What order to take CompTIA certifications
By the RoleMath Editorial Team · Last updated 2026-07-05. Every figure traces to a cited source; we sell none of the options discussed. Draft pending human review.
For most true beginners, the practical CompTIA order is A+ if support fundamentals are missing, then Network+ if networking is a gap, then Security+ when security is the target. CySA+ usually comes later, after Security+ plus real analyst, log, or incident-response evidence. That is a knowledge sequence, not a universal purchase order. Skip any rung you can already prove with work history, labs, or reviewed artifacts.
Key takeaways
- The safest beginner sequence is A+ -> Network+ -> Security+ only when each knowledge layer is actually missing.
- Support-first learners should not rush into Security+ before proving tickets, devices, operating systems, and troubleshooting.
- Security-first learners still need networking/systems context; Network+ before Security+ is usually the cleaner evidence story.
- CySA+ is harder and should usually follow Security+ plus analyst/SOC-style evidence.
- BLS/O*NET pay and outlook are occupation-level context, not CompTIA salary promises.
- Employer-language samples are vocabulary examples only, not demand or market share.
Honest bottom line
There is no single best CompTIA order for everyone. The useful order is role-first.
If you are brand new to IT and want support work, A+ is the usual first CompTIA credential. If you already have support proof, start at Network+ or skip to the next real gap. If your target is cybersecurity, Security+ is stronger after Network+ or equivalent networking/systems knowledge. If your target is SOC or analyst work, CySA+ should usually come after Security+ plus hands-on logs, SIEM, incident notes, and detection reasoning.
Do not treat the ladder as a job guarantee. Treat it as a set of evidence layers, and stop buying exams when a lab, ticket portfolio, or job application is the higher-return next move.
Role-first order table
| Situation | Practical order | Why |
|---|---|---|
| Support target | A+ -> support labs/tickets -> Network+ only if networking is the next blocker | Avoid paying for security credentials before proving basic IT support work. |
| Networking target | Network+ first if A+ skills are already proven; otherwise A+ -> Network+ | Networking work needs protocols, addressing, troubleshooting, and diagrams more than a generic badge stack. |
| Security foundation | Network+ -> Security+ | Security+ is stronger when network and systems context are already credible. |
| SOC or analyst target | Security+ -> SIEM/log projects -> CySA+ later | CySA+ is harder and the local official rows recommend Network+/Security+ or equivalent knowledge plus hands-on analyst experience. |
| Already experienced | Skip any rung you can prove with work artifacts | The sequence is a knowledge dependency, not a universal purchasing order. |
Official CompTIA facts before paying
| CompTIA option | Captured official-source facts | RoleMath difficulty | Sequencing interpretation |
|---|---|---|---|
| CompTIA A+ | Exam(s): 220-1201;220-1202; level foundation; track support; 220-1201;220-1202: 90 minutes; Maximum of 90 per exam, including multiple-choice (single and multiple response); fee rows: 220-1201: $274; 220-1202: $274; recommendation: CompTIA recommends about 12 months of hands-on experience in an IT support role (a recommendation, not a requirement). | 30/100, Foundational band | Use when support fundamentals are the gap: devices, OS, troubleshooting, basic networking, and basic security. |
| CompTIA Network+ | Exam(s): N10-009; level foundation; track networking; N10-009: 90 minutes; maximum of 90, a mix of multiple-choice and performance-based questions; fee rows: N10-009: $399; recommendation: CompTIA recommends A+ plus 9-12 months of hands-on experience in a junior network role (a recommendation, not a requirement). | 35/100, Moderate band | Use before Security+ when network fundamentals are weak or when the target role touches networks, cloud, or security. |
| CompTIA Security+ | Exam(s): SY0-701; level foundation; track cybersecurity; SY0-701: 90 minutes; maximum of 90, a mix of multiple-choice and performance-based questions; fee rows: SY0-701: $439; recommendation: CompTIA recommends Network+ plus about 2 years of security/systems-administration experience (a recommendation, not a requirement). | 45/100, Moderate band | Use as the security foundation after enough networking/systems context; not as a magic first-cyber shortcut. |
| CompTIA CySA+ | Exam(s): CS0-003;CS0-004; level intermediate; track cybersecurity; CS0-003: 165 minutes; maximum of 85 questions, a mix of multiple-choice and performance-based question; fee rows: CS0-003: $439; recommendation: Network+, Security+, or equivalent knowledge, with a minimum of 4 years of hands-on experience as an incident response analyst, security operations center (SOC) analyst, or equivalent experience (a vendor recommendation, not a requirement). | 75/100, Hard band | Use later for analyst/SOC evidence; the local source row notes CS0-004 current context while some captured structure/cost rows still reference CS0-003. |
CySA+ has a lifecycle caveat in the local source rows: the current certification page is V4/CS0-004, while some captured cost and structure rows still reference CS0-003. Verify the current CompTIA page before paying for CySA+.
Role lanes the sequence can support
| Role target | Fit tier | Evidence signal | Order implication |
|---|---|---|---|
| Help Desk Technician | Support first | RoleMath relevance 100; Computer User Support Specialists (15-1232) | A+ first when support basics are missing; Network+ only if networking becomes the bottleneck. |
| IT Support Specialist | Support first | RoleMath relevance 92; Computer User Support Specialists (15-1232) | A+ first or skip it if you already have support proof; Network+ helps if the role touches networks/cloud. |
| Cybersecurity Analyst | Security analyst lane | RoleMath relevance 110; Information Security Analysts (15-1212) | Network+ then Security+ for foundation; CySA+ later when analyst evidence is credible. |
| SOC Analyst | SOC lane | RoleMath relevance 110; Information Security Analysts (15-1212) | Security+ before CySA+ for most beginners; CySA+ gets stronger with logs, SIEM, and incident workflow proof. |
| IT Security Operations Specialist | Security operations lane | RoleMath relevance 118; Information Security Analysts (15-1212) | Security+ is the baseline; CySA+ comes after operations, IAM, cloud, and alert evidence. |
| Network Security Engineer | Network-security later lane | RoleMath relevance 118; Information Security Engineers (15-1299) | Network+ and Security+ can be foundations, but network engineering/security tooling proof matters more than stack completion. |
Day-to-day task evidence
The order should produce work proof, not just exam receipts.
| Role lane | Day-to-day task evidence | What the sequence should produce |
|---|---|---|
| Help Desk Technician | Oversee the daily performance of computer systems.; Set up equipment for employee use, performing or ensuring proper installation of cables, operating systems, or appropriate software.; Read technical manuals, confer with users, or conduct computer diagnostics to investigate and resolve problems or to provide technical assistance and support. | support tickets, device/OS troubleshooting, account issues, and user communication |
| IT Support Specialist | Oversee the daily performance of computer systems.; Set up equipment for employee use, performing or ensuring proper installation of cables, operating systems, or appropriate software.; Read technical manuals, confer with users, or conduct computer diagnostics to investigate and resolve problems or to provide technical assistance and support. | ticket notes, endpoint setup, escalation writeups, and basic networking evidence |
| Cybersecurity Analyst | Develop plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.; Monitor current reports of computer viruses to determine when to update virus protection systems.; Encrypt data transmissions and erect firewalls to conceal confidential information as it is being transmitted and to keep out tainted digital transfers. | risk, controls, vulnerability, monitoring, and incident documentation |
| SOC Analyst | Develop plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.; Monitor current reports of computer viruses to determine when to update virus protection systems.; Encrypt data transmissions and erect firewalls to conceal confidential information as it is being transmitted and to keep out tainted digital transfers. | SIEM triage, alert notes, incident timelines, and escalation criteria |
| Network Security Engineer | Identify security system weaknesses, using penetration tests.; Coordinate monitoring of networks or systems for security breaches or intrusions.; Assess the quality of security controls, using performance indicators. | firewall, network-security, vulnerability, and monitoring evidence |
A support ticket, network troubleshooting note, SIEM alert writeup, or incident timeline makes the sequence legible to a hiring manager.
Occupation pay and outlook context
Use BLS/O*NET occupation context to understand the role lanes. Do not turn these figures into CompTIA certification salary, ROI, placement, or personal outcome claims.
| Role lane | Occupation anchor | BLS/O*NET national context | Guardrail |
|---|---|---|---|
| Help Desk Technician | Computer User Support Specialists (15-1232) | $61,860; -3.7% projected employment change; 40.8k annual openings | Occupation-level only; not a CompTIA certification salary, placement, ROI, or personal outcome claim. |
| IT Support Specialist | Computer User Support Specialists (15-1232) | $61,860; -3.7% projected employment change; 40.8k annual openings | Occupation-level only; not a CompTIA certification salary, placement, ROI, or personal outcome claim. |
| Cybersecurity Analyst | Information Security Analysts (15-1212) | $129,180; 28.5% projected employment change; 16k annual openings | Occupation-level only; not a CompTIA certification salary, placement, ROI, or personal outcome claim. |
| SOC Analyst | Information Security Analysts (15-1212) | $129,180; 28.5% projected employment change; 16k annual openings | Occupation-level only; not a CompTIA certification salary, placement, ROI, or personal outcome claim. |
| Network Security Engineer | Information Security Engineers (15-1299) | $116,580; 8.2% projected employment change; 31.3k annual openings | Occupation-level only; not a CompTIA certification salary, placement, ROI, or personal outcome claim. |
Current employer-language sample
RoleMath's public ATS panel is useful for vocabulary, not demand math.
| Role sample | Current public-ATS sample size | Common sampled language | Credential words in sample | Read it as |
|---|---|---|---|---|
| IT Security Operations Specialist | 109 heuristic matches; 24 public-ready rows | IAM (75), AWS (46), Python (43), Cybersecurity (40), Azure (39), GCP (34) | Security+ (16), CCNA (9), PMP (2), Network+ (1), CySA+ (1) | Vocabulary sample only; not demand or market share. |
| Cybersecurity Analyst | 64 heuristic matches; 35 public-ready rows | Cybersecurity (40), NIST (22), CISSP (22), SIEM (20), Incident response (16), threat intelligence (13) | Security+ (12), CySA+ (6), CCNA (4), PMP (1), Network+ (1) | Vocabulary sample only; not demand or market share. |
| SOC Analyst | 77 heuristic matches; 20 public-ready rows | Cybersecurity (61), SIEM (53), Incident response (48), EDR (44), threat intelligence (42), threat hunting (36) | CySA+ (10), Security+ (10), CCNA (3), CompTIA A+ (2), PMP (1) | Vocabulary sample only; not demand or market share. |
| Help Desk Technician | 80 heuristic matches; 55 public-ready rows | Troubleshooting (51), Windows (35), ServiceNow (25), Active Directory (20), macOS (15), Jira (12) | Security+ (21), CompTIA A+ (7), Network+ (3), PMP (3), CCNA (1) | Vocabulary sample only; not demand or market share. |
| IT Support Specialist | 42 heuristic matches; 22 public-ready rows | Windows (26), Troubleshooting (23), macOS (19), Okta (14), Azure (10), Linux (9) | Network+ (5), CompTIA A+ (4), Security+ (1), PMP (1), Server+ (1) | Vocabulary sample only; not demand or market share. |
The useful signal is what to practice: troubleshooting, Windows, Active Directory, SIEM, incident response, IAM, cloud, cybersecurity, Security+, Network+, A+, and CySA+. The sample does not prove demand or market share.
How AI affects the CompTIA sequence
AI makes generic memorization weaker and verification stronger. It can draft ticket notes, troubleshooters, SIEM summaries, control checklists, command explanations, and incident reports. The worker still has to verify against the device, identity, log, alert, topology, or policy.
| Role lane | AI task-context signal | Practice implication |
|---|---|---|
| IT Security Operations Specialist | 23.9% augmentation / 76.1% automation-style delegation in the mapped Anthropic panel | Practice IAM review, cloud alert summaries, policy-control drafts, and evidence checks with human verification against real logs, tickets, devices, identities, or controls. |
| Cybersecurity Analyst | 23.9% augmentation / 76.1% automation-style delegation in the mapped Anthropic panel | Practice risk notes, alert summaries, control checks, and incident timelines with human verification against real logs, tickets, devices, identities, or controls. |
| SOC Analyst | 23.9% augmentation / 76.1% automation-style delegation in the mapped Anthropic panel | Practice SIEM triage notes, detection hypotheses, escalation summaries, and post-incident writeups with human verification against real logs, tickets, devices, identities, or controls. |
| Help Desk Technician | 34.38% augmentation / 65.62% automation-style delegation in the mapped Anthropic panel | Practice ticket summaries, troubleshooting trees, endpoint checks, and customer explanations with human verification against real logs, tickets, devices, identities, or controls. |
| IT Support Specialist | 34.38% augmentation / 65.62% automation-style delegation in the mapped Anthropic panel | Practice setup checklists, escalation notes, identity checks, and endpoint documentation with human verification against real logs, tickets, devices, identities, or controls. |
That is why each CompTIA step should produce artifacts: ticket writeups after A+, network diagrams after Network+, security-control notes after Security+, and analyst workflows before CySA+.
What to skip
Skip A+ if you already have credible support work and can show operating-system, device, ticketing, and troubleshooting evidence. Skip Network+ only if networking is already proven by work, labs, or a stronger networking credential. Skip Security+ only if your target is not security or if you already have stronger security evidence. Delay CySA+ until analyst/SOC work is the actual target.
Skipping is not a shortcut when it is backed by evidence. Skipping is risky only when it hides a knowledge gap.
What not to infer from CompTIA order
Do not infer that the A+ -> Network+ -> Security+ order guarantees a job. Do not infer a personal salary from occupation wage data. Do not infer that a sampled employer-language panel proves demand. Do not infer that AI usage percentages predict job loss.
The sequence is a planning tool. The proof is the work you can show after each step.
Trend gate: previous-year and future demand
RoleMath is not publishing previous-year movement or future demand predictions for CompTIA employer-language from the current public ATS panel yet. The trend gate currently has one comparable group, zero trend-ready groups, and a requirement for two more comparable snapshots and 60 more days between the first and latest comparable snapshot.
Until that gate clears, this article uses official CompTIA facts, BLS/O*NET occupation context, current qualitative employer wording, and AI task-context evidence.
Final recommendation
If you are new to IT support, start with A+. If you know support but not networking, move to Network+. If security is the target, add Security+ after networking/systems context. Add CySA+ only when analyst/SOC evidence is the next real move.
The right order is the shortest credible sequence between your current proof and the role you want.
Frequently asked questions
What order should I take CompTIA certifications?
For many true beginners, A+ then Network+ then Security+ is the cleanest knowledge order. CySA+ usually comes later for analyst or SOC work. Skip any step you can already prove with work or labs.
Do I need A+ before Network+?
Not always. A+ is useful if support and device fundamentals are missing. If you already have support proof, Network+ can be the better first CompTIA exam.
Do I need Network+ before Security+?
CompTIA's local official-source rows frame Network+ as recommended context before Security+. It is not a hard gate, but Security+ is stronger when network and systems context are credible.
Should I take CySA+ right after Security+?
Only if SOC or analyst work is the target and you are building log, SIEM, detection, and incident-response artifacts. CySA+ is a harder analyst credential, not a default beginner step.
How does AI change the CompTIA order?
AI makes verification more important. Use AI to draft notes or troubleshooters, but prove that you can verify against real tickets, logs, devices, identities, controls, and business context.
Related, with the cited detail
Sources
Figures in this article are cited to the sources named in the Citation Ledger below and on each linked cited page. This page stays draft_noindex pending human citation review.
Citation Ledger
| ID | Supports | Evidence | Source |
|---|---|---|---|
| CIT-01 | A+ identity, two-exam structure, cost rows, support recommendation, and difficulty posture. | RoleMath official-source rows cite CompTIA A+ 220-1201/220-1202, two $274 fee rows, maximum 90 questions / 90 minutes per exam, and about 12 months of recommended support experience; difficulty output scores A+ 30/100 Foundational. | https://www.comptia.org/en-us/certifications/a/core-1-and-2-v15/; outputs/cert_difficulty/certification_difficulty.csv |
| CIT-02 | Network+ identity, structure, cost row, recommended prior knowledge, and difficulty posture. | RoleMath official-source rows cite CompTIA Network+ N10-009, $399 fee row, maximum 90 questions / 90 minutes, and recommended A+ plus 9-12 months junior-network experience; difficulty output scores Network+ 35/100 Moderate. | https://www.comptia.org/en-us/certifications/network/; outputs/cert_difficulty/certification_difficulty.csv |
| CIT-03 | Security+ identity, structure, cost row, recommended prior knowledge, and difficulty posture. | RoleMath official-source rows cite CompTIA Security+ SY0-701, $439 fee row, maximum 90 questions / 90 minutes, and recommended Network+ plus about two years of security/systems experience; difficulty output scores Security+ 45/100 Moderate. | https://www.comptia.org/en-us/certifications/security/; outputs/cert_difficulty/certification_difficulty.csv |
| CIT-04 | CySA+ is later analyst/SOC evidence, with lifecycle caveat. | RoleMath source registry records CySA+ V4/CS0-004 current exam-version context and local rows retain CS0-003 structure/cost evidence; eligibility rows recommend Network+, Security+, or equivalent knowledge plus hands-on analyst/SOC experience; difficulty output scores CySA+ 75/100 Hard. | https://www.comptia.org/en-us/certifications/cybersecurity-analyst/v4/; https://www.comptia.org/en-us/certifications/cybersecurity-analyst/v3/; outputs/cert_difficulty/certification_difficulty.csv |
| CIT-05 | Role-first CompTIA sequencing. | RoleMath packet maps this article to support, IT support, cybersecurity analyst, SOC analyst, security operations, and network-security role lanes with role relevance scores and certification signals. | outputs/article_data_moat_packets/packets/what-order-to-take-comptia-certifications.json |
| CIT-06 | Occupation pay and outlook context are role-level only. | RoleMath role packets use BLS OEWS May 2025, BLS Employment Projections 2024-2034, and O*NET mappings for support and security occupations. | https://www.bls.gov/oes/special-requests/oesm25nat.zip; https://www.bls.gov/emp/ind-occ-matrix/occupation.xlsx; https://www.onetonline.org/ |
| CIT-07 | Task evidence behind sequence artifacts. | O*NET and RoleMath task summaries identify support troubleshooting, computer diagnostics, security monitoring, risk controls, vulnerability assessment, and incident-related work. | outputs/onet_role_task_summary.csv; https://www.onetonline.org/ |
| CIT-08 | Employer-language samples are qualitative vocabulary only. | RoleMath public ATS panels capture sampled Security+, CySA+, Network+, A+, troubleshooting, Windows, SIEM, incident response, IAM, cloud, and cybersecurity language while marking the panel as non-representative demand. | outputs/demand_language_panel/current_role_panels.json; https://jobs.ashbyhq.com/; https://job-boards.greenhouse.io/; https://api.lever.co/v0/postings; https://www.myworkday.com/ |
| CIT-09 | AI context is task/workflow evidence only, not a forecast. | RoleMath AI panels map Anthropic Economic Index usage data to support and security role packets as descriptive task context, not job-loss or demand prediction. | https://www.anthropic.com/research/economic-index-june-2026-report; https://huggingface.co/datasets/Anthropic/EconomicIndex |
| CIT-10 | Previous-year and future employer-language claims remain blocked until trend-ready. | RoleMath demand trend gate currently has one comparable group, zero trend-ready groups, and a requirement for two more comparable snapshots and 60 more days between first and latest comparable snapshot. | outputs/demand_language_panel/trend_readiness.json |