Skip to main content
HashnodeMiguel Burciagas Blog

Command Palette

Search for a command to run...

Studying for Security +

What to expect.

Updated
7 min read
Studying for Security +
M
Miguel Burciaga

Woahhh two articles in a day, you got that right. You know somedays you’re just in the mood to write and share thoughts with readers, I know you all are out there somewhere. I also felt like talking about The CompTIA Security + and give you my experience on studying for it. First things first, the CompTIA Security+ exam is an industry certificate, it is a tailored to be entry-level. What is mainly focuses on is security fundamentals, understanding risk and how they can be applied in a real world application. There is 90 questions and like 1-9 PBQs depending on the test generated, all of this with a time limit of 90 minutes and needed score of 750/900 to pass. So if you’re really looking to break into tech with zero experience then this certification can be your calling and I highly recommend it.

Why I started studying for it.

The answer is fairly simple just want to show my knowledge in the field. Even though I do have my bachelors with its a concentration in being in cybersecurity. That alone hasn’t really given me the chance to look for a job in the field. Therefore, by taking this certification I really just want to boost my resume and show I take the initiative to keep on learning. I wasn’t just gonna wait for the job to come to me, I chose to get up on my feet and find ways to build towards an opportunity. I want to exert that I know my worth and that I belong in this industry even If I have to work for it I will never back down.

My thoughts on the certification itself.

Honestly, I have really enjoyed the content that this exams brings. I have seen a lot of this content in my undergrad already but this exam really has given me a better understanding to think really critically on what the question is asking. In school we just learned the content but was tested on if we were able to memorize what the word meant. I’m not gonna sugarcoat it either this exam is vocab heavy and acronym heavy and can feel like a vocabulary test. Though the way they structure their questions really gets you to think about which vocab word applies to what their looking for. They throw in some questions where two answers could be the right answer because they both can essentially mean the same thing. It’s just your job to figure out which one best suits the question on a conceptual and logical level. Another thing is their “PBQs” which is their Performance Based Questions. These are like hands on scenarios they give to apply your knowledge almost like in a simulated industry setting. Don’t fret it may seem like a lot but trust me it is a lot of fun.

How I am studying.

At the time of this article being written I am still currently studying for the Security+ exam. Just wanted to give a quick rundown on the process I have taken. The first thing I did was look up videos on people different experiences taking this exam. It gave me a better understanding on what to expect and things to take into account. Different study plans, practice tests to take and videos to watch. Every video I watched were fairly similar and all of them pointed to one common ground. They all recommended to watch an IT Professional on YouTube called “Professor Messer”, he has a whole playlist dedicated to the Security+ exam and all it’s content. To be honest I found this to be a very boring way to study, don’t get me wrong Professor Messer is a very credited individual in IT, but his videos were kind of slow and very vague.

The next alternative I took was buying a Udemy course. One specifically from Jason Dion and I liked this option more. It broke down each domain into sections and subsections based on the content in the domain. They also provided videos but I much rather read the notes they have jotted down. It makes me more productive in writing down notes and looking for key terms and ideas. The course had a timestamp of 31 hours to complete and it took me about a month to complete. After that I didn’t think I was ready yet to take the exam. I still wanted to practice more and get a better grasp on what a test might look like.

One thing I will say though is I did get lazy with the review and studying, I did put it off for a while and that’s something I don’t recommend you doing. I just got caught up with work and work travel especially with the holidays looming around the corner. I just put it off for a while, however once the new year started I got straight back to it and have been studying ever since. This time I focused on test taking ad practice tests. I went back to Professor Messer and purchased his practice exams, so far so good I core on average like an 85% above. The perfectionist in me wants to shoot for 95% which is definitely possible.

Another thing I utilized was ChatGPT, I would basically ask the AI to break down content I didn’t understand into more feasible content that was easier to get a grasp of. I would also tell it to generate me study guides based on the notes I wrote down. I also would take questions from the practice exams and explain ways I can break down the question and what its asking. This allowed me to use process of elimination when it came to looking for the right answer. One of the sections I really asked it to break down is Encryption and Cryptography, it allowed me to better understand the info that I mixed up that threw me off. I’m still trying to get better at it but I’m almost getting there this is the last thing I really need to feel 100% ready. Im targeting end of this month or early days of March.

Quick breakdown on the domains.

Alright I gave you my history with the exam, now I want to give you a quick rundown on what each domain really tests you on, keep in mind there is 5 of them and each one of them are specific content you will focus on.

Domain 1: General Security Concepts

Focuses on the core foundations of cybersecurity

  • CIA Triad (Confidentiality, Integrity, Availability)

  • AAA ( Authentication, Authorization, Accounting)

  • Non-repudiation

  • Least Privilege

  • Zero Trust

  • Risk Management

  • Security Controls

  • GRC (Governance, Risk, Compliance)

Domain 2: Threats, Vulnerabilities, Mitigations

Focuses on identifying different types of attacks and how to stop them

  • Malware Types

  • Social Engineering

  • Application Attacks

  • Network Attacks

  • Hardening Techniques

  • Penetration Testing

  • Vulnerability Scanning

Domain 3: Security Architecture

  • Network Segmentation

  • IDS/IPS

  • Firewalls

  • VPN

  • Secure Protocols

Domain 4: Security Operations

  • Incident response process

  • Digital forensics

  • Logging and monitoring

  • Disaster recovery, Business continuity

  • Data classifications

  • File integrity monitoring

  • Access control methods

Domain 5: Security Program Management and Oversight

  • Security policies and procedures

  • Compliance frameworks

  • Risk assessment

  • Privacy concepts

  • Data protection methods

That is all folks, now it may seems like a lot but trust me when it all click it clicks. You just got to believe in yourself and don’t feel discouraged. Wake up everyday with the discipline to study a little if you don’t feel like it because their will be those days. Actions speak louder than words act upon your desires and demonstrate that you want it bad enough. There were nights where I didn’t sleep reviewing this content, do I regret it no not in the slightest it just made me want to do more. A break is much needed also you don’t want to burn yourself out but still got to be consistent with reviewing.

So far this has been the most neat article I have done and I’m honestly getting the hang of it now. I want to keep pushing content out like this as it genuinely puts a smile on my face to share. Next time I talk about another certification I will hopefully announce that I have passed the Secuirty + exam :)

#cybersecurity#security#comptia-security

More from this blog

Miguel Burciagas Blog

6 posts