CompTIA Security+ exam – my experience and prep tips

After weeks of prep, I finally took my Comptia Security+ SY0-501 exam this fall and, even though I thought I’m 100% failing, I passed with a surprisingly good score (784 out of 900). Never give up, guys, and read on to learn more about the learning resources and prep tips. It’s going to be a nice and quick overview of all the things that worked for me and a couple of strategies that may help you be more effective in your efforts.

What is CompTIA Security+ (Plus) Certification:

This certification is considered to be one of the top cybersecurity certs. It is vendor agnostic,  internationally recognized, and approved by the U.S. Department of Defense. It covers a wide range of domains from cloud services to organization security. Earners of this cert are qualified to perform core security functions required of any cybersecurity role.

According to CompTIA “earners of the CompTIA Security+ certification have the knowledge and skills necessary to perform core security functions required of any cybersecurity role. CompTIA Security+ professionals know how to identify and address potential threats, attacks and vulnerabilities and they have established techniques in risk management, risk mitigation, threat management and intrusion detection”. It also provides a basis for more advanced certifications. Recommended experience: CompTIA Network+ and two years of experience in IT administration with a security focus.

You can find more on the official CompTIA site here.

Exam version/number:

I took SY0-501 in October 2020. I could wait and take SY0-601 in November 2020 but I chose to stick with the old version since there were almost no prep resources for 601 and the exam objectives had some significant differences comparing to 501. If you are reading this in 2020 or early 2021 and you are hesitating about which version of the exam to choose, I would recommend checking this video from Professor Messer, I totally agree with what he’s saying.

My Background:

I know that many of you may be taking this exam without any IT experience, so I thought it would be worth mentioning that I was already working in IT for several years before taking this exam.

I worked in several roles ranging from web developer to IT Director and had some exposure and experience with many web-related tools and concepts including basic PKI concepts, web security best practices, cloud concepts, command-line tools, software development lifecycle, email, and DNS configurations, etc. However, I had to learn a lot about networking and protocols, cryptography, forensics, different types of attacks, penetration testing, threat detection/prevention software, and many other topics.

That being said, I know people are passing it without prior experience and I think it’s totally doable. You would just need to work twice as hard as someone familiar with the IT basics.

My Security+ prep tactics:

  • Looked online for other people’s exam experience and tips. This helped me identify what to expect and what to focus on.
  • Reviewed the official Comptia Security+ SY0-501 exam objectives to familiarize myself with the concepts and skills I’m going to be tested on.
  • Watched video lectures and video courses and took notes (I’m a visual learner) and made sure I understand everything lecturers were saying (did additional googling/research when needed).
  • Reviewed the official objectives again (every single item on there) and made sure I was able to describe all the items mentioned there, give comparative analysts, and provide real-life use-cases and examples.
  • Did additional learning & research on those items that I was not comfortable/familiar with.
  • Read a book and did the labs and practice exams that came with it.
  • Scheduled my exam. I was not comfortable taking the exam at this point, but I wanted to give myself a hard deadline as it started to feel like an endless process.
  • Did multiple additional practice exams and made sure I score 85% or above.
  • Took the test.

Best CompTIA Security+ SY0-501 study resources I found:

Tips, tricks, and strategies for the exam:

  • Study using different/multiple resources (one resource won’t cover all the topics 100%)
  • Always check with the exam objectives⠀
  • Do lots of good practice tests (questions are tricky, you need to get used to the style and the types of questions being asked)⠀
  • Do lots of real-life practice especially for technologies and tools (and especially if you don’t have experience with them)
  • Watch your time on the exam (I almost failed this one). Anxiety and second-guessing may play a bad trick on you.
  • You may want to skip the performance-based questions and do the rest of the exam first. You can go back and do them later when you’re done with multiple-choice questions.

That’s it. I hope this helps someone else to pass the exam and start their path in cybersecurity.

Leave a Reply

Your email address will not be published. Required fields are marked *