Professional development

Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]

Jeff Peters
January 2, 2023 by
Jeff Peters

The worldwide cybersecurity workforce has a gap of 3.4 million people, according to the latest (ISC)² Cybersecurity Workforce Study. There's never been a better time to be a cybersecurity professional, but with so many potential career paths, what skills should you focus on learning?

That’s the question CompTIA’s Direct of Products Patrick Lane answered during our recent webinar, “CompTIA career paths: Which certification is right for you?

Watch On-Demand Webcast

“I’ve spent my career working with the industry to try to standardize workforce skills throughout the globe, and CompTIA is a big part of it,” said Patrick. “All of our certifications are built around job roles. They’re about addressing the knowledge, skills and abilities someone should have to be successful in their career.”

Security+: Break into cybersecurity

CompTIA is a non-profit, vendor-neutral certification body that helps IT and security professionals of all experience levels. They also have the world's most popular entry-level cybersecurity certification, Security+, which recently passed a half-million certification holders worldwide.

“Security+ is listed in 10% of all cybersecurity job ads in the United States,” Patrick said. “The core job roles it covers are system administrator, network administrator and security administrator. The most basic level of cybersecurity is making sure your network is secure, and that’s essentially what this teaches.”

Security+ Boot Camp

Once you’ve built a foundation of cybersecurity skills, you can move into many different potential career paths.

“Our research shows 80% of hiring managers, whether they're IT hiring managers or HR people who don't know anything about IT, are looking for certifications,” Patrick said. “If you get certifications you can get a better job, whether it be a promotion in your current job or an entirely new role, and even get a pay raise.”

During the webinar, Patrick focused on the three CompTIA certifications in the cybersecurity pathway: PenTest+, CySA+ and CASP+.

CySA+ vs. PenTest+: Blue team vs. red team

“Once you’ve gotten your Security+, the next logical step is to go into penetration testing and security analytics,” Patrick said. “These are considered red team and blue team skills.”

The Cybersecurity Analyst (CySA+) certification focuses on applying behavioral analytics to improve network threat visibility and keep networks and systems secure.

“This is the fastest growing cybersecurity job role in the United States,” Patrick said. “It’s about trying to find threats that are coming into your network. It’s about the blue team and defense. In many cases, you’ll use a security information and event management system, a tool used to try to find those anomalies.”

CySA+ Boot Camp

The PenTest+ certification is built around skills required to be proactive and test internal networks for vulnerabilities before the bad guys discover them.

“It’s a certification for intermediate-level cybersecurity pros who are tasked with hands-on penetration testing, also called ethical hacking. You’ll identify, exploit, report and manage vulnerabilities on a network,” Patrick said. “The goal is to attack the network and report weaknesses so those weaknesses can be fixed.”

PenTest+ Boot Camp

CASP+: The most advanced CompTIA certification

The CompTIA Advanced Security Practitioner (CASP+) certification is ideal for technical professionals who wish to remain immersed in technology throughout their careers — and is the most advanced certification available from CompTIA.

“There’s a position called cybersecurity architect, and they’re the ones who would be in charge of the design of the network,” Patrick said. “If you consider yourself an engineer, if you like risk management, this is probably the job for you — especially if you love the technical integration of enterprise security and research and development.” 

CASP+ Boot Camp

Still not sure which certification is for you? You can explore them all — plus hundreds more on-demand courses and hands-on labs — with a subscription to Infosec Skills. No matter what direction your career takes, there’s one trait that unites all cybersecurity professionals: the need to constantly learn and grow.

“If you're in cybersecurity, you’re going to have to learn for the rest of your life,” Patrick said. “So make it a point to be a career learner.”

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Jeff Peters
Jeff Peters

Jeff Peters is a communications professional with more than a decade of experience creating cybersecurity-related content. As the Director of Content and Brand Marketing at Infosec, he oversees the Infosec Resources website, the Cyber Work Podcast and Cyber Work Hacks series, and a variety of other content aimed at answering security awareness and technical cybersecurity training questions. His focus is on developing materials to help cybersecurity practitioners and leaders improve their skills, level up their careers and build stronger teams.