TLDR
What I did right
- Study group
- Going through each exam objective making notes
- Looking through ITF+, A+, Net+ before starting Sec +
- Creating flashcards for network concepts
- Practice Exams
- Going over each Practice exam AND ensuring I understand each choice given in a question that was not the answer
- Knowing what to look for in a question (Keywords)
- Researching real world cases based on exam objectives like large scale data breaches
- Having work experience related to some of the exam objectives (Help Desk, QE & IT intern experience)
What I did wrong
- Inconsistency with study schedule (starting & stopping intermittently)
- Not having a dedicated period to study and take the exam
- Not scheduling the exam before I started studying for it
- Not doing labs (VERY IMPORTANT)- Performance Based Questions
How I would do it now
- Activities under “What I did right”
- Labs : udemy.com/course/comptia_security_sy0-601_c..
- Flashcards for Ports (Anki & Quizlet)
- Teaching back the material
- Documenting my journey from day one
- Presenting the material in a group or to someone that is unaware of cybersecurity terminology.
My Journey
I began this journey months after I gained admittance to Drexel. I scoured the internet for ways to break into technology and found that getting a help desk role would be my best bet. From there, I started studying for the CompTia A+ certification in November of 2020 using Professor Messer’s videos. I was able to learn some of the basics which included the hardware of a computer and networking fundamentals. As time was drawing nearer to my start date for school, I began to focus more on the job search and decided not to take the exam due to the cost and the fact that it was a two part exam. Upon searching for more tips regarding the job search, I learned that the Security + was arguably the best of CompTia’s entry level trifecta which consists of the Security+, Network+ and A+. I knew I could not afford all three so I decided to focus on paying for one exam, the Security+ but still learn the material from the others. From the A+, I moved to the Network+ in December. The Network +, in my opinion, was the hardest of the three in terms of material and I still struggle with some of the concepts to this day. Nonetheless, it taught me valuable fundamentals such as the OSI model and network segmentation. I also placed “Currently pursuing Network+” on my resume during my job search. Not sure if it helped but I managed to land a help desk role a month into graduate school. In my first month at grad school, I also began studying for the Security +. I pondered on focusing on getting the certification and not taking the job but experience is always better than a certification, in my opinion. So with this, my plan of obtaining the Security+ was placed on hold in February of 2021. As months passed, I was able to apply some of my knowledge in my role and then I got an internship at another company as a Quality Engineer. Needless to say, very little CompTia knowledge was used in this role. After this, I landed a role as an IT intern for the networking team at another company. Around this time as well, I gained admission to a program targeted towards helping students transition to Cybersecurity. This program was offered by Startfield and it was called "The Career Accelerator Program". This occurred at the end of Summer 2021. In this program, my knowledge of the space expanded and I was able to partake in a tabletop exercise, networked with individuals that were mid-level or seniors in their respective fields and much more. While doing this program, graduate school and my internship, I was exhausted to say the least but found the motivation to finally start studying for Security + again. I had the opportunity to use a trial for CompTia’s Cert Learn through the program. While it was beneficial, in my opinion, it was not worth the price unless it was solely being used for practice with the PBQ portion of the exam. After this trial, I then stopped studying for the certification once again :). In 2022 after the program ended, some of us from the program decided to form a study group to pass the Security+. This definitely was the main reason I finally scheduled the exam and stayed consistent with studying. By having accountability, a group to bounce ideas off of and people to ask questions to, I felt confident in taking the exam.
Exam Day
For my exam location, I decided to do it remotely through PearsonVue. Regarding accessing the exam and using the platform, I have no complaints. When I began the exam, I skipped the practice based questions and started with the multiple choice based questions. Maybe because I was nervous, I felt a sense of defeat on a good portion of the questions. I thought to myself “I’ll have to take this over”. After a few deep breaths, I countered this negative thought with a positive one by reminding myself that I know this material. After I completed the multiple choice section, I went back to the PBQ section and that negative thought came right back, TENFOLD! I managed to do bits and pieces of each PBQ and saw that I Had roughly 5-8 minutes left. I also had some questions in the multiple choice section that I wanted to look over. I decided to finish off the PBQ’s to the best of my ability and hope for the best. When the time elapsed, I exhaled and felt distraught. I completed the survey and was now waiting to see how far I missed the passing score. When I got to the last screen, to my amazement, it said I passed the exam. I belted the loudest shout in my recent memory and thanked God for pulling me through.
Preparing for the Exam
To begin, you should have an idea of your knowledge base and any past experiences you may have had in IT. Preparing for this exam can take anywhere between just two weeks to even six months depending on the individual. The recommendations I lay out are all contingent on the foundation of these IT principles. Below are some study plans of what I think will be effective for various individuals.
Beginner:Length of Study - 4 to 6 months
Most people recommend taking a practice exam to gauge where you are at regarding the material. In my opinion, if you have little knowledge of IT, I do not recommend this and would advise people to first get a decent enough foundation in the basics of IT. To do this, I recommend starting with ITF + if you truly know nothing about information technology. There are many free resources for this certification but I would just recommend a simple video series such as Tech Gee’s playlist which I have linked below. Individuals should spend a week or two with the ITF+, paying special attention to both the networking & security sections and not taking this exam. Starting here is all about getting you familiar with the lingo of IT and exposing you to the absolute basics of Information Technology.
After this, the CompTia A + is where you will gain more of an in-depth understanding of those principles you were exposed to. The A+ is a two part exam covering a wide range of topics. For this part of the preparation, I recommend taking 2 or 3 weeks going through the material BUT here is where you will take brief notes on the networking and security sections only. Reason for this is not to tire you out with constant note taking but at the same time, narrowing your focus to these two sections which ultimately make up the bulk of your exam. Professor Messer’s free youtube videos. With this basic knowledge, individuals can now move on to the network +, which in my opinion, is a lot more advanced than the A+.
Before you can protect a company’s network, you gotta know how it works. Enter Network +. These networking concepts can take a while to learn but they will be invaluable as you progress in your career. Sticking with Professor Messer, I would take 2- 4 weeks to learn this material, paying close attention to the domain's networking concepts, networking troubleshooting & tools and networking security. Taking more notes here will be beneficial.
With these networking concepts under your belt, the Security + certification is now in plain sight. Before starting to study for this exam, you should book an exam date roughly 30-60 days out (30-45 is recommended). With this phase of studying, flashcards, practice questions, practice exams and practice labs are key. Professor Messer, Jason Dion, Darryl Gibson and Andrew Ramdayal, once you put the work in, will ensure one’s success in taking the exam.
Intermediate: Length of Study - 1 to 2 months
People that fall in this bracket generally are seasoned in IT with work experience ranging from 6 months to a year usually as a help desk analyst. They tend to have a decent foundation in IT and thus, already possess knowledge from A+ and in some cases, Network+. In this scenario, I would take a practice exam first, identify one’s weak points and go from there. Generally speaking, focusing on networking principles would be their best bet which will involve note taking ,flashcards and practice questions. To do this I recommend using free resources like Professor Messer:Network + and ExamCompass: Network + Practice Questions. After this, one can start Security + preparation which consists of Professor Messer, Darryl Gibson, Jason Dion Practice Exams. This should take roughly 45 days to 2 months depending on the person.
Advanced: Length of Study - 2 to 4 weeks
Individuals that fall in this category tend to have worked in the space for about a year to two years. Also, they have a good foundation on networking principles. Recommendations for this level are 2- 4 weeks of studying which consists of Professor Messer, Darryl Gibson, Jason Dion Practice Exams. Labs for Performance Based Questions should not be an issue due to prior experience but it is still recommended to do some during the time period.
Closing Thoughts
This exam by CompTia does a great job of ensuring that one understands the basics of Cybersecurity. It has given me a fundamental knowledge base which I have used in my career thus far. Also, this is a popular certification that attracts the attention of recruiters so it possesses hiring power. It is costly to obtain but there are ways to reduce the costs such as looking for student discounts, general discounts or having an employer reimburse you for the exam. You may look at other resources like Youtube videos or blog posts and realize that other people’s experience in passing this exam seemed way more simple than mine. This may definitely be the case but I wanted to share my experience and let others know that even though it may take longer than expected because of external circumstances, the blood, sweat and tears will be worth it. This certification is worth its weight in gold. Even if you don’t take or pass the exam, the knowledge gained from it can help you in your interviews. Remember, a solid textbook, a video resource, flashcards and practice exams are all you really need. Good luck on your journey!
Triminator
Resources
Exam Objectives Security + 601: comptia.org/training/resources/exam-objecti..
Darryl Gibson Security + 601: amazon.com/CompTIA-Security-Get-Certified-A..
Professor Messer Security + 601 : professormesser.com/security-plus/sy0-601/s..
Professor Messer A+ : professormesser.com/free-a-plus-training/a-.. professormesser.com/free-a-plus-training/a-..
Professor Messer Network +: professormesser.com/network-plus/n10-008/n1.. ITF+ youtube playlist: youtube.com/playlist?list=PLRz6WSRkXmiE6Atx..
Learn Zapp: Darryl Gibson Security + 601: learnzapp.com/apps/securityplus
Jason Dion Practice Tests Security + 601: udemy.com/course/security-601-exams
Andrew Ramdayal SY0-601 labs - udemy.com/course/comptia_security_sy0-601_c..
ExamCompass: examcompass.com/comptia/security-plus-certi..