I recently took—and passed—the CompTIA Security+ exam (Sec+). Sec+ is a general introduction to multiple functional areas of security, ranging from network security to access control and identity management, for anyone looking to break into the space. For context, I have no previous training as a network or security professional, and my educational background was finance and Russian, nothing related to security. So, how much did I really know beforehand, and what steps did I take to prepare for the exam?
I’ve worked on the operational side of cybersecurity, compliance, and risk vendors for around four years. This experience exposed me to the terminology and landscape, but I lacked the technical depth of an industry professional. In prepping for the exam, I did the following:
- I read and took every practical in the CompTIA Security+ Certification Study Guide, Third Edition (Exam SY0-501) by Glen E. Clarke. This took me about eight weeks reading 100 pages per week.
- I created and studied flashcards to memorize protocols, commands, encryption algorithms, and the like.
- I took several practice exams on ExamCompass, as well as all the exams that came with the CompTIA study guide.
Note to the wise: If I could do it again, I’d spend more time on the practicals rather than prepping with multiple-choice practice exams.
Considerations for the Security+ Exam
Talk to an industry professional
I took Sec+ because I wanted to gain—and test—my foundational knowledge and identify areas of interest, but this approach may not be a fit for everyone. For example, I’ve been advised in the past to take SANS courses to understand the different disciplines, instead of taking the Security+ exam. There are also a number of more specialized exams (CISSP, CEH) that may be better suited for your career objectives. Talk to a cybersecurity professional to gain a better understanding of the requirements for specific career goals.
Take the Network+ exam first
I did not take the Network+ exam first, despite many people suggesting this approach. I’m going through the Network+ content after the fact, and the foundational knowledge would have been very helpful. If you’re able to teach yourself, you’ll pick up much of the material just by prepping for the Security+ exam and googling all the acronyms. The textbook I purchased for Sec+ also reviewed many of the networking concepts. That said, I could’ve breezed through some of the questions if I had greater command of networking concepts—especially for the applied questions.
Do not discount hands-on experience
The Sec+ exam is not just 90 multiple-choice questions about security terminology. Many of the exam questions test the application of cybersecurity knowledge, such as mapping physical security components to an office layout, or finding a clear-text password in a packet. The exam book came with step-by-step instructions for many security activities. Do them! It’ll save you from the mid-exam, head-in-hands panic.
Once you pass the Security+ exam, what next? First, take a minute to celebrate! Then, once you’ve properly celebrated, it’s time to prepare for the next steps in your cyber career. The Sec+ exam requires that you earn 50 Continuing Education Units (CEUs) every three years in order to maintain the certification. You can earn CEUs a number of different ways, from writing blogs (like this one) to taking online courses on Cybrary. If you’re engaged in the industry, this will happen organically—just remember to keep track of the activities. My final piece of advice: get involved with the community, and have some good old security fun!