Guess what folks! I finally passed the CompTIA Security+ exam!
The Security+ Certification is important to have because it is a vendor neutral certification that covers and confirms the holder’s knowledge of foundational cybersecurity knowledge, skills, and abilities. Generally, these are concepts like regulations and compliance, networking and computer security, incident response management practices, and more.
I’ll put links to my resources at the bottom and throughout this post.
The exam I took is the SY0-601 which will be retired in July 2024. Its replacement is the 701, which is already available. CompTIA lists the domains (areas it covers) as:
- attacks, threats, and vulnerabilities
- architecture and design
- implementation
- operations and incident response
- governance, risk, and compliance
How did I study and prepare for the exam? I didn’t, at least at first. I didn’t have much of a plan at first. I have taken the A+ and Network+ exams from CompTIA in the past. With the A+, I had enough knowledge from personal experience with computers, so after some refresher videos on YouTube and some practice tests, I gave it a shot and passed. The Network+ was harder. I bought courses on Udemy, reviewed videos on YouTube, and took practice tests, all over about a year and change. It took me two tries to pass.
With the Security+, I mostly followed the same “plan” I used with the Network+. The only difference came during the last month of studying (I’d been studying for maybe a year and a half). My practice test scores were not high enough, most study programs recommend consistently scoring 85% or better before trying the exam.
In the last month of prep, I tried something I hadn’t before, flashcards. Well, flashcards on PC and mobile. I found an open-source program called Anki. I installed it on my PC, built (and found) decks of flashcards using acronyms and questions from the practice tests I was taking. Anki is great because it allowed me to label cards based on whether I knew them well or not well at all. That changes the frequency I saw each card. It also allowed me to synchronize the decks between my PC and phone so I could glance at cards while waiting in line or something. The acronym cards really helped me understand questions I saw on the other cards and practice tests.
Of course, there were challenges. It’s been more than a year and a half, after all. They are mostly due to being in school. During each semester, studying for the exam slowed almost to a halt since I had to concentrate on my classes. I would pick up the pace in between semesters or when there was a lull in classwork or projects.
Another small challenge was finding a test center. Previously, I’d taken certification exams online. The process is fine, but I don’t really enjoy having to prepare a space in my home that satisfies the requirements of the online proctored exams. A lot of things need to be removed from the testing space. You’re expected not to have other screens, computers, phones/tablets, etc. in the same room. I’m studying for IT certifications, going to school for an information technology degree, and have a small but significant home networking lab. Moving all of that out of a room (in a one-bedroom apartment) isn’t going to happen.
I was worried because I’d heard people talk about having to travel pretty far to find a testing center. Fortunately, I was able to find one close to me. The scheduling process was easy, I bought a test voucher (and a retake voucher) from one of the training sites I used (Dion Training in this case, though for study material and vouchers, I’ve used Total Seminars as well, both are great resources). The site gave me a code to use when I went to Pearson VUE to find the test center and schedule the exam.
The testing center itself was an enjoyable experience. The process was well organized and professional. It was a small building within a small college campus (not my college) for proctored exams and adult learning. Checking in was easy, it wasn’t crowded, and the testing room was very quiet and distraction-free.
As far as a test-taking strategy, I took this test the same way I took the other two. There are PBQs at the beginning of the test (performance-based questions with drag-and-drop aspects or visual aid references to decide how to tackle a situation). I saw these on the Network+ exam, I don’t remember if they were on the A+. I skipped them since there were only a handful. There are usually 75-90 multiple choice questions after that and I’m better at those. However, I got through them with about 30 mins to spare (the exam is 135 minutes) which allowed me to return to the PBQs and give them a shot. At the end, I still had about 15 minutes to spare.
I went into this with the mindset that I’d likely fail the first time (the reason I bought a retake voucher). This took some pressure off me and made taking the test less stressful. The cool thing about these kinds of tests is that you find out right away how you did. I expected to fail, and mostly wanted to see what areas I missed the most. When I looked at the screen after all the post-test survey questions, I thought “Wh… wait… I passed?!?” I have that reaction at the end of every test I’ve passed and it’s always cool!
Why was I trying for this certification in the first place? As I’ve stated, I already have the other certs and am working on a degree. All of that has been on my resume for some time now, and I’ve been applying to government positions like IT Specialist, Customer Support, Infosec, Cybersecurity Specialist, and several others ever since I retired from the Air Force.
A few months back, a hiring manager reached out after reviewing my resume to ask for my Security+ certificate. I explained to him that I didn’t have it yet but was working on having it by the summer (which I did!). He told me that the Security+ is needed before a hiring manager would consider a resume. After considering that information, and reviewing the DoD Approved 8750 Baseline Certifications (I’d leave a link here, but the URL changes; a quick copy/paste into Google will point you right to it), it seems that an applicant needs to be eligible for IAT Level II (see their chart after your Google search) to be considered. With this certification, I now qualify.
If you are also considering information technology jobs in the government sector, you should have a look at the DoD Approved 8750 Baseline Certifications, and if you aren’t focused on a specific platform or vendor in IT, consider the CompTIA family of certifications.
Anki (flashcards)