The CompTIA Security+ certification is likely the first security-related certification anyone will get when pursuing more in-depth knowledge about IT Security, or a career as a Cyber Security professional.

In this article, I will tell my story of why I chose to study for the certification, what study tools I used, and ultimately why I chose not to take the certification exam.

After I had achieved my CCNA certification I was ready to put my focus back on learning more about security. I had initially planned on skipping Security+, and jumping straight to a more advanced certification like the eJPT (e-learn security Junior Penetration Tester), but my experience with the CCNA had taught me to lay a solid fundamental before going for more advanced certifications.

During the CCNA, I experienced the benefit of getting a solid understanding of the fundamentals of a topic before digging deeper. Having that good and solid fundamental knowledge makes it a lot easier to learn more advanced topics. It's easier and less daunting to take many small steps toward a goal than to take a few large steps.

Since the CompTIA security+ covers a lot of the cyber security fundamentals this seemed like the perfect certification to establish the fundamentals I was looking for before moving on to a more specific and concept-focused certification like the eJPT for penetration testing or Blue Team Level 1 for cyber defense.

Before I started to study for the CompTIA Security+ certification I had recently completed a class called "Introduction to Information Security" at the Network and Information Security program at Noroff. This made me spend about 200 hours focusing on cybersecurity topics. I also spent some time learning practical hands-on skills on TryHackMe, accumulating more than 17'000 points on that platform.

I do believe this gave me a good starting point and helped me remember the material while studying for the security+ certification exam. having the CCNA under my belt also provided me with a lot of context for the policy and networking-related topics.

I started reading in the middle of February 2022 and ended my studies around may of the same year.

Somewhere in the middle of my study I slightly lost momentum because I completely fell in love with TryHackMe.com and had trouble prioritizing reading for the Security+. This caused a reduced pace of reading for a couple of weeks. In addition, was working on a Study Project for my Noroff studies that had to be prioritized.

As a preparation tool, I used CBT Nuggets to help me both get a nice introduction to a topic before reading about it, or as a repetition to help me remember the topic covered.

What I especially like about the way CBT nugget teaches the Security+ curriculum is that they try to show it off in a practical manner. No topic is just mentioned, it's almost always shown in some sort of practical way. This makes it a lot easier to realize the practical and real-world importance of the topics.

In addition, I watched Mike Mayers' Security+ course on Udemy. Mike was as always Entertaining, and his co-instructor Dan did an excellent job of explaining concepts in a clear and concise way that was easy to understand.

My main reading source was the "CompTIA Security+ Exam Cram" book by Marty M. Weiss. This book was written like an extended summary, quickly covering all the topics in the certification.

I decided to read four chapters from the book every week, making my main study period last 9 weeks to cover all 35 chapters in the book.

Because I had some previous knowledge about many of the topics covered by the certification this felt in many ways like repetition for me. But like any good repetition process, I was able to get a deeper understanding of some of the topics I was a bit unsure about.

CompTIA Security+ is very much a theoretical certification. But I have a better chance of remembering things if a get my hands-on topics and have personal experience with them. Because of this, I did spend a lot of time on TryHackMe.com, taking rooms that covered topics related to what I was learning.

I don't think lab experience is strictly necessary for passing the Security+ exam. But for me, it gave me more confidence and helped me connect the dots.

I believe it's possible to pass this exam by just doing a quick study cram, where you "hammer" the material into your head. But I would advise taking the time to really let the material sink into your head before taking the exam.

The topics covered on Security+ are the fundamentals of cyber security. Because of this, I think it's wise to be confident and have a solid understanding of them all. I believe the knowledge gained by studying for Security+ is essential for further cybersecurity studies. I would go as far as to say that Security+ is a bare minimum that anyone learning about cybersecurity should know a bit about. Because of this, I took my time allowing the material to sink in, and did not haste my way through the study material.

I would advise everyone to be prepared to read and learn about topics that can feel boring and uninteresting if you do not have any professional experience in the IT field. Corporate or business-related IT security topics like mobile divide management (MDM) and security policies can be especially hard to find the motivation to learn about if you have no professional experience with IT. I would advise everyone to pay attention to those topics because they can be very important in real-life corporate environments.

Like anything new you learn about in IT, it can be hard to prioritize and find the motivation to learn fundamentals, but as mentioned earlier in this article, I have experienced firsthand that solid fundamental knowledge makes it easier to learn more specific and advanced topics.

I do believe that Security+ does provide solid fundamental knowledge about cyber security that can give awareness that is beneficial regardless of what role you have.

After studying for the CompTIA Security+ for a while I decided to not go for the certification exam, but rather build upon what I had learned and study for the more advanced Cisco CyberOps Associate (200-201) certification.

Two factors made me decide to do this. First of all; a bad experience when taking the CompTIA Linux+ exam made me really dislike the focus on tiny and insignificant details on the exam. Secondly, I could renew my CCNA certification by passing another associate-level certification from Cisco. Both these arguments made it easy for me to decide to skip the CompTIA Securiy+ certification.