Security Plus Preparation
Background
I graduated in May 2020 with my BS in Cybersecurity from Purdue University. I also recently completed my MS in Cyber Forensics in August 2022 after defending my thesis, which was titled “Cybersecurity Industry Needs and the CSEC ABET curriculum analysis”. I also completed/passed EcCouncil’s Certified Ethical Hacker (CEH) in Summer of 2021. I currently work as a security researcher at a small security consulting company.
Now, I do NOT believe you need to have this background in order to pass and complete the Security+ certification, so do not let my experience discourage you from taking it. I know of many people who have obtained it without having any college experience nor any formal technical background. My reasoning for taking this certification was to be more confident in the application of my security knowledge.
Preparation
Now, onto the stuff you wanted to read about in the first place. My preparation began in December 2021 where I took a four-week CompTIA Security+ certification course. Upon completion of the course, I received a voucher for this exam. Now I was fortunate enough to have the course paid for me by my university; however, I know this may not be an option for others. But CompTIA does usually have some discount codes for the exam vouchers for students, so that might be worth looking into if the price is a concern. The course was instructor lead but with asynchronous assignments including chapter readings, quizzes, practice exams, and videos. Given that I had already completed my BS in cybersecurity at the point of this course, I was already familiar with a lot of the fundamentals covered in the course. The most beneficial part of it was the quizzes to familiarize myself with the types of questions and phrasing of questions I could expect when taking the actual exam.
I took a bit of a break for about a year from studying after the course ended. My exam voucher was good for about a year until the end of January 2023. I slacked a bit in terms of scheduling the exam but decided to take it on January 3, 2023. The version of the exam I took was SY0-601. Beginning in December 2022, I began some more intensive studying as I had not reviewed the material in a while. I no longer had access to many of the course materials, but with my CompTIA login I was still able to access their provided practice exams. I began taking one of the practice exams once every few days. It consists of between 80-90 questions. There are about five categories or topic areas within security that are covered as well as some problem based/scenario questions as well. The practice tests provided gave a wide pool of questions similarly to the ones that might appear on the exam. I also found many Quizlets online that have similar questions I used as flash cards to help me memorize the concepts, terms, and definitions. If you do not have access to formal material, this is not a bad option. An additional resource I did not use but have heard is helpful for studying for this exam is Professor Messer on YouTube. Below is a table I found and copied from the CompTIA website that compares some of the different industry certifications based on their focus areas. I believe this to be helpful as it shows the comparison between two certifications I have already obtained myself .
I would say over the course of the three to four weeks, I took about ten practice tests. CompTIA practice test scoring shows you should be scoring about 80% to be considered almost ready and over 90% to be ready for taking the exam. I was scoring in the 70% for many of the practice tests I took. CompTIA Security+ requires a score of 750 to be considered a pass. I think this can be a bit intimidating when you are at the student level and may be used to 70% being passing or even 75% being passing, and having the mindset that 750 would be the same . But remember, the exam is scored out of 900 not 1000, so you would need about an 83% to pass.
Post Exam Thoughts
Now, if I could go back, I would highly recommend taking the exam in person in a testing center if it is an option for you. I personally was not a fan of my experience with the proctoring software (OnVUE) that they use for the exam while taking it at home. My test also started late - about 20 minutes after the scheduled start time not including the 30 minutes to check in prior to the exam “starting”. The exam was scheduled for 135 minutes. I would say my total time took longer than that though. About 45-50 minutes for check in before the exam starts, 90 minutes for the exam, and 15 minutes for a questionnaire after the completion of the exam.
Overall, I think this exam was harder than I expected. But I still believe it is a very good entry-level certification for those who are looking for their first job or transitioning into a tech role. I do not think you need to take a CompTIA preparation course or have a formal education in this field in order to pass this certification. This certification covers a wide range of topics in the security umbrella such as: (1)Attacks, Threats, and Vulnerabilities, (2) Architecture and Design, (3) Implementation, (4) Operations and Incident Response, and (5) Governance, Risk, and Compliance. There are tons of free resources available online via YouTube, Quizlet, textbooks, and practice tests that can be helpful and aid you in passing this certification.