Hello, and welcome to another episode of the Cyber Security For All podcast. A podcast all about cybersecurity from Apetech. I’m your host, Alex and today we are going to be taking a deeper look into CompTIA certifications. CompTIA offers a lot of different certifications and if you are new to the cybersecurity space, a CompTIA certification is probably the best way to go. If you listened to one of my last two episodes, then you know that I took a deeper dive into the “core” and “infrastructure” certs that are offered by CompTIA. In this episode we are going to be looking at the Cybersecurity certs. There are a lot of pros and cons and I want to talk about those in this episode. I have personally never held any of the cybersecurity certs, but all of the certs in this category look amazing. Let’s take a deeper look.
In the last episode, we explored the infrastructure certifications that CompTIA offers. These are great starter cert for those looking to start a career in IT, but in today’s episode, we are going to explore some slightly more advanced and slightly more specialized certs. If you’ve been in IT for a while, or maybe you want to increase your IT chops, these three certs that we’ll be talking about are perfect for you. I’ve been in IT for almost 11 years now and just based on the titles of these certs, I can tell that they are valuable. The certs in the cybersecurity category are: CySA+, CASP+, and PenTest+. Each of these topics are very much in demand within the world of cybersecurity/IT and if you’ve been wanting to jump into any of these categories, these are the perfect certifications for you to get.
Let’s start with the first cert which is the Cybersecurity Analyst (CySA+) cert. When I was getting my Security+ cert, this specific certification didn’t exist yet. This is the first certification that I see from CompTia that goes beyond just having to answer questions to receive the certification. For this exam, you actually have to answer performance based questions along with the traditional multiple choice questions. The topics covered in this exam are a little more advanced than the previous certifications we have discussed on this podcast so far. I would consider this exam to be a mid range exam, where you need to have a solid foundation in not only IT, but also Cybersecurity. The concepts covered under this exam go beyond just knowing facts and data. To do well on this exam, you need to really understand threat management, software and systems security, compliance, security monitoring, and incident response. The exam requires you to be able to analyze data and then make a strategic decision. It requires that you really know the fundamentals so that you do not second guess yourself when an attack happens. I really do see this exam as being that exam that separates those that want to get into cybersecurity because it’s fun versus those that want to get into cybersecurity to help beat the bad guys. This is exam is harder, but if you study and really engrain yourself into the world of cybersecurity, you should be fine. Exam is 380, 85 questions and you have 165 minutes to complete. On to the next cert!
The next certification is the PenTest+ cert. I’m really excited about this one because when people think cybersecurity, they think hacking. When you think hacking, penetration testing gets all the glory. This certification claims to cover all aspects of PenTesting. Most people usually just think that PenTesting is about hacking a system, but there is actually a lot that goes into planning and executing a successful hack. This certification will prepare you and walk you through all the different phases of conducting a successful penetration test. What I like about this exam, it prepares you to be able to handle pen testing in the cloud, hybrid environments, web applications, IoT devices, and also the more traditional on-premises environments. Like the CySA+ that we just discussed, the folks trying to earn this certification should have a very strong foundation in both IT and cybersecurity. I would say that this exam is probably going to be the most technically challenging when compared to the other two exams in this category. With that said however, there is a lot of what I’ll call grunt work when it comes to planning and executing a successful pentest. So, for those of you thinking that having this cert is going to be all about hacking, I think you are going to be in for a reality check. Half the battle in hacking is the planning and preparation to conduct an attack. Exam is 370 USD, 85 questions and you have 165 minutes to complete it. Let’s talk about the last cert in this cybersecurity category.
The last certification is the Advanced Security Practitioner (CASP+) cert. I’ve never really heard of this exam prior to conducting the research for this episode. The exam is geared towards security architects and senior security engineers so that basically means that this can be considered an advanced certification. From my research, this exam is for what I’ll consider the “boring” part of cybersecurity. This is perfect for those having to do all the paperwork related tasking that is involved in cybersecurity. This certification will cover topics such as security architecture, security operations, governance, risk, and compliance and also security engineering/cryptography. If you are a seasoned IT and cybersecurity professional, this exam will probably help booster you career into management or a lead position. I personally wouldn’t recommend this exam for folks that are wanting to advance their cybersecurity technical skills. This certification is really aimed at those IT professionals that want to advance their careers at the expense of potentially not doing as many technical things in their day to day work. The exam is a lot more pricey as well. It comes in at 466 USD, it’s 90 questions long, and you have the same 165 minutes to complete it. I have a feeling that the people taking this exam will probably have the fee and training covered by their company.
There you have it, your overview of the CompTia’s cybersecurity certifications. There are many 3 exams to cover, so make sure you are subscribed to this podcast so you do not miss out on those final details. This is the third episode and just a reminder, if you haven’t listened to my previous two episodes, you’ll want to listen to those as I covered the first two sets of certifications offered by CompTIA. Do you currently have any of these certifications? I personally had the security+ certification but I let it expire because I didn’t have any need for it in my current line of work. Are you planning on getting any of these certifications? I’d love to hear from you and if there is anything I can do to help you prepare for the exams, please let me know. If you look on Amazon, you will find books for each of the exams that will help you prepare. If you are not sure if a certification is right for you, please feel free to reach out. I’d be more than happy to discuss with you and determine what is best for you based on your specific needs.