Taking the next steps in a cybersecurity career 

In a previous article, Certifications to Kick Off Your Cybersecurity Career, you were provided with guidance on certifications that would assist you in building upon a resume for cybersecurity.  This post takes the process a step further.  You will learn about the next level of cybersecurity certifications.  These certifications require some experience in cybersecurity and cloud technologies to be successful.  Some of these also require a level of validation of this experience to formally be awarded with the certification.

We will look at the options from CompTIA, (ISC)², and the various cloud providers for cybersecurity certifications.  Let’s start with CompTIA.

Advanced Certifications from CompTIA

CompTIA has been a recognized company for certifications across industries for decades.  Their Network+ and A+ certifications are viewed by IT hiring managers as a great source of proof for skills. For cybersecurity, CompTIA has expanded the training and exam options for someone that is looking to expand their cybersecurity career.  

The first of these certifications is Security+.  Security+ was one of CompTIA’s core IT certifications and has been available for years.  It is used to validate the core security functions for IT Security, including assessing security posture; monitoring and securing hybrid infrastructures; operate with a view of governance, risk, and compliance; and be able to identify, analyze, and respond to security events.  This exam could be considered an entry-level exam for cybersecurity.  However, it does provide some insight into advanced operations and response.

CompTIA Cybersecurity Analyst, CySA+, advances beyond the Security+ with an operations approach to behavioral analytics.  This exam is considered in the intermediate to advanced level.  Candidates for this exam will learn about utilizing the various intelligence available for threat detection and response, and prepare you to analyze and interpret data for identifying and remediating vulnerabilities.  

CompTIA CySA+ provides a level of threat and vulnerability knowledge that is helpful for the more advanced Cybersecurity Advanced Security Practitioner, CASP+, and the role specific PenTest+.  These two certifications will be described in more detail in another article.

More information on these courses and certifications can be found here: 

Next, let’s look at the (ISC)2 advanced certifications.

Advanced certifications from (ISC)2

In the previous article, you learned about the Certified in Cybersecurity and the (ISC)2 certificate program for cybersecurity.  Once you have taken these foundational steps, (ISC)2 has additional certifications that can take your cybersecurity understanding to the next level.  

The first of these is the Sytems Security Certified Practitioner, SSCP.  This certification is a starting point for anyone that is interested in taking the path toward the Certified Information Systems Security Professional (CISSP) or Certified Cloud Security Professional (CCSP).  Unlike the CISSP and CCSP, the SSCP does not require the same amount of experience.  However, one year of experience is required and must be validated before the SSCP is awarded.  If this experience has not yet been attained, then a candidate that passes the exam will be noted as an Associate of (ISC)2 and given two years to obtain and validate the proper experience.

(ISC)2’s Certified Authorization Professional, CAP, is built around the NIST Risk Management Framework.  This certification focuses on governance, risk, and compliance for IT within a company.  Like the SSCP, the CAP requires two years of validated experience. f this experience has not yet been attained, then a candidate that passes the exam will be noted as an Associate of (ISC)2 and given three years to obtain and validate the proper two years of experience.

For more information on these courses and certifications, please visit this page:

Let’s next discuss what the various cloud providers have to offer in the intermediate to advanced certification level.

Intermediate and advanced cloud provider certifications

The three primary cloud providers, Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft provide security certifications for their cloud platforms.  AWS has the AWS Certified Security Specialty.  Google has the Cloud Security Engineer Professional.  Both certifications fall more into the expert level than intermediate or advanced.  However, these certifications do not require any validated experience.  Therefore, with the proper course of study and hands-on experience, you could earn these certifications.

Microsoft has developed a more in-depth security certification program.  In the previous article, you learned about the Security, Compliance, and Identity Fundamentals exam (SC-900).  Once you have gone through that training and exam, you can more into Azure or Microsoft 365 security with the Azure Security Engineer Associate (AZ-500) exam or the Microsoft 365 Security Administrator Associate (MS-500) exam.

Each of these exams provide a deeper hands-on approach to the Azure and Microsoft 365 platforms from a security perspective.  Passing the exam shows a broad knowledge and understanding of security within the platforms and identity infrastructure.  These exams do not require any validated experience and do not have any prerequisite exams, though SC-900 is highly recommended.

More information about the Microsoft training and exams can be found here: 


As you can see from this article, if you have a level of IT experience, or have taken the steps outlined in the previous article, you will be ready to take the next steps with these intermediate to advanced certifications.  Preparing for these certifications requires proper training.  For more information on Opsgility’s catalog and schedule, see this link:


Dwayne Natwick - Azure MVP

Meet the author

Dwayne is an Azure MVP and a MCT Regional Lead. I am a vision-driven and goal-focused leader with a history of successfully managing and training on the full life-cycle of Cloud and IT products and services including technical sales and marketing. I author blog articles, curriculum, and provide training for internal and external clients in workshop, video, or certification preparation formats. I currently manage the product strategy, life cycle, and service offerings for Multi-Cloud migration services at Cloudreach, an Atos company.