CompTIA Security+: My journey exposed

Intro

Today I would like to expose my path to the Security+, hoping that this is going to be useful for someone out there.

The CompTIA Security+ is a vendor-neutral entry-level certification for the Information Technology sector. In this post, I am not going to talk about the details of this cert, so if you don’t already have a basic knowledge about it, you can get it on CompTIA’s official website.

Personal Background

During my High School period, I was into computers a little more than others. I liked playing on websites as HackThisSite and learn new stuff from the Internet. I used to watch videos on Cybrary when it was freer than today. Then after High School, I joined the Army and left aside my computer passion. Fast forward for a few years, in 2019 I left it and I landed a sysadmin kinda job role as I wanted to enter the IT world with the objective to reach the cybersecurity field. I started to inform myself on paths, careers, certs, and degrees. From this research, I discovered that I should get the Sec+ first, then focus on bigger phishes.

So that’s all, I was not the classic hacker who pwns systems since the dawn of IT neither a complete IT dummy.

Resources that I’ve used

These are all the resources that I’ve found useful for me, so bear in mind that they could not suit you:

• Cybrary Security+ course by Anthony Harris
• CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide by Darril Gibson
• Security+ Flashcards (SY0-501)
• Professor Messer’s CompTIA Security+ SY0-501 Training Course on YouTube

Unfortunately, the Cybrary course from Harris is not more available (IMHO Harris is a very great instructor). By the way, I’m pretty sure that the actual instructor Ron Woerner is good at least as Harris.

The GCGA: SY0-510 Study Guide has been my master guide and I can’t recommend it enough. At the end of each chapter, you can find a series of 10 to 15 practice questions on the chapter’s subject. Moreover, you can find one pre-assessment exam of 75 questions at the beginning of the book and two post-assessment exams at the end of it. The questions that you can find in this book are the closest ones to the real test that I’ve found around. The book is well written and well maintained with extra content online.

The Security+ Flashcards again by Gibson just they “aren’t your daddy’s flashcards”, as he says on its website. And actually, that’s true, I found them very useful to recall some arguments and study in my spare time.

Professor Messer’s YouTube playlist played a big part in my learning path too. I used it to reinforce some arguments that were not clear enough for me. That’s crazy he freely provides it on YouTube.

Process & Time

I seriously started studying for the Sec+ by reading Gibson’s book in mid-February 2020 for about two hours per day while working full time. Then COVID-19 arrived, the workload has started to decrease so I was able to study at work too. From the beginning of March, my employer has been obligated to apply for the redundancy fund for 3 months.

In this period of time, by studying from four to six hours per day, I finished Gibson’s book (~40 days), started Messer’s playlist, and read a bunch of InfoSec/CyberSec-related books that you can find on my GitHub.

In mid-April I’ve decided to choose the exam day, I would have liked to pick a day from the next week but the first free spot was on May 11th, so I booked it.

Exam day

I actually don’t know what to tell you about the exam, it’s simply an exam like others.

You have 90 minutes to complete all the questions that could be a maximum of 90. You are going to find multiple choice and performance-based questions. My advice is to go first with the performance-based question then do the rest. If you find a question you can’t figure it out in that moment, flag it and do the rest. Then at the end come back to the flagged questions and try to solve them. Once you have finished it, you will immediately know if you have passed it or not.

For the more curious I made 825 out of 900.

Tips

Finally, I want to give you some tips from my personal experience:

1. Do not fool yourself, be honest. If you have to study, do it. If you need to rest, do it;
2. Do not overestimate the exam, neither underestimate it;
3. Be balanced in what you do, you can’t know all about Cryptography but nothing about Security Controls;
4. During your studying, drink water, and take regular rests;
5. After a few minutes from the beginning of the exam, you will start thinking “I won’t make it this time”, do not give up and do not listen to your negative inner part. You will make it believe in yourself;
6. During the exam, do not panic. If you are starting to lose control, just breath deep and keep calm;
7. The more you absorb from the outer world the more you will be able not only to pass the exam but to learn and understand the relations that exist between the elements too;
8. Again, rest. You don’t want to reach burnout;
9. Be happy while you’ll go for this cert, smile and have a good time.

Stay safe.

-Wirzka