Security+: Current Status [updated 2021]
In today’s information-centric world, security is a hot topic that is becoming increasingly more important. It seems that news reports featuring major security breaches at popular retailers and credit card companies are becoming commonplace. In response to this, CompTIA has introduced the Security+ Certification to Information Security professionals seeking to help fight this problem.
What is Security+?
In the early days of Information Security there was no good broad-based, entry level to intermediate level Information Security Certification available. CompTIA decided to remove this barrier to entry for Information Security professionals wanting to expand their career and began offering the Security+ certification in 2002. The end goal of Security+ is to provide a way is to test what is generally assumed to be the knowledge and skill held by an Information Security professional with two years of full-time, day-to-day technical Information Security work experience.
Since the inception of Security+ in 2002 with the SY0-101 version of the exam, Security+ has undergone some major changes to its exam. In short, these changes allowed Security+ to keep abreast of the changes that have taken place within the realm of Information Security from 2002 until today which have been profound to say the least. Examples of the changes to the focus of the exam material coverage include a shifting away from more simple, broad based concepts approach such as basic network and firewall security. The new focus in recent versions has been more on concepts such as threat administration, risk management, and new technologies including cloud computing. Another major change in Security+ over time occurred in 2013 when the exam included a performance-based exam section that requires the candidate to perform tasks or solve problems within a simulated IT environment followed by questions about the scenario.
It should be added that professionals working directly in Information Technology are not the only professionals that can benefit from the Security+ certification. Professionals in highly regulated fields such as Healthcare, Finance, and Education can use the Security+ certification to demonstrate that they have the necessary Information Security knowledge and skills to thrive in their respective field.
CompTIA released the Security+ certification to be the senior certification in its 3-part foundation certification series. The foundation certification series consists of A+, Network+, and Security+.
What is the Current State of Security+?
1. Exam Specifics
There are no necessary pre-requisites that candidates need to take and pass the Security+ exam. With that said, CompTIA has forwarded some recommendations for exam takers that will help them pass. First, CompTIA has recommended that candidates gain two years of Information Technology administration experience with an emphasis on security. Second, exam takers should have technical, day-to-day Information Security experience (presumably from on the job experience). Last, CompTIA recommends that exam takers gain at least their A+ certification before pursuing their Security+ certification.
According to the CompTIA website, the official objectives of the Security+ exam are:
- Install and configure systems to secure applications, networks, and devices
- Perform threat analysis and respond with appropriate mitigation techniques
- Participate in risk mitigation activities
- Operate with an awareness of applicable policies, laws, and regulations
- The successful Security+ candidate will perform these tasks to support the principles of confidentiality, integrity, and availability.
In terms of the bottom line, all CompTIA exams are taken on a computer at the testing site and candidates should be prepared for this format. The Security+ exam consists of a maximum of 90 questions and the questions are multiple choice and performance-based. Exam takers will have 90 minutes to complete the exam. The exam score range is from 100 to 900 and exam takers will need to score at least 750 points to pass.
2. The Performance-based Section
One of the most important sections of Security+ is performance-based and requires candidates to perform tasks or solve problems within a simulated IT environment followed by questions. While there is no necessary pre-requirement for candidates to work two years in IT administration with a focus on security, candidates without this experience may be the most intimidated by this section.
CompTIA has provided some guidance for exam takers on this section that candidates without two years of experience should heed before taking the exam. First, CompTIA recommends that candidates manage their time wisely. There will be a clock available to exam takers on the multiple-choice section of the exam but not in the performance-based section. Second, the performance-based section will be at the beginning of the exam. Candidates should keep this in mind when managing their time. Third, if you do not know the answer to a performance-based question just come back to it later and complete it if you have time left over.
3. What is New About the Current Security+ Exam?
Security+ is currently on its sixth major revision, SY0-601. CompTIA released this version to candidates on November 2020. This revision focuses more on the latest cybersecurity trends and techniques, thus giving professionals the most up-to-date and current skills needed for the following tasks:
- Assessing the cybersecurity posture of an enterprise environment
- Recommending and implementing appropriate cybersecurity solutions
- Monitoring and securing hybrid environments
- Operating with an awareness of applicable laws and policies
- Identifying, analyzing and responding to cybersecurity events and incidents
The exam objectives undergo regular reviews and updates. For example, Security+ (SY0-601) has 35 exam objectives, compared to 37 on SY0-501. The difference is that the exam objectives for SY0-601 include more examples under each objective, according to CompTIA.
Security+ is a great certification to springboard an entry level Information Security professional to greater heights in their career. This certification will demonstrate that the candidate has the knowledge and skill possessed by an Information Security professional with two years of day-to-day, technical experience. Entry level Information Security professionals should consider this certification to help further their career.
We've encountered a new and totally unexpected error.
Get instant boot camp pricing
A new tab for your requested boot camp pricing will open in 5 seconds. If it doesn't open, click here.