A lot of my students ask me which certifications they should take as they prepare to enter the field of cybersecurity. There are certainly a lot of certification options available, which can make this decision confusing, to say the least. Because this is such a common question, let’s take a look at the best cybersecurity certifications for beginners.
What are the best cybersecurity certifications for beginners? For most entry-level people, the best cybersecurity certifications for beginners are the CompTIA Network+, CompTIA Security+, CompTIA CySA+, and the Cisco CCNA certifications.
But just listing a few entry-level cybersecurity certifications only tells half of the story. It doesn’t tell you how to get started, which one to take first, and doesn’t consider the massive amount of time and money it takes to pursue a certification. Because of this, I think the more important question is, what is the best cybersecurity certification PATH for beginners?
The best cybersecurity certification PATH for beginners
When we look at entry-level cybersecurity certifications and which ones are the best fit on a certification path, there are a few factors and criteria that we want to consider. The best cybersecurity certifications for beginners will require the equivalent of two years or less of experience, cost less than $400, and only take one test to achieve. They also will not mandate specific training to be completed beforehand. Keep in mind that a number of exams require documented work experience in the cybersecurity field or sponsorship from someone already in the field, so those would not qualify for entry-level status either. We also want to choose a path that minimizes time and effort since our goal is to get certified and get hired quickly.
With these factors in mind, here is my view of the best cybersecurity certification path for beginners who are looking to enter the field:
Step 1: CompTIA Network+ and/or Security+
CompTIA’s Network+ and Security+ are the first steps on our path to cybersecurity because they are highly recognized, only take one exam to earn, and do not have a minimum requirement of experience to qualify to sit for the exams. (To see my comparison of the Network+ and Security+, check out my article here.)
You are probably wondering why I list two certifications in our first step and why they are listed as an and/or. Both the CompTIA Network+ and Security+ are listed because they have a great deal of overlap in content and preparing for one actually helps you prepare for both. If you choose to take both, take the Network+ first.
The Network+ covers basic computer networking concepts, such as routers, switches, and protocols, and now has a great deal of network security content as well, such as cyber-attacks and systems hardening concepts. The Security+ covers basic security concepts, such as cyber-attacks and systems hardening, but also touches on network concepts such as routers and switches. See the point? It’s tough to talk about computer networks without also talking about security in our modern connected world, so there is now a good bit of overlap between the two exams. In fact, 20% of the Network+ exam is devoted to security concepts.
So, what should you do? If you already have strong networking knowledge and are pressed for time, you could just jump straight to the CompTIA Security+. I’ve had several students do that. I believe Security+ is more respected than Network+ and it is a true security certification. If you earn the Security+ first, many employers will probably assume you have the networking concepts down too.
If you are new to the cybersecurity field completely, going for the Network+ first would be helpful and a good use of time. It would also provide you with a solid foundation for your future certifications and your career. If you’re self studying and not enrolled in a training program, I think you definitely should go for the Network+ first just so you can build that foundational knowledge.
(Check out my podcast episode on the Network+ and Security+ where I compare the two and talk about which you should do first here.)
Step #2: Cisco CCNA and/or CompTIA CySA+.
Two certifications in one step, again? Absolutely. Remember that the field of cybersecurity is very wide with lots of different domains and career options. Plus, we want and need flexibility since some of us made different decisions about whether to sit for the Network+ exam in the first step.
Cisco CCNA is Cisco’s associate-level “Cisco Certified Network Associate” certification. It is not security-based but has a great deal of overlap with Network+, so if you are thinking of going into a career as a computer network administrator, network security analyst, or another computer networking-related career, and you have already studied and passed the Network+, the Cisco CCNA will be a good next step.
With the CCNA, even employers that don’t use Cisco products recognize that your Cisco networking knowledge can be applied to their systems too. Keep that in mind as you move through our second step here.
CompTIA’s CySA+, which stands for Cybersecurity Analyst, is a newer certification and therefore is not as widely known or recognized. But it is developed and backed by CompTIA, which as a certification developer is widely recognized and has what probably can be considered the best suite of entry-level IT certifications in the world. CompTIA places the CySA+ after Security+ on its track and suggests even more experience and knowledge as a prerequisite, so if you did well on the Security+, have continued to build your knowledge, and are becoming really passionate about the cybersecurity field, then sitting for the CySA+ would be a good idea.
The CySA+ covers threat and vulnerability management and incident response-related topics that go beyond the Security+. It is a more challenging exam, so make sure you’re really ready for this one and that your knowledge is solid.
Here’s my video on the CySA+:
Step #3: CompTIA Linux+ and/or CompTIA PenTest+
If you’ve made it to this point, you now have a number of certifications listed after your name and are probably qualified for an entry level position in cybersecurity. If you decide to continue on your certification journey, you should consider one or both of the certifications listed in this step. The important point of our step #3 here is to start expanding our knowledge into a specialty.
The CompTIA Linux+ is not the most widely-known or widely-respected Linux certification, but it is a good certification that can be earned in one exam without a great deal of experience, and it will serve to begin validating your specialty skills in a very valuable area – Linux.
Our other certification exam at step #3 is the CompTIA PenTest+. I like this exam for beginners because it is cost-effective, requires only one exam, and does not require documented field experience. The PenTest+ also helps you begin to specialize in a lucrative area – penetration testing. Even though it won’t get you a penetration testing job on its own, it is a good first step.
I recognize that there are other options at this level, such as the CEH (Certified Ethical Hacker), but this costs more than $400, which makes it a challenge for beginners and disqualifies it from our list.
Which exam or exams you choose to take at this step will really depend on your career goals and if your employer will pay for them. If you’ve worked through the three steps as outlined, you should have built up enough experience that working in the field should be a very real option for you, and you know enough about the field now that you can and should do your own due diligence on your certification path from this point on.
Step #4: Move into intermediate-level certifications
At this point, you should be well on your way, with several certifications to your name, and more importantly, the knowledge that goes with it. In step #4, it’s time for you to branch out into other intermediate level certifications, such as the Certified Ethical Hacker (CEH), the CompTIA CASP+, or the OSCP, for example.
Why So Many CompTIA Certifications on the List?
Yes, I know that there are a lot of CompTIA certifications on our list here, and that CompTIA certifications are hit or miss with higher level cybersecurity professionals (I cover whether CompTIA certifications are worth it here), but they are great certifications for beginners that are relatively easy to obtain, which will help you get your foot in the door. After you are in the cybersecurity field for a few years, you’ll know more about what you want to achomplish, and can make a more informed decision about which intermediate and advanced-level certifications you should earn.
Should I take the CompTIA A+?
The CompTIA A+ is still relevant, but takes two exams to complete and is aligned to computer technicians, so it matches to lower paid positions. I talk about the A+ in detail here. It also is not a needed prerequisite for higher level certifications, so it can be bypassed for most peopel that are pursuing a cybersecurity career.