My Process for Passing the Security + Certification
This past week, I took and passed the CompTIA Security + (SYO601) certification exam. Getting there wasn’t the easiest and definitely had some bumps along the way.
Coming into the InfoSec community from business with a business degree, I knew that I had to find a way to prove my knowledge. At first I was concerned that I would have to go back to college to get another Bachelor’s degree in CompSci or something related to computers. In many other fields this would definitely be the case, however in my research and talking to people in the field, I realized that it is possible to demonstrate my knowledge through a certification process.
I began to look into the many certifications in the InfoSec community, and settled on two that I would focus on, CompTIA Security+ and ECCouncil’s Certified Ethical Hacker. My reasoning behind focusing on these two is that they both seemed like great entry points for learning more about InfoSec and would give me a better idea of what I wanted to do. I figured that the Security+ certification would give me a taste of the “blue side” while the CEH Cert would give me a taste of the “red side”. Thankfully, my local college had prep courses for both, so I decided to enroll. I figured that I would take both exams in September after the courses were finished. The courses were due to begin in the end of June at the start of the summer semester.
While I waited for my courses to begin, I took the time to start self-learning. Using resources such as TryHackMe, PortSwigger Academy, TCM Security Academy, and some Udemy courses. I felt as though I was learning fairly well, and began to “learn how to learn” a new way. Although I was getting the hang of the Digital-Age of learning, I was excited for my “Boomer” classes to start. I felt as though they were going to help me lock in my knowledge and push me to pass these certs. I didn’t really believe that I could self-study and prep for these certs. I felt as though the guidance from a course would help me tackle what the huge amount of material I would need to know to pass these certs.
Before I knew it the first day of class for my CEH course began and I knew it was a great formula for me. My instructor was great and I felt as though I had made the right decision to take these courses. Unfortunately the next week I got bad news. I got an email that I was being refunded for the Sec+ course, due to low enrollment. I was bummed, but knew that I couldn’t let this hold me back. It was just one pothole on the road to my new career. It was at this point, I decided to go through and self-study and self-learn the curriculum for the cert. Below I will go through the process that I used as well as the materials that I used.
In order to first get a grip on the material, I bought a couple of books. The first book I purchased was from the “Get Certified Get Ahead”. Although I had decided on taking the Security 601 course, I still purchased the printed book for 501. I also purchased the 601 book, but due to the fact that it was only digital, I wanted a print copy of a book to be able to physically go through and read. Personally I love the feeling of a book in my hands, and the fact I can mark it up and highlight.
The next resource I went and acquired was a course on Udemy. There were so many to decide upon, but I ended up deciding upon Jason Dion’s course. I read many reviews online and it seemed like this course had what I was looking for. It also helped he had a pack of practice tests that had some very good reviews. Once I had my study materials, I went straight to work. I first went through the Udemy course. I made sure to adamantly take notes. I did these very shorthand, so I would be forced to go through each night and review and clean them up. This helped me review the material I studied each day and kept it fresh in my head, while also preparing a study guide that would come in handy later.
On top of the video each day, I started off each day with a cup of coffee and a chapter from my GCGA book. I really enjoyed this as it helped me learn the material in a different way. Each instructor had their own flavour of teaching and when it came time for the exam, it helped approaching some of the concepts from different angles. Another thing from the book that definitely benefited me was the end of chapter quizzes. Each time I would finish a chapter, I would take the quiz at the end. I would then take the answers I got wrong and create notecards for the question. I made a notecard covering the concepts for the question, and then for each answer. When I took the cert test, I felt as though this paid off big time! I was often able to identify concepts that were out of place and be able to eliminate down to the correct answer.
Once I finished the books and the online course, I went through and did the practice tests provided by Jason Dion on Udemy. These were wonderful and I believe to be one of the most helpful resources towards passing the exam. With the practice tests I was able to focus on areas that needed improvement. For me it was policies. Once I had identified my weaknesses I found some YouTube resources. I really enjoyed the YouTube videos from Professor Messer. I started to feel as though I had a solid understanding and started to be more confident.
While I was at home I was going through my Joplin notebook with my collection of notes from the videos. While I was on the go I had my ever increasing stack of notecards. I even brought them to Universal Studios. All of this really took the concepts from things I knew, and engrained them into my memory.
The day leading up to the test, I was so nervous, seriously haven’t been that nervous since taking the SATs. I felt the financial pressure from the cost of the test, I knew if I didn’t pass, I would have to pay again, and I really didn’t want to have to do that. However this wasn’t the worst of pressure. The worst was the looming dark cloud, that would grow ever bigger if I had failed. The previous months of work and studying would feel like I hadnt accomplished anything. On the night before I had many nightmares. However I have always taken pride in my ability to operate and excel under pressure.
The morning of, I woke up and went through my morning routine of review and coffee and left for the test. Fortunately my worries were wrong, and I was able to pass the exam and boy was I relieved! All my hard work amounted to success.
Lessons Learned
One of the the skills that is vital to the InfoSec industry is to be able to look at an event, evaluate how the event went, and then do a lessons learned report. Here are the lessons I learned and how I would improve upon them if I could go back and do it again.
Rather than go with a Udemy Course, I would have preferred to go directly through the instructor’s site itself. After finishing the Udemy Course, I learned that on the instructor’s site there are more activities including more Performance Based Questions. I also found that on his site he has a program where if you don’t pass, they will give you a second chance at the test. I feel as though it would have eased my mind slightly, but I also felt that the pressure gave me a bit of an edge.
Another issue that came up for me is the fact that I had waited a little bit to do the notecards. If I was to go back and do it again, I would have done my notecards as I watched the videos and read the book through the first time. I feel as though I would have been able to get more acronyms under my belt.
Conclusion
Well if you made it this far I appreciate you reading through my process. If you are in the position where you are looking to take this exam, I highly recommend it. I felt as though I learned a lot from the material covered as well as helped me get a solid knowledge base to learn on.
Now that my test is done, I am excited to get back to working on the offensive side of InfoSec. I will make sure to start posting write ups in greater frequency, and I was even lightly weighing, either streaming or recording some Boxes and and putting them out there. Anyway thanks again for reading through my process!