There's a detail most CompTIA study guides skip: when you earn specific combinations of CompTIA certifications, CompTIA formally recognizes that combination as a named stackable designation — with its own title, its own Credly badge, and a line you can put on a resume separate from the individual certs. Most people holding Security+ and CySA+ don't realize they've also earned the "Cybersecurity Analyst" designation. That's the actual CompTIA stackable certs system, and it's more useful than the vague "build one cert on top of another" framing you see in most overviews.
This guide covers the full picture: the official designations, the two main tracks, what each cert costs and covers, where the new SecAI+ fits in, and which path makes sense depending on where you're starting from.
How CompTIA Stackable Certs Actually Work
CompTIA's stackable certification program maps specific cert combinations to recognized designations. These aren't separate exams — they're awarded automatically when you hold the qualifying certs simultaneously. The current designations:
- IT Operations Specialist — A+ + Network+
- Systems Support Specialist — A+ + Server+
- Network Security Professional — Network+ + Security+
- Secure Infrastructure Specialist — A+ + Network+ + Security+
- Linux Network Professional — Network+ + Linux+
- Secure Cloud Professional — Security+ + Cloud+
- Cybersecurity Analyst — Security+ + CySA+
- Security Analytics Professional — CySA+ + SecurityX
- CompTIA Advanced Security Practitioner — SecurityX alone
Each cert in the stack has a three-year renewal cycle from the date you pass. If one expires, you lose the designation until you renew — even if your other qualifying certs are current. That's worth factoring into your timeline before committing to a multi-year plan.
The Two Main CompTIA Stackable Cert Tracks
Most of the stackable designations fall into two practical tracks. The infrastructure track targets sysadmin, cloud ops, and network engineering roles. The cybersecurity track targets security analysis, offensive security, and architecture roles. They share a common foundation — A+ and Network+ appear in both — but branch sharply after Security+.
Infrastructure Track
- CompTIA A+ — Entry point. Covers hardware, OS troubleshooting, mobile devices, and basic networking. Two exams (Core 1 and Core 2), roughly $246 each. Most candidates take 3–4 months from zero.
- CompTIA Network+ — Networking protocols, subnetting, switching, routing, cloud networking basics. One exam (~$358). A+ isn't a formal prerequisite, but you'll find the content harder without it or equivalent hands-on experience.
- CompTIA Server+ or CompTIA Linux+ — Server+ covers physical and virtual server administration. Linux+ is more relevant in cloud and DevOps environments. Both sit at the same tier and both pair with A+ for separate designations.
- CompTIA Cloud+ — Hybrid cloud deployment, virtualization, infrastructure as code fundamentals. Pairs with Security+ for the Secure Cloud Professional designation.
Cybersecurity Track
- CompTIA A+ — Same starting point as infrastructure.
- CompTIA Network+ — Skippable in theory; Security+ doesn't require it. In practice, Network+ makes Security+'s network security content significantly easier, and the combination earns you the Network Security Professional designation.
- CompTIA Security+ — The most recognized entry-level security cert in the industry. Required for DoD 8570/8140 compliance for government contracting work. One exam (~$392).
- CompTIA CySA+ — Threat detection, behavioral analytics, incident response. Sits above Security+ and below SecurityX. One exam (~$392). The difficulty jump from Security+ is real — more on that below.
- CompTIA PenTest+ — Offensive security: planning and scoping, reconnaissance, exploitation, reporting. Sits at roughly the same level as CySA+ but different specialty. Doesn't currently produce a named stackable designation on its own at the advanced tier.
- CompTIA SecurityX (CAS-005) — Formerly CASP+. Expert-level, entirely performance-based exam covering enterprise security architecture, risk management, and cryptography. No multiple-choice questions.
Where the SecAI+ Fits In
CompTIA launched the SecAI+ (CY0-001) in 2025 as a standalone cert focused on AI security and governance. It covers AI system threat modeling, prompt injection, model access controls, and compliance frameworks for AI deployments. It doesn't slot cleanly into either the infrastructure or cybersecurity stack — treat it as a specialization layer that runs parallel to the main tracks rather than as a direct successor to any single cert.
It isn't currently part of a formal stackable designation pair, but Security+ is the practical prerequisite, not because CompTIA mandates it, but because the exam assumes familiarity with basic cryptography, access control, and vulnerability management concepts. For anyone working in environments with LLM integrations or AI-assisted security tooling, it's a legitimate addition. For everyone else, the core stack comes first.
Cost and Difficulty: Actual Numbers
The full cybersecurity stack from A+ through SecurityX, counting exam vouchers only, runs roughly $1,700–$1,900 at current CompTIA pricing. Retakes cost the same as first attempts. Study materials add to this depending on what you use.
| Cert | Exam Cost (USD) | Difficulty | Typical Prep Time |
|---|---|---|---|
| A+ (both cores) | ~$492 | Entry/moderate | 3–4 months |
| Network+ | ~$358 | Moderate | 2–3 months |
| Security+ | ~$392 | Moderate | 2–3 months |
| CySA+ | ~$392 | Moderate–hard | 3–4 months |
| PenTest+ | ~$392 | Hard | 3–6 months |
| SecurityX | ~$509 | Expert | 6+ months |
| SecAI+ | ~$392 | Moderate | 2–3 months |
The difficulty spike between Security+ and CySA+ catches people off guard. Security+ rewards breadth — you can pass it with strong memorization. CySA+ tests whether you can apply that breadth to scenario-based SOC workflow questions. People who relied on memorization for Security+ frequently fail CySA+ on the first attempt. Scenario practice matters more than flashcard volume at that stage.
SecurityX is in a different category entirely. It's performance-based throughout, meaning you're configuring environments, analyzing logs, and walking through architectural decisions — not picking from answer choices. Budget more time and use practice exams that simulate the format, not just the content.
Top Courses for CompTIA Stackable Certs
These are the highest-rated courses currently available for the exams in this stack, based on 2026 ratings.
CompTIA A+ Core 1 (220-1201) Full Course & Practice Exam
Covers the updated 220-1201 objectives with hands-on labs and performance-based question practice. The right starting point for anyone building toward the full infrastructure or cybersecurity stack from scratch.
CompTIA A+ Core 1 (220-1201) 6 Practice Tests [2026]
Six full-length practice exams mapped to current objectives — more useful in the final few weeks before the exam than as a primary learning resource.
CompTIA Security+ (SY0-701) Exam Prep 2026 - For Beginners
Built for the SY0-701 objectives with clear coverage of the threat intelligence and zero-trust content that tripped up candidates using older material. The cleaner choice for first-time Security+ candidates over recycled older courses.
CompTIA Security+ (SY0-701) 1,000+ Practice Questions 2026
A dedicated question bank with over 1,000 items and rationale explanations. Best used alongside a full course rather than as a standalone resource, particularly for identifying knowledge gaps two to three weeks out from the exam.
CompTIA SecAI+ Fundamentals: AI Cybersecurity Basics CY0-001
One of the few courses built directly for the CY0-001 exam rather than repurposed from generic AI content — covers AI threat modeling, adversarial machine learning, and governance frameworks as they appear on the actual exam.
CompTIA SecurityX (CAS-005) 6 Practice Exams
Six practice exams for the expert-level SecurityX cert. Given that every SecurityX question is performance-based, high-volume scenario practice under timed conditions matters more here than it does for any other cert in the stack.
FAQ
Do you have to take CompTIA stackable certs in order?
No — CompTIA doesn't enforce prerequisites for most exams. You can register for Security+ without passing A+ or Network+. In practice, the order matters because the content builds on itself. The formal designations require you to hold all qualifying certs simultaneously, so the sequence affects when you earn the designation, not whether you eventually can.
Are CompTIA stackable certs worth pursuing if you're already experienced in IT?
Depends on where you are. If you're a sysadmin with five years of experience and no certs, Security+ alone carries more weight per dollar spent than starting from A+. The stackable path provides the most value at the early-to-mid career stage. Experienced professionals pursuing CySA+ or SecurityX are typically doing so for DoD compliance requirements or to move into senior security architecture roles — not for the learning progression the stack was designed around.
How long does it realistically take to complete the full cybersecurity stack?
Realistically, 18–36 months for A+ through SecurityX studying part-time alongside a job. That's not a reason to avoid the path — it's a reason to sequence it around your immediate career needs rather than treating it as a sprint. Rushing the stack to collect credential names without the underlying skills tends to surface in technical interviews.
What happens to a stackable designation if one of my certs expires?
You lose the designation until you renew the expired cert. All CompTIA certs renew on a three-year cycle from the exam date, either through Continuing Education credits or by retaking the exam. If you let A+ lapse while holding Network+ and Security+, you lose the Secure Infrastructure Specialist designation. Track renewal dates for each cert individually.
Do employers actually recognize the stackable designation names?
The individual certs — Security+, CySA+, SecurityX — are well understood by technical hiring managers and HR screening filters. The stacked designation titles ("Cybersecurity Analyst," "Network Security Professional") are less consistently recognized. In practice, listing the individual certs is clearer on a resume. The designation names are more useful as framing on a LinkedIn profile or when explaining credential progression in an interview.
Is the SecAI+ worth pursuing before completing the core cybersecurity stack?
Not for most people. The SecAI+ assumes background knowledge in security fundamentals. If you don't have Security+ or equivalent knowledge, the AI-specific content won't land properly. Complete Security+ first, then evaluate whether your target role actually involves AI system security — if it does, SecAI+ becomes a logical next step rather than a detour.
Bottom Line
CompTIA stackable certs are worth pursuing if you treat them as a skill development sequence first and a credentialing strategy second. The formal designation names are a secondary benefit — what moves your career is whether the underlying skills hold up in actual work environments.
For most people starting from zero, the clearest path is A+ → Network+ → Security+, then branch based on where you want to work: CySA+ for detection and response roles, PenTest+ for offensive security, Cloud+ for cloud operations. The infrastructure track (Server+, Linux+) makes more sense if your target is sysadmin or cloud engineering rather than security proper.
Don't rush SecurityX. It's a genuine expert-level exam, and pursuing it before you've worked in security roles at the CySA+ tier tends to produce poor results. The stack rewards patience over speed.
Start with whichever cert aligns with your next job target, not whichever one sits at the top of the stack.