Henry Dalziel | Information Security Certifications | July 12, 2016
In this blog post we interview Darril Gibson, the author of very popular and excellent publication titled: “CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide”.
We’ve had literally thousands of students come through our virtual doors asking for help and advice with obtaining Cyber Security certifications and training advice. Many of our visitors would like to study entry-mid level certifications and Security+ is a very much an ‘in-demand’ security certification. Traditional study books, in our opinion, are still one the best ways to teach yourself practical skills and Darrill’s book does an excellent job at teaching you everything you need to know to pass Security+ first time. The CompTIA Security+ Get Certified Get Ahead SY0-401 Study Guide is an update to the top-selling SY0-201 and SY0-301 study guides, which have helped thousands of readers pass the exam the first time they took it.
Do you prefer performance based questions, and would you like to see more of this type of assessment over multiple choice?
As a test-taker myself, I like the variety that performance-based questions provide. As someone that holds the certification, I like that they test someone’s knowledge at a deeper level than a standard multiple-choice question. This adds values to the certification. In contrast, if someone can memorize questions and answers and pass the exam, then anyone can memorize questions and answers and pass the exam. I think the mix that CompTIA is currently doing is good so I don’t think more performance-based questions are needed. It’s also worth noting that one of the best strategies when approaching these questions is to skip them, and then come back to them after you finish the multiple-choice questions. Also, when using any type of practice test questions, it’s important to know why the correct answers are correct and why the incorrect answers are incorrect. This way you can accurately interpret the live questions and answer them correctly no matter how CompTIA words them. Quality practice test questions have explanations to help you gain this knowledge. Unfortunately, some practice test questions don’t have explanations and are not accurate, causing people to memorize inaccurate information.
Although CompTIA state that there are no prerequisites to take Security+, what advice would you give to aspiring students seeking to pass Security+? In other words, what should a student know before starting the course?
To successfully pass the exam, you’re expected to have at least two years of experience working with computers in a networking environment. Having the Network+ (or the equivalent knowledge), should help you quite a bit. However, I have taught students in a classroom environment that haven’t had that experience, but still passed the exam. For example, personnel involved with physical security within a DoD environment are often required to get the Security+ certification as a job requirement. They don’t work with networks at all. Admittedly, they had to study a lot more than someone with the networking experience, but they were still able to pass the exam. Along those lines, I took the time to repeat some of the relevant networking topics in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. The study guide doesn’t reteach the topics at the same depth as a Network+ study guide would, but it does help people remember what the know, and realize what networking topics they might need to study up on a little more.
It’s a widely accepted fact that there is a chronic shortage of cyber professionals; what area or niche would you recommend to specialize to enhance employability? For example, SCADA, or healthcare etc?
I don’t think there’s a single answer that fits all circumstances here. However, a couple of things come to mind. First, pursue what you enjoy. Some people love the logic found in routing tables and firewall rules. Building on their networking experience with Cisco certifications might be perfect for them. Similarly, some people want to dig deeper into cybersecurity and the CyberSec First Responder certification might be a good next step. It focuses more on threats and vulnerabilities, and methods used to protect networks and computers from attacks. Second, pursue the opportunities in front of you. If you’re working in a network with supervisory control and data acquisition (SCADA) systems, it’s worthwhile to dig into methods used to protect them. Similarly, if you’re working in a medical environment, it’s worth your time to study some of the relevant laws related to securing protected health information (PHI).