[This post was originally published on August 22nd 2013, and updated on February 13th 2019.]
The security of computer systems, mobile devices, and other technologies is an ever-growing concern throughout the world. Modern society depends on computer systems and networks to run everything from vital resources to simple communication.
The interconnectedness of systems and reliance on technology results in a demand for greater security measures to protect people’s personally identifiable information (PII) and keep everyday life at a functional state. These reasons led to the creation of the CompTIA Security+ certification and it’s acceptance across government and private industry as a standard for entry level security knowledge.
Security+ (Plus) – A Vendor-Neutral Security Certification by CompTIA
For starters, this certification is vendor-neutral, meaning that no for-profit organization sponsors it or has invested interest. For example, Microsoft or Red Hat certifications apply specifically to Microsoft and Red Hat technologies. So if you work for a company that doesn’t utilize those specific technologies, your certification does not carry as much weight. CompTIA certifications, however, broadly cover a topic area and touch on multiple different technologies. Security+ is internationally-recognized. Therefore any person who holds the certification can apply it to organizations located both in the United States and abroad.
On top of that, Security+ certification is also approved by the Department of Defense (DoD) to meet Directive 8570.1 requirements. If you’re seeking employment in the government, then it is a required certification.
Since when we first published this blog post in 2013, Security+ is still a top cyber security certification, in high demand, and continues to serve as a fundamental certification for professionals starting an IT career or others wanting to build a career in cyber security.
Take the recent partial government shutdown as an example of its appeal to government workers. Phoenix TS provided a free training for CompTIA Security+ to government employees affected and temporarily not working. The interest in the training was overwhelming and speaks volumes to the value of the certification.
Who is Security+ for?
The CompTIA Security+ certification is designed for individuals beginning a career in cyber security with responsibilities related to securing network devices, network services, and network traffic.
Also important to note, though prior knowledge is not required, it may be helpful to have at least two years of experience working with networks and adept knowledge of security concepts. It may also be helpful to hold an active CompTIA Network+ certification prior to preparing for Security+.
Is Security+ Worth it for a Cyber Security Career?
Many cyber newbies leverage Security+ to break into the IT field because it is an entry-level certification. Once they gain employment with an organization, they use their time to nurture skills and apply the knowledge from Security+.
The number of jobs available for Security+ certified folks exceeds the supply in many parts of the US in particular and the earning potential, the average salary is $79,000 in the MD-DC-VA metro area. Understanding of basic security measures is a requirement today for any IT position and Security+ validates your understanding.
We can’t convince or make the decision for you. To see what other security pros, Redditors, and Spiceworks members say about the certification, read this blog post, “Is CompTIA Security+ Worth It?“.
What it takes to pass the Security+ exam
The obvious first step towards passing the Security+ exam is to sign up for a training course where you can learn about the exam objectives, skills, and knowledge from an experienced instructor who’s taken the test before. The instructor’s experience, as well as the learning environment, is your best asset.
- The exam consists of 100 multiple choice and performance-based questions.
- You have 90 minutes to complete the exam
- Must score 750 out of 900 to pass and receive your certification.
Security+ Exam Objectives:
The latest version of Security+ exam SY0-501 holds the following objectives:
- Threats, Attacks, and Vulnerabilities (12%)
- Technologies and Tools (22%)
- Architecture and Design (15%)
- Identity and Access Management (16%)
- Risk Management (14%)
- Cryptography and Public Key Infrastructure (PKI) (12%)
In addition to training where you learn from an experienced instructor, you need a good study plan. If you haven’t done so already, download our study guide below.
A comprehensive study guide helps you focus on learning the right material, rather than worrying about what is important to concentrate on. You can also read more about the Security+ exam updates here.
After You Pass: Security+ CEs and Certification Renewal
The Security+ certification lasts 3 years. If you don’t maintain it, you will have to retake the exam. There are several ways to maintain your certification through the CompTIA Continuing Education Program, which requires you to earn Continuing Education Units (CEUs) in order to keep your certification active.
You can earn them by taking a newer version of the exam or attending additional training classes. You can also participate in industry events and seminars, or receive a higher level certification, such as CompTIA Cybersecurity Analyst (CySA+) or CompTIA Advanced Security Practitioner (CASP+).
Certification renewal should not serve as your main motivator for investing in continuing education to further develop skills and knowledge to help you grow and thrive in your professional career. Similar to the ever-changing cyber landscape, you must continually evolve and stay focused on learning. After you conquer Security+, look to develop new or hone underdeveloped skills, such as programming. Even programming skills are valuable in cyber security.