The good news is, there’s a lot of need for InfoSec professionals in the industry. The employment gap is the size of the Grand Canyon and only getting larger. Let’s assume, however, you’ve never worked in InfoSec before and need a way to get in. Without any experience in cyber security, that can seem like an impossible hurdle to overcome, but there are definitely some things that can get your proverbial foot in the door. This blog article details why I recommend CompTIA Security+ certification as the best cyber security certification for beginners. We’ll also look at where it originated, the difficulty level of the exam, where to find good online resources, the exam itself, and some test taking tips.
Why Certifications are Important in Cyber Security
As with many aspects of the technology industry, one of the most effective ways of improving knowledge and proving acumen is through certification. And, honestly, cyber security is no different. The path to certification and recognized expertise in the field can take many shapes, but the first step has been pretty well established for a long time. Since 2002, Security+ has become synonymous with foundational, practical knowledge and skill within the cyber security industry. In fact, Security+ is even recognized by the Department of Defense (DoD) as a Level II IAT training requirement in DoD 8570. It’s a very good bet that if you’ve been perusing entry-level security analyst job postings, this credential is a flat-out requirement. And with good reason.
CompTIA Cyber Security Certifications
Founded in 1982, CompTIA has become the standard for many technology credentials. Starting with A+ in 1993, they have continually expanded and enhanced their training and accreditation program to encompass networking (Network+), operating systems (Linux+), and cyber security (Security+, CySA+, PenTest+, and beyond). Because of the success and industry acceptance of each of these credentials, employers the world over (CompTIA operates in over 150 countries and has issued more than 2.2 million certifications since its creation) come to rely upon them to establish baseline skills for hiring across the technology industry.
What’s the Security+ Training Course Like?
So, what does a Security+ prep class look like? It’s a 5-day, intense, highly interactive course that immerses students in every aspect of cyber security at an introductory level. Each day contains some lecture (get your pencils sharpened, there will be a lot of note taking), group activities, and a lot of hands-on work (yes, you will get a shot at hacking something, which is pretty darn cool). Along the way, there will be quizzes along with a practice test on the last day to get students prepared to take the real thing. It’s also a very good idea to spend at least some time studying on your own after class (1-2 hours per day). There is a lot of material to cover in a very short time span, and it is highly recommended that you schedule and take your exam (you will receive a voucher at the end of the course to schedule your exam, and you will need to take it at a testing center) as soon after the class as you can. Unless you are using the information on a daily basis, it will not stay with you much past two weeks beyond the last day of class.
Is the Security+ Test Hard?
So, just how difficult is it to get a Security+ certification? That really depends on a number of things. First, foundational knowledge. More specifically, networking knowledge. It’s not enough to simply study for the exam and expect to pass without a solid understanding of many basic networking concepts. In fact, it is recommended that a candidate pass the Network+ exam before attempting Security+. It’s not a pre-requisite, but the amount of detail covered by Network+ is immensely supportive and—frankly—essential to understanding and mastering the concepts presented in the Security+ curriculum. Second, you’ll need to figure out whether to self-study or take a Security+ prep course. If self-study is your path, you will find that the “free” material available on the internet is not often terrific in quality or legitimacy. Most of it is out-of-date. Some of it is technically stolen. And a lot of it is only free for the first, useless paragraph of content. You’ll have to pay for the good stuff behind the subscription link.
If you want to pay for official self-study tools direct from CompTIA, that will be immensely more effective, but also more expensive, and you will still be “going it alone” once the courseware is in your hands. And the reality is that reading a 750-page book on cyber security is likely to get a little tedious—not to mention that there won’t be someone helping to highlight important facts and definitions on every page. Finally, you’ll need to determine how much time you have to obtain the certification. If you have 3-6 months to study and little to distract you, you should be If you want to get certified in 1-2 weeks, a classroom experience is a good way to digest critical concepts, terms, and definitions in a collaborative environment with an instructor and a group of your peers on-hand to answer questions and share their own industry experiences.
An Overview of the Security+ Exam and Test Taking Tips
How is the Security+ exam itself? It’s 100% online with a maximum of 90 questions, however, most people are asked around 85 questions in total (the difficulty of the questions seems to have an impact on how many are presented, but it is not an adaptive exam). There are two types of questions on the exam: standard, multiple-choice questions and performance-based questions. Performance-based questions are multi-part, practical examples in which you’re required to examine a scenario and determine the best solution. These types of questions are always presented right at the beginning of the exam and generally take much longer to complete due to their complex nature.
The passing score is 750 (on a 100-900 scale). The numbers are pretty meaningless because of how the questions are weighted, but it is important to remember that the performance-based questions are weighted much higher than the rest of the exam (although there are only 5), so it will serve you well to get these right. You get a total of 90 minutes for the entire exam, so it’s important not to spend too much time on any question. You are allowed to skip questions and return later, even flag them if you are struggling. Some students have reported feeling more confident by skipping the performance-based questions at the beginning and returning after completing the rest of the exam.
It’s also a good idea to wear warm clothes. The testing centers are often very cold. You will also have to surrender your smartphone, smart watch, any other electronics, keys, etc. The testing center will have lockers for these items. A piece of advice I have given all of my students is to go to the testing center at least one day before your exam, around the same time of day as your scheduled exam. Knowing where to park, where to register, and how long it’s going to realistically take to get there is a huge stress relief. You can also ask the test center staff any questions you have.
Once you’ve completed the exam, you will get immediate results on-screen and printed out by the test center. If you pass, congratulations! You’ve joined a community of technology professionals that are dedicated to promoting security throughout the industry. If, for some reason, you are not successful, don’t worry. You can always take the exam again. My best advice is to recognize any areas that were particularly difficult for you. Revisit those areas and get yourself ready for a retake. Your instructor can be a great resource for additional study help should you struggle your first time around.
And…now you can put that badge on your resumé. Welcome to the club. We’re thrilled you could join us and we wish you the very best on the path of what will undoubtedly be an extremely rewarding career in cyber security.