Skip to main content

CompTIA Secure Infrastructure Expert: Security+ / PenTest+ / CySA+ / CASP+

Recently I achieved the CompTIA Security+, Pentest+, CySA+, and CASP. To share my journey and contribute to the broader discussion, I've compiled this guide. It includes tips and strategies, insights from my experience, and reflections on the CompTIA Secure Infrastructure Expert stack.

Tips & Tricks

Get CompTIA certified on the cheap; Never pay full price!

Sign up for the newsletter or search for a GetCertified4Less website. It's important to note that the credibility of these sites can vary, so due diligence and thorough research is essential. Here are three resources I found particularly valuable:

  1. Workplace Reimbursement

  2. Academic Discounts

  3. Beta Exams

Already employed? Your company might offer reimbursement for certification costs, but be aware that this could be contingent on you remaining with the company for a specified duration or passing the exam. If successful, they might cover all expenses related to training and certification, including boot-camps, textbooks, and exam vouchers. I was reimbursed for one of my certifications, covering a boot-camp, textbook, and the exam voucher! Also, consider tuition reimbursement, as this may also apply to certification costs. Don't forget to inquire with your HR department about the possibility of attending conferences!

Are you a student or have a .edu email address? Visit the academic marketplace and buy directly from CompTIA at a substantial discount! This offer applies not just to vouchers, but also virtual labs, textbooks, bundles, and more.

  • Security+ / PenTest+ / CySA+ - 35% Off

  • CASP+ - 28% Off

If you're not currently employed, not a student, or simply interested in earning a cert out of curiosity, keep your eyes peeled for beta exams! CompTIA often offers these at a significantly reduced price when transitioning to an updated version or before officially launching a new one. Since these exams are for certs not yet in production, official study materials are unavailable, leaving you to find, study, and learn from available resources. Consider materials from the previous version of the certification or resources from similar certs offered by other organizations. Treat the beta exam as a trial run; I personally attempted and didn't pass the PenTest+ and Linux+ betas initially. However, I used the PenTest+ beta as a learning experience and was successful a year later. I also passed the IT Fundamentals beta and will be taking the Cloud+ beta in due order. CompTIA values your feedback on these early versions, and it's a cost-effective way to possibly earn a cert. Success isn't guaranteed, but beta exam fees are often between $50 and $100, making it a worthwhile gamble!

Cloud+ Beta CV1-004

Cloud+ Beta CV1-004 Draft Exam Objectives


If you're looking for the physical version of the PDF you've acquired, consider visiting your local used bookstore or Half Price Books location. I've managed to find up-to-date guides, numerous 'Intro to Hacking' books, and titles from publishers like No Starch Press or Packt at our Half Price Books. I even stumbled upon a copy of the "Biohacking RFID Toys".

As for study materials, I utilized many of the same popular resources, so I'll spare you the repetition. Explore educational platforms like Udemy, content from Dion Training, Professor Messer, and publications by Sybex and McGraw Hill’s All-in-One series. Often, these resources offer discounts, making them a more economical choice. Thinking about enrolling in a boot-camp? While setting aside dedicated study time is beneficial, the content covered in boot-camps is often basic enough that self-study might suffice for most. However, everyone's learning style is different, so consider what works best for you!

Prepared and set to sit for the exam? Opt against taking it from your home unless you're ready to face stringent requirements like an uncluttered space and privacy concessions. It's probable that there's a physical testing center nearby that conducts Pearson exams; for instance, I went to an Ivy Tech. Dress warmly, as these places tend to be chilly! Remember to bring two forms of ID, store your personal items in a locker, and go through a photo process before starting your exam. You'll get your results instantly for standard exams, but beta exams require a wait of a few months. CompTIA aggregates the scores from all beta exam participants and then determines a passing threshold.

After securing your cert, proudly share your success on social media and consider giving it a spot on your fridge for all to see!


Reflecting on both success and failure is vital, and in the spirit of openness, I find it meaningful to share my journey through various exams.

My first encounter with certs was the A+ during high school; I passed the first half but failed the second after far too long of a break in-between. After deciding to pivot away from SysAdmin/Support, I took and passed the Security+. I also participated in the IT Fundamentals beta, enjoying the experience and offering constructive feedback, all at a minimal cost. Despite an attempt, I didn't pass the Linux+ and PenTest+ beta exams initially. However, after a year of further study and reviewing the official study materials for the PenTest+, I passed. My journey continued with passing both the CySA+ and CASP+, completing CompTIA's cybersecurity pathway; the CompTIA Secure Infrastructure Expert stack.

CompTIA recognizes the completion of certain cert combos as 'stacks,' acknowledging expertise in specific areas. While it's debatable how much the industry values these designations, I personally find them to be a neat acknowledgment.


Security+ lays the groundwork for cybersecurity principles and competencies, tailored to individuals aiming to showcase their fundamental understanding of cybersecurity. It encompasses essential subjects such as network security, cryptography, and identity/risk management. This serves as an ideal launchpad for newcomers or professionals contemplating a career transition but it doesn’t delve into the intricate details required for extensive security evaluations. If you're considering a path in ethical hacking or penetration testing, this is a great place to begin!

PenTest+ zeroes in on the specialized areas of penetration testing and vulnerability management. It's crafted for those keen on mastering skills in pentesting, vulnerability assessments, and management, alongside planning and scoping, information gathering and vulnerability detection, as well as exploitation, post-exploitation, reporting, and communication. The cert emphasizes spotting and leveraging vulnerabilities, executing penetration tests, and offering practical remediation solutions. If you're not yet prepared for the OSCP but are certain about pursuing a career in cybersecurity/infosec, or if you already have a passion for hacking, then PenTest+ is your go-to. Be advised, among the four exams, this proved to be the most challenging, especially due to its focus on determining the appropriate tool for specific scenario. CompTIA exams tend to emphasize the theoretical and terminology, making the memorization of tools and script names a critical component. They are less focused on practical, hands-on experiences and more on understanding specific relevant vocabulary.

Cybersecurity Analyst (CySA+) delves into more advanced capabilities such as threat and vulnerability management, along with incident response. It's aimed at individuals looking to elevate their career or focus on analytical roles addressing a range of topics, including managing threats and vulnerabilities, understanding security architecture and tools, and effectively responding to incidents in a SOC-like manner. If you're already proficient in log analysis and interested in incident response or currently working within a Security Operations Center (SOC), CySA+ could be the next step in your professional development.

Advanced Security Practitioner (CASP+) is centered around higher-level cybersecurity management and leadership skills, including enterprise security architecture, risk management, research, and analysis. This is tailored to individuals aiming to oversee complex environments, devise policies and procedures, and guide security teams. It's important to mention that the CASP+ frequently draws comparisons to the CISSP, but the exact reasons for this are somewhat ambiguous in my view, given their clear distinctions. The focus on management and leadership within both could be a contributing to these comparisons. Among the four certifications, CASP+ seemed to offer the least new topics and content, feeling more like a review of previously covered material but with a managerial spin.