Infosec

How I Passed The Security+ (Resources & Tips)

by Tae’lur Alexis

Today I’ll share my Security+ journey and how I passed the exam! I’ll detail the exact resources I used and how I studied. It took me a while to form my study plan and I want to take my experiences and provide a study plan to hopefully aid you in your journey! If you want to skip straight to the resources, skip the next section.

How It All Started…

I started my career as a software developer (read my journey into tech here) but always wanted to work in information security. I began to deepen my understanding of Linux and developing interest in the areas of application security, vulnerability assessment, and offensive security by utilizing resources as TryHackMe, various books, Portswigger Web Security Academy and more.

My friend heavily recommended I pursue the Security+. It provides a foundational knowledge of different security concepts such as cryptology, least privilege, risk management, cloud security, vulnerability management, identity and access management and security controls. He recommended I start with the Get Certified Get Ahead book by Darril Gibson (RIP). It’s a great resource that helps you learn the terminology and concepts you’ll often come across and provides an understanding of how to secure networks, remediate vulnerabilities, implement policies and controls, and how to respond to incidents, among other things.

Now…What’s The Exam Like?

  • 90 minutes for up to 90 questions (# of questions typically ranges between 70-90)
  • 4-6 performance-based questions (PBQ’s)
  • Exam objectives
  • Passing score: 750/900

If you’re looking to get your foot in the door, the Security+ can be a great start. Do you need a certification to land a role in security? Not necessarily. Some companies put more weight on what you’ve done as well as your communication skills, but it never hurts. People in tech argue about the value of certifications and degrees as much as they do about Vim vs Nano or which Linux distro is the best. I personally can say that the knowledge I walked out with after doing the Security+ definitely helped me realize this is what I love.

Is the exam easy? I don’t really think so lol. I know there’s been people who’ve passed it within a week but I recommend dedicating at least a month. I just don’t believe in cramming, the focus should be on consuming the information and retaining it. You’re getting exposed to a wide range of areas that may be new to you so I say take at least 30 days.

My Study Plan

Resources

  • Get Certified Get Ahead book by Darril Gibson – I wouldn’t have passed without this resource. It is extremely well-written and covers everything that’s covered in the exam. I went into reading this book with the mindset of, “This is the foundational knowledge I need for a career transition into information security” rather than “Cram the information for an exam”. I promise you, with that mindset it turned my Security+ journey into an enjoyable journey. I was able to read the entirety of the book by spending 1-2 days on each chapter and made sure to complete the end-of-chapter quizzes. I found that aiming for a chapter every one or few days like this was enough to be able to pace myself, retain the information and not burn out.
  • ProProfs 30+ Ports and Protocols Quiz – My friend/mentor sent me this. It’s a free quiz that tests your understanding of ports and protocols. You’ll definitely need to understand more than a few ports for the exam.
  • Pearson Test Prep Practice Exam – For the last week leading up to the official test date, I took one of these practice exams every day. I timed myself to 90 minutes to simulate the real test, and like the official exam, the questions on the practice exams change every time. I never got the same question twice. I was scoring around 750-800 on the tests. The score got better as I read more of the book!

Study Tips

  • Read the chapters by the objective – In the beginning of the book, they group the domain objectives into different chapters. So for instance, chapters 7, 9, 11 focus on policies, processes, and procedures for incident response. Learning by the objectives help you understand the objective in a thorough manner.
  • Do the pre-assessment from the book to get a baseline understanding of your security knowledge and make sure to complete the end-of-chapter quizzes! Or just skip to reading the book like I did if you have no security knowledge.
  • Begin every morning by going through the ports and protocols quiz I mentioned earlier. The repetition every day helped me learn more ports than I already came in knowing.
  • Don’t burn out. Yes I would spend a whole day on a chapter of the book but I took several breaks in between. It’s a marathon, not a race.
  • Diversify your resources – If one resource isn’t stick for you, don’t be afraid to explore other resources that I mention below! I tried Udemy and YouTube before deciding that I was absolutely in love with Darril Gibson’s book.
  • You’ll probably never feel ready – I doubted myself the whole time but if you stay consistent and stick to your resources, you’ll end up doing better than you expected.

Exam Tips

  • Skip the PBQ’s until the end – The PBQs require the most time because they simulate real tasks such as categorizing different types of data or taking a vulnerability scan and suggesting the remediation for each vulnerability found.
  • Read the questions thoroughly – The questions can trick you. Sometimes there are more than 2 answers that are technically correct, but you have to select the answer that best fits the question they are asking.

Other Resources You Can Use

Thank you for reading my post, feel free to leave a comment and share with your friends. I hope you pass your exam and have a great start in this field! You can follow me on Twitter if you enjoy this type of content and want to know when I release another post. I’m also on LinkedIn if you want to connect on there as well! 🙂