When I would do an intake with a prospective student and ask them what certification they were pursuing, many would say CompTIA Security+. My response was always the same: "Do you have your A+ or Network+?"
Why did I ask that? Because it's hard to secure what you don't understand. And what are you securing? Networks. And what do networks operate on? Hardware.
If you skip the fundamentals, it will eventually show up in your day job.
I've seen it from both sides: as a Certified Technical Trainer at HyperLearning Technologies working with people entering the field, and as a Cybersecurity Practitioner watching junior practitioners struggle with things they were supposed to already know. The pattern repeats more than it should.
What "Fundamentals" Actually Means
Fundamentals mean understanding how things actually work.
Even with 20+ years in the field, roughly 80% of what I do daily comes back to fundamental operations: troubleshooting, network ports, system administration, hardware decisions, and more. Fundamentals are the common language of IT. No matter how advanced the threat becomes, your success hinges on how well you understand and can apply the fundamentals.
So what are the fundamentals? For this field, that means CompTIA IT Fundamentals (ITF+), A+, and Network+. Some will include Security+ in that foundational tier, and that argument holds.
The question I hear is: will getting these certifications in order land me a job? Maybe. Maybe not. But if you get them in sequence, you will have a better foundation than someone who jumps straight to Security+ and it will show in your work.
Sequence matters and this is why I advocate it: each exam prepares you for the next one.
IT Fundamentals gives you a working overview of hardware, networking, and security concepts. A+ goes deeper on hardware and introduces networking. Network+ builds on A+ and introduces security principles. Security+ then leverages everything that came before it. So in theory, going in sequence means you have less to study as you progress since a percentage of the material is a repeat of the preceding course.
Why People Skip Them
The pressure is real. People are trying to change careers, cover a mortgage, get promoted, or land their first role before the window closes. The credential feels like the destination, so the shortest path to it looks like the right path.
The cost doesn't help. Certification exams aren't cheap, and for someone trying to break into the field, each attempt carries real financial weight and the added fear of failing. That fear is real. I've been there. More on that in a future post.
The study guides and bootcamps and instructor reputation have adapted to that pressure. They are optimized to help you pass the exam: passing the exam and understanding the material are not always the same thing.
You can memorize the seven layers of the OSI model with an acrostic. Going up from the bottom: Please Do Not Throw Sausage Pizza Away. Going down: People Seem To Need Data Processing. Most students learn one of those and feel good about it.
But knowing the acrostic and knowing how the model helps you troubleshoot a networking issue are two different things. When I'm faced with an issue and asking "why isn't this working," going through these layers helps me identify a possible solution early so I'm not engaging in a guessing game.
The acrostic gets you through the exam. Understanding what lives at each layer gets you through the job.
A Practical Roadmap
If you're new to the field or working to build a real foundation, here is the path I'd put you on:
ITF+ — Start here if you're genuinely new. It sets the vocabulary and gives you an honest picture of the field before you invest further.
A+ — This is where you learn how machines actually work. Hardware, operating systems, troubleshooting, basic networking. This is your foundation — do not skip it. By the way, this certification is broken up into two exams, which tells you how important it is to your career.
Network+ — Probably the most undervalued certification in the stack. Networks are everywhere. Every security investigation touches the network. Understanding TCP/IP, DNS, routing, and switching is not optional context: it's the foundation of the work.
Security+ — Now you're ready. You understand what you're protecting, how it's connected, and how it breaks. Security+ lands differently when the other three are already in place.
Microsoft Technology Associate (MTA) — These are the additional certifications I pursued, and ones I always recommended to entry-level students to ensure they had a solid foundation to build on.
- Windows Operating System Fundamentals (Exam 98-349)
- Windows Server Administration Fundamentals (Exam 98-365)
- Networking Fundamentals (Exam 98-366)
- Security Fundamentals (Exam 98-367)
Note: Microsoft retired the MTA program in June 2022 but the knowledge still matters. If you're targeting a Windows-heavy environment (which is most enterprise environments), look for equivalent coverage through Microsoft's current certification paths on Microsoft Learn.
Lab everything. Reading is not enough. Build a home environment, set up VMs, configure a basic network, watch the traffic. In a future post I will show you how to set up your own homelab — and if you know me, I'll show you how to do it on a budget.
Start with the fundamentals. These certifications that feel like a detour are exactly the ones that keep everything else standing.