What Certification Should I Get After Security+? (2026 Guide)
January 20, 2026
Direct advice on what certification to take after CompTIA Security+. We analyze CySA+, PenTest+, AWS Security, and CISSP based on your career goals.
Last Updated: January 2026
You’ve passed CompTIA Security+. Congratulations. But what now? There are dozens of advanced certifications, they all take time, and they all cost money. Which one actually leads to a job?
- If you want to be a Security Analyst (Blue Team): Get CompTIA CySA+.
- If you want to be a Penetration Tester (Red Team): Get CompTIA PenTest+ or eJPT.
- If you want to work in Cloud Security: Get AWS Certified Security - Specialty or Azure Security Engineer (AZ-500).
- If you want to be a Manager or Architect (Long Term): Start preparing for CISSP.
Figure out what jobs you're looking for, then get the cert that matches.
Path 1: The Defender (Blue Team)
Recommended Certification: CompTIA CySA+ (Cybersecurity Analyst)
This is a logical next step for security professionals. Security+ taught you what the tools are; CySA+ teaches you how to use them to detect threats.
Why CySA+? It is heavily requested for SOC Analyst (Security Operations Center) roles. It focuses on behavior analytics, malware analysis, and threat hunting. It satisfies DoD 8570 baseline requirements for CSSP Analyst roles, which opens up government contracting jobs-- the most reliable place to get a job.
Who is this for?
- SOC Analysts
- Incident Responders
- Threat Hunters
Path 2: The Attacker (Red Team)
Recommended Certification: CompTIA PenTest+ or eLearnSecurity Junior Penetration Tester (eJPT)
If you want to hack into systems (legally), this is your path.
PenTest+ vs. eJPT:
- PenTest+: More theory, multiple-choice, better HR recognition. Good for government jobs (DoD compliant).
- eJPT: 100% practical, hands-on exam. You actually hack a lab. Better for proving you have real skills, but less recognized by HR filters than CompTIA.
Who is this for?
- Penetration Testers
- Vulnerability Analysts
- Ethical Hackers
Path 3: The Cloud Specialist
Recommended Certification: AWS Security Specialty or Azure Security Engineer (AZ-500)
This is a cloud jobs website and cloud engineering is a much larger market than security.
Which one to pick?
- Go AWS (SCS-C02) if your company uses AWS. It’s the most valuable cloud security cert by salary.
- Go Azure (AZ-500) if you work in a Microsoft shop or target government roles (heavy Azure usage).
Warning: These are difficult exams and require a cloud engineering background. You should probably get the fundamental cloud cert (Solutions Architect Associate or Azure Administrator) before attempting these specializing security exams.
Who is this for?
- Cloud Security Engineers
- DevOps/DevSecOps Engineers
- Cloud Architects
Path 4: The Executive / Architect
Recommended Certification: CISSP (Certified Information Systems Security Professional)
The Reality Check: You cannot "get" the CISSP immediately after Security+ unless you have 5 years of experience. However, you can become an Associate of (ISC)² by passing the exam.
Why consider it now? If you already have IT experience and are just adding security credentials, the CISSP is the single most valuable certification in the industry. It unlocks management and senior architect roles with salaries often exceeding $150,000.
Who is this for?
- Security Managers
- Security Architects
- CISOs
- Experienced IT professionals pivoting to security
Comparison Table
| Certification | Focus | Difficulty | Cost (Approx) | Best For |
|---|---|---|---|---|
| CySA+ | Blue Team / Defense | Intermediate | ~$392 | SOC Analysts |
| PenTest+ | Red Team / Offense | Intermediate | ~$392 | Junior Pentesters |
| AWS Security | Cloud Security | Hard | $300 | Cloud/AWS Engineers |
| AZ-500 | Cloud Security | Hard | $165 | Cloud/Azure Engineers |
| CISSP | Management / Strategy | Very Hard | $749 | Managers / Seniors |
Conclusion
- Look at job descriptions in your area. Do they ask for CySA+? Get that.
- Look at your current role. Does your company use AWS? Get AWS Security.
- Look at your interests. Do you like breaking things? Get PenTest+.
The "best" certification is the one that gets you the interview. For most early-career professionals, getting something cloud-related is the safest, most reliable bet to landing a job or that promotion.