The CompTIA Security+ is one of the best entry level certifications out there right now. It covers a lot of different domains and will show that you have a great breadth of knowledge but doesn't go too deep in any aspect.
"The CompTIA Security+ certification exam will verify the successful candidate has the knowledge and skills required to assess the security posture of an enterprise environment and recommend and implement appropriate security solutions; monitor and secure hybrid environments, including cloud, mobile, and IoT; operate with an awareness of applicable laws and policies, including principles of governance, risk, and compliance; identify, analyze, and respond to security events and incidents" via CompTIA Website
Security+ is great for an entry level certification that will help introduce you to topics for a number of different roles within security like a Security Administrator, System Administrator, Security Engineer or Analyst, DevOps, Network or Cloud Engineer and more. Security+ is a vendor neutral exam meaning it doesn't cater to just one type of tool like a Cisco certification for example. This certification is also covered by DoD 8570 which essentially means it is recognized by the US Government and is recognized by a number of companies around the world. This makes it the perfect certification for someone looking to break into the world of cybersecurity!
Now that I've talked about what the exam is and why its such a great place to start for your first certification, lets talk about what is actually on the exam, what the structure of the exam is and how much it will cost. In my next article I will share with you some resources, as well as tips and tricks for getting your Security+.
As mentioned there are many topics covered in the Security+ exam. Specifically with the current SY0-601 exam there are 5 domains:
- Attacks, Threats and Vulnerabilities (24% of the exam)
- Architecture and Design (21% of the exam)
- Implementation (25% of the exam)
- Operations and Incident Response (16% of the exam)
- Governance, Risk and Compliance (14% of the exam)
I know these domains are very high level so if you want to know exactly what items are on the exam and get some practice questions you can fill out the contact form on the CompTIA website
The exam has 90 questions and is 90 minutes long. The exam will have up to 10 "performance based" questions and the rest are multiple choice. These performance based questions usually come in the form matching, drag and drop as well as data entry questions. The exam is scored on a scale of 100-900 and a passing score is 750. What does this mean? Well there are around 10 beta questions in every exam that don't actually count towards your final score. You will not know what questions are beta questions and which questions are not but this is why the scale starts at 100 to make up for those beta questions.
This said if you're like me you want to know what all that actually means for what you need to do to pass. Well it means you need at least 83% or 75 questions correct to pass the exam.
Since we are still in COVID as of the time of writing, all exams are conducted online through Person OnVue. There are some policies you may want to review and software you will want to test on your computer before taking the exam which you can find here: Taking an Exam Online
The exam costs $370 USD for 1 exam voucher in North America. If you are in other regions the price can vary. If you would like a discount there are some legitimate resources that offer discounted rates on the exam at $333 USD. Here are some of those legitimate sources:
When looking at certifications in the cybersecurity industry honestly the Security+ is on the lower end for cost but is highly recognized by HR teams around the world so personally I would say it is worth the investment for getting your first job in the industry. Especially if an employer will pay for it, all the better!
To renew the Security+ you will need what are called CompTIA Continuing Education Units (CEUs). Specifically you will need 50 Continuing Education Units over 3 years and $150 USD. This will renew the certification for 3 years.
CEUs can be obtained by earning Non-CompTIA industry certifications, Complete any training or higher education, Participating in IT industry activities, Publishing a relevant article, white paper, blog post or book or finally by gaining related work experience. There are a lot of ways to earn CEUs but if you want to make sure what you've done counts check out the official CompTIA site
All and all I think the Security+ is a great investment for someone new to cybersecurity and looking to get their first certification. On the CompTIA website they recommend having already possessed a Network+ certificate & 2 years experience before attempting the Security+ but honestly you don't need that. If you have the drive, time and commitment to passing this exam you can do it even with no previous experience in the security space. For more on how to prepare for the Security+ exam and pass it on your first try, stay tuned for my next article where I will share all this with you an more!