CompTIA Security+ or GISF: Which Certification Should an InfoSec Beginner Choose?

The cyber security industry is reeling with a severe lack of skilled professionals, and offers lots of opportunities for budding talent. However, those looking to make a mark in the field should choose the right certifications that align with their long-term goals. Considering that a myriad of security certifications can often confuse young graduates, we have outlined the two introductory courses, CompTIA Security+ and GISF, in detail. Let’s review which one will best complement your current skill set.

The demand for Information Security professionals worldwide is steadily rising as organizations look to build skilled and experienced teams to defend against an avalanche of emerging cybersecurity threats. The U.S. Bureau of Labor Statistics expects a 33% growth rate in information security analyst positions through 2030. Salaries for InfoSec professionals are rising as well. According to Glassdoor, the average salary for an Information Security Specialist is $83,611 per year. 

How can beginners enter such a lucrative field? For those with minimal InfoSec experience, the most effective way is to achieve a certification that will validate their security skills and demonstrate to a prospective employer that they are qualified to do the job. But among the dozens of security certifications on offer, which ones should they choose?

Two entry-level certifications budding InfoSec professionals should consider are CompTIA Security+ and the GIAC Information Security Fundamentals (GISF). Both certifications establish that you possess the core knowledge required of any entry-level cyber security role and serve as a jumping-off point to higher-level jobs.  

See More: CISM vs CISSP: Which Security Certification is Right for You?

What is the CompTIA Security+ certification?

The CompTIA Security+Opens a new window is a well-regarded and probably the best-known introductory-level security certification. Individuals who have attained this certification are recognized as having expertise in several security-related domains, including threat management, cryptography, identity management, security systems, security risk, identification and mitigation, network access control, and security infrastructure. Those looking to work in IT security for the US Federal government would do well to consider this certification as it meets U.S. Department of Defense Directive 8140/8570.01-M requirements and complies with ISO 17024 standards. 

To obtain the CompTIA Security+ certification, you must pass a 90-question exam (SY0-601) with a minimum score of 750 on a scale of 100-900. You are given 90 minutes to complete the exam.  

What is the GISF certification?

The SANS Institute’s Global Information Assurance Certification (GIAC) program is highly respected among employers and the information security community. The United States National Security Agency (NSA) also recognizes GIAC certifications. The GIAC Information Security Fundamentals (GISF)Opens a new window is GIAC’s introductory-level certification within its Cyber Defense family of certifications. 

As described by GIAC:

“The GIAC Information Security Fundamentals (GISF) certification validates a practitioner’s knowledge of security’s foundation, computer functions and networking, introductory cryptography, and cybersecurity technologies. GISF certification holders will be able to demonstrate key concepts of information security including understanding the threats and risks to information and information resources and identifying best practices to protect them.”

To achieve the GISF certification, you must pass a web-based, proctored two-hour exam consisting of 75 questions. The minimum passing score is 72%.

Points To Consider While Deciding Which Certification To Pursue

Adding either of these security certifications to your resume not only validates your security skills but can also get a hiring manager’s attention or provide you with significant leverage during salary negotiations. But before deciding on which certification to pursue, you should consider the following points to ensure your success:

Affordability

Can you afford the exam fees or any training you will need to pass them? The CompTIA Security+ certification exam fee is $381. The fee for the GISF Certification exam is $949 (Two practice tests included.)

Prerequisites

Do you have the necessary background to pass the exam? While there are no specific prerequisites for taking the CompTIA Security+ exam, it is recommended that you have two years of experience in IT administration with a focus on security and have attained the CompTIA Network+ certification before sitting for this exam. GIAC recommends that you have relevant hands-on experience gained through training or work experience before attempting the GISF exam. 

Job roles suited to each certification

Which certification will best meet your career goals? The CompTIA Security+ certification is suited for the following job roles: security administrator, systems administrator, helpdesk manager/analyst, network/cloud engineer, security engineer/analyst, devops/software developer, IT auditor, and IT project manager.

The GISF certification is geared toward system administrators, managers and information security officers who are required to be proficient in information assurance principles, in-depth defense techniques, risk management, security policies, business continuity and disaster recovery plans.

Renewal requirements

Will you be able to meet the certification’s renewal requirements? To stay current, you must renew the CompTIA Security+ certification every three years. To renew, you can obtain a minimum of 50 continuing education units (CEUs) or complete CompTIA’s CertMaster CE online course before your certification’s 3-year expiration date. You can earn CEUs through teaching, blogging, publishing articles or whitepapers and participating in professional conferences. 

To remain GISF certified, you must renew your certification every four years by earning 36 continuing professional education (CPE) credits. According to GIAC, CPE credits may be earned by completing approved training or certifications, participating in continuing education, publishing a technical paper, completing certain graduate-level courses, getting community or work experience or participating in cyber range activities. GIAC also requires a $429 renewal fee.

See More: Making It in InfoSec: 7 Skills Security Pros Need To Sharpen

Topics covered

Are you adequately proficient in the topics covered to pass the exam? The CompTIA Security+ exam tests for a broad number of security and information assurance topics, including: 

• network security 
• threats, attacks and vulnerabilities
• architecture and design
• technology and tools
• cryptography
• risk management
• application, host and data security
• identity and access management

According to CompTIA, the exam also measures your problem-solving skills regarding:

• Assessing the security posture of an enterprise environment and recommending and implementing appropriate security solutions
• Monitoring and securing hybrid environments, including cloud, mobile, and IoT
• Operating with an awareness of applicable laws and policies, including principles of governance, risk, and compliance
• Identifying, analyzing, and responding to security events and incidents

The GISF exam measures how test takers’ would apply their security knowledge and problem-solving skills to particular scenarios. Topics include:

• Cyber security terminology
• The basics of computer networks
• Security policies
• Incident response
• Passwords
• Introduction to cryptographic principles

Availability of training and practice tests

CompTIA offers many self-study materials, including sample questions, the CertMaster online training tool, training kits, computer-based training and a comprehensive study guide at CompTIA.org for those topics that you will need to become more proficient in. Instructor-led and self-study courses, practice exams and other training materials are also available for the CompTIA Security+ certification from Udemy, Pluralsight, and CyberVista. 

GISF certification training is provided through SANS’ Introduction to Cyber Security course. Two practice tests are also included in the price of the exam. 

Job opportunities

Lastly, but probably most importantly, you will need to research recruitment sites to determine which certification is required for job opportunities in your area or wish to reside. For example, a recent search of Indeed for jobs requiring the CompTIA Security+ certification in the U.S. came up with 1,824 positions, while only 145 positions required a GISF certification. Drilling down to a specific region within the U.S., namely, Philadelphia PA, 25 positions required the CompTIA Security+ certification, but only one position required GISF.

Which of these certifications do you think would better suit beginners in InfoSec? Let us know on LinkedInOpens a new window , Facebook,Opens a new window and TwitterOpens a new window . We would love to hear from you!

MORE ON CERTIFICATIONS

• Microsoft Certified DevOps Engineer Expert Certification: Everything You Need to Know
• Why AWS Certification Matters in a Cloud-Driven World
• AWS Certifications: Path, Exams, and Cost in 2022
• CISM Certification: Exam Cost, Salary, and Jobs in 2022