In my last post I shared my journey of being VMware Certified. I had checked off a bucket list item and wanted to continue the while I had the momentum. Another certification I always had my eyes on was CompTIA’s Security + certification. While it is regarded as an entry level certification, it does open up opportunities as it fulfills many requirements such as: ISO 17024 and US DoD directive 8140/8570.01-M requirements.
My Journey to being CompTIA Security+ Certified
This exam was easier than the previous as there was no mandatory and expensive pre-requisite courses. At the time of this writing, there are two versions of the exam available: SY0-501 (Retiring in July 31, 2021) and SY506. I had taken the SY0-501 exam (reasons to be listed later).
Studying and preparation
Luckily for me, my employer has a really good internal Security training program. I felt that a lot of the topics in their courses overlapped with the Security+ course outline.
I’ve also had taken several courses in learning the Dark Arts (ethical hacking), so some of the Governance, Risk and Compliance portions were new to me. To study up, I decided to continue with the schooling and enrolled in De Anza Community College’s CIS-056 Network Security course. This is to prepare students to take the Security+ exam (specifically the SY0-501 exam).
Textbook was Fundamentals of Information Systems Security by David Kim and the Labs were done by Jones & Bartlett’s CloudLabs. *Note, you need to procure the correct book as some do not include the lab code*. Course material from the De Anza College instructor was really well put together and definitely recommend. Lab was really good and not outdated feeling like some labs I’ve taken in the past.
I honestly probably did not need to sit through De Anza’s course as most of it was review for me (and I started to forget things as time went on). As soon as the course was over, I bought my voucher and scheduled my exam 2 weeks out.
I used Jason Dion’s Security+ practice exams (https://www.udemy.com/share/101WcgAEMacF1TQHg=/) and made sure I got scores greater than 90%. It does a good job on breaking down questions you got wrong and from which knowledge area.
To review the parts I had issues with, I used Mike Meyer’s Security+ videos on Udemy (https://www.udemy.com/share/101WtyAEMacF1TQHg=/).
I also used my Textbook from De Anza College as another point of reference.
The exam
I had procured my voucher at a discounted rate from Total Seminars ($36 savings) – https://www.totalsem.com/store/vue-comptia-security-certification-exam-voucher/
If it is no longer available in the future, you can procure your voucher from the CompTIA website – https://www.comptia.org/certifications/security#buyoptions
I only procured the voucher. I cannot vouch or say anything about the CertMaster practice and lab bundles that is sold by CompTIA.
Just like my VMware VCP exam, this is a PearsonVue proctored test. You’ll need to photograph the room from different angles, Webcam and Microphone on, etc. This time around I had decided to take my exam at work. We have PLENTY of empty spaces and I know no one.. or cat will bother me this time.
The exam itself is 90 questions, multiple choice and performance based. You have 90 minutes to complete the exam. This leaves you 1 minute per question.
To help with time management, you can flag questions you are unsure of. If I felt like I spent more than 30 seconds on a non-performance based question, I went with my first gut instinct answer then flagged it to review. Once you go through your 90 questions, you can go back and spend more time on questions that were flagged (assuming you have time).
Closing thoughts
Another exam to check off from the bucket-list. I felt that I might of went overboard with the De Anza College course and could of jumped straight in the exam with just the practice exam and Mike Meyer’s Security+ videos. But please do remember I had Security training throughout my IT career.
For anyone who wishes to pursue a career in IT or you want to pivot into the InfoSec side of things, you cannot go wrong with the Security+ exam. With this certifications meeting DoD and ISO requirements, this opens up opportunities and IT security will always be in demand.