CompTIA quietly added something most people overlook: when you earn certain combinations of their certifications, they issue you a second credential called a Stackable Certificate—a separate, printable recognition that names your specialty. Earn A+ and Network+ together and you get "IT Operations Specialist." Add Security+ and you become a "Secure Infrastructure Specialist." These aren't marketing labels; they appear on CompTIA's verification system and matter to HR teams using automated screening.
This guide covers how CompTIA stackable certs actually work, which stacks employers care about, realistic salary ranges at each level, and which courses give you the best shot at passing on the first try.
How CompTIA Stackable Certs Work
CompTIA organizes its certifications into two main tracks: Infrastructure and Cybersecurity. Each track has a logical progression from entry-level to expert, and specific combinations trigger the stackable certificate system.
The key distinction: a stackable certificate is separate from the underlying certifications. You earn both. CompTIA's Credly-backed verification system shows all of them, so a hiring manager can see both your individual certs and the stacked credential.
Infrastructure Stack
- IT Operations Specialist — A+ + Network+
- Network Infrastructure Professional — Network+ + Server+
- Cloud Infrastructure Professional — Network+ + Cloud+
- Linux Network Professional — Network+ + Linux+
Cybersecurity Stack
- Secure Infrastructure Specialist — A+ + Network+ + Security+
- Security Analytics Professional — CySA+ + PenTest+
- CompTIA Security Infrastructure Expert (CSIE) — CASP+ (SecurityX) + CySA+ or PenTest+
- CompTIA IT Operations Expert (CIOE) — CASP+ + Security+
There's also an emerging Data stack (Data+, DataSys+, DataX) that's newer and less employer-tested—worth watching but not yet a safe career bet.
Which CompTIA Stackable Cert Path Should You Take?
The honest answer depends on where you're starting and what you want to earn. Most people entering IT should default to the cybersecurity track—it pays roughly 30–40% more than equivalent infrastructure roles at the mid-level, and the job market is structurally undersupplied.
The Fast Path for Career Changers (12–18 months)
A+ → Security+ is the shortest route to a $70K+ role. Skipping Network+ is controversial, but Security+ SY0-701 exam objectives include enough networking concepts that many test-takers pass without a formal Network+ first. You get the Security+ cert but not the "Secure Infrastructure Specialist" stackable certificate (which requires all three). For pure salary speed, it's the right tradeoff. For government contractor roles, it's essential—Security+ is DoD 8570/8140 baseline-compliant, which unlocks a whole tier of federal contracting work unavailable to anyone without it.
The Thorough Path for Long-Term Positioning (24–36 months)
A+ → Network+ → Security+ → CySA+ → SecurityX (formerly CASP+). This is the full cybersecurity stack. CySA+ validates blue-team, threat detection, and incident response skills. SecurityX (CAS-005) sits at the top—equivalent to expert-level without being a management cert. Combined, these four certs qualify you for senior analyst and security engineer roles paying $100K–$140K in most US metro areas.
When Infrastructure Makes Sense
If you're targeting cloud infrastructure, SRE, or network engineering roles rather than security, the A+ → Network+ → Cloud+ or Linux+ path is more relevant. Cloud+ in particular positions you for DevOps-adjacent roles where cloud security overlaps with platform engineering. These tend to land at $80K–$110K at the senior level, which is slightly below cybersecurity but with arguably lower stress.
Salary Reality at Each Cert Level
These are US national median ranges pulled from BLS, LinkedIn Salary, and Glassdoor data. Actual offers vary significantly by metro area and employer type (federal contracts typically pay a 15–25% premium over equivalent private-sector roles).
- A+ only: $38,000–$52,000 (help desk, desktop support)
- A+ + Network+ (IT Operations Specialist): $52,000–$68,000 (network admin, NOC analyst)
- + Security+ (Secure Infrastructure Specialist): $68,000–$88,000 (security analyst, SOC tier 1–2)
- + CySA+ (Security Analytics Professional with PenTest+): $85,000–$110,000 (threat analyst, detection engineer)
- + SecurityX (CSIE or CIOE stack): $110,000–$145,000 (senior security architect, principal analyst)
The jump from Security+ to CySA+ is notably steep—roughly $15,000–$25,000 median lift—because CySA+ holders can actually run incident response and threat hunting, not just configure firewalls. Employers pay for that operational capability.
How Long Each Cert Takes (Realistic Estimates)
CompTIA's official study time recommendations run short. Here's what practitioners report on Reddit and in exam pass/fail retrospectives:
- A+ (two exams): 3–4 months studying 1–2 hours/day with zero prior IT background; 6–8 weeks with a help desk background
- Network+: 6–10 weeks; harder than A+ for most people because subnetting requires actual practice
- Security+: 8–12 weeks; the SY0-701 version has more performance-based questions than previous versions
- CySA+: 10–16 weeks; assumes you've done real incident response or studied hard for the scenario questions
- PenTest+: 8–12 weeks; easier for people with Security+ and some hands-on lab experience
- SecurityX (CAS-005): 12–20 weeks; requires synthesizing everything above plus enterprise architecture thinking
Total elapsed time for the full cybersecurity stack (A+ through SecurityX): typically 2.5–4 years if you're working while studying and earning experience in between. Accelerated paths exist but they produce candidates who pass exams and struggle on the job.
Top Courses for CompTIA Stackable Certs
These are the highest-rated courses available right now for the certs that matter most in the stack.
CompTIA Security+ (SY0-701) Exam Prep 2026 - For Beginners
Rated 9.5/10. Written for the current SY0-701 exam objectives, this course covers the five domains with enough depth to handle the performance-based questions that catch most test-takers off guard. Good starting point if you already have Network+ or equivalent experience.
CompTIA Security+ (SY0-701) 1,000+ Practice Questions 2026
Rated 9.5/10. Practice questions are where most Security+ candidates sink or swim—the SY0-701 has drag-and-drop and simulation questions that look nothing like flashcard prep. 1,000+ questions at this quality level is what you need in the final 3–4 weeks before the exam.
CompTIA A+ Core 1 (220-1201) Full Course & Practice Exam
Rated 9.4/10. A+ requires passing two separate exams (Core 1 and Core 2). This covers Core 1 (hardware, networking, mobile devices) completely, with a built-in practice exam. Pair it with a Core 2 course for the full A+ credential.
CompTIA A+ Core 1 (220-1201) 6 Practice Tests [2026]
Rated 9.4/10. Six full-length practice tests calibrated to current exam difficulty. Use these after completing the full course—not before. A+ has a high failure rate among people who underestimate the hardware and troubleshooting scenario questions.
CompTIA SecurityX (CAS-005) 6 Practice Exams
Rated 9.0/10. SecurityX (the rebrand of CASP+) is the hardest exam in the stack. The CAS-005 objective domains are broad and the questions are scenario-heavy. These practice exams are the best available preparation for the top-of-stack credential that triggers the CSIE and CIOE stackable certificates.
CompTIA SecAI+ Fundamentals: AI Cybersecurity Basics CY0-001
Rated 9.6/10. SecAI+ is CompTIA's newest cert, launched in 2025, targeting AI security and governance. It's not yet part of a formal stack, but employers in financial services and healthcare are already specifying it for roles that involve AI model deployment. Worth adding after Security+ if your target role touches AI infrastructure.
FAQ
Do CompTIA stackable certs expire?
Yes. Each individual certification follows CompTIA's Continuing Education (CE) program—most expire after three years. You renew by earning CE credits (through training, conferences, or other certs) or by passing a higher-level exam. When you renew a cert that's part of a stack, the stackable certificate automatically renews with it. SecurityX renewal renews all lower certs in the CE pathway simultaneously, which is one reason to pursue it even after you've stopped needing to prove the basics.
Are CompTIA stackable certs recognized by the DoD?
Security+ and above are approved for DoD 8570/8140 compliance. Specifically: Security+ satisfies IAT Level II and IAM Level I; CySA+ satisfies IAT Level III (some roles); CASP+/SecurityX satisfies IAT Level III and IAM Level II. A+ and Network+ are not on the 8570 approved list, though they're commonly required by contractors for technical baseline roles. If you're targeting defense work, Security+ is your minimum entry ticket.
Can I skip A+ and go straight to Security+?
Technically yes—there are no enforced prerequisites. Practically, skipping A+ is often fine if you have 1–2 years of hands-on IT experience. Skipping Network+ before Security+ is riskier because SY0-701 assumes solid networking fundamentals (subnetting, TCP/IP, VPNs). Most people who fail Security+ on the first attempt report that networking questions were their weak point. If you're completely new to IT with no work experience, do A+ and Network+ first.
How much does the full stack cost?
CompTIA exam vouchers: A+ (two exams) ~$494 total, Network+ ~$369, Security+ ~$404, CySA+ ~$404, PenTest+ ~$404, SecurityX ~$509. Full stack (A+ through SecurityX) runs approximately $2,600–$2,800 in vouchers alone before any study materials. Bundled voucher + training courses through CompTIA's own store are often cheaper. Many employers reimburse exam costs—worth asking before you pay out of pocket.
What jobs specifically list CompTIA stackable certs?
Job postings rarely use the stackable certificate names directly. They list the underlying certs instead. "Secure Infrastructure Specialist" isn't a job title—it's a credential that signals you have A+, Network+, and Security+ without the employer having to list all three. Government contractor postings (cleared roles, GSA, DoD) are the exception—some will explicitly ask for CASP+ or CySA+ alongside Security+, which maps to the stackable cert structure.
Is the new SecAI+ part of a stack?
Not officially as of mid-2026. CompTIA launched SecAI+ (CY0-001) in 2025 and hasn't yet published a formal stack that includes it. It positions as a standalone credential for AI security governance and risk roles. Expect CompTIA to integrate it into the cybersecurity stack within 12–24 months as AI security roles become more standardized—it fits logically after Security+ or alongside CySA+.
Bottom Line
CompTIA stackable certs are one of the few certification systems where the credential names you earn for combinations actually mean something to automated HR screening systems—not just to you. The cybersecurity track (A+ → Network+ → Security+ → CySA+ → SecurityX) is the higher-ROI path for most people, with documented salary progression at each step and DoD compliance value that private-sector certs can't match.
If you're starting from zero, begin with Security+ prep materials and work backward to assess whether you need A+ and Network+ first. If you already have Security+, CySA+ is your clearest next move—it's the cert that separates people who know security from people who can operationalize it. That gap is where most of the salary lift lives.
Pick the stack that matches your target role, not the longest possible credential list. Four relevant certs beat eight marginal ones.