Where to Start: CompTIA CySA+ vs Security+

So, you're pursuing a career in cybersecurity, but you're not quite sure where to get started. You've probably already got the fundamental (and almost obligatory) CompTIA certs at this point such as the A+ and N+, but if you don't, that's not a deal-breaker. With that said, it never hurts to learn CompTIA material.

There are no prerequisites for either of these certifications but Network+ will be a big help in some sections of both exams especially as it relates to calculating subnets and converting binary into IP addresses. In fact, Network+ is featured prominently in most of this cybersecurity course list broken out by job title.

What are the key differences between the Sec+ and the CySA+ exams and certs? Do you need one to get the other? What are the benefits of each? We hope to answer these questions and explain in which setting each one might be more practical, or valuable.

Round 1: Industry Acceptance/Recognition

Both of these certifications are highly sought-after, and both of them are widely accepted and recognized around the world. On the one hand, the Sec+ offers DoD certification and is seen as an industry standard as far as starting points go. It touches on many different topics and goes into detail about some of the fundamental concepts behind cybersecurity best practices.

On the other hand, the CySA+ is seen as the next certification step for cybersecurity analysts who are looking to apply their skills in the field. It validates vital skills such as the network device log reading and analysis. These consultants learn how to find patterns and behaviors on the network, as well as other practical knowledge about threat hunting. Like the Sec+, the CySA+ also offers DoD certification.

Something to note about these two certifications is that holding one of the two is fine, depending on your situation. This is subjective, but definitely worth keeping in mind. It is quite common for a candidate to have the Sec+ certification without necessarily having their CySA+, especially if they are just starting out in cybersecurity.

However, you might get a few odd questions in an interview if you only hold the CySA+ and not the Sec+.This is because it shows a potential gap in a candidate's core theoretical security knowledge such as secure network architecture concepts, resiliency and automation strategies, and other vital basic concepts that aren't touched on too much in the CySA+.

The CySA+ is seen as an intermediate technical certification with a strong emphasis on practical applications, while the Sec+ is widely regarded as a fundamental, theoretical cert that covers a lot of basic information.

If you have a decent track record in cybersecurity already, a similar certification to the Sec+, or if you have work experience that shows your basic knowledge of the topics covered in the Security+, then holding just the CySA+ won't be an issue at all. However, if you are new to the world of cybersecurity then you should really have both certs to truly stand out.

Round 2: Domains of Knowledge and Learning Potential

Earning a certification is always a good idea, but which of these two would be the most beneficial? Again, it is not universally clear which employer values a particular certification, unless they explicitly state as much. This would be based on each organization's preferences, so there is no real answer.

What you can do to decide is to look at which certification teaches which skills, and where those skills can be applied. So how do each of the domains of knowledge and learning potential stack up against one another?

The Sec+ could be seen as being a mile wide and an inch deep, it teaches a little about a lot, and it is tied together in a way that teaches the importance of implementing security best practices. Fundamentally, this is the starting point for most cybersecurity professionals.

There are other entry level cybersecurity certs, but very few carry the recognition and practical knowledge that the Sec+ does. If there is a single cybersecurity cert that most people acquire first, it's the Sec+.

CySA+ teaches basic cyber security analyst skills, intrusion detection and incident response practices. These skills are not taught in the Sec+, so if you are looking to actually pursue a role that requires hands-on skills and knowledge then the CySA+ will be for you. Data analysis and interpretation also helps to teach valuable analytical skills that are valuable in the field.

How you decide which certification teaches the most relevant information for your career path will depend on what you are aiming for. If you already have a few years of cybersecurity experience under your belt but need to validate your hands-on skills, then the CySA+ could be a better choice for you. If you have no certifications in cybersecurity then the Sec+ should be your first port of call, followed by the CySA+.

Round 3: Hands-On Usefulness and Practical Applications

How much does each cert prepare you for on-the-job skills? This is one area where the CySA+ is a clear winner when compared to the Sec+. Sure, you learn about basic tools and command line actions that can help you to detect and test for malicious activity in the Sec+, but it is nowhere near the scale and depth of the CySA+

This means that the Sec+ doesn't teach very much in the practical sense. Apart from a few basic tools from the command line and basic network troubleshooting mentioned above, there isn't a whole lot going on in this area for the Sec+. What it does do very well is that it teaches the proper ways to implement certain security policies and procedures, which is good for compliance and best practice.

By now we know that the CySA+ is the more practical certification between the two. The only caveat is that the CySA+ assumes that you already have the required knowledge and understanding that the Sec+ offers. The CySA+ will teach you how to read firewall, router and network appliance logs, and it also teaches how to secure and protect an organization's systems and applications. This is practical information that you can use daily and puts the CySA+ ahead of the Sec+ in this arena.

Round 4: Do You Need Both? Which One Should You Get First?

By this point, there should be a few things that have become quite clear. No, you don't need to get both certs. You could make the argument that if you want to pass your Sec+, then you should earn Network+ first.

We say this because you should understand basic networking concepts such as IPv4 subnetting and the OSI Model before trying to protect such systems from malicious actors/malware. But you don't need to hold the Network+ if you already understand the basics required for earning your Sec+.

The fact is that the Sec+ is seen as the most commonly acquired certification for people wanting to get started in information security and cyber security. It offers a wide range of knowledge on basic security concepts and is seen as the best starting point.

If a person only has the CySA+ certification it does not necessarily mean that the candidate is at a disadvantage — mainly because the cert is an intermediate one, while the Sec+ is more of a beginner's certification.

The problem is that most employers will be looking for Sec+ certification and might wonder why a candidate decided to skip that certification and go straight to the CySA+. Especially if they don't have an equivalent certification or verified work experience in that field.

And the Winner is… It Depends

We were all hoping for an outright winner between Sec+ and the CySA+, but there is a more nuanced answer.

The best way to think about both of these certifications is as a complementary pair. The Sec+ offers all of the basic knowledge, skills and information that you need to get started in the field, and it shows that you understand basic frameworks and implementations of security procedures. It also gives your employer the assurance that you know about basic privacy concerns within an organization and that you know about core concepts such as encryption and data privacy.

The CySA+ is a logical progression from the Sec+ and the beginning of a candidate's journey in cybersecurity analysis. It shows that the holder of the cert is able to perform basic analysis of logs, activity on the network, and perform basic threat hunting. It also teaches foundational steps in threat response and shows that the candidate can work as part of a cybersecurity team.

Either of these certifications will help you to advance your career as a cybersecurity professional. The deciding factors that will help you to choose correctly will depend on a few factors, mainly your current certification status. This, along with your current work experience and your intended career path, will play a big role in helping you to decide which one is the best fit for you right now.