Yesterday I became CompTIA Security+ certified on my first attempt. The exam consists of answering 100 questions within 90 minutes and having a score of at least 750 out of 900 to pass. The SY0-201 exam objectives required both a broad and deep knowledge of many topics. Combined with this exam being the furthest outside my daily duties, it was actually the most challenging exam to take and prepare for. Adding it to my previously held A+ and Network+ certifications, I now hold the big three and am certified for life (immune from the 3-year renewal/continuing education requirements).
Preparing for the exam took much longer than I would have expected due to a hectic life schedule and becoming overwhelmed by some of the topics. My preparation mostly consisted of reading through and studying the CompTIA Security+ All-in-One Exam Guide, Second Edition (Exam SY0-201) book. The book consists of over 500 pages of reading through topics in addition to a useful appendix. The Security+ Guide is organized well and breaks these over-arching topics down by chapter: Security Concepts, Cryptography and Applications, Security in the Infrastructure, Security in Transmissions, and Operational Security.
Overall the book was very comprehensive and I can gladly continue to recommend the All-In-One Guides as great resources. With the Security+ guide, however, I had two complaints. The first complaint is one of the things that really slowed down my studying. I got really bogged down in the public key cryptography section. The book gets very deep at that point and I felt overwhelmed with how much I needed to learn to understand it. The good thing that came out of it is that by “learning to swim” in that section, I attained a much better knowledge of the topic than I normally would have or if the book had let me off easily. The unfortunate side effect was that I set the book down for a little while after because I was afraid of encountering other topics that required that much dedication.
My other complaint with the book was its redundancy. It seemed like you could tell there were multiple authors to the book because of some of the overlap. You might have just finished reading a very in-depth chapter on a certain topic only to proceed to the next related chapter and receive a glossing over of the very topic you just read. It seemed more tedious than helpful review but it was also nice that each chapter could be read independently and in your preferred order. The book can be seen as a text book for that reason and could use some tweaking for the cover-to-cover reading.
After getting inundated with life and a heavy chapter in the book, to get myself to pick the book back up and increase my studying I purchased an audiobook lecture series from PrepLogic. Their lecture series for CompTIA Security+ (SY0-201) served the dual purposes of making my commute more productive and getting my mind back on IT Security topics. The lecture is a little over 3 hours long and covered a variety of topics, though serving as more of a glossary and not having much depth.
I recommend on making any PrepLogic purchases through Amazon (Audible) after I received an annoying call from one of their sales guys who was clearly failing at using a CRM. It was an annoying process and if I can spare anybody else from Brent, I will. (Though I did get a nice follow-up call from a customer relations manager who offered to add me to a do-not-call list.)
After getting back on track and studying through the all-in-one guide, I finished reading the book with some intense study sessions. Another strong area of the book was the questions/answer practice exams at the end of each chapter. It helped assess how much of the chapter I understood and other topics I should review before the exam.
You have a month to take the SY0-201 exam if you want to be “certified for life“, so it’s still doable. If you start studying but don’t plan on taking the exam until 2011, be aware that there will be new objectives coming out with a SY0-301 exam (PDF) next year. The only “consequence” for not completing the exam before the end of the year is that a continuing education component will be added to the A+, Network+, and Security+ certifications.
Anybody else see a parallel between CompTIA’s A+, Network+, and Security+ certs and DC’s trinity of Superman, Wonder Woman, and Batman?