Should I Earn CySA+ or PenTest+ After Security+?

Earning a certification (or earning another certification) is a critical step in your professional career. It validates your skills, instills faith in employers, and deepens your knowledge of a specific area. With the vast number of IT certifications floating around, it can be hard to know which one is best for you and your career. 

If your wheelhouse is IT security, then your best bet is the CySA+, PenTest+, or the CISSP. Each of these certifications has its unique attributes, and one may be better for your situation than the other. Towards the end of the article, we'll share which is the most valuable. First, though, let's get a broad overview of each. 

What to Expect from CySA+, PenTest+, and CISSP

Each of these certifications is related to cybersecurity but focuses on different disciplines within the field. Let's review each one, starting with the CySA+ (Cyber Security Analyst +).

CompTIA CySA+

The CySA+ focuses on threat response, security log analysis, and data analysis to detect aberrations. CompTIA introduced the CySA+ in 2017 to bridge the gap between the Security+ and the CASP (CompTIA Advanced Security Practitioner). Its intermediate difficulty has made it a go-to certification for cybersecurity professionals. 

In other words, it's the Goldilocks of security certifications. Let's review some of the test's nuts and bolts. 

• 85 questions long

• Features multiple-choice, drag-and-drop, and hands-on simulations

• Costs a minimum of $404 (training can add to this cost) 

Getting certifications tends to attract employers, lead to raises, and spur promotions. So, don't let the price of any of these deter you. None of the prices are super high, and they pay back dividends in the long run.

The CySA+ covers the following four domains:

• Threat Management: 27%

• Vulnerability Management: 26%

• Cyber Incident Response: 23%

• Security Architecture and Toolset: 24%

As you can see, each domain has (roughly) equal importance. The CySA+ covers a huge variety of materials, from WireShark to patch configurations, OWASP, and more. While it is a lot of information, the CySA+ only requires a broad understanding of these subjects. You won't need an in-depth understanding of any one subject. 

CompTIA PenTest+

The PenTest+ is another invaluable exam provided by CompTIA. This exam focuses on pen testing security systems to detect possible vectors of attack. Passing the exam is roughly equal to three to four years of hands-on experience as a security consultant. You'll need to brush up on compliance requirements, writing effective reports, and using tools necessary for pen testing. 

Here are the basic logistics of the exam:

• 85 questions long

• Features multiple-choice and hands-on simulations 

• You'll have 165 minutes to take the exam

• Costs, at minimum, $404. 

The PenTest+ focuses on the following five domains:

• Planning and Scoping: 14%

• Information Gathering and Vulnerability Scanning: 22%

• Attacks and Exploits: 30%

• Reporting and Communication: 18%

• Tools and Code Analysis: 16%

Since Attacks and Exploits are the most weighted domain, it's beneficial to focus your time on that. Exploits such as password attacks, spoofing, and DNS cache poisoning are sure to be on the exam. Hackers have myriad tools at their disposal to compromise a system, so make sure you have a broad understanding of them all.

ISC2 CISSP

The ISC2 CISSP is the pinnacle of security certifications. It is no easy feat, but folks who have one are highly valued by their employers. The CISSP is for professionals who have at least five years of relevant security experience. The test is more expensive than the others, too. Let's take a look at the basics. 

• 100-150 questions long

• Takes 180 minutes

• Features multiple-choice questions

• Costs $749 

The CISSP covers a broad swath of security subjects, all aligned to these eight domains:

• Security and Risk Management: 16%

• Asset Security: 10%

• Security Architecture and Engineering: 13%

• Communication and Network Security: 13%

• Identity and Access Management (IAM): 13%

• Security Assessment and Testing: 12%

• Security Operations: 13%

• Software Development Security: 10%

Phew, that is a lot of topics! However, by the time you take the exam, you'll already have five years of experience. 

Which Job Roles Align with CySA+, PenTest+, and CISSP?

Each of these exams is for security professionals in general. However, each one is geared towards slightly different audiences. Let's break down each one and see who is the best fit to take each one.

CySA+ can help you land roles like: 

• Cybersecurity Analyst

• Security Operations Center (SOC) Analyst

• Threat Intelligence Analyst

• Incident Response

• Incident Handler

PenTest+ leads to roles like: 

• Penetration Tester (Ethical Hacker)

• Vulnerability Tester

• Security Consultant

• Offensive Security Specialist

CISSP holders land roles like: 

• Security Manager

• Chief Information Security Officer (CISO)

• Director of Security

• IT Director/Manager

One thing to note here is the CISSP is meant for those high up the corporate ladder. Entry-level security professionals should aim for either the CySA+ or the PenTest+. If you are going for the CySA+, you should tackle the Security+ first.

What Should You Expect When Preparing for CySA+, PenTest+, and CISSP Exams?

All three of these exams are challenging, and anyone taking them should study as much as possible. Let's review effective study material for each exam.

CySA+ Test Prep 

The CySA+ is an intermediate exam, so a couple of years of practical experience would be useful. However, experience alone will not win the day. You will also need to study for the exam itself, and the best way to do that is through this course. Additional study material can also be found on the CompTIA website.

PenTest+ Test Prep

Like the CySA+, the PenTest+ is an intermediate exam. It's no secret that ethical hacking is easily one of the most interesting disciplines in the world, so you should look forward to taking this test. 

Even better, prepping for it is a cinch when combined with this training course. 

The course is over 200 videos long and explains everything you need to know in one place. It takes out all the thinking about what to study. Instead, you can focus your valuable time on learning the skills needed to pass. 

CISSP Test Prep

The CISSP is the big Kahuna of these three tests. While all are difficult, the CISSP will want detailed information over eight domains. Like the previous two examples, there are plenty of resources out there to get you on the right track. 

The CISSP is an advanced cert and requires extensive studying. However, don't let that deter you. First off, plenty of professionals have passed it, so it's doable. Also, it's considered the gold standard of security certificates.

Which Certification is Most Valued in the Industry?

All three of these certificates are valuable. However, the CISSP is objectively the most valuable of the three. Let's go over a few reasons why:

• The CISSP covers a broad range of topics within information security. Its wide subject matter makes it relevant for various roles and industries.

• The requirement of at least five years of work experience in information security. The pre-requisite ensures that CISSP-certified professionals have practical, real-world experience.

• The CISSP is highly regarded internationally and can open doors in countries all over the globe.

With all that said, do not let that deter you from taking the PenTest+ or the CySA+. In fact, taking either of those exams is the best possible way to prepare for the CISSP. Also, if you have less than five years of experience, the PenTest+ and the CySA+ are the perfect certifications to study for.

Choosing the Right Security Certification for Your Career Ambitions

At the end of the day, it's all about what you want out of your career. If the goal is to become a certified ethical hacker, then the PenTest+ is the best way to go. The CySA+ is an intermediate security certification for jack-of-all-trades. Any security role can benefit from the CySA+.

If your ultimate goal is to become a senior security professional, then the CISSP should be the end goal.

Final Thoughts

The CySA+, PenTest+, and CISSP are all invaluable certifications. The CySA+ and PenTest+ are valuable in their own right, but they can also serve as stepping stones toward the CISSP. Each exam is pretty expensive but won't break the bank. Plus, getting certified usually pays back dividends in better job opportunities and raises. 

Think carefully about where you are in your career, and decide from there. When it comes down to which cert to get, there really is no wrong answer.

Want to learn more about becoming a Security Engineer? Consider this Security+ online training.