infinitenexus
infinitenexus Dork
7/20/22 9:05 a.m.

Anyone here have this certification? After 1.5 years doing help desk/tech support, I'm trying to think of a good direction for my career, and I'm leaning towards the infosec direction (mostly because I think that's about the only direction I can go at my current small company). 

I've heard the Security+ exam is pretty tough. Can anyone recommend training courses/practice exams/etc that were beneficial, or general tips? 

red_stapler
red_stapler SuperDork
7/20/22 9:55 a.m.
infinitenexus said:

I've heard the Security+ exam is pretty tough

It is extremely tough.  I use a combination of professer messer videos on YouTube, their study groups, and one of the books on the subject that Comptia recommended.  I was certain I had failed while taking the exam, but I made it through.

infinitenexus
infinitenexus Dork
7/20/22 10:36 a.m.

I just wish the subject matter wasn't so dry. It can be hard to focus on, at times. I'm going to look into Professor Messer, thank you. I've always heard a lot of good things about him.

yupididit
yupididit PowerDork
7/20/22 11:52 a.m.

I took a free in-person class through my unit and studied some and passed it on the first try. I honestly felt like I bombed it as I pretty much felt lost through the whole thing. 

I also recommend CISSP, for me it was harder than Sec+ lol.

Since you're a Vet I'm positive there are some free resources and certification paths for you. 

red_stapler
red_stapler SuperDork
7/20/22 12:17 p.m.
yupididit said:

I honestly felt like I bombed it as I pretty much felt lost through the whole thing. 

I have never met anyone with a Sec+ who didn't say that.

Grtechguy
Grtechguy MegaDork
7/20/22 2:19 p.m.

I've taken many of the Comptia exams....they all leave a horrible feeling.

AnthonyGS (Forum Supporter)
AnthonyGS (Forum Supporter) UltraDork
7/20/22 7:16 p.m.

No exam is tough.  It's all about preparation.  You prepare or you don't.  My suggestion, study.  Study correctly too.  

yupididit
yupididit PowerDork
7/20/22 7:54 p.m.

In reply to infinitenexus :

Free training from DHS

Linkedin learning free for vets

I personally use LinkedIn Learning and some other resources that are Air Force specific. Tons of resources out there. 

Uncle David (Forum Supporter)
Uncle David (Forum Supporter) Reader
7/20/22 9:13 p.m.

LOTS of career opportunities in infosec.

CompTIA's own training is the best choice because it's their exam.  Yes it's all a big scam, and giving them money for the training so that you can give them money for the exam so that you can give them money for the "maintenance" fee and recertification really leaves a bad taste, but it's likely worth it salary-wise if you put the cert to good use.

I found SEC+ to be straightforward, after a LOT of studying. Not easy, exactly, but rational. Buy the book, take the course, find online quizzes. Do all of that more than once. Take lots of quizzes, then go back and studty the book some more. It was straightforward enough that when recertification time rolled around I decided to retake the exam rather than do the CEU's (or whatever they're called).

CISSP on the other hand was the most bizarre, soul-sucking, angst-inducing exam I've ever taken. I once got a 12 (out of 100) on an EE exam (that was a C btw); CISSP was worse. I had absolutely no idea what answer they were looking for. No way whatsoever to assess how I was doing. I keep up on my CEU's for CISSP. I'm NEVER taking that exam again.

I totally bombed CCNA and CEH and ran away from those like a scared little kid. NET+ wasn't bad and once you have it, recertifying on SEC+ automatically recertifies you on NET+ as well.

jwagner (Forum Supporter)
jwagner (Forum Supporter) Reader
7/21/22 12:39 a.m.

I took the CISSP exam about five years ago and thought it had some content that was totally off the wall, but supposedly it has been made somewhat saner.  Certifications are important in infosec.  The last company I worked for published a count of their employee certs to show they were serious about security, and pretty much required certs to get hired.

Infosec is a really wide field with a lot of different specialties.  Your specialization should depend on your strengths and interests.  There's a lot of demand in the field and decent paying jobs to be had.  The previous company paid for an exam bootcamp, which was about 60 hours of intensive exam-based brain dump.  Was painful but helped a lot.  Practice exams are a good way to get an idea of where you stand vs. passing the test.  Get a couple of good books too and bury yourself in them.  Good luck.

infinitenexus
infinitenexus Dork
7/21/22 7:34 a.m.

In reply to yupididit :

Thanks for these links, I'll be checking them out today since I'll have some free time due to strep throat.

With the IT department at my company being so small, advancement can be really tough. One of my predecessors once moved from tech support into an infosec role and didn't like it, so she moved back to tech support. So I'm pretty certain I can move into some form of security job here once I hit my 2-year mark. With a Security+ exam and a year or two of experience in an entry-level security job, I figure my prospects should be pretty decent for getting a good paycheck afterwards. 

TheTallOne17
TheTallOne17 Reader
7/21/22 7:59 a.m.

A question for those who have their certification:

Do you feel like you actually use what you learned prepping for the test?

yupididit
yupididit PowerDork
7/21/22 10:45 a.m.

In reply to TheTallOne17 :

For me yes, but infosec isnt my job at all.

dclafleur
dclafleur Reader
7/21/22 11:22 a.m.
infinitenexus said:

In reply to yupididit :

Thanks for these links, I'll be checking them out today since I'll have some free time due to strep throat.

With the IT department at my company being so small, advancement can be really tough. One of my predecessors once moved from tech support into an infosec role and didn't like it, so she moved back to tech support. So I'm pretty certain I can move into some form of security job here once I hit my 2-year mark. With a Security+ exam and a year or two of experience in an entry-level security job, I figure my prospects should be pretty decent for getting a good paycheck afterwards. 

Professionally you'll earn more money getting the certification and finding a better paying position elsewhere. There are plenty of reasons to stay in a job and this is no means a statement that you have to move, but if you want to move your career forward it is usually quicker and more advantageous to find a position elsewhere that already offers the salary and role you want. You'll also have an easier time getting a security job if your cert is fresh and you're looking for a position than if you stayed in a position for two years that does not exercise the skill set.

infinitenexus
infinitenexus Dork
7/25/22 7:27 a.m.

In reply to dclafleur :

Thanks for the tip! My concern is that I don't have any experience in an infosec role. My plan was to get the cert and move into a security position here, and then after a year of experience look for a higher paying job elsewhere. I imagine I probably could get something with just the cert, but I want the year of experience for myself, so I feel confident in the job. 

jwagner (Forum Supporter)
jwagner (Forum Supporter) Reader
7/25/22 7:04 p.m.

I made the jump from an IT/Sales Engineer background to being a product cybersecurity analyst fairly easily - a linkedin update and a couple of interviews.  Could not have done it without the CISSP.  All of my cybersecurity experience was secondary to my previous roles.

Procyon
Procyon New Reader
7/26/22 11:58 p.m.

The discussion has evolved from the original question, I think, but I passed the exam 12 or 13 years ago.  I didn't find it easy, but it wasn't especially hard either.  However, I was familiar with around 70% of the material already due to my job.  The most painful part for me was the memorization of certain things.  There was a list of ports I needed to know and I only used some of them regularly, there were a number of different attacks that I needed to be able to label correctly, there were different ciphers and encryption protocols that I needed to remember specific characteristics of, etc.  In addition to the extensive note taking done while reading the guide, I made several lists and memorized them, and as an aid, did a brain dump onto the scratch board before I started the timer on the day of exam.

My main study material was the official CompTIA study guide, instructor's edition.  (It was either the same price as the student version, or $10 more, and it was worth it to have the correct answers to the exercises).  I don't think it's still available from their site.   The exam becomes much more difficult if you don't have the background going into it to understand the concepts that are being taught/tested.  Several co-workers have been studying for it for a while and just listening in to some of the study sessions you can tell that often they're having difficulty understanding what the question is asking.  They're lacking some foundational knowledge that would make it much easier for them.  Still, it's definitely doable with self-study.  Other co-workers have done so successfully.  The current version of the exam is old enough now that the major publishers should have comprehensive study materials. 

I don't have a specific recommendation for practice exams, but practice exams from a reputable publisher can be very helpful.  They can help you evaluate your level of readiness, help identify your weak areas, help your understanding of the material (because a good exam should not just give the correct answer, but an explanation of WHY it's the correct answer and/or why the other answers are incorrect) and help you to be more comfortable when you go for the actual exam.  Once you have the certification, you'll need to maintain it, either by earning CEUs or by paying CompTIA another $200 for "online training" every three years.  The payoff to CompTIA is the best use of time/money for me, but it's up to you.  It's possible to maintain it by investing your time and not spending money out of pocket.

If you're going to take the exam, I think you need to commit to putting a significant amount of time into studying over a relatively short calendar period.  I'd suggest an hour or more each night if you can possibly do that.  Figure on 4-8 weeks for self-study, depending on your knowledge level going in and how much time you can put into it daily.  If you have to stretch this out for 6 months or more, I think the chances of success go down.  If you're not using the knowledge on a regular basis, you're going to forget it again.

As mentioned, it's been 12-13 years since I took my exam and it's been revised several times since then.  They've added some performance-based questions where you have to interact with the exam software and complete some task or accomplish some goal.  I don't have any hints for those scenarios, except to take advantage of any opportunities you get to practice these types of questions.  You don't want your exam to be the first time you've attempted that sort of question.

Good luck and realize that if you're going into infosec, that will only be the first of several exams you can expect to take along the way.

infinitenexus
infinitenexus Dork
7/27/22 7:54 a.m.

In reply to Procyon :

Thank you for all the helpful information. One of the issues is that in my day-to-day job, I do a lot of hands-on work with computers but very little infosec-related stuff. So it'll be tough to keep a lot of this stuff in my head.

I spoke with my boss yesterday and expressed my desire to move into a security role, and he seemed find with that, and furthermore recommended a direction for me to start my studies: beginning with memorizing common ports, then focusing on networking, then moving into security stuff. I also spoke with our jr sysadmin and he's going to give me a tour of our firewall sometime and explain some of the related software to me. So, baby steps, but they're steps in the right direction and that's what counts.

yupididit
yupididit PowerDork
7/27/22 1:21 p.m.

Anyone looking for a govt (GS) IT position in the Denver area.

Procyon
Procyon New Reader
7/27/22 9:39 p.m.

In reply to infinitenexus :

That's definitely moving in the right direction.  A large part of security is understanding how things work and how to prevent them from being made to work incorrectly, or bypassed so they don't work at all.  Getting that background will help you when you start looking at your environment from a security-minded point of view. 

Also, having a good understanding of networking basics is vital.  So much so, that I probably took it for granted in my first response.  You don't have to be a Cisco-certified network guru for the exam, but you do need to understand the fundamentals of IPv4 (I don't know how much, if any, IPv6 is on the current exam), sub-netting, network ports, DNS, common utilities such as ping, nslookup, tracert, wireless networking, etc.  If you don't understand them, you're not going to be able to put many of the questions into context.  They're not going to ask you the correct commands to set up routing on a border router.  They might give you network configuration information for several devices on a LAN and ask why device A can't connect to device C, though.

infinitenexus
infinitenexus Dork
7/28/22 7:50 a.m.

In reply to yupididit :

I wish! I absolutely love Denver and Colorado in general, and have dreamed of moving there several times. Water shortages and soaring house prices have scared me away though.

infinitenexus
infinitenexus Dork
7/28/22 7:52 a.m.

In reply to Procyon :

I have a basic understanding of all of those things, but I definitely need to improve. I just have to find some free time in the coming weeks to really start studying this. Once I finish my current books I should have a lot more free time, and that'll help.

yupididit
yupididit PowerDork
7/28/22 10:14 a.m.

In reply to infinitenexus :

Got it, those are valid reasons to not relocate to a somewhat pricy city.

Well if anyone is interested, here it is: IT SPECIALIST (DATAMGT/SYSANALYSIS)

If anyone apply, let me know!

infinitenexus
infinitenexus Dork
7/28/22 11:28 a.m.

For that much money, I think I could deal with those problems. Looks like I don't really qualify for that job though. It's a bit above my head.

You'll need to log in to post.

Our Preferred Partners
VaqcUvUOcW2HXj5k3guNf0rkBQhrGL61nUmLpauESmlVREgqGkJBOyO8w2d56FdW