I decided to study and sit for the CompTIA Security+ certification primarily because I followed what turned out to be the good advise of Darril Gibson where he suggested a reasonable order for tackling cyber security certifications.
Having chosen CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide (also written by Darril Gibson) on the Kindle as my primary study book, I followed another excellent tip Gibson gives right at the top of the book: Schedule the exam 45 days from the beginning of your studies. The reasoning is that this self imposed deadline forces procrastinators to dig deep and finish rather than start and stop and start and stop, possibly never even taking the exam. Although at times, given this seemingly arbitrary timeline it seemed I was destined to fail (and I feared, fail hard) it turned out to be a great way to focus and set a realistic timeline for completion. Sometimes there’s no better motivation than a “hard out.”
Study Duration: 45 Days
Exam Voucher Cost With Retake: $397
Resources I Used To Study With >>
The first thing I did was read through the entire book front to back with a liberal sprinkling of Google and YouTube’ing. As a digital companion to Gibson’s book Professor Messer was absolutely invaluable when I needed a deeper understanding of any given topic. He has a massive library of topics on YouTube where he dissects topics in a straight forward and concise way.
Because I was reading with a Kindle, at every point in each chapter where Gibson suggested that something was crucial and that you should remember, it I highlighted that specific portion and saved it using Kindle’s very handy highlighting functionality.
Then, while many out there would consider this old fashioned, the most effective study method I used was flash cards, yes literal flash cards and I LOVE flash cards.
With all of the digital tools out there what would possess someone in this day and age to write using bits of cardboard and pens? Simple: First, flash cards force you to slow down and break something complex down in a concise manner, and if you can understand it then you are 99% there. Second, flash cards are great because you can carry them around in your pocket and can whip them out while you are waiting for a bus or for your meal to come at the local Panera (Note: I did a lot of studying at Panera, free WIFI and delicious lunch), or, if inspiration strikes, in the bathroom. The point is they are easily accessible, cheap and very powerful tools.
At this point, I shifted my methods:
- In my studies with my flash cards I began putting cards that I felt I had “mastered” to the side and only studied cards that I even had a minimal level of difficulty with, leaving about 50% of the cards to look at.
- I voraciously searched up every free online practice questions resource I could find. There are MANY! You may find a lot of older questions that are labelled for earlier exams like the SYO-401, but they are still very useful. Take them all! Grain of salt: Some of the questions have the wrong answers, so if something seems wrong, research it and confirm it. It’s more opportunity to study.
- I also paid for Darril Gibson’s website with example questions. I believe the total was roughly $30 but I see either the prices have gone up to $49.99 or I misremember the price I paid. Either way, well worth it. This guy is the bomb.
A quick note about my background: I’ve done everything from help desk and field technician to web development to video ops and delivery essentially everything from mouses to CDNs but the vast amount of knowledge you must digest and fully understand to pass the Security+ certification is daunting. After all, no one knows everything! But, I used that awareness to my advantage by chipping away at the exam objectives, bit by bit, flash card by flash card, and YouTube clip by YouTube clip and lo and behold after about 30 days I was beginning to feel more confident.
At this point I decided to book my exam date (I know I sort of cheated by not booking it at the very start but I still did follow the timeline). I was pleasantly surprised to find that CompTIA offers a package where you can take a do over exam if you fail the first one, which came with free access to Certmasters test banks, which was immensely useful.
I believe Certmasters also has a free trial that you can subscribe to for practice questions. A note about Certmasters: At first the questions came as a surprise to me because many seemed to have no connection to the book I was reading. Then that moment of panic set in, “What the hell, was I studying the wrong book?” In hindsight after taking the exam and experiencing that exact same sinking feeling during the actual exam, I realized this was excellent practice for the real thing. I’m sure Sun Tzu has something to say about this, but in war (or a certification exam, LOL) feeling over confident is the best way to get your head lopped off.
Days 30-40 Day:
At this point I focused on two areas: Relentless flash card studying–I took the entire stack, re-established what I immediately knew and discarded those cards again and then focused on the problem areas and deep dives into topics I was having trouble with. As I recall, I spent an inordinate amount of time on RAID memorization and subnetting. Sadly, neither topic came up on my test, but it could very well be on yours).
The night before I was in a panic and assumed I would be taking the test over again, but with the retake insurance in hand, I had that extra re-assurance I needed to get me at least a little sleep. I put down my cards and studying and took the last day to try to relax my mind.
I have never been to jail, but I’ve seen a lot of COPS episodes and the thoroughness by which the fellow at the Pearson testing center patted me down, looked in my mouth, behind my belt, into my sleeves and even into my ears seemed very close to what I had seen on tv. He did let me take my gum in though. Good thing I didn’t inscribe the gum with notes. Perhaps he went extra hard on me because of how I looked that day . . .
Once I got going on the test, I immediately felt I was in trouble . . . See 3) below.
THREE CRUCIAL THINGS TO TO KNOW ABOUT THE EXAM:
- They test you on a clunky interface where you need to shift the windows around to figure out what you need to do. If you can find photos of the interface try to have a look in advance, because you don’t want to be flustered and thrown off balance by the crapola interface.
- Unlike the CISSP exam, here you can save difficult questions for the end. There are something like five “Performance based questions” and when I came across those I saved them for last. Plow through what you know first, then swing back and give yourself a little time for the more complicated questions. I HIGHLY recommend this method.
- If you are like me, you will feel like you are failing THE ENTIRE TIME. These tests are designed to be VERY challenging. If you are prepared to feel that way you will be in a lot better shape mentally.
After what seemed like an endless delay, the machine spit out the results and I had passed. I was almost certain I had not. I cannot describe the feeling of immense joy I had, and that feeling carries with me up until this day.
Here is a video of me the day after taking the exam discussing my experience:
My Study Guide:
I didn’t use a lot of resources to study for the certification but here is the complete list>>
This is an extremely challenging certification, but if I can do it, you can do it. There is only one secret to success in this regard: Study your butt off! Study until you feel you can absorb no more and then study some more.