CompTIA PenTest+ or CompTIA CySA+: Which is the Best Qualification to Take?
With the rise of eCommerce, the increased use of cloud storage and the growth of social media, we are able to access more data than ever before. However, although the increase of information online has a lot of benefits, there are a lot of risks that we need to be aware of as well, both as consumers and businesses.
Cybercrime is on the rise, making it easier for criminals to exploit vulnerabilities in exchange for money or sensitive information. This can be done through denial of service attacks, phishing, exploit kits and ransomware.
The rise of cybercrime in the UK
Cybercrime is a lot more common than you may think. In fact, one in four UK businesses were targeted by cybercriminals in 2019.
Usually, these targeted attacks can be deflected without any issues. However if they aren’t, the consequences can be catastrophic. Cybercrime attacks not only cost businesses time and money to put things right, but can cause customers to lose trust, especially if sensitive data is lost or sold on the black market.
As an example, earlier this year a North-East council fell victim to a ransomware attack. All essential resident services went down, and systems had to be rebuilt, at the cost of £10.4m.
The private sector is not immune either, with Boots having to suspend Advantage card payments in March 2020 after hackers tried to compromise customer accounts.
Introducing CompTIA PenTest+ and CompTIA CySA+: Two qualifications to help improve your cybersecurity prospects
The increase in cybercrime has led to new job opportunities. Cybersecurity is a new industry sector in which trained professionals identify and repair system weaknesses before hackers can exploit them, or fix critical issues in order to minimise damage.
Cybersecurity is a career with guaranteed job security and only has scope to grow and evolve in the future. Salaries are excellent too, with Cyber Security Consultants earning on average £65k, based on the current roles advertised on Adzuna.
If you are interested in a career in cybersecurity, you may be wondering which qualifications will help you on your way and help enhance your career prospects.
If you already work in cybersecurity and are looking for a qualification that will showcase your skillset, two good qualifications to consider are CompTIA PenTest+ and CompTIA Cybersecurity Analyst (CySA+).
Here we will take a look at the differences between the two qualifications and which is the best one to sign up to, depending on your requirements.
How these qualifications differ:
The critical difference to these qualifications is that one is based on reactive measures, and one is based on proactive measures. CompTIA refers to these as ‘blue team skills’ and ‘red team skills’ respectively.
Let’s take a look at them both in more detail:
More information about CompTIA CySA+
CompTIA CySA+ is based on defending against attacks that come through, detecting incidents and knowing how to respond to them.
CySA+ will help you learn and refine the following skills:
- Threat detection techniques
- Analyse and interpret data
- Identify and address vulnerabilities
- How to suggest preventative measures
- Rrespond to and recover from incidents
Careers that this qualification will help you with include:
- Threat intelligence analyst
- Application security analyst
- Incident response handler
- Threat hunter
- Compliance analyst
More information about CompTIA PenTest+
CompTIA PenTest+ is based on protecting against attacks before they happen, through penetration testing (also known as ethical hacking) and assessing against vulnerabilities.
This qualification will help you learn and refine the following skills:
- How to plan and scope
- How to gather information and scan for vulnerabilities
- The ability to identify specific attacks
- Which penetration testing tools to use
- How to report testing and recommend strategies for discovered vulnerabilities
Careers that PenTest+ will help you with include:
- Penetration tester
- Vulnerability tester
- Security analyst
- Vulnerability assessment analyst
- Network security analyst
What these qualifications have in common:
Although these qualifications do have differences, they also have a lot in common. Similarities between the two include:
- They are both facilitated by the same association – the Computing Technology Industry Association (CompTIA)
- The qualifications are intended for intermediate level professionals. If you are new to the world of cybersecurity, then you may benefit from a more introductory qualification like Security+. CompTIA recommend that you have about 3 to 4 years of experience in the industry before taking these qualifications
- They are assessed through simulations and a multiple-choice exam. If you fail the exam, you can retake it after a set amount of time
- Both qualifications have been around for roughly the same amount of time, with CySA+ being about a year older than PenTest+
- CompTIA qualifications are vendor-neutral, which means you can implement what you learn across all platforms
- Both qualifications are valid for three years, and then you will need to be recertified
Which CompTIA qualification is right for me?
If you want to specialise in cybersecurity, we would recommend that you take both exams and achieve both qualifications.
Both qualifications complement each other and allow you to not only resolve any potential cybersecurity issues but fix any vulnerabilities in your system before cybercriminals can exploit them.
If you have CySA+ and PenTest+ on your CV, any future employees will be able to see that you are fully competent in defensive and offensive testing methods, making you a perfect, well-rounded candidate.
You can take both qualifications in any order, but if you want to focus on cybersecurity, we recommend that you start with CySA+. If you’re looking at a career as a penetration tester, you should begin with PenTest+. That way, you can use the skills and knowledge you already have learned across your career to your advantage.