What is CompTIA Security+ Certification?

CompTIA Security+ certification is a vendor neutral IT security certification that develops your skills and expertise in computer and network security domains like cybersecurity, network security and IT risk management.

The Security+ certification, offered by CompTIA, is compliant with ISO 17024 standards.  It is accredited by ANSI. The certification is also approved by the U.S. Department of Defense to meet directive 8140/8570.01-M requirements.

Security+ certification is an entry-level cybersecurity certification that covers topics such as,  how to identify risks in a connected environment, how to use tools, technologies and techniques to protect software and hardware assets against hackers and hostile parties on the internet.

Companies worldwide including big names like Amazon and Barnes & Noble prefer professionals with CompTIA Security+ certification.  This is evident from looking at the hundreds of cybersecurity job listings.

Security+ will help you get jobs in the cybersecurity and network security domains, including information security specialist, security engineer, penetration tester, network administrator, security administrator and security engineer.

According to Robert Half’s 2020 Salary Report, cybersecurity is one of the top in-demand skills of 2020. The report also lists CompTIA Security+ among the top IT certifications of the year.

The CompTIA Security+ exam consists of 90 questions.  They include multiple choice questions and performance-based questions.

Performance-based questions test your practical skills by showing different scenarios and asking you to solve a specific problem.

For example, a diagram shows the architecture of a network with different machines. The network is currently under attack from a hostile hacker. The question also shows the script used by the hacker. You are asked to identify the type of attack initiated by the hacker and the best defense mechanism to save your network.

The exam is 90 minutes long, and the passing score is 750.

The cost of the Security+ exam is $349 USD.

Skills Measured by CompTIA Security+ Certification

The key skills validated by the Security+ certification include, installation and configuration of secure applications, threat analysis, risk mitigation techniques, cryptography, awareness of cybersecurity policy and law, types of attacks and their solutions, network layers and protocols, mobile security, architecture design for maximum risk mitigation, and forensics.

The skills covered will make you competent at a basic level to understand the risks possible in the cybersecurity domain, and the possible solutions that an organization could use to save its data, software, and hardware assets.

As the certification includes labs and performance-based questions, you will get hands-on experience in solving complex problems of modern networks and cyber security.

At a very specific level, Security+ covers the following concepts.

Threats, Attacks and Vulnerabilities

• Viruses, Ransomware, Adware, Spyware and More
• Social engineering, brute force, phishing, DDoS, Buffer Overflow and other types of attacks
• Types of actors
• Memory leak, DLL injection, Point dereference, weak cipher and other types of vulnerabilities

Technologies and Tools

• Firewalls
• Routers
• Switches
• Ports
• Access points
• DLP
• NAC
• Mail gateways
• Network scanners
• Protocol analyzers
• Honeypot
• Password crackers
• Troubleshooting using logs, access rights, certifications and more
• Implementation of secure protocols

Architecture and Design

• Understanding standards
• Implementing zones and topologies
• Firmware security
• Patch management
• SoC
• SCADA
• Home automation security, HVAC
• Agile VS Waterfall
• Stress testing, sandboxing, secure coding practices, immutable systems
• Cloud security

 Identity and Access Management

• Multifactor authentication
• LDAP, Kerberos, TACACS+, CHAP, PAP, Secure tokens and more
• Biometric security
• Access control models
• Credential management

 Risk Management

• Agreement types
• Single point of failures
• RTO/RPO, MTBF, MTTR, Mission-essential functions, Identification of critical systems
• Threat assessment
• Risk assessment, SLE, ALE, ARO, Asset value, Risk register
• Recovery sites

 Cryptography and PKI

• Modes of operation
• Asymmetric algorithms
• Hashing
• Salt, IV, nonce
• Elliptic curve
• Weak/deprecated algorithms
• Key exchange
• Digital signatures
• Diffusion

Download the CompTIA Security+ (SY0-501) exam objectives for a more complete curriculum.

Pre-requisites for Security+ Certification

There are no pre-requisites for the Security+ certification exam. However, CompTIA recommends that you have already passed the Network+ certification, or have two years of experience in the IT industry with a focus on security.

If you are an absolute beginner, with little to no experience in IT, it’s suggested that you also pass the A+ Certification.

How to Prepare for the CompTIA Security+ Certification Exam

To prepare for the CompTIA Security+ exam, there are several options available.

Self-Study Resources

If you are self-driven and don’t need a lot of external guidance, you can use self-study resources to prepare for the Security+ exam. These resources include books, videos, study guides, and practice questions.

Books

Books provide in-depth coverage of the concepts you need to cover to pass the exam.

These books are usually based on the CompTIA Security+ exam objectives, so you won’t have to worry about missing anything important.

Books are useful especially if you don’t have any background in cybersecurity. Using books, you can grasp important and complex concepts at your own pace because books are written in a detailed fashion.

There are many good Security+ exam prep books available online and in stores. One of the most highly recommended is the CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide by Darril Gibson.  It covers theory, practice questions, performance-based questions and their answers based on exam objectives.

However, if you are short on time and just want to cover the most important concepts to pass the Security+ exam, books might not be the best option.

Video Training

Videos help in understanding difficult concepts. Studies show that video training is more effective in terms of retention as compared to methods of learning.

Using videos to prepare for Security+ certification will help you understand the core security concepts more quickly.

You can find a detailed, instructor-led Security+ video training course here.

However, video training could sometimes lack depth. If you solely rely on video training for the Security+ you could face difficulties when solving scenario-based questions where concepts are tested at a deeper level.

You should combine video-based training with practice questions and practice labs.

Instructor-Led Training

If you think self-study isn’t for you, you can use instructor-led training to prepare for the exam.

You can learn directly from cybersecurity experts and seek help in solving questions which you find challenging.

Instructor-led training programs allow you to get an in-depth understanding of every concept.

This training also increases retention as you are more likely to remember your discussions with the instructors.

Instructor-led training can include in-person training sessions, as well as those which you can attend remotely online.

However, instructor-led training tends to be quite expensive. For example, Global Knowledge’s Security+ instructor-led online training program costs over $1495.

Instructor-led training is suitable if you want a more guided and personal experience for your Security+ training.

Practice Tests

Simply completing training is usually not enough to pass the exam.

Most people find it challenging to apply themselves during the exam.  This is usually due to time management, difficulty in solving performance-based questions, and understanding complex scenarios in limited time.

All of these challenges can be overcome using practice tests.

In the Security+ exam, you have to answer 90 questions in 90 minutes.  Many of these questions are based on complex scenarios. It is very easy to lose track of time when attempting to answer these questions.

Using practice tests as part of your exam preparation process will help you in testing yourself and evaluating your weaknesses and strengths.

You can find Security+ exam practice tests here.

Practice Labs

Cybersecurity is a highly practical area of IT.

All the concepts covered in the Security+ certification have their application in the real world.

Using practice labs to prepare for the exam will equip you with a practical understanding of cybersecurity concepts.

Completing practice labs makes it easier for you to tackle performance-based questions in the exam. The more you use practice labs, the easier it becomes to solve scenario-based questions.

Practice labs develop your ability to understand complex problems in limited time.

You can find Security+ practice labs here.

What Jobs can you get with a Security+ Certification?

Security+ certification makes you eligible for a variety of roles in the information security, cybersecurity, and computer networking fields.

Companies worldwide want to secure their critical data, information, and services from hackers and hostile parties. That’s why the demand for security professionals is increasing.

According to the U.S. labor department statistics, jobs in the information security sector are expected to increase by 32% through 2028, faster than the average of all occupations.

The median annual salary for information security analysts is $98,350.

With Security+ certification, you can get the following jobs:

• Security analyst
• Cybersecurity expert
• Network architect
• Security architect
• Forensics expert
• Systems administrator
• Information Security analyst
• Technical security specialist

However, keep in mind that having the Security+ certification doesn’t necessarily make you eligible for these jobs.

Companies generally prefer candidates with practical experience.  If you prepared for your exam using practice labs you can mention this to your potential employer.  In many cases they will accept this ‘simulated time’ in lieu of real-world experience.

Security+ Certification Salary

There’s a strong demand for cybersecurity specialists and information security officers with Security+ certification.

There are hundreds of Security+ jobs posted on famous jobs platforms like Indeed.com. Big companies like JP Morgan and AT&T are offering as much as $117,000 for these roles.

According to jobs platform PayScale, the average salary for Security+ certification holders is around $74,000.

Companies hire Security+ holders for roles like Systems Administrator ($65,000), Cybersecurity Analyst ($75,000), and Information Security Analyst ($71,000).

The 2019 IT Skills and Salary report by Global Knowledge shows that Security+ is one of the most popular CompTIA certifications worldwide, with 62% of certification holders in North America.

According to the report, the average salary for CompTIA certification holders is $93,097.

Observations from Successful Security+ Certification Holders in the Industry

If you want to know about the best strategies to prepare for the Security+ exam, pay attention to the feedback of those who have already passed the test. Here are some important observations from Security+ certification holders.

The Security+ exam is highly practical. The exam doesn’t just test you for the theoretical concepts. If you understand the practical implications and logic of the concepts you study, you won’t have any problem solving the performance-based questions.

After reading the book, I made sure to do every single practice question. It is imperative that you know why the correct answer is the right answer and why the other answers are wrong, as the test doesn’t just ask you “What does TOTP stand for?”. A lot of the questions were scenario-based and were either vague or very specific in the amount of details, and you had to choose the BEST answer. Always make sure to read the question all the way through at least twice to ensure that you understand what it’s asking you

–Reddit User “The_Abyss136”

https://www.reddit.com/r/CompTIA/comments/a77c88/i_passed_security_501_today_heres_what_i_did_and/

The exam has a lot of questions based on acronyms and terminologies of security concepts. You should memorize and understand all the important acronyms if you want to get a high score on the exam.

You absolutely have to know the acronyms and know what they mean, as nearly all the questions I had used acronyms, and a lot of them. This exam isn’t just a test to see if you know what an acronym is, it really pushes you to analyze a situation and use your knowledge from your studies.

Reddit User “The_Abyss136”

https://www.reddit.com/r/CompTIA/comments/a77c88/i_passed_security_501_today_heres_what_i_did_and/

If you don’t have prior experience in IT security, it is better to familiarize yourself with the concepts before signing up for the Security+ exam. Many experts recommend doing CompTIA A+ and Network+ before going for Security+.

“A+ builds a foundation and teaches you about a lot of things you probably never knew to care about. A lot of the ifo might seem irrelevant, but you won’t know until you find yourself remembering it later. I’ve been doing a lot of DHCP migrations lately snd I always think back to Professor Messer’s video on DHCP. A bunch of objective in the 902 exam relate to networking, but it’s nothing too difficult.

Network+ builds on A+ and gets really into the thick of networking technologies, but not so much on implementation. You won’t learn any Cisco IOS commands.

Security+ builds on Network+ and there is also a lot of overlapping material. I’ve seen some posts saying Security+ was very difficult to study for and folks had to retake it multiple times, but I’ve also seen posts saying that Sec+ was very easy after A+ and Network+”

Reddit User “theblindness”

https://www.reddit.com/r/CompTIA/comments/9oc6h6/sy0501_security_as_first_cert/

 

You should practice a lot beforehand because the Security+ exam is tricky when it comes to time allocation.

Also, try to attempt every question because there is no negative marking. Here is a helpful comment from a candidate who attempted the exam.

“In my opinion, even though the questions on the test can be very tricky, the actual test-taking is extremely fair. The user interface is straightforward, you are always kept aware of how much time is remaining and how many questions are remaining. Answer EVERY question, even if you have to guess, and if you need to you can easily “mark” a question for review later. I was going back and re-reviewing questions right up to the time limit, at which point whatever answers I had selected were automatically submitted (there’s also a “submit” button). In conclusion, I have no complaints about the testing software.

In a sense, I really appreciated the “trickiness” of the actual questions themselves. This is not a test that an unskilled person could could push their way through simply by looking at the “obvious” answer in the list of multiple choice responses. At least I could never have done that. The test does a good job of testing real computer knowledge while still being a simple multiple choice test”

Reddit User “HaikuLubber”

https://www.reddit.com/r/CompTIA/comments/c3pt6b/how_i_prepared_for_the_security_sy0501_exam/

The Truth About Security+

Security+ certification validates your skills in the cybersecurity, information security, and networking domains. Having this certification will help you get the attention of recruiters.

Due to the certification being vendor-neutral, it gives you a general understanding of security concepts.

Companies are also looking for professionals who could handle vendor-specific architecture and equipment. Therefore, it would valuable to complement Security+ with vendor-specific certifications like Cisco’s Certified CyberOps Associate and CCNP Security.

If you already have some hands-on experience in cybersecurity, that can be a valuable addition to your Security+ certification when you are looking for a job.

Is the Security+ Certification for You?

Security+ covers all the important concepts that you need to work in the field of cybersecurity.

If you have a basic level understanding of IT security, and want to increase your skills and job opportunities, then Security+ is a good choice.

It will give you the opportunity the get a job that can pay over $65,000.

So, is the Security+ certification worth it?

If you are looking for an IT career that pays well, has lots of job opportunities, and gives you the chance to advance up the IT career ladder then Security+ will be worth the time, effort, and cost.