The cloud-native platform for centralized log management
Analytics, visualizations, and workflows purpose built for practitioners
Leading firms gaining more value from their machine data
Any source, any velocity – centralize logs, metrics, and traces for full visibility.
Close the gap between detection and response with an analyst-focused, cloud-native approach.
Understand complex environments with visual analysis and KPIs that matter most.
The most recent articles & research from Devo
I recently took—and passed—the CompTIA Security+ exam (Sec+). Sec+ is a general introduction to multiple functional areas of security, ranging from network security to access control and identity management, for anyone looking to break into the space. For context, I have no previous training as a network or security professional, and my educational background was finance and Russian, nothing related to security. So, how much did I really know beforehand, and what steps did I take to prepare for the exam?
I’ve worked on the operational side of cybersecurity, compliance, and risk vendors for around four years. This experience exposed me to the terminology and landscape, but I lacked the technical depth of an industry professional. In prepping for the exam, I did the following:
Note to the wise: If I could do it again, I’d spend more time on the practicals rather than prepping with multiple-choice practice exams.
Talk to an industry professional
I took Sec+ because I wanted to gain—and test—my foundational knowledge and identify areas of interest, but this approach may not be a fit for everyone. For example, I’ve been advised in the past to take SANS courses to understand the different disciplines, instead of taking the Security+ exam. There are also a number of more specialized exams (CISSP, CEH) that may be better suited for your career objectives. Talk to a cybersecurity professional to gain a better understanding of the requirements for specific career goals.
Take the Network+ exam first
I did not take the Network+ exam first, despite many people suggesting this approach. I’m going through the Network+ content after the fact, and the foundational knowledge would have been very helpful. If you’re able to teach yourself, you’ll pick up much of the material just by prepping for the Security+ exam and googling all the acronyms. The textbook I purchased for Sec+ also reviewed many of the networking concepts. That said, I could’ve breezed through some of the questions if I had greater command of networking concepts—especially for the applied questions.
Do not discount hands-on experience
The Sec+ exam is not just 90 multiple-choice questions about security terminology. Many of the exam questions test the application of cybersecurity knowledge, such as mapping physical security components to an office layout, or finding a clear-text password in a packet. The exam book came with step-by-step instructions for many security activities. Do them! It’ll save you from the mid-exam, head-in-hands panic.
Once you pass the Security+ exam, what next? First, take a minute to celebrate! Then, once you’ve properly celebrated, it’s time to prepare for the next steps in your cyber career. The Sec+ exam requires that you earn 50 Continuing Education Units (CEUs) every three years in order to maintain the certification. You can earn CEUs a number of different ways, from writing blogs (like this one) to taking online courses on Cybrary. If you’re engaged in the industry, this will happen organically—just remember to keep track of the activities. My final piece of advice: get involved with the community, and have some good old security fun!
By Natalia Godyla
Sign up to stay informed with the latest updates from Devo.