| certifications | comptia - David Zomaya
Is the Security+ Worth It?
There is no shortage of options when it comes to IT certifications. This leads to a scenario where cert-seekers have to determine what paths are worth the time and dollar investment. When it comes to InfoSec, CompTIA's Security+ is a popular cert to validate baseline skills.
However, popularity does necessarily mean it's right for you. Determining if the Security+ is worth it for you requires an understanding of what the cert can offer given your circumstances.
There's a lot of demand for security professionals and it's only going to keep growing according to industry experts. Being a supplier of skills in such a market can be lucrative. Here, we'll explore the benefits of the Security+ to help you make an informed decision.
Security Professionals Are in Demand
In order to be valuable, a cert needs to validate in-demand skills. This is an area where Security+ has a lot going for it. The cybersecurity market is large and it's growing impressively. The market is expected to grow to 170 billion by 2022, achieving a 10% Compound Annual Growth Rate (CAGR) in the forecast period.
Further, employers are having a hard time filling many security roles. Earlier this year, a Jon Oltsik (principal analyst at Enterprise Strategy Group ESG) article discussed how the cybersecurity skills shortage is worsening.
The reason employers continue to value security pros is simple: attacks aren't stopping. Think about it from an employer perspective. Concerns range from hackers getting information to your data to government agencies in cyberwarfare battles. If you were in this position, you'd want security-savvy individuals on your team. Additionally, regulatory concerns like HIPAA and GDPR also create demand for security pros.
If you're interested in a career in security, this is good news. With so many changes in technology there's a constant need for people who can keep up with security concerns. This helps reassure Security+ cert-seekers that their time and dollar investment will likely be worth it.
CompTIA Provides Vendor-Neutral Certs
This point is a bit of a pro and a con at the same time. Entry-level pros need a baseline of skills. Specializing at that stage of your career doesn't make the most sense. As a result, with CompTIA being vendor neutral, it becomes a very natural place for people to begin. Gaining a breadth of skills provides a solid foundation that you can build on. It also helps decouple your opportunities from a single vendor remaining popular.
Another popular CompTIA cert helps drive this point home. Looking at their entry-level cert, CompTIA's A+ is often a requirement for entry-level helpdesk roles. Having this cert will give you the edge to be noticed by recruiters in these areas. Having foundational skills makes you attractive for entry-level positions.
Similarly, Security+ provides a way to validate your basic understanding of cybersecurity and best practices. This helps to open the door to entry-level security roles like junior IT auditor or security administrator. However, as you advance in your career, something like a Cisco security cert might hold more value. This is because specialization becomes more important as you advance your career. You won't be an expert in everything, but you can be an expert in a given domain.
The takeaway here is Security+ provides a solid foundation for a cybersecurity career. If you're looking to break into the security world, it can make a lot of sense. If you're doing CCNP-level work in an all Cisco environment (and aren't looking to leave, just advance), your time may be better invested elsewhere.
Security+ Required for Particular Jobs
One of the main questions you might have is whether a Security+ Cert is a requirement for jobs you might be looking for. One thing to remember is that there is a difference between a requirement and an advantage. As a whole, any current and up-to-date cert has value. However, not every job has a flat-out requirement to have a Security+ cert, unless you're taking a job with the federal government.
The Department of Defense Directive requires that any person employed (full or part-time) and has access to privileged information is required to get a cert accredited by the American National Standards Institute (ANSI). The CompTIA Security+ itself is also a requirement in some situations. If you ever plan to move into a government job you might want to get this out of the way. Otherwise you won't even make the cut — regardless of experience. In most cases, experience has a little more weight, this isn't one of those. You'll need to meet specific certification requirements.
If you're not looking at a government job this will probably not be a requirement. In the private sector, the Security+ is usually more of a resume booster than hard requirement.
Average Salary for Security+ Cert Holders
According to PayScale, the national average salary is about $50,000. Let's compare that to the average for those who hold a CompTIA Security+ cert. Those individuals bring in an average of about $73,000 a year. That's over $20,000 more on average. That sounds great, but these numbers paint with very broad strokes. People have a wide mix of backgrounds, certifications, and experience. If you can bring in $100,000 today, Security+ might not make sense if a salary increase is what you're after.
Additionally, just having Security+ doesn't automatically put you at $73,000. Even with a Security+ there is a very wide range. The salaries range from $46,000 to $116,000. This is because IT pros with a mix of experience, education, and roles hold the cert. A junior analyst on Day 1 will generally make a lot less than a senior manager, but both may hold the same certification.
Just getting a Security+ won't change your work history and automatically qualify you for any role. However, it does give you a better negotiating tool and make you more marketable. The takeaway here is to have reasonable expectations and contextualize what the Security+ means at this point in your career. For the right person, Security+ is a great IT security resume booster.
Security+ Exam Costs
While opportunity costs are likely more important, the dollar cost of the Security+ is worth considering as well. The cost of the Security+ exam (SY0-501) in the US today is $339. Of course you will also need to account for training resources as well. In many cases the cost of study materials outstrips exam costs.
Looking for Security+ training from a CompTIA-approved partner? Check out our CompTIA Security+ video-training course!
Certification Paths After Security+
Obviously, your career doesn't stop after you get the Security+. This begs the "what's next?" question if you're focused on growth. While part of the journey is gaining more experience, certification paths matter too.
If you stick with CompTIA, there is the CompTIA cybersecurity pathway. The CompTIA Cybersecurity Analyst (CySA+) would be the next step, followed by the CompTIA Advanced Security Practitioner (CASP+). The CASP+ is effectively CompTIA's expert-level security cert and their alternative to the CISSP (another worthwhile option for security pros later in their career).
Outside of CompTIA, after you land a role with the Security+, you can specialize based on your interests. If you start working a role in a Cisco environment you might want to shift focus to that. Working in the industry you will be better prepared to take the exams required for the Cisco CCNA or CCNP.
To truly evaluate the benefits of a Security+ certification, you need to understand the tradeoffs. If you study for the Security+, that's time you're not spending on an alternative certification. Knowing what those alternatives are help you make a more informed decision. Here are some of the more popular Security+ alternatives:
Microsoft MTA Security Fundamentals. This MTA certification is affordable at $127.00 for the exam. It is a decent resume booster but its depth and name recognition aren't on par with Security+.
ISACA CyberSecurity Fundamentals. The ISACA (formerly Information Systems Audit and Control Association) has been around since 1969 and serves over 180 countries. This cert is their entry-level cybersecurity offering. It costs $150 for members and $199 for non-members. It targets the same general audience as Security+, but does not currently have the same name recognition. For more on this cert check out their brochure.
GIAC Information Security Fundamentals (GISF). This is the entry-level security cert from the same people that brought you the GSE cert that topped our 8 Most Difficult IT Security Certifications list. The cert targets mostly the same audience as the Security+ and the GIAC has some name value for those in the know. IT is not cheap though. The registration fee is $1,899. However, if you work your way up the GIAC certification ladder, you may build a resume that is very marketable.
Final Thoughts: Making a Decision
We know these sort of articles usually end with an "it depends" sort of answer. That makes sense because it is true, but more concrete responses can be beneficial. So, with the disclaimer that it does depend and every situation is different, we'll make a few specific suggestions.
If any of these apply to you, then the Security+ is probably worth it:
- You're an entry-level IT pro looking to shift to a cybersecurity career.
- You work in IT and want foundational knowledge of the cybersecurity landscape.
- You want to do government or contract work that requires the Security+.
- You know you want to go into security, but don't know where to start.
If these apply to you, then you may be better off with a different cert:
- You're at a point in your career where a more specialized or advanced cert adds more value.
- You prefer to take a vendor-specific path that includes a baseline security certification.
In a nutshell, CompTIA Security+ will give you the foundational skills that you'll need in order to grow as a security professional. If you already have the baseline experience and knowledge, specialization might make more sense for you.