Steve is a database administrator for a large hospital. The database houses claims data for patients. Barbara is a network engineer for an energy company and remotely accesses various networking appliances to adjust configurations. Tina is a software developer working on a fitness tracker for a smartwatch. Bob is the Helpdesk manager for a financial investment firm and provides support for all of the financial advisors’ laptops and smartphones. Andre is a systems engineer for a data center that provides cloud services to government agencies. Darla is a website developer for an e-retailer.
What do all these individuals have in common? They are all information technology professionals who have access to private or confidential data. Another thing they all have in common is the need for foundational security training, like CompTIA’s Security+ certification. It doesn’t matter where you work within the IT industry, whether you are a DBA like Steve or a web developer like Darla, or any of the other myriad IT careers that exist in today’s technological world. Everyone needs security training. Security touches all our lives.
Steve needs to ensure his database is secured against unauthorized access, data loss and theft. Barbara needs to be sure her network is secured against snooping, unauthorized configuration changes and network outages. Tina needs to be sure her code is secured against injection attacks and privilege escalation by eliminating vulnerabilities and by implementing input validation. Bob needs to be aware of the many threats against end users and their devices through media such as the Internet and e-mail. Andre needs to understand the complicated compliance issues related to working with the government and how those regulations get even more complex with the cloud. Darla needs to be sure payment card data is protected and the website is secured against attack.
There is no need to go out and find individual training and certifications for each of these roles, at least not at the beginning. Each of these representative characters can get all the training, awareness and certification they need through CompTIA’s Security+ certification.
What is Security+?
Security+ is a foundational security certification designed to provide a broad view of all facets of information security including networking, software development, web, systems, databases, the cloud, physical security and more. As a foundational certification, it provides a baseline from which you can move into any number of security-related positions. For those not moving into security specific careers, you can still benefit from understanding what role security plays in your daily activities.
Security+ has been specifically engineered to prove your expertise, not just with knowledge, but with practical application. Each exam contains several performance-based questions and scenario-based multiple-choice questions that will test your ability to use your security knowledge in real and practical ways. CompTIA prides itself on its Security+ certification training being both performance-based and vendor neutral. In CompTIA’s own words, you must be able to “both identify and address security threats, attacks and vulnerabilities.”
Security+ is broken up into five domains which are then divided up into several objectives. The five domains are:
- Attacks, Threats and Vulnerabilities
- Architecture and Design
- Operations and Incident Response
- Governance, Risk, and Compliance
These domains and their respective objectives can be reviewed on CompTIA’s certification site.
How do I get certified in Security+?
Step #1 – Get training. The CompTIA Security+ Prep Course is a five-day course that covers all the topics included on the exam. There are also books, practice exams, videos and more, some for free, some at a reasonable cost, that can help you prepare for the Security+ exam.
Step #2 – Study. It’s not enough just to sit through a class or read a book. You need to make this information a part of you. The questions on the exam will demand that you pull from your entire body of knowledge to answer the performance-based and scenario-based questions. Here are some suggestions on how to study for the Security+ exam.
- Study with a buddy – studies have shown that engaging in discussions and conversations about a topic will make that topic feel more personal and will stick with you longer.
- Take practice tests – the certification exam is a test. Practice the test and you’ll do better on the test. There are many great vendors of quality practice exams that can support your study efforts. WARNING: beware of test dump sites. These are websites that use actual test questions as practice questions. This is both unethical and in direct violation of the CompTIA terms and conditions for certification. Stick with approved CompTIA business partners for study aids and you should be safe.
- Write things down – writing with a pen or pencil is a powerful gateway to memory, even more so than typing. The muscle memory involved in writing down concepts will cement this new information into your brain faster and will help with recall later.
- Use flashcards – flashcards are an excellent tool to reinforce things like acronyms, port numbers, definitions, and lists, just to name a few.
- Don’t wait too long after training to take the exam – You may not FEEL ready, but if you’ve put in the time and energy into studying, you’ll probably do just fine.
Step #3 – Acquire your voucher. You may have received your voucher through a training class, in a study guide bundle, through your employer, or by paying for it out of your own pocket. However you got it, that voucher code is extremely valuable. Treat it like cash. It is not tied to your identity so it can be used by anyone. Most vouchers are good for a year. Don’t let the voucher expire.
Step #4 – Register for the exam. This is done on CompTIA’s testing partner website, www.pearsonvue.com. I recommend that you register your exam several weeks in advance. There are several benefits to this. Firstly, you can use this scheduled exam as a motivational tool to make sure you keep studying since you now have a concrete deadline. Secondly, depending on the testing center where you’ve chosen to take your exam, there may be limited seating. Or if you’ve chosen an online exam, there are only a few seats per time slot. If you want to pick the best time and date for you, do it early while there are still a lot of slots available. Otherwise, they may book up. Thirdly, for those who need accommodations due to a disability, you need to request this online several weeks in advance so it can be approved and the accommodations can be ready for you by the time you test.
It’s important to know that once the exam is scheduled, you can reschedule or cancel your exam at any time with no penalty until 24 hours before your scheduled exam time or until your exam voucher expires, whichever is earliest. If you are within 24 hours, there is no cancelling or rescheduling allowed. Don’t wait until the last minute if you need to reschedule your exam.
Step #5 – Taking the exam. The exam consists of up to 90 performance-based and multiple-choice questions and you have 90 minutes to complete the exam. If this will be your first certification exam experience, here are some things you can expect.
- Come early – there may be unexpected delays and you do not want to be late. They can cancel your exam and void your voucher if you are more than 15 minutes late.
- Bring two (2) forms of ID – one of these forms must be government issued and have your picture and name. The other must have your signature (a signed credit card does count for this second ID).
- Personal items – Nothing can come into the exam room with you except for “comfort aids” like cough drops (unwrapped) or water (clear bottle). Your phone should stay in your car. Your other personal affects will be placed into a locker and you will keep the key during the exam. If you are taking an online exam, all personal items must be out of reach and out of view while you are taking the exam.
- Reading is fundamental – During the exam, read every word of every question very carefully. There are no trick questions, but the details do matter. If you aren’t sure, don’t waste too much time. Just pick an answer, mark the question for review later, and move on. You don’t get any penalties for wrong answers. But at least you have some chance of getting it right if you guess. And you can always go back and review these questions again if you have time remaining.
- When you finish the exam – After the exam, you will be asked to complete a short survey. The demographic portions of the survey are optional. After this you will be shown your provisional score on screen and a score report will be printed for you to take with you. This score report shows you each of the exam objectives for which you got at least one question wrong. If you passed, this is just informative. If you failed, these are the topics you should go study. Most people who fail the first attempt pass on their second attempt.
How long does my Security+ certification last?
The short answer is three years. However, CompTIA has what is called the Continuing Education Program for certain CompTIA certifications, including Security+.
Basically, this is the certification renewal program. To renew your certification, you must obtain a certain number of Continuing Education Units, or CEUs, and submit them before your three years is up. Security+ requires 50 CEUs to recertify. Some activities give you all 50 CEUs at one time such as taking a certified training course, passing the newest version of the exam, getting a higher level certification (like CySA+ or CASP+) or helping to write the new exam objectives and test questions. Other activities require mixing and matching a few different ones such as attending conferences, writing blogs or teaching and mentoring other security professionals. There are also a few CEUs granted for work experience, although you cannot recertify on work experience alone.
CompTIA releases a new version of Security+ every three years as well. So, by the time your certification is up for renewal, you’ll be expected to be knowledgeable about the newest security objectives added to the exam. This is one of the benefits of having a certification that expires and requires renewal. It forces you to keep up with the fast-paced changes in the information security industry.
Security+ really is a certification for all, even if a security-specific job is not in your career path. It covers so many topics, you’re sure to find something you can take back and apply to your daily work and make your company and your life just a little more secure.
To learn more about CompTIA Security+ training, visit https://go.skyline-ats.com/securityplus