Very few certifications stand as prominent, well-recognized, and respected in the Information Security field as the CompTIA Security+ certification. Many employers, including the Department of Defense (DoD), consider it to be a minimum requirement, largely due to the wide range of topics covered and the tough-but-fair questions asked on the exam.

Every year, the exam is updated with input from security experts working in the field to better represent current technology. A percentage of the exam questions do not count towards credit, but act as a quality check to ensure that they are not worded to misleading or contain erroneous information. This quality check is another reason the CompTIA test remains the gold standard.

As you can imagine, with so much pressure on individuals to pass the exam, there is a temptation to cheat. It is inevitable, regardless of how many ethics agreements (which you are required to sign) or penalties CompTIA enacts, some will always share answers amongst friends or as part of large “test dumps” sold for money.

CompTIA actively combats this kind of cheating by continuously updating the question bank, and ensuring the bank is as large as possible. There have also been cases of people trying to take the exam for someone else, which has resulted in the requirement to provide photo identification and have your picture taken before the exam. If people put as much work into studying the exam as trying to cheat, I am pretty sure they would pass!

I first passed my Security+ exam in April of 2008. I have seen many people fail, and then retake the exam and pass. I feel this is because many people underestimate the exam or are unprepared for the practical portion of the exam which requires that you perform security actions in a simulated environment. This is another way that CompTIA attempts to combat test dumps.

In my own journey with CompTIA, I have written study guides, led study groups, and used a large degree of material over the years to help people to pass the test. I take cheating seriously. As each person who attempts to cheat devalues the worth of the certification. Not to mention, this is a HIGHLY ethical field; if you cheat your way in, that is a very bad start.

There are two major concerns I have continually heard over the years.

1. Cost
2. Test-taking Ability

I can sympathize with both concerns.

I like to use the example of a driver’s license. In order to drive, we need a driver’s license. This should not be cost-prohibitive or only a few people would be able to drive. A driver’s license fee covers the cost of preparing tests, creating study materials, and the technology used to administer the exam. Similarly, CompTIA has the same overhead. I have found that the cost of the exam (currently at $339) is one of the cheaper exams out there; some certifications cost several thousands of dollars. But it still can be a hard pill to swallow when you are unemployed and need the cert to get a job. Several companies will hire on a probationary basis, requiring a new hire to pass within a short period of time; many employers cover the cost of the exam.

Tests give many people anxiety and seems to favor those with very good English skills. However, to navigate the roads in most places, you do need to be able to read. Similarly, the information security professional will be required to read technical documentation or support users by email and help desk ticketing systems.

Occasionally, you need to renew a driver’s license. CompTIA used to have a good-for-life policy (I still have mine!). The current exam, however, requires an annual renewal fee and a requirement to submit continuing education (CE) credits. I have found them to be very liberal with what they accept for these credits. Make no mistake, this is something you will find in Information Security as well; you will always be learning new things just to stay up to date with the rapid pace of technology.

For those that want to continue in the field, there are higher level certifications available. Passing a higher-level certification automatically renews all prior certs and satisfies all CE requirements. I currently hold the CompTIA Advanced Security Practitioner (CASP+) certification, which I am proud of; it was a very difficult exam for me. There are a ton of certifications out there, but I feel like CompTIA has the name recognition and the credibility to make the time and monetary investment very much worth it.

For those that decide to take on the Security+, I would recommend the following resources:

• The Sybex Study Guide (what we affectionately call “the lighthouse book”): CompTIA Security+ Practice Tests: Exam SY0-501, by Chuck Easttom and S. Russell Christy
• Professor Messer
• The National Cyber League Games – This will help you the most with the hands-on portion of the exam! Here’s where you can find all of the National Cyber League Player Ambassador resources by learning objective found within the Games.

Feel free to list your favorite resources in the comments below!

Regards,

“Mako” McGill