How I Passed The Security+ (Resources & Tips)
Today I’ll share my Security+ journey and how I passed the exam! I’ll detail the exact resources I used and how I studied. It took me a while to form my study plan and I want to take my experiences and provide a study plan to hopefully aid you in your journey! If you want to skip straight to the resources, skip the next section.
How It All Started…
I started my career as a software developer (read my journey into tech here) but always wanted to work in information security. I began to deepen my understanding of Linux and developing interest in the areas of application security, vulnerability assessment, and offensive security by utilizing resources as TryHackMe, various books, Portswigger Web Security Academy and more.
My friend heavily recommended I pursue the Security+. It provides a foundational knowledge of different security concepts such as cryptology, least privilege, risk management, cloud security, vulnerability management, identity and access management and security controls. He recommended I start with the Get Certified Get Ahead book by Darril Gibson (RIP). It’s a great resource that helps you learn the terminology and concepts you’ll often come across and provides an understanding of how to secure networks, remediate vulnerabilities, implement policies and controls, and how to respond to incidents, among other things.
Now…What’s The Exam Like?
- 90 minutes for up to 90 questions (# of questions typically ranges between 70-90)
- 4-6 performance-based questions (PBQ’s)
- Exam objectives
- Passing score: 750/900
If you’re looking to get your foot in the door, the Security+ can be a great start. Do you need a certification to land a role in security? Not necessarily. Some companies put more weight on what you’ve done as well as your communication skills, but it never hurts. People in tech argue about the value of certifications and degrees as much as they do about Vim vs Nano or which Linux distro is the best. I personally can say that the knowledge I walked out with after doing the Security+ definitely helped me realize this is what I love.
Is the exam easy? I don’t really think so lol. I know there’s been people who’ve passed it within a week but I recommend dedicating at least a month. I just don’t believe in cramming, the focus should be on consuming the information and retaining it. You’re getting exposed to a wide range of areas that may be new to you so I say take at least 30 days.
My Study Plan
Resources
- Get Certified Get Ahead book by Darril Gibson – I wouldn’t have passed without this resource. It is extremely well-written and covers everything that’s covered in the exam. I went into reading this book with the mindset of, “This is the foundational knowledge I need for a career transition into information security” rather than “Cram the information for an exam”. I promise you, with that mindset it turned my Security+ journey into an enjoyable journey. I was able to read the entirety of the book by spending 1-2 days on each chapter and made sure to complete the end-of-chapter quizzes. I found that aiming for a chapter every one or few days like this was enough to be able to pace myself, retain the information and not burn out.
- ProProfs 30+ Ports and Protocols Quiz – My friend/mentor sent me this. It’s a free quiz that tests your understanding of ports and protocols. You’ll definitely need to understand more than a few ports for the exam.
- Pearson Test Prep Practice Exam – For the last week leading up to the official test date, I took one of these practice exams every day. I timed myself to 90 minutes to simulate the real test, and like the official exam, the questions on the practice exams change every time. I never got the same question twice. I was scoring around 750-800 on the tests. The score got better as I read more of the book!
Study Tips
- Read the chapters by the objective – In the beginning of the book, they group the domain objectives into different chapters. So for instance, chapters 7, 9, 11 focus on policies, processes, and procedures for incident response. Learning by the objectives help you understand the objective in a thorough manner.
- Do the pre-assessment from the book to get a baseline understanding of your security knowledge and make sure to complete the end-of-chapter quizzes! Or just skip to reading the book like I did if you have no security knowledge.
- Begin every morning by going through the ports and protocols quiz I mentioned earlier. The repetition every day helped me learn more ports than I already came in knowing.
- Don’t burn out. Yes I would spend a whole day on a chapter of the book but I took several breaks in between. It’s a marathon, not a race.
- Diversify your resources – If one resource isn’t stick for you, don’t be afraid to explore other resources that I mention below! I tried Udemy and YouTube before deciding that I was absolutely in love with Darril Gibson’s book.
- You’ll probably never feel ready – I doubted myself the whole time but if you stay consistent and stick to your resources, you’ll end up doing better than you expected.
Exam Tips
- Skip the PBQ’s until the end – The PBQs require the most time because they simulate real tasks such as categorizing different types of data or taking a vulnerability scan and suggesting the remediation for each vulnerability found.
- Read the questions thoroughly – The questions can trick you. Sometimes there are more than 2 answers that are technically correct, but you have to select the answer that best fits the question they are asking.
Other Resources You Can Use
- Professor Messer’s Free Security+ Series – I’ve heard a lot of people take this free course on YouTube and pass!
- Exam Compass Free Practice Exam – This is a FREE practice exam! You’re able to choose practice exams catered around a specific exam topic so this will help if you discover from quizzes that you have more of a weakness in an area such as cryptology or social engineering.
Thank you for reading my post, feel free to leave a comment and share with your friends. I hope you pass your exam and have a great start in this field! You can follow me on Twitter if you enjoy this type of content and want to know when I release another post. I’m also on LinkedIn if you want to connect on there as well! 🙂
Thanks for sharing your valuable experience and knowledge with us.
No thank you for reading! It makes my day when ppl enjoy what I put out 🙂
This is excellent and congratulations! I stumbled across your tweet and glad I did! Thanks for taking the time to pass along valuable information! Take care!
Thank you of course! I’ll keep putting out more content <3
The first bullet point under exam tip. PBQ are a time hog. I agree strongly that they should be engaged last. One ather thing that I became familiar with after the fact. Successful completion of Network+ provides a foundation for terms, purpose and function. Thanks for putting this together Ms Alexis. Next read for me, 100DayOfPython.
Firstly, thank you for your response! You are spot-on, networking fundamentals is fundamental! Especially since the Sec+ is focused on how to secure networks, you gotta know at least the basics of how firewalls, switches, routers, and different protocols work. And yes I need to put out more coding tutorials lol! You just reminded me I need to put out more python tutorials 🙂
Great post, thanks for sharing the resources! Planning on taking the Sec+ this year and this will be very helpful.
Great stuff, Thank you for taking time to share this valuable resources..
Thank you for sharing this information. I recently decided to do research about cybersecurity and figured it would be a good fit for my family and I. I went to school to become a Radiographer and unfortunately I didn’t pass the board exam. I’m now working from home with the same company who hired me which I’m grateful for. My 1 year old stays home with me while I work, my 3 year old attends daycare on the days I work and my 6 year old is in school.
Found your blog through the Diversify Tech – Student Edition newsletter. Thank you for the clear and detailed write-up!
Your journey is amazing. And so is this blog. It’s very engaging. But now I’m fully vested in this story. How did you get from passing Security+ to your current role? Did you get any additional certifications?
I would be happy to write a blog post on how I got my current role at Semgrep! I didn’t get any additional certs :-)! I’ll definitely write about it thank you 🙂
Thank you for this great information! I am an beginner to this all and you’ve helped me a lot 🫶🏽❤️
of course! 🙂