Is Security+ Right for Beginners?

The CompTIA Security+ certification often gets labeled as "entry-level," but this can be misleading. While it serves as a starting point for cybersecurity careers, it's not designed for people who are new to the IT field entirely. CompTIA themselves recommend you hold the CompTIA Network+ and two years of experience working in a security/ systems administrator job role prior to taking the Security+ exam. In addition to that, before the Network+ they also recommend you hold the CompTIA A+ certification and a minimum of 9-12 months of hands-on experience working in a junior network administrator/network support technician job role. It is important to note that these are recommendations, not hard requirements. Anyone can go take the Security+ without needing to prove they have prior experience or the A+ and Net+.

Why does it matter?

The reason these recommendations are so important, is because CompTIA designs the Security+ exam on the assumption you do have prior certifications, several years of industry experience, and most importantly that you already have a solid foundation of knowledge on the IT industry. If you were to jump straight in and take the Security+ first, you would be lacking this prerequisite knowledge. This foundation matters because Security+ builds upon essential computer and networking concepts. Without these basics, you might find yourself lost in unfamiliar territory.

Entry-level for IT vs. Entry-level for Cybersecurity

Let's ignore CompTIA's recommendations for a moment and put ourselves in the position of an IT Director or IT Manager hiring someone for their Cybersecurity Team. They need someone who can defend against common attacks, and secure operating systems, hardware and networks. You are going to want someone who understands how those things work, because if they do not understand them how can they ensure they are secure? That is why we do not recommend starting with the Security+, even if your goal is to have a career in Cybersecurity. Instead, you should start entry-level positions for the IT world in general and move into security after a few years of experience. In CompTIA-land, that means doing the A+ and Network+ certs first but that isn't a hard requirement (but it is going to make landing an entry-level job much easier).

Understanding the Certification Path

If you do choose to get certifications to boost your resume in the space, here is CompTIA's recommendations for prerequisites to the cybersecurity space:

1. Optional: CompTIA ITF+ (now called Tech+). Most people skip this one.
2. CompTIA A+ - Learn the basics of computer hardware, networking, software, etc.
3. CompTIA Network+ - Gain a more in-depth knowledge of computer networking and how to build and maintain computer networks

Once you have these certs, or similar experience in the industry you can jump into the Cybersecurity space. CompTIA offers several security certifications in a clear progression:

1. Security+ - Foundation-level security certification
2. CySA+ - Mid-level focusing on security analytics
3. SecurityX - Expert-level security certification (formerly called CASP+)

Another common cert is the PenTest+, which focuses on the specifics of Penetration Testing. In terms of experience requirements, it is on par with the CySA+.

Wrapping Up

While Security+ sits at the entry point of cybersecurity, don't be fooled - it demands serious study and dedication. You will be expected to have a existing foundation in many IT topics in the software, hardware and networking spaces. If you don't have that knowledge yet, you should start with the A+ and Network+ and build your way up to the Security+ where you will kick off your cybersecurity career.