The Ultimate Guide to CompTIA’s Security+ Certification (SY0-401)
Please note: this article is based on information about the previous version of the Security+ exam (SY0-401), which expired in May of 2018. For updated information, please see our up-to-date Security+ listing.
There’s no shortage of security certifications available for aspiring professionals today. In fact, choosing the right option for an entry-level position in the world of cybersecurity can be quite challenging. Which is right for your needs? Which offers the most recognition? Which will help you get your foot in the door with a reputable company, and which will put you in good stead when advancing your education and training?
While there are many options out there, one that you should definitely consider is the Security+ certification from CompTIA. This certification has been around since 2002, and has become an important hallmark of quality in the industry.
According to CompTIA, “IT security is paramount to organizations as cloud computing and mobile devices have changed the way we do business. With the massive amounts of data transmitted and stored on networks throughout the world, it’s essential to have effective security practices in place. That’s where CompTIA Security+ comes in. Get the Security+ certification to show that you have the skills to secure a network and deter hackers and you’re ready for the job.”
Of course, you most likely have several questions about the Security+ certification, why it’s right for you, and how to become certified. We’ll address all of those and more.
What Is the Security+ Certification?
The Security+ certification is an entry-level cybersecurity certificate offered by CompTIA (Computing Technology Industry Association). According to CompTIA, “CompTIA Security+ is the certification globally trusted to validate foundational, vendor-neutral IT security knowledge and skills. As a benchmark for best practices in IT security, this certification covers the essential principles for network security and risk management – making it an important stepping stone of an IT security career.”
The Security+ certificate, like all other CompTIA certificates, is vendor neutral. This is an important consideration, as it opens up a wealth of employment opportunities that would be unavailable if you pursued a vendor-specific credential. If you’re not familiar with vendor-neutral versus vendor-specific credentials, it’s actually pretty simple.
A vendor-specific credential means that you’re trained and educated to work within a particular vendor’s environment. You may or may not have the knowledge and skills to work within a different vendor’s environment.
With a vendor-neutral certification, though, you have a much broader knowledge base on which to draw, as well as in-depth familiarity with industry-wide best practices, emerging threats, and more. In most instances, employers seek out professionals with vendor-neutral qualifications, rather than vendor-specific ones.
The Security+ certificate is based on six core fundamentals. These form the CBK, or common body of knowledge, that you’ll need to know in order to pass the exam, and go on to be a successful IT security professional. Those six domains are as follows:
- Network security
- Compliance and operational security
- Threats and vulnerabilities
- Application, data and host security
- Access control and identity management
Each of those domains comprises a specific percentage of the questions you’ll be required to answer during the exam. For instance, network security comprises 20% of the exam, while application, data and host security comprises 15%. Note that the percentages change with each new syllabus rolled out. SYO-401 is slated to be retired in 2018, but will actually be superseded by SYO-501 prior to that date (rollout is slated for late 2017).
In a nutshell, the Security+ certification is:
- An excellent option for entry-level IT security professionals
- Proof you have the required foundational knowledge to enter the field
- Recognized around the world
- Vendor neutral
- Approved by the DoD
- Compliant with FISMA
- ISO compliant
As you can see, Security+ certification can be an excellent jumping-off point for anyone interested in entering the field of IT security. However, there are other things you’ll need to know about it.
How Do I Earn the Security+ Certification?
Technically, all you have to do to earn your Security+ certification is pass the exam from CompTIA. The SYO-401 course consists of 90 questions, which are either multiple choice or performance based. Test takers are given an hour and a half in which to complete the exam.
However, this assumes that you have the training required to pass the exam in the first place. The body of knowledge covered by the exam includes a wide range of foundational requirements for anyone interested in a career in IT security, including the following:
- Common security threats
- Common security vulnerabilities
- Common security weaknesses
- Security tools and methods
- Access control and identity management
- User education and protection
- Hardware and physical security measures
If you have the required training and education, you can take the test without the need for further education. However, most aspiring IT security professionals will need to complete an educational course prior to taking the exam. Self-study materials are available through CompTIA, but there are more robust education options available, as well. It’s important to note that the current SYO was launched in 2014, and will be retired in 2018. It will be replaced by SYO-501.
Your Security+ certification will be good for three years, and then you will need to recertify. CompTIA offers a continuing education (CE) program that helps to streamline the process, and keep you up to date on industry developments, as well. The activities and knowledge covered in the continuing education program will allow you to extend your certification in three-year blocks as your previous certification expires.
CompTIA states, “You can participate in a number of activities and training programs, including higher certifications, to renew your CompTIA Security+ certification. Collect at least 50 continuing education units (CEUs) in three years, upload them to your certification account, and Security+ will automatically renew.” Note that the Security+ CE program is technically separate from the base Security+ certification.
Are There Prerequisites for This Certification?
There are no hard prerequisites for taking the Security+ exam or for holding Security+ certification. However, CompTIA does recommend that any professional seeking to obtain certification have at least two years of experience in IT administration with a focus on security, as well as having earned their Network+ certification before attempting to earn the Security+ certification.
The reason for this is actually pretty simple. If you don’t understand the fundamentals of a network environment, then there will be too much complexity once you layer security on top of it. You should have a firm understanding of most things related to IT administration and networking, including:
- Software and hardware operations
Those are only a handful of the things you’ll need to be conversant on prior to taking the Security+ exam.
Remember that while the Security+ certification is an entry-level credential, it is not designed to teach you the basics of network environments. This is why CompTIA recommends earning your Network+ certification first, as this is where the foundational knowledge necessary to move on to Security+ is taught. You may also find that college-level network administration/IT courses will give you the knowledge necessary to successfully complete the exam.
If you are starting completely from scratch, it might be necessary to earn the A+ certification first, then the Network+ certification, and finally take the Security+ exam. Note that each exam does require an additional fee, as well as continuing education in order to stay current with industry developments and best practices.
What Is the Work Experience Required?
Again, there are no actual requirements for taking the Security+ exam and earning your certification. However, CompTIA does strongly recommend that you’ve had at least two years of professional experience in IT administration, and that this experience has a security focus. This is to ensure that you have the required familiarity with threats, industry terminology, best practices and other elements necessary to complete the exam successfully.
While it is possible to earn your certification without any previous professional experience in the IT industry, the learning curve can be quite steep if you have no familiarity with IT administration or IT security at all.
Is There an Age Requirement?
There is no age requirement for earning your Security+ certification. However, CompTIA does recommend that anyone attempting to take the exam be at least 13 years of age. This seemingly lenient approach is designed to ensure that high-performers of any age are able to earn their certification and begin a rewarding career in IT security without having to wait to pass an arbitrary age mark.
Is the Security+ Certification a Good Entry Level Option for Entering the Security Industry?
You’ll find that Security+ certification is a very good entry point for an IT security career, but, again, it’s not a good entry point for the IT industry as a whole. You’ll need foundational knowledge in order to pass this exam, which is why CompTIA recommends at least two years of professional experience in IT administration, as well as earning your Network+ certification before moving on to the Security+ certification.
This certification can prepare you to enter the world of IT security in a number of different roles. CompTIA notes that the following are some of the most common roles taken up by certificate holders:
- Security Architect
- Security Engineer
- Security Consultant
- Security Specialist
- Security or Systems Administrator
Security+ certification is one of the top five most sought-after credentials for entry-level IT positions with most companies today (others include CISSP, CCNA, CompTIA A+, and CompTIA Network+). The US BLS (Bureau of Labor Statistics) shows that IT security specialists, as well as managers and administrators, can earn significantly higher annual salaries than their un-credentialed counterparts, with $86,000 being the median earnings.
Another reason that this is a good certificate to earn is the fact that, according to CompTIA, over 91% of employers see CompTIA certifications as validation of skills and knowledge required, as well as a predictor that the employee will be successful. It’s about peace of mind – knowing that they’re bringing an employee on board who not only knows the basics, but has the potential to go on to a long, rewarding career.
You’ll find that Security+ certification also opens many doors with potential employers. The federal government is actually one of the employers seeing the most significant growth in terms of demand for credentialed IT professionals, and because the Security+ certification is DoD approved, you’ll have many more options than those who pursue other credentials will.
While earning your Security+ certificate does not guarantee that you’ll earn security clearance with the DoD, it does give you a leg up on other professionals, because it fulfills quite a few of the DoD’s technical requirements for private contractors, as well as potential government employees.
Yet another reason to consider CompTIA Security+ certification is the fact that many of the world’s major tech companies are part of the organization. You’ll find familiar names like Apple, Dell, AT&T, and many others. Not only are these companies partners with CompTIA, but they actively hire CompTIA credentialed professionals.
Ready to Move On?
If you’re looking for training for comptia’s security+, the InfoSec Security+ boot camp may be the right option for your training and education needs. With a 95% success rate, this award-winning training program provides aspiring professionals with the highest-quality exam prep. Simply fill out the brief form above to receive course details/pricing.
From personal mentoring to CompTIA-authorized curriculum to practice exams and hands-on labs, this course ensures you have the knowledge necessary to successfully earn your Security+ certificate and embark on a rewarding career in IT security.