5 Things to Consider when Choosing a Cybersecurity certification

Comparison between choosing a Microsoft/AWS/GCP cert vs. ISC2 and CompTIA

You have decided to pursue a career in cybersecurity.  You evaluated the various courses, exams, and certification paths.  Additional information on these paths has been provided in a series of blog articles that you can find here on the Opsgility website.  These courses and certifications will assist you with your journey in potentially getting hired to a cybersecurity role.  However, there are additional considerations to weigh to understand the impact of these certifications and the ability to maintain these certifications.

Five of the primary areas that you should consider as you determine a long-term plan:
  1. Cost of the exam
  2. Cost to maintain
  3. Re-certification
  4. Image and credibility
  5. Company strategy and direction

Let us take a closer look at each of these in detail as they pertain to CompTIA, (ISC)², Microsoft, and the other cloud providers, Amazon Web Services (AWS) and Google Cloud Platform (GCP).

Cost of the exam

The first consideration that should be evaluated is the cost of the exam.  If you work for a company that supports continual education and certifications, this may not be an issue.  However, if you are not in this situation, you may have to worry about the out-of-pocket cost of courseware and exams necessary to obtain the certification.  Depending on the certification, this may be significant fees.

CompTIA develops courses and certification that are vendor independent, which is valuable to being well rounded in cybersecurity.  You will find that vendor independent exams lean toward being more costly than a vendor specific exam.  CompTIA exams are different rates depending upon the level of the exam. The foundational exam, IT Fundamentals+ is under $200.  The more advanced exams of Security+, CySA+, and PenTest+ are close to $400.  The expert certification of CASP+ is close to $500.

(ISC)² has a similar exam structure, with exams increasing in cost as the level of experience and content becomes more advanced.  The foundational cybersecurity exam, Certified in Cybersecurity is under $200.  Advanced certifications, including the Certified Cloud Security Professional (CCSP) are just under $600. The Certified Information Systems Security Professional (CISSP), as (ISC)2’s flagship exam and expert level, is $749.

AWS and GCP both have a foundational cloud certification, but not a foundational cloud security certification.  These foundational cloud certifications are under $200.  The cloud security certifications that are offered by these cloud providers are both considered expert or professional level certifications.  The cost of these exams is $300.

Microsoft has a very affordable exam structure.  All of Microsoft’s fundamental exams are $99 and any associate or expert exam is under $200.  The drawback is that you are only focusing on Microsoft technology, though they do provide foundational cloud and cybersecurity information within their training courses.

The next consideration that you will need to think about is the cost to maintain.

Cost to Maintain

Once you have earned a certification through passing the exam and possibly providing additional validation of experience, you need to maintain that certification.  No one wants to go through the training and exams needed to earn a certification only to have it expire.  For this reason, you should understand any costs required to maintain the certifications.

CompTIA, Microsoft, AWS, and GCP do not have a cost to maintain their certifications.  (ISC)² does have an annual maintenance fee required.  This is one fee with (ISC)² that is the same with one or multiple certifications.  Currently this fee is currently $125 per year.  
A consideration that aligns closely with the cost to maintain is the re-certification process for an exam.


You have gone through the process of learning and passing an exam, and obtaining the certification.  When you obtain an advanced or expert level certification, there are requirements for maintaining that certification.  If you do not complete the requirements within a defined time period, these exams will retire.  You need to know about the timing and requirements for re-certification to avoid losing your certification.  These requirements and the number of years depends on the vendor and the certification.

The re-certification process is used to maintain the legitimacy of your certification through some level of continual learning validation. CompTIA and (ISC)2 certification renewals obtain this validation through the certified individual providing continual education courses, seminars, and other activity into a member portal.  The continual education does not have to be paid courses and CompTIA and (ISC)2 provide free opportunities through webinars to obtain these credits.  The time period for meeting their requirements for renewal is three years.

Microsoft has taken a different approach to their re-certification.  They recognize that cloud technologies change rapidly and there is a continuous need to learn these new technologies.  Therefore, all associate and expert level certifications require an annual renewal.  Microsoft has made this easy and more importantly free to the certification holder through an online assessment test.  These assessments are openned to the certification holder six months prior to the expiration date of the certification.  You have unlimited attempts in that six month period to pass the assessment.  You can only attempt the assessment once a day.  Microsoft utilizes their Microsoft Learn platform for the assessment and provides Learn modules to help in your preparation.

AWS and GCP certifications after three years.  To renew these certifications, you are required to retake and pass the current exam for that certification prior to the expiration date.  Therefore, the cost to renew is the current cost of the exam.

These first three considerations are focused on cost and time to obtain and maintain.  The next two considerations should be considered when evaluating the role that you want to obtain in cybersecurity.

Image and Credibility

Image and credibility of the certification is something that you should definitely consider along with the cost and maintenance of a certification.  Companies and people have different views about certification versus education and experience.  If you have a target company or role that you consider your ideal “dream job”, you should research the company profile and even people within that company.  Certifications are usually listed in professional profiles, so you can find a lot about the certifications that a company views as valuable.

This consideration also aligns with the next topic of company strategy and direction.

Company Strategy and Direction

As stated in the previous section, companies and individuals have different perspectives about certifications.  If you are in a company that you are wanting to stay and move to a new role of cybersecurity, then you should have a good understanding of the company’s view on which certifications are valued.  This is particularly important when determining a cloud provider certification.  You do not want to put time and effort in AWS and GCP if your company is focused only on Microsoft.  

In addition, the certifications that a company views as valuable may also provide you with options for reimbursement for training and exam fees.  Cloud providers work with large companies and partners to provide them with training and vouchers to accelerate the number of certified individuals within a company.  They may also reimburse you for (ISC)² and CompTIA training and certifications to increase the credibility of their cybersecurity workforce.


As you should understand now, there are a many things to consider as you determine your path to cybersecurity certification.  Taking all of these into consideration will prepare you and assist you in determining the best direction to take for a cybersecurity career. 


Dwayne Natwick - Azure MVP

Meet the author

Dwayne is an Azure MVP and a MCT Regional Lead. I am a vision-driven and goal-focused leader with a history of successfully managing and training on the full life-cycle of Cloud and IT products and services including technical sales and marketing. I author blog articles, curriculum, and provide training for internal and external clients in workshop, video, or certification preparation formats. I currently manage the product strategy, life cycle, and service offerings for Multi-Cloud migration services at Cloudreach, an Atos company.