Journey to CompTIA Security+ Certification

Security+

Introduction

I’ve always been iffy when it comes to certifications. There’s a ton of debate that goes around certifications and if they’re valuable or not, or simply a waste of time and money. Being and IT student with no general knowledge or school courses in security, it’s more difficult for myself to get noticed. Having some experience in security certainly does help, but that its not enough to be considered

I’ve been doing a lot of research and looking around to see what hiring managers are looking for in a candidate. Having certifications is one of those requirements (aside from experience of course) that definitely gives you an advantage. I understand all recruiterss and hiring managers are not all the same but they do look for certain traits when filtering out candidates. But, I have noticed that certifications are definitely an asset.

Where I stand

With just one more semester before I graduate, I’m frequently looking at Entry level/Jr. position security jobs to get a feel for what recruiters and hiring managers are looking for. Besides relative experience, certifications is widely seen in job descriptions. Having minimal experience with no background in security, I know finding a job out of school will be very difficult. I believe that getting the CompTIA Security+ Certification will assist me in getting my foot in the door and starting my career.

This series will be a guidance, learning tool, and more importantly a reflection on what I’ve been studying ensuring I fully understand and comprehend what the book is trying to teach.

Daily routine

Having a daily routine has been a major part of my life the past couple years. As of late, I’ve been actively blogging about any security related experience, these are - security events and meetups, write-ups of challenges/ctfs, security frameworks and standards, and broken web apps. I find that being active and blogging about anything however big or small it is, keeps me motivated in learning.

Since the beginning of July I’ve been slowly studying for the Security+ Certificate. The past week I’ve been trying to find the right routine to incorporate studying for the Security+ Certificate. As of this blog post, I think I finally found a routine I can stick with until I take the Security+ exam in September:

  1. 6:30am to 6:50am - wakeup, get ready for work
  2. 6:50am to 7:20am - drive to work
  3. 7:25am to 8:30am - study for security+ certificate
  4. 8:30am to 2:00pm - work
  5. 2:00pm to 3:00pm - lunch break (I skip lunch and do more studying)
  6. 3:00pm to 4:30pm - work
  7. 4:30pm to 5:15pm - drive home
  8. 5:15pm to 6:00pm - eat and shower
  9. 6:00pm to 11:00pm - study, challenges/ctfs, or tackle broken web apps

Rinse and repeat.

Now, the question is… will I keep this routine up? As its only been a week since the start of the routine, I can happily say in confidence that I will. There may be some days where I will fall off and not study at all; but that won’t mean I’ll fall off completely. It simply means I had an off day. Everyone has their bad days and I’m sure I’ll have one when eventually. But I won’t linger on it and punish myself for not studying, I’ll suck it up and be back at it the next day and push forward. But as of right now, I’m rather enjoy my routine and proactively learning has been a vital part of my routine the past month.

Exam Objectives

Before we start the series tomorrow, having a good understanding what to expect from the exam is crucial. Knowing what to roughly expect can help immensely in passing the exam. Each category I write about will cover each domain and their subdomains:

  1. Threats, Attacks and Vulnerabiloties
    1.1. Types of Malware
    1.2. Types of Attacks
    1.3. Threat Actors
    1.4. Penetration Testing
    1.5. Vulnerability Scanning
    1.6. Types of Vulnerabilities
  2. Technologies and Tools
    2.1. Security Components
    2.2. Software Tools
    2.3. Common Security Issues
    2.4. Analyzing Security Output
    2.5. Securing Mobile Devices
    2.6. Secure Protocols
  3. Architecture and Design
    3.1. Security Frameworks
    3.2. Securing the Network
    3.3. Secure System Design
    3.4. Secure Deployments
    3.5. Embedded Systems
    3.6. Secure Application Development and Deployment
    3.7. Cloud Technologies
    3.8. Resliencey and Automation
    3.9. Physical Security Controls
  4. Identity and Access Management
    4.1. Identity and Access Management
    4.2. Identity and Access Services
    4.3. Identity and Access Management Controls
    4.4. Common Account Management Practices
  5. Risk Management
    5.1. Security Polices, Plans, and Procedures
    5.2. Business Imoact Analysis
    5.3. Risk Management Processes
    5.4. Incident Response
    5.5. Forensics
    5.6. Disaster Recovery and Continuity of Operations
    5.7. Types of Controls
    5.8. Data Security and Privacy Practices
  6. Cryptography and PKI
    6.1. Cryptography
    6.2. Cryptographic Algorithms
    6.3. Wireless Securuty
    6.4. Public Key Infrastructure

Resources

CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide (Darril Gibson)

Professor Messer’s SY0-501 Security+ Training Course

CompTIA Security+ Certification Exam Objectives