Created in 1982 as the Association of Better Computer Dealers (ABCD), the Computing Technology Industry Association (CompTIA) was founded by five microcomputer dealerships and later changed its name, in 1990, to reflect the evolving industry of computers. CompTIA is now a nonprofit association for the technology industry, renowned for offering recognized basic-level and advanced certifications, since 1992, for professionals looking to validate their knowledge across a broad spectrum of security disciplines. The company, in fact, offers test preparation courses and a variety of certifications appropriate for IT professionals to promote the importance of training and provide standards to measure the baseline knowledge that pros should have on basic computer security topics. It now boasts an impressive support base made of approximately 2,000 members and 3,000 academic and training partners.

Many CompTIA certifications are the most sought-after credentials by IT practitioners, but the need to protect company assets by learning the skills to secure a network and deter hackers has made the Security+ certification one of the hottest IT ones around, especially after 2008. Ever since the job market for InfoSec professionals has grown and has been demanding an increasing number of individuals with the demonstrable Knowledge Skills and Abilities (KSAs) required to meet the demands of the industry. Those who work in the IT security field, or opt to get started in the career, might consider CompTIA Security+ certification a good choice thanks to its general approach to the field and to the fact that is globally recognized as ISO/ANSI accredited. This non-vendor specific certification for technology professionals covers important topics like Network Security and Risk Management and is a great choice for those who are new to the industry, or are considering a change of career or plan to use Security+ as the foundation for advanced security certifications. CompTIA Security+ is entry/intermediate-level and, therefore, can be approached by pros having only a few years of experience in technical networking with an emphasis on security.

What is the Security+?

The Security+ test has been evolving to follow changes in the information security realm. The first version, the SY0-101, was released early in the millennium and spun from the need to test a new generation of professionals entrusted with the protection of networks and data. Security+ is a qualification exam that has been developed by a committee in addition to over 1,000 subject matter experts within the industry to test the skills of and validate the technical knowledge required of security practitioners. Since the CompTIA Security+ certification introduction, over a quarter million pros have achieved qualification and have used this credential as a springboard to other prestigious accreditations like the CASP, CISSP, CISM, and CISA to name a few.

Security+ started with the SY0-101 version in 2006 and was revised in 2008 to the SY0-201 version (that expired in December 2011); the new test focused on Systems Security, Network Infrastructure, Methods for Access Control, Audits, Cryptography and, of course, Organizational Security. In May 2011, another version was released introducing new concepts like cloud computing and focusing more on topics that began to gain the attention of many companies including risk management and mitigation. SY0-301 expired on December 31, 2014.

In May 2014, CompTIA began to offer Security+ version SY0-401 with its focus that shifted more on Access Control and Identity Management and on its type of questions, performance-based assessment exam that was centered on real-world problem resolution and application of knowledge rather than simple memorization. SY0-401 is the current version but is scheduled to retire in July 2018 with a new test being released in October 2017. The Security+ SY0-501 exam will likely aim at reflecting the latest technologies used today that were not included in the objectives three years ago, as mentioned by CertBlaster (CertBlaster offers CompTIA Security+ practice tests). It is also likely to further focus on today’s hot topics including cloud security, virtualization, mobile devices protection and digital payment issues.

The current Security+ exam consists of up to 90 multiple-choice and performance-based questions; the latter require testers to perform a task or solve a problem within a simulated IT environment. Candidates are given 90 minutes to complete the test, and a passing score of 750 is required to be certified. The recommended experience prior to the examination is a CompTIA Network+ certification and two years in IT administration with a security focus, although requirements are not mandatory and candidates with less experience and no other certification can still try to obtain it by passing the test. The theory test covers the following topics: Network Security, Compliance and Operational Security, Threat and Vulnerabilities, Application, Data and Host security, Access Control and Identity Management, as well as Cryptography. Basically, it allows certification holders to prove they have the specific skills required to implement basic security services on computer networks and confidently perform their duties on the job, be it as a Security Architect, Security Engineer, Security Consultant/Specialist, Information Assurance Technician, and Security Administrator or any other IT security-related role.

As for the Security+ certification exam, it is priced at $320.00 USD and is valid for three years. It is then automatically renewed by participating in continuing education activities that allow the professional to keep current in their knowledge. CompTIA itself offers a formal continuing education program, but professionals can renew their certification by participating in a number of trainings, conferences, and activities as well as by earning more advanced certifications.

How relevant is this cert to security professionals?

In a competitive market, people ought to do everything they can to distinguish themselves and rise above their peers. CompTIA certifications are the recognized industry benchmark for a broad range of foundation-level IT skills. Security+ is among the most widely accepted and respected IT certifications in the industry. From the beginning, “[CompTIA Security+ certification has helped] to train and identify qualified, knowledgeable employees and match them with employers who have jobs to fill. Participating in a round of job interviews with CompTIA credentials listed on the resume ensures employers that the candidate not only has the IT skills to do the job but also has a commitment to the career and the passion for continuing learning.

With the information security (InfoSec) job market continuing to expand, the value of CompTIA credentials can be a huge career booster even for experienced IT security professionals applying to companies of any size or sector. The market for Security+-certified employees is demanding, and many businesses now actually “require” a certification. In fact, a quick look at information technology job portals, show how “Security+” is listed as either a mandatory or desirable requirement for a variety of jobs including but not limited to a position as Information security analysts, network administrators, Information technology managers and specialists and network engineers. CompTIA, in fact, specifies that a Security+ certification can be part of the career roadmap of any InfoSec professionals.

Being a beginner to intermediate certification, however, Security+ is also suitable for professionals tasked with IT security duties in financial, education, medical fields or anywhere sensitive data are collected and processed. It is not rare to find professionals in these fields who have roles that have little to do with the actual managing of systems and that have degrees in other fields if any at all that choose to study to test and acquire a Security+ that allows them to assume additional duties within their organization or give them access to wider opportunities. Certifications are also essential when considering becoming part of a global workforce and transferring to companies abroad as certifications are recognized world-wide and set standards that all can relate to. The same cannot be said, sometimes, of traditional degrees that have curricula that vary from country to country.

Ethical Hacking Training – Resources (InfoSec)

There might be no immediate repercussions on a professional’s salary, but a Security+ certification can help an applicant pass through the first recruiters’ screening and secure jobs with higher pay. It can also help qualify them for promotions and provide the base knowledge necessary to acquire more advanced qualifications that can have a major impact on earning potentials. Security+, in fact, is designed to be the perfect stepping stone for other advanced qualifications even offered by CompTIA itself. Though containing a similar set of topical domains for the exam, for example, the CompTIA Advanced Security Practitioner (CASP) certification serves somewhat different purposes and audiences and is geared towards more experienced IT practitioners

Alternatively, if a professional is yet not ready for the CASP, the new CompTIA Cybersecurity Analyst (CSA+) certification may be another great choice. The exam covers intermediate security analyst skills. Armed with the CSA+ credential those professionals can do more to identify potential risks and vulnerabilities, said CompTIA president and CEO Todd Thibodeaux. He explains that the “[CSA+] bridges the skills gap between CompTIA Security+ and the CompTIA Advanced Security Practitioner (CASP) exam to create a vendor-neutral cyber-security career pathway.”

Conclusion

Professionals who enter into the fast-growing InfoSec world might want to invest time and effort in obtaining CompTIA Security+, a certification that could set them apart and open doors to opportunities. For some, the Security+ certification could mean a higher salary or an increase in position and responsibilities.

Security+ is now an established certification that has withstood the test of time and, after more than a decade, is still chosen by many IT security practitioners. The exam has been changing through time, chasing the many technological advances in the information realm and addressing the many new challenges in cybersecurity. It has also changed to adapt to the market requirements for many more skilled professionals with solid information technology knowledge and the theoretical and practical skills needed to secure systems and data. It is believed that modern information wars in the cyber domain can be and will be fought in the digital world and, therefore, the need for professionals with current skills and knowledge is bound to increase. The gap between the supply and the demand is widening as government entities, large companies and small businesses compete to secure the best InfoSec professionals to protect their digital assets.

CompTIA is committed to helping eliminate the widening gap in the IT security workforce by offering vendor-neutral certification that proves a professional got the proficiencies employers are looking for. Security+ ensures candidates are aware of all topics and has a solid foundation in the field which can push them to keep current with relevant information and allow them to build their skills in pursuit of more advanced credentials. In addition, the credential qualifies all personnel performing Information Assurance (IA) functions for those jobs as a DoD Directive 8570.1 baseline requirement: IAT (technical) Level 2, and IAM (management) Level 1 positions. The Security+ exam will certify that the successful candidate has the technical and management knowledge as well as put to use real-life skills they can apply in the workplace like to proactively safeguard systems against potential security threats while able to enjoy all the benefits of a successful, and — why not? —a lucrative career in the profession.

References

Aiello, M. (2014, February 26). 5 Reasons Security Certifications Matter. Retrieved from http://www.informationweek.com/careers/5-reasons-security-certifications-matter/d/d-id/1114017

BestITCcertifications.org. (n.d.). CompTIA Security+ Certification. Retrieved from http://bestitcertifications.org/comptia-security-plus-certification/

CertBlaster. (2016, May 3). Expected difference between CompTIA Security+ SY0-401 and SY0-501? Retrieved from http://www.certblaster.com/difference-comptia-security-plus-sy0-401-sy0-501/

CompTIA, Inc. (n.d.). CompTIA Security+: Exam Code SY0-401. Retrieved from https://certification.comptia.org/certifications/security

CompTIA, Inc. (n.d.). IT Certifications. Retrieved from https://www.comptia.org/about-us/our-story/certification

ITCareerFinder.com. (n.d.). Security+ Certification. Retrieved from http://www.itcareerfinder.com/it-certifications/comptia-certifications/security-plus-certification.html

Lampe, J. (2014, April 1). CompTIA Security+ SY0-401 vs. SY0-301 Changes. Retrieved from http://resources.infosecinstitute.com/comptia-security-sy0-401-vs-sy0-301-changes/

Parker, J. (2012, January 23). Security Certifications: Required Versus Recommended Experience. Retrieved from http://www.pearsonitcertification.com/articles/article.aspx?p=1829343

Parker, J. (2011, December 19). The Security+ Certification’s Evolution and Remake Over 10 Years. Retrieved from http://www.pearsonitcertification.com/articles/article.aspx?p=1816010

Parker, J. (2011, December 6). Why Security+ Is Right for You, Especially Since Its Remake. Retrieved from http://www.pearsonitcertification.com/articles/article.aspx?p=1804870

Wagner, V. (2010, January 25). Breaking Into the Security Job Market. Retrieved from http://www.ecommercetimes.com/story/Breaking-Into-the-Security-Job-Market-69185.html