What are the finest cybersecurity credentials for people who are just starting out? The CompTIA Network+, CompTIA Security+, CompTIA CySA+, and Cisco CCNA certifications are the finest cybersecurity credentials for beginners for most entry-level people. However, listing a few entry-level cybersecurity credentials is only half of the storey. It doesn’t tell you how to get started, which one to take first, or how much time and money pursuing a certification requires. As a result, I believe the more pressing question is: which cybersecurity certification PATH is best for beginners?
The Best Cybersecurity Certification PATH for Beginners
There are a few aspects and criteria to consider when evaluating entry-level cybersecurity certificates and determining which ones are the greatest fit for a certification path. The finest cybersecurity credentials for beginners will demand two years of expertise or fewer, will cost less than $400, and will only require one test. They will also not impose any special training requirements ahead of time. Keep in mind that a lot of exams demand verifiable work experience in the cybersecurity sector or sponsorship from someone who is already working in the field, so they would not be considered entry-level. We also want to pick a path that takes the least amount of time and work because our objective is to get certified and hired as soon as possible. With these considerations in mind, here is my recommendation for the ideal cybersecurity certification path for newcomers:
Step 1: CompTIA Network+ and/or Security+
CompTIA’s Network+ and Security+ certifications are the first steps on our path to cybersecurity because they are well-known, require only one exam to earn, and do not require any prior experience to sit for. (Check out my article here for a comparison between Network+ and Security+.) You’re probably asking why I mentioned two certifications as a and/or in our initial step. Both the CompTIA Network+ and Security+ exams are included since they have a lot of subject in common, and studying for one helps you study for the other. If you must select between the two, go with Network+ first. The Network+ course covers basic computer networking concepts like routers, switches, and protocols, as well as network security topics like cyber-attacks and systems hardening concepts. Security+ not only covers fundamental security ideas like cyber-attacks and system hardening, but also network topics like routers and switches. Do you see what I’m saying? In our modern connected world, it’s difficult to talk about computer networks without also talking about security, so there’s a lot of overlap between the two exams now. In fact, security concepts account for 20% of the Network+ exam. So, what are your options? If you already know a lot about networking and are short on time, you could just take the CompTIA Security+ exam. That’s something I’ve seen a few of my students do. Security+, in my opinion, is a more regarded certification than Network+, and it is a legitimate security certification. Many employers will believe you have the networking basics down if you get the Security+ first. If you are absolutely new to the cybersecurity industry, starting with Network+ would be beneficial and time-efficient. It would also provide as a solid foundation for future certifications and career advancement. If you’re self-studying and not enrolled in a training programme, I recommend starting with Network+ to strengthen your foundational knowledge.
Step #2: Cisco CCNA and/or CompTIA CySA+
Again, two qualifications in one step? Absolutely. Keep in mind that cybersecurity is a broad industry with many diverse sectors and career paths. Plus, we want and need flexibility because some of us made various judgments in the first stage regarding whether or not to take the Network+ exam. Cisco CCNA stands for “Cisco Certified Network Associate” at the associate level. It is not security-related, but it has a lot of overlap with Network+, so if you want to work as a computer network administrator, network security analyst, or another computer networking-related job and have already studied and passed Network+, the Cisco CCNA is a good next step. Employers who don’t use Cisco products understand that your Cisco networking skills may be applied to their systems as well with the CCNA. Keep it in mind as we move on to the second stage. CompTIA’s CySA+ (Cybersecurity Analyst) certification is a newer certification that isn’t as well-known or recognised. However, it was created and is supported by CompTIA, a well-known certification developer with what is perhaps the best suite of entry-level IT certifications in the world. CompTIA places the CySA+ after the Security+ on its track and encourages even more experience and knowledge as a prerequisite, so if you did well on the Security+, have continued to improve your knowledge, and are growing increasingly passionate about cybersecurity, taking the CySA+ is an excellent idea. Threat and vulnerability management, as well as incident response-related topics, are covered in the CySA+. It’s a more difficult exam, so make sure you’re prepared and have a good understanding of the material.
Step #3: CompTIA Linux+ and/or CompTIA PenTest+
If you’ve made it this far, you presumably have a number of certifications under your belt and are qualified for an entry-level cybersecurity position. If you decide to continue your certification journey, one or both of the certificates specified in this phase should be considered. The most significant aspect of our third stage is to begin broadening our expertise into a speciality. The CompTIA Linux+ certification isn’t the most well-known or respected Linux certification, but it’s an excellent one that can be acquired in one exam without much experience and can help you start verifying your speciality abilities in a highly valuable area – Linux. The CompTIA PenTest+ is the third certification exam we’ll take. For beginners, I enjoy this exam because it is inexpensive, just requires one exam, and does not require proven field experience. In addition, the PenTest+ enables you to begin specialising in a lucrative field – penetration testing. It’s an excellent first step, even if it won’t earn you a penetration testing job on its own. Other choices at this level, like as the CEH (Certified Ethical Hacker), are available, but they cost more than $400, making them difficult for novices and removing them from our list. Which exam or exams you take at this point will be determined by your professional aspirations and whether or not your employer will pay for them. If you’ve followed the three steps above, you should have enough experience that working in the area is a very real possibility for you, and you know enough about the subject now that you can and should undertake your own research on your certification path from here on out.
Step #4: Move into intermediate-level certifications
You should be well on your way at this stage, with numerous certificates under your belt and, more importantly, the knowledge that comes with them. Step #4 is when you start looking into other intermediate-level certificates like the Certified Ethical Hacker (CEH), CompTIA CASP+, or OSCP, for example.
Why is there such a large number of CompTIA certifications on the list?
Yes, I realise there are a lot of CompTIA certifications on this list, and I understand that CompTIA certifications are hit or miss with higher-level cybersecurity professionals (I discuss whether CompTIA certifications are worth it here), but they are excellent certifications for beginners that are relatively easy to obtain and will help you get your foot in the door. After a few years in the cybersecurity sector, you’ll have a better idea of what you want to achieve and be able to make more educated decisions about which intermediate and advanced-level certifications to pursue.
Associated Issues
Is it a good idea for me to take the CompTIA A+ exam?
The CompTIA A+ is still useful, but it requires two examinations and is geared toward computer technicians, thus it corresponds to lower-paying jobs. I go over the A+ in great depth here. It’s also not a requirement for higher-level certificates, so most people interested in a career in cybersecurity can skip it.