The CompTIA Cybersecurity Career Pathway
IT Fundamentals > A+ > Network+ > Security+ > CySA+ or PenTest+ > CASP
With the increase in cyberattacks and the number of new connected devices, the need for skilled cybersecurity professionals is growing at a rapid pace. In fact, the U.S. Bureau of Labor Statistics predicts that the number of information security jobs will increase 18 percent from 2014 to 2024, making it one of the fastest-growing fields. Employers, from government to Fortune 500 companies, value CompTIA as an authority in cybersecurity certifications.
How to Get into Cybersecurity
The CompTIA Cybersecurity Career Pathway helps IT pros achieve cybersecurity mastery, from beginning to end. The centerpiece is the CompTIA Security+ certification. It establishes the core knowledge required of any cybersecurity role and provides a springboard to intermediate-level cybersecurity jobs.
CompTIA just released a new updated CompTIA Security+ (exam code SY0-501). The new version continues to validate the foundational skills necessary to perform core cybersecurity functions. With performance-based questions, it emphasizes the hands-on practical skills used by junior IT auditor/penetration testers, systems administrators, network administrators and security administrators.
After earning CompTIA Security+, cybersecurity professionals can take the next step by pursuing CompTIA Cybersecurity Analyst (CySA+). It assesses the skills needed to apply behavioral analytics to networks to improve the overall state of IT security. The certification covers tools such as packet sniffers, intrusion detection systems (IDS) and security information and event management (SIEM) systems. After the seminal Target attack of 2014, the security analyst job role has gained more importance, making these skills essential for most organizations.
The progression from CompTIA Security+ to CompTIA CySA+ is logical because Security+ assesses the knowledge, skills and abilities (KSAs) an IT professional demonstrates after two years of cybersecurity field work, and CSA+ assesses three to four years of cybersecurity field work.
An alternative or additional certification is the newly released PenTest+ PT0-001 exam. It assesses the skills needed to do Cybersecurity Penetration testing. Show you can Hack systems and propose fixes to close the door.
After CompTIA CySA+, IT pros can pursue CompTIA Advanced Security Practitioner (CASP) to prove their mastery of cybersecurity skills required at the 5- to 10-year experience level. CASP is the pinnacle of cybersecurity certifications and includes performance-based questions. It is intended for those who wish to remain immersed in hands-on enterprise security, incident response and architecture, for example, as opposed to management of cybersecurity policy and frameworks.
The Building Blocks of Cybersecurity
But how do you get into cybersecurity with no experience? If you aren’t quite ready to start with CompTIA Security+, then you’ll need to start earlier on the pathway.
If you are new to IT, start with CompTIA IT Fundamentals. It provides a broad understanding of the IT profession. It helps answer the question, Would I enjoy a career in IT?
If you already know that IT is right for you, begin with CompTIA A+. It validates understanding of the most common hardware devices and software technologies in business and certifies the skills necessary to support complex IT infrastructures. Consider the large number of devices connected to networks that must be supported by IT help desks, including smart phones, internet of things (IoT) devices and laptops.
That fact makes CompTIA Network+ the next logical step. It validates the essential knowledge and skills needed to design, configure, manage and troubleshoot wired and wireless networks. To best support devices that exchange information on your network, you must understand how the network functions.
The progression is logical because CompTIA A+ assesses the KSAs that an IT professional demonstrates after six months of field work, and CompTIA Network+ assesses nine months of field work.
CompTIA Network+ is also an important recommended prerequisite to CompTIA Security+. Before you can secure a network, you must understand how it functions. In other words, you shouldn’t skip algebra to start with calculus. Otherwise, you are learning security skills and applying them to a network you don’t understand.
Total Seminars has video courses, lab simulations and practice tests to prepare you for each of the Cyber Security Pathway certifications. Click here to get CompTIA Discount Exam Vouchers.
Now that we’ve covered the certifications in the cybersecurity pathway, let’s explore some of the common questions surrounding it.
Questions About the CompTIA Cybersecurity Career Pathway
Where should I start on the CompTIA Cybersecurity Career Pathway?
The pathway is intended to help people get into the field of cybersecurity. IT pros can enter at any point, depending on their IT experience, existing certifications or course of study. There are no required prerequisites for these CompTIA certifications. For example, if you have two years of IT security experience or equivalent knowledge, you can jump into the pathway at CompTIA Security+ to prove your knowledge. If you already have CompTIA Security+, you can jump in at CompTIA CSA+, etc. See the CompTIA Cybersecurity Career Pathway graphic to find your place on the pathway.
Do I need to take these certifications in order? Do I need to take all of them?
No. This is a recommended pathway, but it’s not a requirement. Some people may skip CompTIA CSA+ and go directly to CASP if they aren’t looking for IT security analyst skills. It depends on your job needs or interests. Some people will take CompTIA Network+ before CompTIA A+ because thats the way their class schedule worked out. In general, the pathway follows a hierarchy of skills needed for IT security; each certification builds upon the skills from the previous one.
Can I take these exams with no IT or cybersecurity experience?
Yes, you can. Many academic institutions base their IT courses on CompTIA certifications, which are part of diplomas, associate, bachelors and even masters degrees. CompTIA certifications mirror the current job roles of IT professionals, so it makes sense to earn these certifications to gain the knowledge and hands-on skills currently being used in the workforce, whether you have job experience or not.
Do these certifications replace on-the-job experience?
If you are an IT professional or an employer, you understand the value of on-the-job experience. IT certifications are a great place to start, but they do not replace hands-on experience. If you have CompTIA certifications and on-the-job experience, you have the best of both worlds. In summary, the recommended CompTIA Cybersecurity Career Pathway offers guidance for IT pros, employers, instructors and students. You can start wherever it makes sense, depending on your personal background, job requirements or course of study. The pathway is unique because it offers vendor-neutral skills for IT professionals to achieve cybersecurity mastery, from beginning to end.
Testing Strategies for CompTIA Exams
CompTIA includes performance-based questions on their exams to make them more practical and keep up with trends in certification testing. Knowing what to expect and how to approach these question types is key to your success in passing the exams. First, let me fill you in on some facts about the exams.
Exam facts:
There are several different types of questions that may be included in your CompTIA exam:
- Multiple choice – the standard question, pick the right answer
- Multiple response – question, pick all that apply with more than one correct answer
- Fill in the blank – question, fill in the answer to the question
- Drag and drop – image or question where you drag answers to match the image or text
- Exhibits – answer questions relating to an attached picture or diagram (variation to Multiple choice)
- Performance-based – detailed question, open dialog boxes or other configuration windows and configure as needed.
CompTIA is adding more of the newer Drag and drop and Performance-based questions to their exam pool. You may get as few as 2-3 or as many as 10-12 of these newer type questions depending on which exam you are taking. The more of these new type questions you get the fewer of the traditional multiple choice, multiple response or exhibit type questions you will have, depending on the difficulty of the performance-based questions you get.
How new question types are graded:
Two important pieces of information about the new drag and drop and performance-based questions that you need to know:
- Partial Credit; Scoring credit may be offered if a candidate answers only part of a question correctly.
- No Negative Credit; CompTIA does not employ negative scoring on exam questions. In other words, scoring credit is not taken away for incorrect answers. A candidate should answer every exam question, even on the ones where they are not sure of the answer.
Testing Strategies:
The new question types like drag and drop and performance-based questions will be presented at the beginning of the exams. These questions can be more complex and take longer to answer than traditional multiple choice questions. DON’T GET BOGGED DOWN WITH THE PERFORMANCE-BASED QUESTIONS. You can skip questions and come back and answer them at the end. Here are some strategies to use when taking the exams:
- Skip the Performance-based questions and come back at the end to answer them so you don’t get bogged down and run out of time.
- Count the performance-based questions as you skip them so you know how many you have to do when you come back to them at the end.
- Read over all the performance-based questions and answer the ones you are most comfortable with first. Leave the ones you are less confident about until last.
- If you are not sure about some of the steps in the performance-based or drag and drop questions, give it your best guess. You may receive partial credit. Since CompTIA does not employ negative scoring a wrong answer does not hurt you any more than an unanswered question. Make your best guess, it can’t hurt you.
CompTIA provides information that may be helpful in preparing for the exams at the following links:
- CompTIA Exam Taking Tips: http://certification.comptia.org/testing/about-testing
- Performance Based Questions (PBQs) – http://certification.comptia.org/testing/about-testing/performance-based-questions-explained
Save on your CompTIA exams by purchasing Discount Vouchers from our web site.
Total Seminars’ TotalSims and TotalTester products will help you prepare for your CompTIA exams and make sure you are ready to pass. TotalSims help you prepare for the performance-based questions and let you do hands-on exercises to reinforce the concepts you learn while studying for the exams. Total Tester provides hundreds (A+ and Net+ have over 1000) of questions to create practice exams. You can create custom exams that focus only on objectives or chapter content you are having trouble with.
More Certifications = More $$
IT Certifications have value both in the knowledge you learn and the credential you can show employers. Studying for a certification alone adds a whole new skill set to your tool box. Learning these new skills keeps you sharp and drives interest in “what’s next”. This attitude is necessary in a field that requires lifelong learning. The IT field is rapidly changing and you must keep up by continuing to study and learn. Certifications are the way you show others that you are leaning.
Turning that learning into Certifications is how you show employers that you are constantly growing and gives a method to verify your current level of knowledge. The proof is in the paycheck and the opportunities those additional skills provide.
The data from the Certification Magazine Salary Survey for 2015 shows the value of IT Certification. More importantly it shows the value of continuing to learn and add additional certifications to your resume.
The most common foundational certification is CompTIA’s A+ Certification. Most techs begin with A+ then advance to Network+ and Security+ certification. The salary survey shows how quickly the addition of more certifications leads to rapid jumps in salary. More Certifications = More $$:
- A+ Certification with no other certifications = $47,500 / year
- A+ Certification with 1 or 2 other active certs. = $84,250 / year
- A+ Certification with 3 or 4 other active certs. = $92,080 / year
- A+ Certification with 5 or 6 other active certs. = $97,310 / year
- A+ Certification with 7 or 8 other active certs. = $105,150 / year
The knowledge you gain builds one certification upon another. More importantly your income potential grows right along with it. If you stop at A+ your earning potential is likely to be somewhat limited. Adding even 1 or 2 additional certifications (such as Network+ and Security+) rapidly opens a whole new world of opportunity to grow your career and your earnings.
Total Seminars has resources to help you study for your CompTIA Certifications
Practice Tests: TotalTester has hundreds of questions in a pool that allows you to create custom exams by exam domain or by chapter. Take exams in Practice mode with assistance (hints and explanations) or in Final mode to see if you are ready for the real exams. Complete explanations for each question.
Lab Simulations: TotalSims for A+ and Network+ have hundreds of online labs. Prepare for CompTIA’s performance-based questions and learn more about technical concepts covered on the exams.
Discount Exam Vouchers: Purchase a CompTIA voucher and save on the cost of your exams.
Wireshark As a Tool to Introductory Networking
Wireshark As a Tool to Introductory Networking
I’ve been using Wireshark, or it’s precursor Ethereal, since the late 90s. For those of you who don’t know this amazing tool, Wireshark is a free, well-known, powerful, open source protocol analyzer. Wireshark, along with its built-in capture tools, gives network support people an amazing set of tools to see almost anything you need on the packet/frame level of your networks.
Wireshark is truly one of those “mere moments to understand, a lifetime to truly conquer” type of tools because of the sheer amount of information it provides. You use a capture tool (Wireshark includes two different ones) to grab a bunch of packets, then see those captured frames in the primary interface. This three-part interface is simple: The top part contains your captured frames, each row represents an individual frame. The middle has expandable details of whatever frame you’ve selected from the top area. The bottom third displays the same selected frame in raw (hexadecimal) format.
Using all the features of Wireshark is wildly complex and powerful but I love to use this basic interface as a tool to expose brand-new networking students – and I mean DAY ONE learners – to several fundamental networking concepts. Let’s see what Wireshark does for me instructionally.
Note: I’m not saying that I sit down with students on day 1 in front of a Wireshark screen without anything else. I’m a huge believer in giving students motivation via lecture, toy blocks (just like the ones I use in videos), hats, and plenty of jokes to bind individual concepts. Wireshark comes in after plenty of concept instruction.
Total Seminars has resources to help you study for your CompTIA Certifications
Practice Tests: TotalTester has hundreds of questions in a pool that allows you to create custom exams by exam domain or by chapter. Take exams in Practice mode with assistance (hints and explanations) or in Final mode to see if you are ready for the real exams. Complete explanations for each question.
Lab Simulations: TotalSims for A+ and Network+ have hundreds of online labs. Prepare for CompTIA’s performance-based questions and learn more about technical concepts covered on the exams.
Discount Exam Vouchers: Purchase a CompTIA voucher and save on the cost of your exams.
OSI
I like teaching the OSI model as it gives learners an organization to separate network features, especially layers 1, 2, and 3. Wireshark makes this downright fun by pre-organizing each of these layers in the second field. Note in the following figure how layer 2 MAC addresses and Layer 3 IP addresses show up so clearly. The top line, “Frame 4498” is Wireshark’s method for keeping all the frames in order.
If you’re a brave instructor, go ahead and show the port numbers as well. I love to use the line “IP gets you to the right computer, but ports get you to the right application.” This is also a SCREAMING opportunity to pull out those toy blocks and start talking about Protocol Data Units (PDUs). I’ll go ahead and start defining Ethernet frames, IP packets, TCP datagrams, etc. – and why not? They are literally LOOKING AT PDUs as you speak so why not define them?
Did I mention this is DAY ONE instruction? Heck, this is the morning of Day One!
Packetized Data
At this point, you’ve got the learners eating out of your hands with PDUs. Let’s go ahead and make sure they understand the idea of packetized data and the need for a stream of packets to send one piece of data. My favorite lab is to have them run a capture of a HTTP page (not HTTPS!) and run the “Follow TCP stream” feature to see the raw output. Then close the stream and show them the filter Wireshark adds to filter out all the other frames.
Encrypted/Unencrypted Data
I spend hours of course time on encryption but now that you just showed them unencrypted data why not just grab a quick HTTPS page and make a helluva teaser for those later lessons? Don’t linger on this as it’s just a teaser.
Switch Functions
I know. I’m old. I still lecture on hub vs. bridge vs. switch. Learners often have a problem with the idea of switches without a demonstration. Just plug into a switch and run Wireshark. Let the student look at the destination and source IP addresses – it’s only unicast and broadcast (you might want to avoid multicast this early but I’m still on the fence about that).
This might even be chance to add a column for destination MAC address and a filter for MAC address = FF.FF.FF.FF.FF.FF. These are easy to do in Wireshark.
Protocols
OK, I don’t do this on day one, but with a good intro to Wireshark early in the course I can turn back to it over and over. I love to show protocols at work using Wireshark. One of my favorites is DHCP. Here’s a screen of a four-step DHCP process. Quiz: Why does DHCP take four steps? Couldn’t it work in just two or maybe three? I’ll answer this in a few days.
These are just some ideas that you’ll want to consider next time you’re teaching an introductory networking course. I think Wireshark is an amazing tool with a simple, intuitive interface that wonderfully reinforces so many fundamental networking concepts. Give it a try!
9 Skills to Master for the New CompTIA A+ Exams
9 Skills to Master for the New CompTIA A+ Exams
What’s new in the CompTIA A+ exams and what skills will you and your IT team need to master? First launched in 1993, the CompTIA A+ certification is considered the foundation for IT careers. It’s ideal for system administrators and IT specialists of all levels since it casts such a wide net across IT topics and is vendor-neutral, unlike AWS or Microsoft Azure certifications.
As of July 31, 2019, the 220-901 and 220-902 exams for the A+ certification were officially retired for the English version of the exams. The translation versions (non English) will be retired October 1, 2019. Changes are made to these exams about every three years to align with the evolution of IT trends and services. The new A+ Core Series replaces the 901 and 902 exams. The A+ Core Series is made up of the Core 1: 220-1001 exam and the Core 2: 220-1002 exam, both of which must be passed to receive the A+ certification.
What is CompTIA?
The Computing Technology Industry Association (CompTIA), a non-profit trade association for IT professionals, is best known for providing vendor-neutral training and certifications for the IT industry. The association counts 200+ IT vendors as members including AT&T, Intel, and Cisco; over 9,000 IT professionals, educators, and students in the US are CompTIA members.
The CompTIA A+ certification is an important credential for those in the IT industry and has seen major changes this year, which I’ll explore in detail here.
What’s new in the CompTIA A+ certification exam?
The new CompTIA A+ exam requires IT specialists to exhibit more knowledge on networking, cloud computing, and virtualization than previous exams. The prior emphasis on hardware and Windows software is now balanced with these additional focus areas:
- IT security fundamentals, including physical security versus logical security, as well as topics like malware detection and removal
- Configuration and support of IoT hardware and knowledge of related network protocols
- Managing network and device connectivity
- Scripting basics so that specialists can readily identify malicious code
- Handling privacy concerns, especially around GDPR
- Basic disaster prevention and recovery
Total Seminars has resources to help you study for your CompTIA Certifications
Practice Tests: TotalTester has hundreds of questions in a pool that allows you to create custom exams by exam domain or by chapter. Take exams in Practice mode with assistance (hints and explanations) or in Final mode to see if you are ready for the real exams. Complete explanations for each question.
Lab Simulations: TotalSims for A+ and Network+ have hundreds of online labs. Prepare for CompTIA’s performance-based questions and learn more about technical concepts covered on the exams.
Discount Exam Vouchers: Purchase a CompTIA voucher and save on the cost of your exams.
9 Skills to master for the CompTIA A+ 1001 and 1002 exams
The two CompTIA A+ exams cover high-level domains foundational for IT specialists. Those domains are then broken down into much more detailed subdomains. The exams themselves are a mix of multiple-choice and scenario-based questions plus performance-based questions to help visualize the real-world application of common technical issues. Each exam is comprised of 90 questions which must be completed in 90 minutes.
Here are the 9 skills areas to focus on as you prepare for the new CompTIA A+ exams, which I cover in detail in my courses for the CompTIA A+ 1001 exam and the 1002 exam.
1. Mobile devices
IT teams have to manage technology that is becoming increasingly mobile. You’ll need to know how to install and configure laptop hardware components and troubleshoot key features on most laptops. Mobile devices go well beyond laptops and exam takers will need to learn their characteristics as well as how to configure tablets, smartphones, smartwatches, e-readers, GPS devices, and even VR headsets.
2. Networking
The exam emphasizes the hardware side of networking with comparisons of the most common networking devices like switches, routers, and firewalls. You’ll also want to be familiar with wireless networking protocols and network configurations concepts.
3. Hardware
The 1001 exam’s hardware emphasis requires knowledge of installing and configuring CPUs, motherboards, RAM, and peripheral devices as well as familiarity with the cabling of these tools. For example, can you identify RJ45 cables and the various connectors needed to support an office-wide Ethernet setup?
4. Virtualization and cloud computing
While you’ll need to show knowledge of fundamental cloud computing concepts like common cloud models and virtual desktops, the exam will also provide scenarios for you to set up and configure client-side virtualizations.
5. Hardware and network troubleshooting
IT technicians are the front line for any sort of hardware and networking issues that occur in the workplace. By carefully learning best practices and troubleshooting for common problems, you’ll not only pass the 220-1001 exam, but you’ll also be a standout at work.
6. Operating systems
We now move on to the skills needed for the 220-1002 exam, which begins with learning the common operating systems including Microsoft Windows, Linux, and Mac OS. You’ll need to know installation and upgrade methods, command line tools, and how to solve for common operating system questions you’ll face on the job.
7. Security
Learn to keep individual computers and office networks safe by employing host-based and network-based security measures such as encryption, website authentication, and malware removal. You’ll also want to know the basics of physical security to keep your company’s hardware secure.
8. Software troubleshooting
To measure your comprehension of the software and operating systems you’re likely to work closely with, the CompTIA A+ 1002 exam will provide common scenarios that you’ll troubleshoot such as slow computer performance, short battery life on a tablet, or printing issues.
9. Operational procedures
IT technicians will inevitably face tasks that require documentation. This is necessary for inventory management, tracking regulations and compliance, and toxic waste handling, among many other best practices that may affect an IT department.
Why get A+ certified?
The IT industry is built on certifications. I’ve been in the industry for over 25 years and am still getting certifications. They serve as a reference point for your overall experience level. If the world of IT is built on certifications, the CompTIA A+ should be the first certification pursued in an IT career. In fact, the A+ certification is named among CIO.com’s top 10 certifications to kickstart an IT career.
For individual IT professionals, a certification like the A+ will get you in the door to a company. Certification names are often used as the keywords recruiters and hiring software screen for in open roles. Even when candidates are hired without an A+ certification on their resume, I often see employers insist the new employee take the CompTIA A+ exam within the first 6 months on the job since it’s such a well-known part of an IT specialist’s toolkit.
For IT managers, ensuring your team receives industry-standard certifications validates the team’s knowledge of essential skills required for most IT tasks within the company or with any IT work that may affect customers and clients.
Finally, there are quite a bit of new topics covered in the A+ Core Series exams, so be sure to take the time to study and adequately prepare yourself before sitting for the exam. As topics like cybersecurity, networking, and the internet of things become ubiquitous across organizations of all sizes, it’s important for IT pros to keep their professional skills razor-sharp with the concepts and best practices outlined in certifications like the CompTIA A+. Future-proof your career and team by keeping your certifications current.
