Intro to CompTIA Security+ Certification
The industry-wide benchmark of cybersecurity certifications, the CompTIA Security+ certification, covers six core fundamental security areas, including:
- Threats, Attacks, and Vulnerabilities
- Technologies and Tools
- Architecture and Design
- Identity and Access Management
- Risk Management
- Cryptography and PKI
Created by the leading computing technology association in the world, CompTIA, and accredited by ANSI in compliance with the ISO 17024 Standard, the Security+ certification is vendor-neutral, allowing candidates to focus on general security aspects rather than company-specific approaches. Because the test is so comprehensive and “flying by the seat of one’s pants” is not advised, individuals seeking Security+ certification are encouraged to review various study guides and video training materials to prepare thoroughly.
What the Security+ Certification Means for Your Career
Taking and passing the Security+ test is no easy feat. As such, achieving Security+ certification elevates your value to current and future employers because it underscores your ability to:
- Explain the security functions of common network devices and technologies across any architecture you encounter, making you highly valuable to virtually any employer.
- Apply and implement secure network administration principles and procedures in nearly all environments you face.
- Implement and configure a wireless network in a safe and secure manner, including Internet-of-Things devices and networks, making you a vital player as the proliferation of devices continues to spread.
- Identify security threats and perform risk mitigation activities in an expeditious fashion, thus limiting the damages.
- Understand applicable policies, laws and regulations of IT security, whether dictated locally or globally, and thus reducing potential fines from compliance authorities.
- Explain the impacts and proper use of environmental controls.
- Understand and apply cryptography and Public Key Infrastructure.
- Explain the concepts of user authentication, authorization, and access control, helping raise the importance of security among fellow employees and making security a part of everyone’s job.
- Exemplify the concepts of data confidentiality, integrity, and availability.
- Identify and analyze common attacks, e.g., social engineering, malware, application & wireless attacks.
How Does Security+ Differ from Other Security Certifications
The Security+ certification is one of the top sought-after credentials for entry-level IT positions. Other certifications, which are generally more granular in nature, often lead to more specific security roles and positions. These other certifications include:
- CISSP – Certified Information Systems Security Professional.
- CISA – Certified Information Systems Auditor.
- CISM – Certified Information Security Manager.
- GIAC – GIAC Security Essentials Certification.
- CRISC – Certified in Risk and Information Systems Control.
- CEH – Certified Ethical Hacker.
- ECSA – EC-Council Certified Security Analyst.
- GPEN – GIAC Penetration Tester.
- SSCP – Systems Security Certified Practitioner.
Regardless of the certification you eventually hold, the U.S. Bureau of Labor Statistics indicates that certified security specialists can earn significantly higher annual salaries than those lacking credentials.
Job Prospects for Security+ Certified Professionals
The current job market for CompTIA Security+ certified professionals is growing. In fact, it’s hard to imagine another job sector with brighter prospects than cybersecurity professionals. Analysts predict that by the end of 2018, there will be up to two million unfilled cybersecurity jobs. Approximately six million cyber professionals will be needed with only four million available. By 2021, according to CyberSecurity Ventures, that gap will increase to 3.5 million unfilled positions. Obviously, this gap will create an increasing demand for qualified security professionals and push salaries up accordingly. CompTIA found that 62% of managers in the U.S. who were hiring for IT positions indicated that security skills are a “must have” to be considered for a position.
Jobs Most in Demand
Individuals considering a career in cybersecurity would be wise to consider the following in-demand roles:
- Security Analyst
- Security Engineer or Architect
- Security/IT Director or Manager
- CISO/CSO, Systems Administrator
- Network Architect or Engineer
- Forensics Investigator
- Systems Engineer or Integrator
Individuals seeking these positions should have a demonstrable record for:
- Incident handling and response
- Audit and compliance
- Firewall/IDS/IPS skills
- Intrusion detection
- Analytics and intelligence
- SIEM management
- Access/identity management
- Application security development
- Advanced malware prevention
- Cloud computing/virtualization
Entry Level Security Jobs
While there are no prerequisites for taking the Security+ exam, CompTIA recommends individuals have at least two years of experience in IT Administration, with a specific focus on security, before attempting to take the exam. For those with no experience, CompTIA recommends earning their A+ certification first, followed by the Network+ certification, with the Security+ exam rounding out the list.
The CompTIA Security+ certification will help you break into the industry, but for most, it will only be the first step. This certification will get you in the door at companies, but higher-paying jobs will only be available as you add to your resume with more advanced skills and work experience. Some common positions you can secure with this certification include:
- Enterprise Service Desk – In this role, you’ll work for a company’s helpdesk, most likely answering questions about applications, systems, subsystems, and hardware. Callers will have questions covering topics like configuration, operation, customization, installation, and how to properly use the product or software.
- Security Analyst – Working as a security analyst, you will install software on users’ computers, including firewalls. In addition, you will help plan and execute security measures to protect your employer’s computer networks and systems.
- Junior Network Administrator – At this job, you’ll work with users to make sure their computers are operating properly. This may mean reloading or rebuilding a system at times and upgrading computer systems.
- IT Support Technician – You could work for a number of different types of companies in this role. Working in-store for certain businesses or at corporate sites, you’ll be performing computer installations, repairs, upgrades, and more.
- Application Support Analyst – While you’ll need application-specific experience to secure this job, your Security+ certification will be crucial. You will provide end-user application support to customers over the phone, or through email, and be responsible for end users’ system requests by tracking, updating, and capturing them.
- Change and Configuration Agent – You’ll work on a team reviewing, categorizing, documenting, processing, and working with stakeholders to provide clarity to change requests made for the configuration of various items. You’ll also coordinate with the company’s testing and release management team to manage change requests throughout the entire lifecycle.
IT Support Representative – At work, you’ll be offering frontline support on a day-to-day basis for numerous computer users. This support will be related to the use of software and/or hardware. Your skills will be used to troubleshoot your customers’ issues with desktops, laptops, smartphones, and networks.
These are just a handful of examples of jobs you could pursue with a Security+ certification. As noted, with some of the job types above, you’ll most likely require some form of relevant experience as well. This may mean either with a certain type of software or customer service. Your Security+ certification may also need to be accompanied by other credentials like security clearances or other certifications. Obviously, the longer you work in the industry, the better your prospects will be and the more likely you will slide into a full-time security role.
Need to take CompTIA IT Fundamentals+ before going for the CompTIA Security+ certification? Earn it free with ITProTV, home of binge-worthy learning. For a limited time, ITProTV is offering the full, 19-hour CompTIA IT Fundamentals+ video course for free. Check it out.
What are the Expected Salaries of Security Professionals
For accomplished cybersecurity professionals, as you can see from the schedule below, their salaries are nothing to sneeze at, even for those only in the first quartile of the salary curve.
Median Salaries for Cybersecurity Professionals
Information Security Analyst – $72,143
Cyber Security Analyst – $75,631
Security Engineer – $91,022
Information Security Manager – $116,157
Information Security Engineer – $97,387
And to reiterate based on the current cybersecurity talent gap, the salary trend for these positions is decidedly positive and shows no signs of slowing.
Cities Where New Hires are Most in Demand
While cybersecurity professionals are in demand across the globe, there are a number of “hot spot” cities where demand is greatest. Here are the top cities to work in security at the moment:
- Washington, DC
- New York, NY
- Dallas, TX
- Baltimore, MD
- Chicago, IL
- Atlanta, GA
- Boston, MA
- San Francisco, CA
- Los Angeles, CA
- San Jose, CA
To say the prospects for qualified, certified, and trained cybersecurity professionals are bright would be an understatement of substantial proportions. Not only is the work exciting and challenging, but it’s also highly lucrative for those who achieve even moderate success in the field. With the shifting landscapes caused by the Internet of Things, cybersecurity is certainly a career path wide open for the taking.