CompTIA is helpful
The CompTIA certifications cover networking, support, blue team, red team, and everything in between. They have cornered the market on entry-level certifications. On their website there are paths tailored for whichever specialization you are interested in. When I started my IT career, I knew I wanted to get into InfoSec. I began with the A+ and Sec+ certifications because I wanted to focus early on server side support to gain experience.
So where to start?
CompTIA has its core requirements listed on the website as IT fundamentals, A+, Net+, and Sec+. The IT fundamentals certification is for people without any background in IT, who want to show an interest. It wasn’t around when I started my career, and I am not certain of it’s value. I do not see it ever listed as a requirement even for internships, so in my opinion it is best to go straight to A+.
The CompTIA Network+ focuses on basic networking content. I do not feel this is worth it because if you want to get into a networking job, the requirements will list CCENT or CCNA. I never bothered with this cert personally, and haven’t suffered for it. If you have the cash and time, go for it, but I’d recommend skipping it and going for Sec+ or Cisco certifications.
I started out with taking a class that taught one test from the A+. I took that half and then took the 2nd test after another class. This certification is really the sing point for becoming an IT professional.
The exam covers basic troubleshooting skills like how to diagnose issues. You need to know basic customer service handling techniques. There is a technical component, you have to understand pc hardware, a slew of operating systems and how to figure out issues and configurations. Basic networking like knowing what tcp/ip is, and simple network setups are is also required. The cost of the test is 211 as of this writing. This is a cheaper, more affordable price point and meant to be available to new people.
I recommend to shoot for this as your first certification if you are trying to break into the IT field. I have seen it as a requirement for help desk, field services, desk side support and other entry level roles. It is a good target for those trying to switch careers or college students wanting to find a job when they graduate. It can be a stepping stone to other exams like Security+ or Cisco certifications.
I actually got my Security+ before any other certification. Due to the scheduling of the college I attended, I took a security class before I took my pc hardware class (the first test for A+). The professor told us that we could avoid writing a 10-page paper if we passed the Security+ exam. I being like most students did not enjoy writing papers, and so I passed the test.
The security plus exam costs 330 which is a little bit higher. It’s supposed to be a more difficult exam, held on a higher tier then the previous exams. In order to pass, you have to know the basics of identity management, cryptography and ow PKI works. You have to know a little more about networking. There are questions on installing and hardening software and appliances. Finally, you have to understand risk management, threats and vulnerabilities.
The Sec+ is what started my career off. I got my first help desk job because i had the A+ and Sec+ and got a few bucks an hour higher than people without these certifications. It is a minimum requirement for any security positions, and is required in many system or network administration jobs too. This certification is worth every penny. Personally, my career is on a plateau right now, and I don’t know if I should get a blue team or red team certification.
CompTIA Cybersecurity certs
CompTIA has 3 cybersecurity certifications, the CySA+ focuses on blue-team security. You need to know the basics of security appliances and architecture, how to respond to incidents and emergencies and manage vulnerabilities. The recommended job is a Security Operations Center analyst and that is a growing career field. Their Pentest+ is brand new and can’t be taken as of this writing. It focuses more on red team activities and careers. You’ll need to know hacker methodologies like reconnaissance, foot-printing, scanning, exploitation and reporting. Penetration testing is another growing field. Both of these exams cost 346 and are affordable. They are higher level certifications and they renew your other CompTIA certifications. Both of these are worth it if you want to get into either of those fields, but I would recommend against getting them both, or putting both on your resume.
CompTIA Advanced Security Practitioner
The ComPTIA advanced security practitioner is the most advanced certification they offer. It is often compared to the CISSP exam, but it is actually very different. While the CISSP is not a technical exam and focuses more on policy, procedure and management, the CASP focuses more on security architecture. I took the CASP before I got a security role, and it was overwhelming. You have to understand advanced concepts of security architecture, how a DMZ is setup and where each device belongs in a network diagram. I failed my first time because I had no experience in a operating center environment, and the test recommends 10 years of experience but you can take it anytime. At 436, it is more expensive and you should be fully prepared to take it if you try.
For technical roles like security analysts, the CySA+ should be fine. If you want to move into security engineering, then the CASP is for you.