Around a week ago I sat in a Pearson VUE center for the third time this summer and took the CompTIA Security+ exam, which was the last exam that I had set out to take this summer as part of my goal to prove my skills in the field of cybersecurity. The title of this post may have spoiled it, but I did manage to pass after a little over a month of studying – marking the end of my certification spree for the time being. This exam was pretty difficult and had a lot of tricky terminology, but I managed to work through it and obtain my Security+ certification. Here is how I went about studying for it:
The Study Plan
As this was my second CompTIA exam, I already knew a bit of what to expect in terms of exam structure and how questions would be worded – which made this process a little less stressful in comparison to Network+. While my study plan for Network+ was very thorough, I realized that there was quite a bit more content in this exam and felt that it may not be necessary to grind to the degree that I did for Network+. Because of this, I relaxed my studying quite a bit – instead focusing on the concepts that I didn’t understand fully and targeting more practice towards those subjects. I have to admit, I was also getting a bit burnt out by this point after working tirelessly to pass the Network+ exam, working full time, and spending a week at the SAE AutoDrive competition. I wasn’t nearly as rigorous with the frequency of my studying, and when I did study, I didn’t spend as much time as I had previously on Network+. Because of this, it took a little over a month to cover all of the content.
Once again, I chose Professor Messer’s videos to work through all of the concepts as I really like how he structures his lectures into bite sized pieces. In order to ensure that I was retaining all of this information, I used a paper notebook to take notes on important concepts and components that I hadn’t been introduced to yet. This was a slight departure from my Network+ studying, where I wrote very thorough notes for every concept – even if I understood it. I also dropped the digital note-taking part of my study plan, as I didn’t feel like typing everything out after already writing it. While this left me without a pretty web of notes and no way to quickly search through my notes, I felt that this simple strategy made studying a bit more approachable even when I was feeling out of it.
After working through all of the core concepts, I looked at the objective sheet and went from top to bottom, noting which concepts I needed more time to study. This was very helpful for filling in the gaps of concepts that I either didn’t fully grasp from Messer’s videos or just wasn’t comfortable with yet. I took these concepts and researched them more thoroughly by finding articles and reports about them online. With all of this out of the way, I spent the last week before my exam reviewing all of my notes and ensuring that I felt comfortable with each concept.
This study plan was effective and allowed me to pass Security+ on my first attempt, which was definitely a major concern I was worried about initially. I’ve heard stories about how difficult the exam was, and with a higher bar to pass than Network+ I definitely knew that there was a very real possibility of failing if I wasn’t feeling fully confident walking into the exam center. This exam was definitely not easy, and I had to go over my answers multiple times to make sure I was providing the best answer, not just the one that spoke out to me on my first read-through. With this out of the way, I feel like a weight has been lifted off of my shoulders for the time-being.
Next Steps
As I mentioned in the beginning, this was the last certification that I was hoping to obtain this summer – I’ve managed to achieve the goal I set out for myself in May. Over the last 3 months, I have obtained ISC2 Certified in Cybersecurity (CC), Qualys Certified Specialist: Web Application Scanning (WAS), CompTIA Network+, and CompTIA Security+. This was a pretty intense stretch of time, and I’m glad I managed to pull all of this off. At this point, I want to gain more hands on experience to prove that I have a solid foundation of key concepts in this field. I was considering studying for the Blue Team Level 1 certification, but I’m not fully sure I will be able to get it completed before the semester starts up – we’ll see if I feel like tackling that at some point soon.
There’s still a bit of time left before I go into my last semester of undergrad, so I’m definitely not wasting the free time that I have. While I will enjoy the remainder of summer, I am also working hard on projects to showcase the skills I have learned. My homelab is coming along very nicely, with my next portion covering network segmentation and adding a firewall nearly complete – look forward to an update on that in the next week or two. This summer has been very busy, but also very transformative and fun at the same time. I look forward to pushing myself further and sharing these experiences with the world.