It would be difficult to talk about must-have IT certifications without including a security certification. There are many security certifications today including, Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP) and SANS GIAC Security Essentials (GSEC). Those certifications are all more advanced and require a good amount of experience before taking them on. For this entry in the Cleared & Certified series, I’d like to focus on a foundational certification, and one that everyone should have in IT, the CompTIA Security+ certification.
CompTIA has been putting out very popular certifications and to date has granted over 2 million IT certifications worldwide. The Security+ certification has become extremely popular and mandatory in many institutions both in the public and private sector. Thanks in part to the Department of Defense Directive 8570, which defines what is required for an individual to access a DoD IT system. There are several different IT certifications which an employee is required to have depending on their job function level. For most, DoD 8570 will require you to have the Security+ certification. Since this site’s primary demographic is individuals with clearance jobs looking for positions within government facilities, it is as close to requirement as you can get to have this on your resume.
This is the first certification you should obtain if you want a career in IT security. Even if you don’t plan on having a career in security, it is really one of the ‘should have’ certifications on your list. The Security+ certification builds a foundational knowledge of security concepts, to include physical aspects of security and social engineering. Security+ is a stepping stone to both intermediate and advanced security certifications such as the CISSP and CEH. Security+ is approved by US DoD 8570/8570.01-M requirements and is also ISO 17024 compliant.
To get an idea of what will be covered in depth in the Security+ curriculum, here’s a snipped from CompTIA’s website:
- Threats, Attacks & Vulnerabilities – Detect various types of compromise and have an understanding of penetration testing and vulnerability scanning concepts.
- Technologies & Tools – Install, configure, and deploy network components while assessing and troubleshooting issues to support organizational security.
- Architecture & Design – Implement secure network architecture concepts and systems design.
- Identity & Access Management – Install and configure identity and access services, as well as management controls.
- Risk Management – Implement and summarize risk management best practices and the business impact.
- Cryptography & PKI – Install and configure wireless security settings and implement public key infrastructure.
Security+ training is offered by many companies, however it is important to research the training offered and ensure that it is legit. CompTIA offers Security+ training through their CertMaster Learn platform which is an eLearning approach to training. The training is customizable and performance-based. The CertMaster course is license-based and on-demand. It will cost you $499 per license or you can pay $899, which comes with an eBook and an exam voucher. An on-demand course or a virtual classroom course is your best bet for Security+. I do not see a need for an expensive $2000+ in person course unless your company is sending you. If you have some experience with security and feel confident, then I believe you can skip the training altogether. Pick up a copy of the Security+ All-in-One Exam Guide, read it cover to cover a couple of times and take the exam.
Security+ Exam Details
The Security+ exam is a fairly easy exam if you study the course material or book and have a good grasp of the key concepts. Of all the certification exams I’ve ever taken, I consider this one to be the easiest. The exam voucher will cost you $339 which is a little higher than some other certifications of this level. The latest version of the Security+ exam is SY0-501, which was launched in October of 2017. There is a mixture of 90 multiple choice and performance-based questions on the exam. You will have 90 minutes to complete the exam and the results are immediate. The exam can be taken in English, Japanese, Portuguese and Simplified Chinese. Every 3 years you are required to renew your certification, otherwise it becomes invalid.
What After Security+?
If your goal is to become a security professional and you plan on spending your entire career in security, then you can begin pursuing other more advanced certifications. Most of the advanced certifications require a minimum amount of hands on experience that can be confirmed. Good next step certifications are CEH, CISSP and any GIAC certifications.
Is it For Me?
Security+ is for everyone. Anyone with a desire to have a career in IT supporting either the public or private sector should obtain the Security+ certification. Security is a big deal, especially with all of the hacks of personal and financial data, as well as corporate espionage. Security+ will elevate your resume and open up opportunities for you in your career.