On May 9th 2023 I successfully passed the CompTIA Security+ CE exam. Here I'd like to share my thoughts and experiences with studying towards and taking the exam.
Passing the Network+ was the first step towards a career in Cyber for me. I believe that you need to have a foundational knowledge of networking and how everything communicates before you can think about how to secure it all. You can read about my experiences with the Network+ here.
What training resources did I use to study for the Security+?
The Security+ cert is a lot more important to me so I wanted to not just be able to pass the exam but to really understand the fundamentals. To do this I used similar resources to study for the exam as I did with the Network+ but then took it further. So here's what I used:
- The official Study Guide from Sybex. Again I read through the whole book, using the end of chapter practice tests to reinforce the info.
- Again I used LinkedIn Learning and I watched through the course presented by Mike Chapple. It's still pretty much taken from the book but it's a lot better having the audio and slides to help take it all in. I also watched through his SSCP course as the two are very similar and once of the sections on the SSCP is taken from the Security+ course (he forgot to change the info on one of the slides!)
- I watched the videos provided by Professor Messer as these gave an alternative take on the topics, providing his own explanations and visual content. These videos were great to help understanding and the reinforce the information being taken in. I would encourage anyone studying for or looking to study for the Security+ to watch them. You can view them all for free on YouTube or visit his site where you can purchase his full course which includes other learning materials. Home - Professor Messer IT Certification Training - CompTIA A+, Network+, Security+ - (no affiliation to Professor Messer or his site / content, I just think it's really good!)
- Additionally, I took out a months subscription it ITPtoTV from ACI Learning - Online IT Training & Certification Courses | ACI Learning (itpro.tv) (no affiliation, just great content). This course gave a lot more detail and information which helps in understanding what you're trying to learn.
- Practice tests - I used the ones from Wiley's online Sybex Test Prep site but also did a couple from ITProTV. The ITProTV ones were really difficult in comparison, but I wanted to be challenged more (and I got my wish!). Again, neither really prepare you for the style and content of the questions on the exam.
- I was also doing a lot on online training platforms like Try Hack Me and LetsDefend, to try and get a feel for some of the tools and concepts. I think this helped more with the questions around attacks and the like.
What's it like taking the exam?
I sat the exam via OnVue, Pearson Vue's online testing platform as there wasn't a local test centre offering the exam. It's a relatively easy way to take the exam, you just need a laptop in a quiet room free of other people and anything that could be used to cheat.
Obviously, it was the same experience as when I took the Network+ exam, with the setup and the annoyingly vague questions but I got a lot more Performance Based questions than I was expecting. The performance questions did tax me and took a lot of time, to the piont that there wasn't much left at the end fo the exam. I'm almost inclined to agree with the people who say flag them and leave them till last to make sure you get the bulk of the other questions done. Again, the biggest piece of advice I could offer for anyone taking this, or any exam for that matter, would be to READ THE QUESTION! It's so important to read it properly and understand what it's asking. It took me a lot longer to complete this exam as I was having to re-read the questions to make sure I knew what they were asking for (still didn't work all of the time).
What did I struggle with?
Well, from a content point of view, Cryptography, Standards and Compliance. I know they're all super important but boy can reading about them put you to sleep. These are areas that I know I need to pay a little more attention to as I continue my education.
Another area I struggled with was focus. Whilst studying, I was also trying to learn much much more. I was spending time on Try Hack Me, the Microsoft Ignite- Protect Everything Challenge, tinkering with my home lab and new tools. Although it was valuable learning it was time taken away from focusing on the Security+ course. I'd get to a topic in the book and think "ooh, that sounds interesting, let me have a look on the internet" and off I'd go researching it. Not necessarily a bad thing, but one thing does lead to another and then down a rabbit hole.
All these things have had a mental note taken of them so when it comes to the next Cert, I'll work a lot smarter.
What are my take aways from gaining the certification?
Foundational Knowledge! It's so important to get to grips with the basics and foundations. As I'd studied a lot for this exam (to the point I thought I'd broken my brain on the weekend before the exam) passing was not only a huge relief but a massive boost to my self confidence. Not only could I talk the talk, but now I have a piece of paper (or digital badge at the time) to prove I can walk the walk ... on a foundational level of course.
To anyone studying towards or looking to take this exam, Good Luck and don't rely on just one source of learning. There's loads of free content out there, especially on YouTube and whenever you think you're ready to sit the exam, by all means book it in but do a lot more studying 😉.
No comments:
Post a Comment