Security+: Current Status
In today’s information-centric world, security is a hot topic that is becoming increasingly more important. It seems that news reports featuring major security breaches at popular retailers and credit card companies are becoming commonplace. In response to this, CompTIA has introduced the Security+ Certification to Information Security professionals seeking to help fight this problem.
What is Security+?
In the early days of Information Security there was no good broad-based, entry level to intermediate level Information Security Certification available. CompTIA decided to remove this barrier to entry for Information Security professionals wanting to expand their career and began offering the Security+ certification in 2002. The end goal of Security+ is to provide a way is to test what is generally assumed to be the knowledge and skill held by an Information Security professional with two years of full-time, day-to-day technical Information Security work experience.
Since the inception of Security+ in 2002 with the SY0-101 version of the exam, Security+ has undergone some major changes to its exam. In short, these changes allowed Security+ to keep abreast of the changes that have taken place within the realm of Information Security from 2002 until today which have been profound to say the least. Examples of the changes to the focus of the exam material coverage include a shifting away from more simple, broad based concepts approach such as basic network and firewall security. The new focus in recent versions has been more on concepts such as threat administration, risk management, and new technologies including cloud computing. Another major change in Security+ over time occurred in 2013 when the exam included a performance-based exam section that requires the candidate to perform tasks or solve problems within a simulated IT environment followed by questions about the scenario.
It should be added that professionals working directly in Information Technology are not the only professionals that can benefit from the Security+ certification. Professionals in highly regulated fields such as Healthcare, Finance, and Education can use the Security+ certification to demonstrate that they have the necessary Information Security knowledge and skills to thrive in their respective field.
CompTIA released the Security+ certification to be the senior certification in its 3-part foundation certification series. The foundation certification series consists of A+, Network+, and Security+.
What is the Current State of Security+?
- Exam Specifics
There are no necessary pre-requisites that candidates need to take and pass the Security+ exam. With that said, CompTIA has forwarded some recommendations for exam takers that will help them pass. First, CompTIA has recommended that candidates gain two years of Information Technology administration experience with an emphasis on security. Second, exam takers should have technical, day-to-day Information Security experience (presumably from on the job experience). Last, CompTIA recommends that exam takers gain at least their A+ certification before pursuing their Security+ certification.
According to the CompTIA website, the official objectives of the Security+ exam are:
- Install and configure systems to secure applications, networks, and devices
- Perform threat analysis and respond with appropriate mitigation techniques
- Participate in risk mitigation activities
- Operate with an awareness of applicable policies, laws, and regulations
- The successful Security+ candidate will perform these tasks to support the principles of confidentiality, integrity, and availability.
In terms of the bottom line, all CompTIA exams are taken on a computer at the testing site and candidates should be prepared for this format. The Security+ exam consists of a maximum of 90 questions and the questions are multiple choice and performance-based. Exam takers will have 90 minutes to complete the exam. The exam score range is from 100 to 900 and exam takers will need to score at least 750 points to pass.
- The Performance-based Section
One of the most important sections of Security+ is performance-based and requires candidates to perform tasks or solve problems within a simulated IT environment followed by questions. While there is no necessary pre-requirement for candidates to work two years in IT administration with a focus on security, candidates without this experience may be the most intimidated by this section.
CompTIA has provided some guidance for exam takers on this section that candidates without two years of experience should heed before taking the exam. First, CompTIA recommends that candidates manage their time wisely. There will be a clock available to exam takers on the multiple-choice section of the exam but not in the performance-based section. Second, the performance-based section will be at the beginning of the exam. Candidates should keep this in mind when managing their time. Third, if you do not know the answer to a performance-based question just come back to it later and complete it if you have time left over.
- What is New About the Current Security+ Exam?
Security+ is currently on its fifth major revision, SY0-501 and CompTIA released this version to candidates on October 4, 2017. This revision focuses more on cyber-attacks, risk management and mitigation, and Information Security best practices than previous versions. SY0-501 also focuses on newer technology such as cloud computing/support, monitoring tools and analysis, mobile device security with popular mobile device brands such as Samsung, virtualization security, and secure cart/payment systems security.
Security+ is a great certification to springboard an entry level Information Security professional to greater heights in their career. This certification will demonstrate that the candidate has the knowledge and skill possessed by an Information Security professional with two years of day-to-day, technical experience. Entry level Information Security professionals should consider this certification to help further their career.