I passed CompTIA Security+ today. This is not a difficult exam, and if you have some computer security experience, it isn’t too challenging. The reason I took this, and maybe why you should as well, is that it is one of the required certifications for Federal Information Assurance employees, as recently required by DoDD 8570. Who knows, maybe you’ll be a Federal employee (or contractor) someday…
Read more on what they were like and why you should take them…
Security+ is considered an entry level certification. DoDD 8570 says: “The certification requirements of this Manual apply to DoD civilian employees, military personnel, [Local Nationals], and support contractors performing [Information Assurance] functions…” When I used to work as a civilian Federal employee (GS-2210-13) at the United States Property and Fiscal Office for California, even though I was assigned as a system administrator, I was considered to have IA duties, and was therefore required to be certified as specified in this regulation. Although I’m happy in my current role at Cal Poly, I like to keep my options open, and I might be a Federal employee (or contractor) again someday. (If nothing else I’d like to contribute to the Thrift Savings Program again. TSP rocks!)
As far as getting ready to take this, it was straightforward to prepare for. One gotcha is to make sure that you get test prep materials for the version you plan on taking. I took the “2008 Objectives”. There are still a lot of preparation materials out there for the old versions of the test which are deprecated now. CompTIA has announced the “2011 Objectives” but most test prep materials are not available for this, the latest one.
I used Darril Gibson’s “CompTIA Security+: Get Certified Get Ahead: SYO-201 Study Guide”, ISBN-13: 978-1439236369. This was a good refresher on basic computer security. If you’ve been doing computer security for a while like I have, it’s a fast read. I went through the whole book in a weekend.
I bought Kaplan SelfTest’s SYO-201 Security+ 2008 Edition. I took the practice exam at least once a day for a month or so, like 25 times.
Note that most people take SYO-201. I work for an Education To Careers (E2C) member institution, so I took the E2C version, JKO-015. Both of these are the same test, the E2C version number just indicates that you used an E2C voucher to pay for it. (This is reflected in the “Test Details” column on the right side of the CompTIA Security+ page.)
The exam is 100 questions, and you get 90 minutes. The actual questions are very much like the book, and very much like the practice exam. There was perhaps a couple of questions I needed to think about, but in general I blasted through the exam as fast as I could click the answers. Even with completely reviewing my work at least once, I completed the test in less than 30 minutes.