(** Updated in May, 2021)
Security+ is the must-have certification for people seeking to get into a cybersecurity career. While there are competing certifications available, CompTIA Security+ is more widely considered the base-line qualification for security-based roles throughout the IT industry.
So, what do you need to know before taking the Security+ exam?
What is Security+
If you are looking to get into cybersecurity but are unfamiliar with CompTIA Security+ you can read a full description of the certification on our Security+ Certification and Training page. But, in a nutshell, this valuable accreditation proves that you have a comprehensive understanding of IT security fundamentals and would be able to apply security measures across an organizations network of devices.
As you would expect, acquiring this level of knowledge and skill requires time and experience. If you are a computer novice you should expect to acquire several years’ worth of experience before you attempt the Security+ exam (more about this later).
If you look for open cybersecurity roles online, you will find that most entry-level cybersecurity jobs require Security+. This is particularly true in our region around Washington DC, Maryland, and Virginia, where there is a high concentration of security-focused, military and government-based organizations.
So, if working in cybersecurity is your dream job, then getting your Security+ accreditation will make your path into this exciting and lucrative area of IT easier.
As with all CompTIA certifications, you do not have to prove you have previous experience, nor have passed other certifications to take the Security+ exam and attempt to get your accreditation.
But the exam questions are carefully designed to assess your skills and working knowledge of a wide range of IT security fundamentals. If you have limited or no IT experience, you will find it extremely hard to prepare for and pass the Security+ exam.
CompTIA recommend that you have at least two years’ work experience in IT administration, preferably with a focus on IT security. This is borne out from conversations we have had with our students who have taken the Security+ exam. Most of them say that this is one of the harder early-career exams to take, and the more experience you have working with computers and computer networks the easier you will find it.
What You Need To Know
To do well in the Security+ exam you will need a sound understanding of how computers are put together, how they operate, and how they communicate on a network.
At a minimum you should have already passed CompTIA A+ and Network+, or Cisco CCNA, or have equivalent experience.
Working in an entry-level systems administration or help-desk role within a company will help you practice your technical skills. It will also introduce you to the social elements of a computer environment, whether you are learning new skills from other technicians, or working with computer users to fix issues they are having.
Perhaps critically from a security standpoint, work experience will introduce you to the good and bad habits that computer users adopt, heightening your awareness of how to manage IT security in a working environment.
If you lack this experience, don't give up on your long-term goal of getting a cybersecurity job, but be prepared to take some time getting started in IT.
More specifically, these are the topics the Security+ exam will test you on:
Threats, Attacks and Vulnerabilities
You will need to understand how to mitigate attacks, threats and identify vulnerabilities from IoT, embedded and other modern devices. You’ll need to be able to identify, and mitigate DDoS attacks and social engineering attacks based on the latest understanding of these types of attack.
Operations and Incident Response
Looking at an organizational level you’ll need to be able to asses and prepare relevant incidence response procedures, including security controls, basic threat detection, risk mitigation and basic digital forensics.
Architecture and Design
You’ll need an understanding of computer and network architecture, in order to secure both cloud and more traditional computer infrastructures.
You will be tested on end-to-end security, PKI, basic cryptography, access management, wireless and how to administer identity.
Governance, Risk and Compliance
You will be tested on your risk management and regulation compliance knowledge, including understanding CCPA, GDPR, SOX, PCI-DSS, FISMA, HIPAA, and NIST.
Training for the Security+ Exam
As valuable as practical experience is, making sure you have your Security+ prerequisites covered should include a thorough and focused training program.
Whether you choose self-paced learning using books and videos or take an in-person, instructor-led Security+ class, taking a prescribed course will ensure you cover all the necessary topics in detail.
As previously mentioned, many students find this exam a challenge, so make sure you have a well planned and thorough preparation plan.
You may also want to consider taking training with a school that includes a Pass Guarantee. With TrainACE’ s instructor-led Security+ course, for instance, we’ll give you a free class retake and a second exam voucher, if you attend all the original classes, and fail the exam on the first try.
The Security+ Exam
This Security+ test is made up of no more than 90 questions and lasts for up to 90 minutes.
The questions are a mix of multiple choice and performance based and you must achieve a passing score of 750 out of 900 points.
Is It Worth IT?
By many accounts, the Security+ exam is not easy to pass. So, is it worth the time and effort?
If you are looking to get into a cybersecurity or systems administration role, the answer is a resounding ‘yes’.
Security+ is the baseline certification used by employers for nearly all IT security-based roles. This includes the US Military, who according to DoD Directive 8570, requires Security+ for certain information assurance roles.
While the Security+ exam is challenging, if you follow the Security+ prerequisites mentioned above you have a very good chance of passing.
How Do I Get Security+ Training?
TrainACE offers instructor-led Security+ certification training at different times to suit your schedule. We have weekday Security+ bootcamps, weekend classes and evening classes. All are taught by highly qualified instructors who have years of experience working in the IT security field.
Our Security+ training comes with a Pass Guarantee. After full attendance of the class, if you take and fail the exam within 90 days, we will allow you to re-take the class and give you a second exam voucher for free.