Tuesday, October 11, 2016| By Patrick Lane
With the upcoming release of the CompTIA Cybersecurity Analyst (CySA+) exam on February 15, 2017, CompTIA will enter uncharted territory. For the first time, a vendor-neutral CompTIA cybersecurity career pathway will exist for IT professionals to achieve cybersecurity mastery, from beginning to end.
CompTIA CySA+ fills the skills gap between CompTIA Security+ and the CompTIA Advanced Security Practitioner (CASP) exam. Until now, many CompTIA Security+ certified professionals waited until they gained at least 5 years of IT security experience before sitting for the CASP exam. Either that, or they branched into vendor-specific exams, such as VMWare, Cisco or Microsoft.
CompTIA Security+ certified professionals can take the next step by pursuing CySA+. It’s a new certification that assesses the skills needed to apply behavioral analytics to the IT security environment to improve the overall state of IT security. Tools, such as packet sniffers, Intrusion Detection Systems (IDS) and Security Information Event Managers (SIEM) are used in this job role. After the seminal Target attack of 2014, the IT security analyst or cybersecurity analyst job role has gained more importance. These skills are now essential for most organizations.
Why can IT pros take CySA+ after Security+? Because CompTIA Security+ mirrors 2 years of IT security experience and CySA+ mirrors 3-4 years. It is a logical progression. After CySA+, IT pros can pursue CASP to prove their mastery of hands-on cybersecurity skills required at the 5- to 10-year experience level.
But what if you don’t have the skills or experience to start with CompTIA Security+ or CySA+? You’ll need to start earlier on the pathway. CompTIA Network+ is an important recommended prerequisite to CompTIA Security+. In order to secure a network, you must understand how the network functions. Otherwise, you are learning security skills and applying them to a network you don’t understand. If you haven’t taken CompTIA Network+, we recommend that you earn it, or gain the equivalent knowledge of nine-months’ networking experience.
Before you take CompTIA Network+, you need an understanding of the most common hardware and software technologies used on the network. After all, how can you support a network if you don’t understand what is attached to it? CompTIA A+ certification, which mirrors the skills of an IT pro with six months of IT experience, assesses the skills necessary to support IT infrastructures, which includes device hardware, software, networks and security, from an entry-level IT pro perspective.
If you are a beginner and don’t have CompTIA A+ or six months of IT pro experience, you can pursue the CompTIA IT Fundamentals exam. It is the beginning of the career pathway. If you want a career in IT and you are new to the profession, then IT Fundamentals is the best place to start. It helps you learn more about the world of IT and provides a broad understanding of the IT profession.
Now that we’ve covered the certifications in the cybersecurity pathway, let’s explore some of the common questions surrounding it.
Where do I start?
IT pros can enter the pathway at any point, depending on their IT experience, existing certifications, or course of study. There are no required prerequisites for these CompTIA certifications. For example, if you have 2 years of IT security experience or equivalent knowledge, you can jump into the pathway at CompTIA Security+ to prove your knowledge. If you already have CompTIA Security+, you can jump in at CySA+, etc. See the Recommended CompTIA Cybersecurity Career Pathway graphic.
Do you need to take these certifications in order? Do you need to take all of them?
No. It is a recommended pathway. Some people may skip CySA+ and go directly to CASP If they aren’t looking for IT security analyst skills. It depends on your job needs or interests. Some people will take CompTIA Network+ before A+ because that’s the way their class schedule worked out. In general, the pathway follows a hierarchy of skills needed for IT security; each certification builds upon the skills from the previous one.
Can you take these exams without IT experience?
Yes, you can. Many academic institutions base their IT courses on CompTIA certifications, which are part of diplomas, associate, bachelor’s and even master’s degrees. CompTIA certifications mirror the current job roles of IT professionals, so it makes sense to earn these certifications to gain the knowledge and hands-on skills currently being used in the workforce, whether you have job experience or not.
Do these certifications replace on-the-job experience?
If you are an IT professional or an employer, you understand the value of on-the-job experience. IT certifications are a great place to start, but they are not a replacement. If you have CompTIA certifications and on-the-job experience, you have the best of both worlds.
In summary, the recommended CompTIA Cybersecurity Career Pathway offers guidance for IT pros, employers, trainers and students. You can start wherever it makes sense, depending on your personal background, job requirements, or course of study. The pathway is unique because it offers vendor-neutral skills for IT professionals to achieve cybersecurity mastery, from beginning to end.
Patrick has received IT certifications from CompTIA (Network+, Security+ and i-Net+), (ISC)2 Certified Information Systems Security Professional (CISSP), Microsoft (MCSE, MCP+I and MCT), and CIW (Internetworking Professional and Server Administrator). He has also received a master’s degree in education and a California State Multiple Subject Teaching Credential with a Cross-Cultural Language and Academic Development (CLAD) emphasis.