ENTRY 2 - My path to Security+

Hi there!

I already wrote about passing the Security+ exam in this post but I decided to dedicate this journal entry to the experience, preparation and a small talk on what I would do differently today. Let’s do an interview…with me.

How was the overall experience from preparation to taking the exam?
Stressful - it was one of my first big and official certifications.
Long - my own fault, I prolonged the preparation process for too long (do not do that!).

How did you prepare?
Combining several sources:

• Official book (CompTIA Security+ SY0–701 Certification Study Guide)- not necessarily needed but I find it easier to read from a physical book than a pdf (a lot of free online versions there as well). Take into the consideration the exam version and the book version. The book version does not have to be the newest one (don’t study from much older versions either), but if you are studying from N-1 or N-2 version familiarize yourself with the implemented changes in the current version of the exam.
• Professor Messer - free videos on YouTube and practice exams (cost money but worth it).
• Udemy course by Jason Dion - 30+ hours on-demand video and 1 free practice test (often you can find it on discount for €12).
• A lot of exam dumps.
• Late night study sessions with a friend who was also preparing for the exam - invaluable to have someone discuss topics with you which you struggle to understand and ask you exam-related questions at the most random time of the day.

Is source diversification important for a good preparation?
Yes, it is a key to a good preparation. Each of the above mentioned sources expand your knowledge and provide you with different examples for each domain. With that you learn to approach the topic or task differently, giving you fresh perspective. It is also important not to overdo it. There are thousands of different study materials and communities but stay on your track and keep up with those 3-4 sources you find valuable. Expanding it will just complicate your study progress.

Is prior experience in cybersecurity needed to pass?
It is not a prerequisite but having some would help you progress in some topics much easier. Being familiar with networking, system administration or Linux is a big plus. From my own experience, I was a Security Engineer for two years before attempting the exam. My role and responsibilities helped me understand deeper the topics of ports and protocols, VPN, EDR, vulnerability management, and change management, among others.

What would you do differently?
Define my study timeline and the actual exam date at the beginning of my studies. By not doing it I prolonged the exam for too long and risked forgetting some parts of my studies. Don’t be like me - get the exam date at th beginning and work towards it.

Overall thoughts on the exam.
Security+ exam is a valuable certificate to have in your CV, especially if you’re at the beginning of your career. It guides you into important cybersecurity domains and although it is very general, it comes as an important introduction for your next steps in cybersecurity: offensive security, defensive security, networking, and more. Sec+ is not a practical exam. The closest you can get to the practical part are the PBQs (performance-based questions) where you’re given a real scenario and you need to answer questions, analyze logs or configure firewall or network.The overall exam is not very easy as questions and answers can be misleading on purpose, testing your critical thinking. I went through a lot of questions with “it’s neither one of them” or “it can be all” answers. But again, the online community is a big pool of Sec+ Q&As. Take your time to go through all the domains and take the time to solve a couple of exams to get used to the questions and their format.

Huh, this was fun! Anyone interested in taking the exam soon and reading this, let me know if I missed some questions you would like to know and I’ll gladly update the interview. 🙂

Thanks and see you for the next one!

Image courtesy of Tenable