that it is highly theoretical. Because it is vendor-neutral, it doesn’t cover systems administration tasks such as adding users or assigning privileges, nor does it deal heavily with network engineer-style configurations of routing and switching equipment. This means that it may not be all that you need to get a job as a network administrator. So what you’re left with is a solid foundation of networking concepts, such as subnetting, the OSI model, and basic security.
Pros of the CompTIA Network+
- Very recognizable by IT hiring managers
- A great option for professionals that want to move out of the helpdesk
- It includes security concepts that are quickly becoming part of every IT job
Cons of the CompTIA Network+
- It doesn’t have the clout of higher-level certifications, such as the Security+
- It lacks vendor-specific configuration, so there is no proof you can complete tasks on the network.
Who Should Earn the Network+?
Anyone looking to get into the IT or cybersecurity field and preferring to work in a networking, SOC, or similar environment.
Who Should Skip the Network+?
Any cybersecurity professional that believes they have an interest in and strong chance of passing the Security+.
A Taste of Security: The CompTIA Security+
The Security+ is the first certification from CompTIA that really speaks to the cybersecurity crowd. With its heavy focus on network security, it has a decent amount of overlap with the lower-level Network+ but makes the assumption that you are already solid on those networking concepts.
Aspiring professionals that have had a good bit of training in a college or other cybersecurity program can often skip past the A+ and Network+ certifications and jump right in on the Security+, and for many of them that is truly the best option. The Security+ is DoD approved, which means earning the Security+ will open the door to many government cybersecurity-related jobs if the candidate can eventually pass a security clearance.
Pros of the CompTIA Security+
- Highly recognizable by HR, IT hiring managers, and DoD recruiters.
- It serves as a good differentiator from the helpdesk-type certifications A+ and Network+
- It is a good prerequisite for many other cybersecurity-specific certifications
- It is recognized by the Department of Defense.
Cons of the CompTIA Security+
- It is still theoretical and doesn’t verify much in the way of practical skills
Who Should Earn the Security+?
Due to the widespread recognition of the certification, all current and aspiring cybersecurity professionals should take the time to add the Security+ to their resumes, regardless of the specific discipline in cybersecurity that they want to pursue.
Who Should Skip the Security+?
Any IT professional that intends to remain in a strict helpdesk or computer repair role.
Cybersecurity Defense: The CompTIA CySA+
The CompTIA CySA+ is a much newer certification, but one that is gaining a lot of interest in the cybersecurity field by potential test-takers. It is designed as a follow up to the Security+, and while it does cover many of the same security concepts, it is geared for those that want to get into a specific job role: Cybersecurity Analyst.
The entire CySA+ exam focuses on the security concepts you should already know, and how you would apply them in an actual cybersecurity analyst environment. This includes how you would respond to attacks, who you would notify, and how you would document your findings.
The CySA+ doesn’t have anywhere near the same level of recognizability of the older Network+ and Security+ certifications that it follows, but it is DoD approved and is gaining interest in the cyber community. Expect that in the coming years, more hiring managers will recognize this certification and will add it to their job postings.
Pros of the CompTIA CySA+
- The first truly cybersecurity-focused certification from CompTIA
- A great option to separate you from the Security+ holders
- Directly in line with the Cybersecurity Analyst role
Cons of the CompTIA CySA+
- It doesn’t have the recognition of other certifications, such as the Security+
- It is a good bit more difficult than the Security+ that it follows
Who Should Earn the CySA+?
Anyone looking to get into a cybersecurity analyst or similar role.
Who Should Skip the CySA+?
Any existing IT professional that intends to stay in a generalized IT department-role.
Entry Level Pen Testing: The CompTIA PenTest+
The PenTest+ is another newer certification from CompTIA, along with the similar CySA+. The PenTest+ is the offensive equivalent to the defensive CySA+ and is focused exclusively on penetration testing and ethical hacking as a cybersecurity discipline. The PenTest+ is not as well known as other penetration testing certifications, such as the CEH and the OSCP, but is sometimes compared to those two certifications. The PenTest+ appears to be a very solid entry-level penetration testing certification.
Pros of the CompTIA PenTest+
- A solid entry-level penetration testing certification for those new to pen testing
- A good counterbalance certification to the CompTIA CySA+
- Passing the certification will renew lower-level certifications, such as the Security+ and Network+
Cons of the CompTIA PenTest+
- Not as well known as other penetration testing certifications, such as the CEH and the OSCP
- Probably not enough to get a job as a penetration tester
Who Should Earn the PenTest+?
Anyone looking to get into penetration testing and ethical hacking, and anyone that has already passed another penetration testing certification, such as the CEH.
Who Should Skip the PenTest?
Any IT or cybersecurity professional that does not have an interest in penetration testing.
Vendor Neutral Linux: The CompTIA Linux+
One certification that is not as well known as the others mentioned above is the CompTIA Linux+. The Linux+ covers the Linux operating system from a vendor-neutral perspective, which is very different than other Linux certifications related to Red Hat and Kali Linux.
The newest version of the Linux+ certification only requires a candidate to pass one exam, and the credential is good for three years from the test date. Passing the Linux+ automatically renews an existing CompTIA A+ certification, however, it does not have any effect on other certifications, such as the Network+ and Security+.
The Linux+ covers all of the expected Linux topics, such as the kernel, virtualization, and troubleshooting, but also covers topics such as Linux security and scripting.
Pros of the CompTIA Linux+
- Linux is a highly in-demand skill
- Passing the Linux+ renews an existing A+
Cons of the CompTIA Linux+
- It doesn’t have the clout of Red Hat certifications, such as the RHCSA.
- It isn’t as well known as other CompTIA certifications, such as the Security+
Who Should Earn the Linux+?
Anyone looking to learn Linux or add a Linux certification to their resume, as well as aspiring penetration testers.
Who Should Skip the Linux+?
Any IT professional that works in an exclusively Microsoft environment and does not have an interest in learning or deploying Linux.
Overlooked Administration Certification: The CompTIA Server+
The CompTIA Server+ is the least well-known certification on our CompTIA list, and it hasn’t been updated by CompTIA since 2015. The certification focuses on server deployment technologies and processes but is light on newer topics that have become more commonplace in recent years, such as cloud storage options.
The Server+ does have the benefit of being a lifelong certification that does not need to be renewed, and it is similar enough to the core concepts of the A+ and Network+ that a good technician should be able to pass the Server+ with a decent amount of study and preparation.
Unfortunately for the Server+, its status as the least well known of the CompTIA certifications means that it will probably have the least amount of positive impact for your resume, and therefore your efforts will probably be better spent preparing for a different certification.
Pros of the CompTIA Server+
- It renews existing A+ and Network+ certifications
- Would benefit systems administrators
- Readily achievable for those with A+ and Network+ that have strong technical skills
- Doesn’t need to be renewed
Cons of the CompTIA Server+
- Not recognizable by many HR and IT hiring managers
- It is vendor-neutral, so it in many ways is more theoretical than true systems administrator job tasks.
Who Should Earn the Server+?
Anyone that is a systems administrator, or that has an employer that is funding training or that values the certification.
Who Should Skip the Server+?
Most IT and cybersecurity professionals that do not focus on systems administration.
The Peak of CompTIA Cybersecurity: The CompTIA CASP+
The CompTIA CASP+, which stands for CompTIA Advanced Security Practitioner, is CompTIA’s highest level cybersecurity-specific certification, and one that they are trying to line up to go head to head with other cyber certifications, such as the CISSP.
The CASP+ has been around for quite a few years but hasn’t seemed to gain that much traction and cut into the market of more prominent cybersecurity certifications, especially the CISSP from ISC2. Regardless, the CASP+ is designed for established cybersecurity professionals that want to remain technical and go beyond the other CompTIA certifications.
Pros of the CompTIA CASP+
- It renews most lower-level CompTIA certifications
Cons of the CompTIA CASP+
- It doesn’t have the clout of other higher-level certifications, such as the CISSP or CISM
Who Should Earn the CASP+?
Anyone looking to move on to more advanced cybersecurity certifications, or have an employer that is sponsoring CASP+ training, or that want to renew lower-level CompTIA certifications.
Who Should Skip the CASP+?
Any cybersecurity professional that wants to focus on more recognizable intermediate to advanced level certifications such as the CISSP, OSCP, CISM, and others.
CompTIA certifications are a great option for entry to mid-level cybersecurity professionals that want to distinguish themselves from their competition or from others that are also graduating from a college cybersecurity program. CompTIA certifications, like all technical certifications, show employers that someone is serious about their careers and about proving their skills.
More advanced cybersecurity professionals may want to pursue other non-CompTIA certifications instead, however, they should keep an open mind about CompTIA certifications, especially if they would require minimum effort to earn or if an employer is funding CompTIA-specific training.