CompTIA positions A+ as a precursor to Security+, but it’s not necessary to have both certifications. It can be helpful, but whether you need one or both depends on what you want to specialize in. And that’s really what it comes down to in A+ vs Security+: area of specialty.
A+ is a certification that covers computer hardware and operating systems, intended for technicians and system administrators. Security+ is an entry-level security certification, and the overlap between the two may not be obvious.
Which is harder, A+ or Security+?
Security+ is supposed to be the more difficult of the two exams. But it really depends on your background. If you go to school and get a degree in Cyber Security, you might very well think A+ is the harder exam.
A+ covers a lot of computer fundamentals, like how input devices connect and operate, and how the parts of a computer relate to each other. By the time you finish taking A+ training, you’ll be able to take apart a computer and upgrade it. You’ll also be able to wipe a hard drive and install an operating system from scratch. If you study computers in school but not security specifically, a great deal of what A+ covers will be review for you.
Why A+ is useful
Back in early 2005, I had to explain to a mid-level IT manager that you couldn’t buy a system with a gigabyte of RAM, install VMware on it, and then virtualize 24 servers onto it. She actually argued with me, and said I was wrong, the software supported up to 64 virtual servers.
If she’d had A+, she would have understood that her virtual servers would have been incredibly unhappy with just 16 megabytes of RAM apiece. Technically she was right. But there’s a difference between what’s possible and what’s practical.
People laugh when I tell that story today. IT professionals expect other IT professionals to have a certain baseline of knowledge, or they lose most of their respect for you. A+ will help you get your first job and get a reasonable salary at that first job, but you’ll use that knowledge throughout your career.
But what if you’re going to do security work, rather than general IT? IT staff will walk all over a security professional who doesn’t seem to understand the fundamentals of computers. In order to be able to secure computer systems, you have to be able to talk (and listen) to the people who build and maintain those systems, and understand one another.
Do you need A+ to take Security+? Absolutely not. But even if you don’t want the cert, learn enough that you can grab an A+ study guide off the shelf, flip to the sample questions, and answer 90% of them correctly.
How does Security+ compare to A+?
Conceivably either test could ask you about Patch Tuesday, though I was severely disappointed my Security+ exam never mentioned it. My CISSP exam didn’t either. There’s the potential for overlap, since security is about preserving confidentiality, integrity, and availability of computer systems and data. Anything about availability overlaps very well with A+. But when I took the exam, it spent a lot more time on confidentiality and integrity. And probably more time on confidentiality than integrity, for that matter.
I took A+ training about 10 years ago, soon after I got Security+, mostly because the training was available and free. I never sat for the exam, because I found it was mostly review for me. If that sounds like you, don’t bother with A+. But if you flip through an A+ book in a bookstore and the material seems new to you, learn and study it.
When it comes to A+ vs Security+, I also wouldn’t say Security+ is only for security people. I had to take Security+ back when I was a sysadmin, because my job required me to talk to security analysts all the time. Most of those analysts were comically inept with hardware, but I could at least understand what they wanted and deliver it. And eventually that gave me the chance to slide over to security.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.