Security+ Exam Prep Tips

What would you recommend to prepare for the Security+ exam?

This question keeps showing up in my inbox and/or on social media timelines, so I’m making my answer public.

I used Darril Gibson’s blog & his Security+ prep book.

He does an outstanding job of keeping fresh content on his blog, so I highly recommend it for college students and others preparing for the exam.

Many people recommend starting with the A+, then going Network+. I do not have the A+ or Network+ cert, but Darril has lots of content on his blog for those certs too.

My certification journey was a little different. I went down Security+ Street, took a left at CASP Avenue, and ended up driving in circles on CISSP Spaghetti Junction.

In 5:00 traffic on a Friday.

And since I’m a glutton for punishment, I enrolled in a M.S. in Cybersecurity program.

Squirrel!

I also used O’Reilly’s TCP/IP Network Administration book to prepare for the Sec+.

This book made me rethink all my life choices while crying my eyeballs out because it was soooooooooooooooo dry.

BUT, I am a better professional because of it. You will be too.

I believe the TCP/IP book should be required reading for everyone entering the field because it is the foundation of what will have you burning the midnight oil (sometimes pronounced as “erl” if you’re from the dirty south) at various points in your career.

I’ve also seen various versions of people expressing frustration at having to practice rote memorization of certain Sec+ terms. Note that the Sec+, CASP, and CISSP exams use scenario based questions where they put you in simulated environment to perform tasks. If you fail those questions, you will not pass the exam, so I would advise against trying to memorize the book.

Instead, seek to understand the concepts and context of the questions. Understand why answers are right and wrong. Work through labs, end of chapter lessons, and practice quizzes.

If you did not understand certain topics or struggled in certain areas, then conduct more research on those.

The Command Line

You should also know how to perform certain tasks from the command line, not just for the test, but because you will need them on the job. Here are few of the most common Windows commands:

  • netstat
  • nslookup
  • regedit
  • ping
  • tracert
  • eventvwr
  • ipconfig
  • msconfig
  • perfmon

There are entire books dedicated to Windows command line tools, but you should have a good understanding of when to use the commands listed above to gather the system info needed to solve common problems. Again, these will come in handy at work and on the exam.

I sense a few Linux heads exploding and asking “well what about Linux commands!?”

My answer: write a post about Linux commands, tag me in it, and I’ll share it with our readers!

Each one, teach one.

Why do I have to do everything!

No seriously, I don’t recall Linux commands being on the Sec+ exam and every environment I’ve worked in was a Windows shop, so I limited the scope to top Windows commands.

Last but not least, you should know how to build a secure network, how to stop malware that bypassed a firewall, all common ports & services, and application security basics.

Common regulatory issues, SOX, PCI, and GLBA are also covered, so you should know those as well.

The exam is way more comprehensive than what can be covered in a single post, but I wanted to share (what little I remember) to help those coming into the field.

There are many opinions for & against pursuing certifications. From my experience, you will need formal education and certifications.

Yes, there are people who succeed without any of this, but as a woman in a male dominated field, you do not have the privilege of leaving any part of your career up to chance.

Get your credentials!

If you’re planning to pursue this certification, start by downloading the Exam Objectives from CompTIA’s website.

Then head over to Amazon to purchase Darril Wilson’s Sec+ prep book.

Grab some coffee (or vodka & cranberry with a splash of sprite if that’s your thing) and start reading the Security+ section of Darril’s blog.

I’ve also heard great feedback about Professor Messer’s YouTube videos if you need another resource to fully grasp certain concepts.

I did not have to use any exam prep outside of Darril’s blog, his book, and O’Reilly’s TCP/IP book. However, I was already in the field and making mistakes that I had to learn how to fix. Therefore, you should prepare according to your current bullet holes, ahem, knowledge base.

ICYMI:

You must GET OUT to advance your career.

Also, LinkedIn & Mr. Robot may make it appear that security is all about hacking. I assure you, security is not just all about hacking.

If you need some inspiration from women who are killing it, our #WeCyberToo campaign celebrates our contributions to the field.

Here’s an amazing 22 year old Cyber Threat Defense Analyst.

Here’s an outstanding Security Engineer who brute forced her way into cyber opportunities.

Here’s a marketing professional turned Senior Associate in Cyber.

Here’s a boss, CEO of her own security company.

The best part about these women? They are all giving back to their communities because…

 

@HiddenCybFigure