Both GSEC and Security+ cyber security certifications are valued by prospective employers, but there are some nuances you need to be aware of before pursuing these certifications.
Both certifications are designed to demonstrate a baseline understanding of cyber security fundamentals. Despite being must-have certifications for aspiring cyber security professionals, these certifications do differ with respect to material covered, price, complexity, passing score, and various other characteristics.
Before investing time and money into these certifications it’s important that you know the specifics of the GSEC vs Security+ certifications and what differentiates them.
What are GSEC and Security+ Certifications?
GSEC and Security+ are cyber security certificates that test your understanding of a range of cyber security topics. GSEC, short for GIAC Security Essentials (GSEC) is designed by Global Information Assurance Certification (GIAC). Security+, however, is CompTIA's most popular cyber security certification.
Both organizations are vendor neutral and administer a wide range of certifications. We should add, however, that the GSEC may ask test takers about cloud environments such as Azure and AWS while CompTIA will not dive into vendor-related specifics.
Outside of this one vendor-specific area, the majority of the material covered will overlap between the two certifications.
While both certifications will ensure you have a baseline understanding of cyber security, both organizations recommend you have a solid understanding of IT and networking before taking these exams.
At a glance, these two certifications may look nearly identical. Yet, while they both cover crucial aspects of cyber security that you’ll need to know for professional purposes there are key differences between them.
GSEC is a highly sought-after cyber security certification that professionals obtain in order to convey their prowess to employers.
This can be considered an entry-level cyber security certification, as it requires test takers to have fundamental and more advanced knowledge of a range of cyber-related topics. Test takers should already have a solid understanding of IT and networking.
GSEC is recognized internationally and respected widely within the cyber security and IT industries.
GSEC derives its respect from the organization that created the certification, the Global Information Assurance Certification (GIAC). The GIAC is a globally respected organization that specializes in the creation and issuing of information security certifications. In addition to GSEC, the Global Information Assurance Certification issues more than 40 other certifications.
If you’re new to the field of cyber security or have limited experience and want to both refine and demonstrate your knowledge, obtaining the GSEC certificate can help you do so.
The certification covers a range of areas including but not limited to:
- Access control, password management, and defense in depth
- Cloud computing, including AWS fundamentals and Azure
- Linux fundamentals, including hardening and securing
- Incident handling and response, DLP, vulnerability scanning, and penetration testing
This may sound like the perfect certification for you, but it’s not the only certification in question.
Like GSEC, the Security+ certification is also pursued in order to demonstrate baseline cyber security skills.
If you already have CompTIA’s A+ and Network+ certifications under your belt and want to showcase your cyber security skills to employers, this certification is for you.
Its issuing body, CompTIA, provides training, testing, and holds events for those in the field of information technology. CompTIA (along with (ISC)2) is considered one the most respected vendor-neutral professional certification organizations.
CompTIA’s global reach provides a degree of respectability to its certifications that few other organizations can match.
Security+ was designed to validate that test takers have a baseline knowledge of cyber security subjects and prepare you for an entry-level position in cyber security. Security+ is now in its sixth iteration. Every three years, CompTIA redesigns the exam to reflect the field. To create the latest edition of the test, CompTIA collaborated with major tech companies and universities such as Netflix, Splunk, Johns Hopkins, and the US Navy to name a few.
The test will cover areas such as but not limited to:
- Assessing a company’s security posture
- Recommending and implementing security solutions
- Securing and monitoring of hybrid environments such as the cloud, mobile, and IoT
- Awareness of law and policies as they pertain to cyber security
- Analyzation of security events and incidents
While there appear to be considerable overlaps when it comes to the GIAC security essentials vs CompTIA Security+, there are still various crucial differences.
Both exams are more similar than they are different, however there are some crucial differences that could impact which exam you decide to take.
GSEC Exam Details
For the GSEC certificate, you’ll be given 4-5 hours to complete 106-108 questions. The test may last up to five hours due to an optional 15-minute break.
Similar to Security+, the majority of GSEC questions are multiple choice, while a few will be performance-based that test practical hands-on skills. For these performance-based questions you may use real programs, code, and VMs to solve real-world problems.
The minimum score needed to pass the GSEC is 73%.
GSEC is also proctored by Pearson VUE should you decide to take the test in person. Through ProctorU they provide a remote-testing option.
GSEC covers much of the same material but is a bit wider in scope. These are the exam objectives that differentiate GSEC from Security+:
- AWS Fundamentals and Security
- Container and MacOS Security
- DLP (data loss prevention)
- Windows Security Policies
- Windows Access Controls
- Windows Services and Azure
Security+ Exam Details
For the Security+ exam, you’ll have 90 minutes to complete a maximum of 90 questions. If you’ve adequately studied for the exam you can expect to finish before the 90-minute mark.
Of these approximately 90 questions the vast majority will be multiple choice. However, to begin the test you’ll be asked to complete between 1-10 weighed performance-based questions (PBQs). While 10 may sound daunting, typically you’ll only be give four or five PBQs. PBQs are designed to test your critical thinking and technical cyber security skills. The number of PBQs you are given will impact the number of multiple choice questions you have to answer.
Via a simulator you’ll be required to solve a complex problem that cyber security professionals might encounter on the job. You may be asked to fix an issue with the firewall or use basic bash commands like ifconfig or ping. These questions are more time consuming than multiple choice questions and as such you may wish to skip them and come back to them after you’ve completed the multiple choice questions.
To pass you’ll need a score of 750 out of 900 which breaks down to 83.33%.
As far as the material you’ll be tested on, Security+ covers the following areas. The percentages indicate the extent to which each area of expertise is represented.
- Attacks, Threats, and Vulnerabilities (24%)
- Architecture and Design (21%)
- Implementation (25%)
- Operations and Incident Response (16%)
- Governance Risk and Compliance (14%)
On CompTIA’s website, you can download a detailed list of all the exam objectives.
The Security+ exam can be taken either in your home or in person. If taken online it will be proctored by Pearson OnVUE, a remote exam proctoring company. To take the exam online you’ll have to abide by strict measures such as:
- Turning your microphone/camera on the for entirety of the test
- Making sure your desk is clear of all items and that no object is within arm’s reach
- Staying within view of the video camera for the entirety of the test
- No water or drink is permitted
Plenty of times are available to schedule a test online with various timeslots open every day.
If taking the exam in person you’ll be required to go to a Pearson VUE test center near you. You won’t be allowed to bring any personal items in the testing room. Bags, smartphones, smartwatches, notes, and food will have to wait outside.
CompTIA Security+ vs GIAC Security Essentials have quite a bit of overlap when it comes to the areas of expertise covered. Both cover the fundamentals of cyber security while testing your knowledge using both multiple choice and in-depth performance based questions.
Security+ may cover more areas of knowledge but does so at more of a surface level than GSEC. GSEC dives deeper into topics, however it does’t cover the same scope of knowledge at Security+
There are no hard eligibility requirements for Security+ or GSEC. That means neither CompTIA or GIAC will ask you for proof of professional experience or of prior certifications.
While anyone is able to sign up for these exams, you should have a firm understanding of fundamental cyber security topics prior to taking the exams. Both organizations provide guidance on the knowledge base that is recommended that you have before taking these exams.
There are no eligibility requirements to take the GSEC exam.
GIAC does recommend that test takers have practical work experience before taking the exam, although they don’t specify the number of years of experience. GIAC also mentions that college level courses or self-paced study may allow you to master the test.
There are no eligibility requirements for Security+ test takers, however a baseline understanding of IT security is recommended.
CompTIA recommends that you have two years of hands-on experience working in a security/systems admin job role. It would also make sense to already have CompTIA’s A+ and Network+ under your belt before attempting Security+. That being said, we have found that a combination of diligent studying and practice test taking along with a fundamental understanding of networking and IT should be enough to pass the exam.
You don’t need to be a cyber security expert to take either of these exams. Diligent studying alone should help you pass either test. That being said, CompTIA’s recommendation of two years of hands-on experience versus GIAC’s acknowledgement that test takers don’t need any professional experience to take the exam suggests that the Security+ exam has stronger suggested requirements than GSEC.
Neither exam should be taken lightly. Diligent studying and hands-on experience should be had before considering taking either one of these tests. Even if you have professional experience, it’s never a bad idea to look at each exam’s objectives and study accordingly.
GSEC is a whopping 5 hour exam made up of 106-108 questions. Like Security+, most are multiple-choice, however there are hands-on performance-based questions as well.
Although they mostly cover the same foundational cyber security information, GSEC also asks vendor-specific questions regarding Azure and AWS.
To pass the GSEC you need a minimum score of 73%.
Security+ covers a wide range of concepts as you can view here via their exam objectives. Despite the range of topics covered, most multiple choice questions require having a surface level understanding of cyber security concepts.
If you have taken the A+ or Network+ you will notice considerable overlap between these two certifications and Security+.
To pass the exam you’ll need a score of at least 83%. Remember that there is a maximum of 90 questions -majority are mulitple choice- and you’ll have 90 minutes to answer them. To help prepare for the exam take, a look at this Security+ Cheat Sheet.
Both exams require lengthy preparation and will test you on a wide range of cyber security knowledge. Despite Security+ having a higher passing score, it’s not as in-depth, technical, or long a test as the GSEC. This makes Security+ just narrowly the easier of the two exams.
If you’re looking to break into cyber security, GSEC or Security+ can help your resume stand out to potential employers. Both organizations have brand recognition and thus are respected within the field. However when it coems to entry-level cyber security certifications, one certification is the clear winner.
After searching Indeed for jobs that require GSEC, 2,447 jobs throughout the entire US were found.
Jobs hiring those that have GSEC are entry-level, mid-level, and senior positions ranging from a Cyber Defensive Operations Specialist to a Cyber Security Analyst.
Similar to Security+, employers asking for GSEC require applicants to have more than a single certification to their name. They want applicants to have hands-on skills. These skills will depend on the type of job you apply to.
First off, what kind of jobs does Security+ prepare you for?
Considering its an entry-level cyber security certification, it would prepare you for a similar line of work as GSEC.
After you obtain your Security+ certification you may consider applying for the following jobs accompanied by their respective average salary:
- Systems Administrator - $70k
- Network Administrator - $75k
- Security Administrator - $93k
- Security Analyst - $85k
- cyber security Engineer - $110k
- Cyber Threat Analyst - $120k
- Triage Analyst - $52k
- Junior Pen Tester - $116k
- cyber security Analyst - $113k
Search for the aforementioned jobs via LinkedIn or Indeed and more often than not you will see job posters asking for the Security+ certification. Other certifications and experience will play a large role in the starting salary.
A LinkedIn search found that there are nearly 8,000 job openings that ask for CompTIA’s Security+ certificate.
Just because hiring teams require certifications for certain roles, it’s rarely the only requirement. Remember that Security+ is an entry level cyber certification. It proves that you have baseline knowledge within the realm of cyber security, but that you are far from an expert.
To demonstrate that you can contribute from day one they will often want to see that you have either professional experience or have demonstrated you have knowledge of certain tools and software.
As you can see from the job description below, this employer requires candidates to have a number of technical skills in addition to Security+.
Quite often you’ll see job postings asking for either Security+ or GSEC. Despite testing the same material more employers are asking that applicants have Security+. This is indicative of CompTIA’s brand reputation. As a more respected and widely known organization, more employers prefer to see Security+ on your resume rather than GSEC.
Cost and Recertification
Certifications, regardless of who issues them, are costly. Let’s find out how these two entry-level cyber security certifications compare.
GSEC is nearly twice as expensive as the Security+ exam.
Your first attempt at GSEC costs $949. However, if you already have a GIAC certification that price drops to $499.
Should you fail and wish to retake the exam you will pay $849 (or $399 if you have an active related GIAC certification). GSEC is valid for four years. If you want to renew the certification you’ll pay $469 regardless of whether you hold a related certification or obtain a more advanced certification.
Security+ costs $392 per attempt. Should you fail there is no discount for a second attempt.
You can often find discounted vouchers on the Internet provided by reputable teachers. Discounted vouchers may be provided after completing a course or as a stand-alone purchase.
The certification is valid for three years, after which you can renew by retaking the exam or by earning 50 Continuing Education Units (CEUs). You can also automatically renew the certification by obtaining a more advanced certification such as the CySA+ or the PenTest+.
Annual continuing education costs $50 a year. You’re required to pay the $150 total before the three-year expiry.
To earn continuing education credits you may:
- Earn a non-CompTIA certification
- Complete training or high education
- Particpate in IT events
- Publish relevant articles
- Gain professional experience
Security+ is considerably cheaper than GSEC in both exam price and renewal fees.
To offset the cost you may ask your employer if they can sponsor the exam. Should an employer do so, it’s likely that they will only pay for the cost of the exam should you pass. You may also be able to find vouchers online or through online courses that can provide access to a discounted exam.
Final Verdict: Security+
Despite the knowledge being tested on the Security+ vs GSEC being comparable, there are other factors at play that set the two apart.
CompTIA’s Security+ is more cost-effective, more recognized by employers, easier to obtain, and is an overall higher-value certification than GIAC’s GSEC.
With that said, both certifications are extremely valuable, especially when starting or furthering your journey as a cyber security professional.
If you’d like to take one of the exams we first recommend familiarizing yourself with the exam objectives.
If you don’t feel confident of the knowledge that will be tested, consider teaming up with StationX. We offer Security+ prep courses that will teach you everything you need for the exam as, well as practice tests that simulate the experience of taking the real exam.