The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, or Microsoft training courses free for a week.
Learn More ❯

CompTIA's Security Cert Ladder and the 'Future' of Cybersecurity

Tech industry association CompTIA has been building up its security certification portfolio for years. Now it has a new "ladder" to help aspiring cybersecurity professionals ascend.

I’m not 100 percent behind the premise that “The Future of Cybersecurity is Here,” but I do agree that CompTIA makes a pretty good case for a reasonably comprehensive cybersecurity certification ladder in the infographic I snipped to accompany this blog post:


CompTIA has a vision of the future of cybersecurity certification.

Source: CompTIA Image Library


I was at the Logical Operations conference in Baltimore last week (LO-CON17), where I appeared as an invited speaker on the subject of DoD 85700-recognized certifications. CompTIA was there, too, and I had a chance to chat with their representative, who reminded me about the Sept. 27 IT Career News blog post that featured this handy-dandy certification ladder.


And while we’re on the subject of the DoD Approved 8570 Baseline Certifications, it’s worth observing in this context that all of the items in the CompTIA ladder shown in the infographic, except for IT Fundamentals, appear in one or more of the cells in the table that recites all the approved certs by job role or designation.


Of the six certifications in the ladder, three have relatively little security focus and coverage — namely, IT Fundamentals, A+, and Network+.


That said, the level and amount of security coverage in each of those three increases step-wise, though it does not exceed 20 percent (18 percent, actually) even on the Network+ exam objectives. That changes dramatically for the next three rungs on this ladder, because Security+, CSA+, and CASP are all 100 percent focused on security topics, tools, and technologies, as well as the skills and knowledge that they demand.


Increasingly, CompTIA exams are heading toward performance-based testing, too, with even A+ and Network+ now including some performance-based questions, and the top three rungs of this cybersecurity ladder including substantial performance-based testing elements and coverage.


I see that as a very good thing, because cybersecurity professionals and the organizations that employ them are unanimous in agreeing that what certified cyber security professionals can DO with their skills and knowledge is the most important outcome from obtaining certification in the first place.