Security+ after CISA?

Hi, I am trying to figure out what I should be doing next in my career.

I am working as a security consultant (1.5 year only) and have IS audit experience for another 1.5 years. CISA was recommended by my organisation and I took it this May, thankfully passed. I am not very good with the security technical as i don't have much experience in configuring stuff, as i had focused more on to governance, risk and compliance areas. So CISA wasn't that tough.

Since i am lacking in security technical, i was thinking of doing the Security+ exam. While going through the domains, i am finding a lot of things very technical and some concepts new.

I read other threads in this forum that says that Security+ is an entry level, once after this to go for CISA, CISM, CISSP etc.

I'd like to know if the Security+ would be good for me or is there any other path i should look into.

Thanks in advance.

Find more posts tagged with

Security+ certification

CISA

SAVE $250 on Your CompTIA Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CompTIA Boot Camps

Comments

JDMurray

I always recommend to people looking to get into technical InfoSec fields to start with the Security+. The Sec+ may have been entry-level material when I passed it back in 2004 but has evolved into a very comprehensive InfoSec cert that is more difficult than a typical entry-level exam should be (IMHO), so don't think it's a "junior" cert that's easy to get.

MarioKart64

I highly recommend the Security+ because it provides a solid foundation in security. That said if you want something that is a more respected then you could get the SSCP. It is at roughly the same level as the Security+ but it is much more respected and helps you to prepare for the CISSP by covering a lot of the same material and helps to familiarize you with how ICS2 words their questions.

balance

The first time I took Security+ was 2007 . Like JDMurrary said , the test has changed a lot. I am teaching Security+ and I find the material above the "entry level" for most students. The new SYS 501 is really a good exam , but you might need some background in IT to understand it easily. I have had students pass with zero IT knowledge , but I have a feeling they either put in lots of outside work or found a way to "Study for the exam" I will not discuss on the second point. I am sure an inference can be made in reference to the statement.

But I think Security+ could be a good starting point , however it doesn't mean that it is "entry level" or "easy"

For reference the newest CISSP is more dense than the older version from 2016. So each version of every exam from any vendor includes updated materials and in turn is usually more challenging. I do find that my student base responds better to my CISSP course v.s. Security+ . I feel this is due to the student having some kind of background and they are usually more motivated to put in work outside of class hours.

I hope that helps.

SteveLavoie

MarioKart64 said:

I highly recommend the Security+ because it provides a solid foundation in security. That said if you want something that is a more respected then you could get the SSCP. It is at roughly the same level as the Security+ but it is much more respected and helps you to prepare for the CISSP by covering a lot of the same material and helps to familiarize you with how ICS2 words their questions.

I second that

Then after your SSCP, your next step would be CISSP and this way you only have one CPE program to take care. (ISC2 only vs ISCS2 and Comptia).