Introduction

So, you’d like to become an IT security professional? Well, entering the field “requires a particular mindset,” says Bruce Schneier, an internationally renowned security technologist. He explains that a lot of bad security out there is due to lack of a mindset that helps analyze how things are made to fail rather than how they can work. “It involves thinking like an attacker, an adversary or a criminal. You don’t have to exploit the vulnerabilities you find, but if you don’t see the world that way, you’ll never notice most security problems.” The right security attitude is essential for success in this line of work, coupled, of course, with the ability to methodically use knowledge of contemporary standards, practices and procedures to challenge every systems and beliefs.

InfoSec skills, in fact, are a combination of in-depth theoretical knowledge and hands-on experience; both are important to demonstrate especially when applying for new jobs and higher positions. Having a certification in the field can aid IT practitioners in proving their worth and well-roundedness to future employers. A particularly sought-after certification is the CompTIA Security+, a vendor-neutral program that covers essential principles in network security and risk management. Passing the Security+ exam and being certified demonstrates the technical knowledge and practical proficiency required to perform a variety of tasks related to network protection and breach prevention.

The latest version of the exam, the SY0-401 Security+ 2014 (the new SY0-501 version will be released October 4, 2017), tests a wide range of IT security topics essential to master when jump-starting a career in this field or when interested in advancing in the sector. It features a maximum of 90 multiple choice and performance-based questions with 90 minutes to complete it. Passing score is 750 (on a scale of 100-900) and the exam costs $320.00.

How can a professional get ready to take and pass this exam? Which resources are available, and how long will it take to best prepare to face this challenge? These types of questions will be addressed in this article.

What’s the best way to prep for the Security+ exam and how long will it take?

So, you have opted to pursue the CompTIA Security+ certification; you may now wonder if there is a best way to prepare for it. There is, however, no cookie-cutter answer and how to address preparation depends heavily on the learner’s particular learning style, professional background and schedule, as CompTIA, Inc. notes on its training site.

Consumed professionals that just wish to fine-tune their knowledge on particular subjects might prefer a self-study approach to have the freedom to deepen their understanding only of needed topics. Beginner InfoSec professionals or IT practitioners that need a more structured approach could explore courses and practice modules from reputable computer-related schools.

People learn in many different ways, so it is up to the learners to choose the method that can help them get started to become certified. The first decision they need to make, normally, is whether to attend courses online or in traditional settings. Both options have pros and cons. A traditional setting affords students the comfort of having a facilitator at disposal that can guide through mastering the material and answer any questions and dispel any doubts on the spot. In-class training however can be demanding for a professional who already has a busy day schedule. Online courses (asynchronous options especially) afford the flexibility that many employed InfoSec/IT professionals need to fit learning in their schedule, but require more self-discipline on the part of the students not to fall behind and need a stronger degree of independency during the learning process. Instructors are normally available but might be located anywhere in the world and at different time zones, so questions and doubts are not always addressed timely. The best method is always the one that matches more closely the availability, needs and learning style of the student.

Many professionals also wonder how long it will take them to prepare to take the test. It’s a question difficult to answer as too many factors come into play. The length of time necessary to train to pass the Security+ test depends on the background and previous knowledge of the student, the method chosen (formal class or self-study) and how much time can be dedicated weekly to preparation. A review of several certification-related forums reveals that students with prior knowledge take normally no longer than a month to fine-tune their preparation. Beginners with not much of an IT background will need the time to review all areas covered and therefore might take a few months to master the material effectively.

What are the best training resources available?

CompTIA itself provides its own learning tool, the CertMaster to help students identify their knowledge gaps and help them master the material. The CompTIA Marketplace (the Certification Bookstore) offers books which can help prepare for the real exam. Practice questions are available too on targeted security topics. On the official website, there is also a list of online, computer-based, classroom courses and books that are available for students.

Many other providers, in fact, offer a variety of trainings that can accommodate different schedules and learning styles.

When selecting a training vendor to prepare for a CompTIA Security+ certification exam, it is recommended to look for only an Accredited Training Organization (ATO) or affiliate organizations that can demonstrate adherence to set preparation standards. InfoSec Institute, an ‘Outstanding Partnership Award’ recipient for having demonstrated a commitment to collaborating with CompTIA, for example, is one of those academic and training partners working in the effort ‘to prepare the technology workforce of today and tomorrow’ through educational programs. The Institute is recognized as one of the most awarded and trusted IT training vendors to offer courses that can represent an added value for example when certifying entire teams. In fact, companies like “IDC lists InfoSec Institute as Major Player in their Security Training Vendor Assessment,” thanks to both the quality of the instructors and of the material.

Any individuals, however, and not just companies, can benefit from ad-hoc programs such as the Security+ Online Training and the set of courses that are linked to the Security Pro Track. Security+ training solutions that offer interactive hands-on exercises and quizzes so students can test their knowledge while studying theory. Skillset.com’s free Security+ Practice Exam can help sharpen knowledge by providing real-time practice and feedback. Security+ Boot Camp prepares students who will take the SY0-401 exam with training that reinforces theory with practice (95% get certified!).

Available is also a Security+ Mini-Course: As the CompTIA Security+ Exam comprises of different types of questions, this short video series is designed to assist in preparation for the performance-based questions. Examples of performance-based question types are provided as well as strategies on how to approach them. The Security+ Study Guide: Domain 1.0 – Network Security, instead, provides an intro to security configuration parameters of network devices that have different levels of information on them. Particular emphasis is on risk management and its crucial role.

Many other options for self-study are available online:

  • The latest CompTIA Security+ Certification Bundle (with bonus study materials and over 400 exam practice Q&As designed to mirror those on the actual test), as well as the CompTIA Security+ Certification Study Guide (with complete practice exams and in-depth explanations by chapter or by exam domain in addition contains 1+ hour of video training). They offer exam simulators, instructor-led DVDs, and integrated Web-based support to help students master the concepts.
  • Another popular guide is “CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide” certified as CompTIA Approved Quality Content (CAQC) and over 400 practice test questions annotated and 100 question pre-test, a 100 question post-test, and practice test questions in every chapter. The book covers not only all domains in the Security+ exam but also advanced topics that can help in the preparation of other security professional certifications.
  • CompTIA Security+ (SY0-401) Complete Video Course is a self-paced video training with over 13 hours of visual instruction.
  • CompTIA Security+ SY0-401 Authorized Cert Guide – “Instructor David L. Prowse shares preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.”
  • If you’re already looking ahead to the next version of the Security+ test, students can look for updated material like the CompTIA Security+ Certification Study Guide, Third Edition (Exam SY0-501) when it comes out, as it will provide a 100% coverage of all objectives on the CompTIA Security+ exam SY0-501 when it becomes public (effective October 2017) covering all exam topics, as well as offering a robust digital test engine.

What are some tips for preparing for the exam?

It might be understood, but the first thing students should do is to perform a comprehensive review of which topics are tested in the certification exam. The CompTIA’s Exam is based on the following breakdown:

  • Network Security (20%)
  • Compliance and Operational Security (18%)
  • Threats and Vulnerabilities (20%)
  • Application, Data and Host Security (15%)
  • Access Control and Identity Management (15%)
  • Cryptography (12%)

Some domains are weighted more heavily than others, however, it’s important to study each topic with equal attention as exam questions can come from any of the objectives. After going through the exam objectives and identifying possible areas of concern and knowledge gaps (using tools provided online or though self-assessment) a study-plan should be prepared to ascertain the best way to prepare (courses, books, instructor-led options).

Sec+ Training – Resources (InfoSec)

The InfoSec field requires solid theoretical knowledge but also much practical experience due to the way it evolves fast. Whatever option is chosen, then, professionals should make sure to include some hands-on activities and plenty of sample questions that cover multiple topics to get used to the type of language and style used in the actual test.

Ready for the Test? Once the training is completed then it’s time to head over to the CompTIA Marketplace and purchase an exam voucher needed to sign up for the test. A CompTIA ID#, which is also the Candidate’s login name is also needed to schedule your in-person exam on the Pearson VUE website.

Conclusion

There are many companies looking for more security staff with the ability to mitigate or respond to computer-related network threats or attacks; demand is growing, and professionals need to be ready to compete for the best positions. One way to stand out and prove employers their skills and experience is for professionals to acquire industry-recognized certifications related to their field. Security+ is one of the most regarded options for InfoSec/IT professionals.

So, what’s the best way to prepare for the Security+ exam? Whatever works best for you according to your availability, experience, knowledge and learning style. Much material is available online and in classrooms but sticking with approved vendors and identifying one’s own real training needs in advance can help shorten the time needed to be prepared and lower the costs involved.

 

References

Barrett, D. (2014, August 4). Exam Profile: CompTIA’s New Security+ SY0-401 Exam. Retrieved from http://www.pearsonitcertification.com/articles/article.aspx?p=2243322

CompTIA, Inc. (n.d.). IT Training & Classes. Retrieved from https://certification.comptia.org/training

CompTIA, Inc. (n.d.). Self-Study and Training. Retrieved from https://certification.comptia.org/training/self-study-training

CompTIA Marketplace. (n.d.). Online Training. Retrieved from https://www.comptiastore.com/Articles.asp?ID=265&category=learning#/?_=1&filter.learning_typeof_field=Online%20Training&page=1

Gibson, D. (n.d.). 5 Success Tips for Security+. Retrieved from http://blogs.getcertifiedgetahead.com/5-success-tips-for-security/

Gibson, D. (2016, December). You Can Pass the Security+ Certification. Retrieved from http://blogs.getcertifiedgetahead.com/you-can-pass-the-security-certification/

InfoSec Institute. (n.d.). CompTIA. Retrieved from https://www.infosecinstitute.com/certifications/comptia

Intense School. (n.d.). Comptia Training & Certification. Retrieved from http://www.intenseschool.com/boot_camp/comptia/

Pearson Education Inc. (n.d.). CompTIA Certification Testing. Retrieved from http://www.pearsonvue.com/comptia/

Schneier, B. (2008, March 25). The Security Mindset. Retrieved from https://www.schneier.com/blog/archives/2008/03/the_security_mi_1.html

Stern, M. (2016, October 6). 7 Ways to Prep for a CompTIA Exam. Retrieved from https://certification.comptia.org/it-career-news/post/view/2016/10/06/7-ways-to-prep-for-a-comptia-exam

Be Safe

Section Guide

Daniel
Brecht

View more articles from Daniel

Earn your Sec+ the first time with InfoSec Institute and pass your exam, GUARANTEED!

Section Guide

Daniel
Brecht

View more articles from Daniel
[i]
[i]
[i]
[i]
[i]
[i]
[i]
[i]
[i]
[i]
[i]
[i]
[i]
[i]
[i]
[i]
[i]
[i]
[i]
[i]
[i]
[i]
[i]
[i]