How Not to Study for Security+

Are you looking to get Security+ certified? Are you a total n00b like I was? I may have a few reflections on the process to share with you. Now, six months after my initial goal to take the Security+ exam, I am finally certified. Hopefully, you won’t do what I did.

Thinking about taking Security+?

At the start of 2019 I was managing a small niche art library, having graduated with Bachelors of Fine Art some years prior. I have always been a technologically gifted person, but I did not have any proper “tech” experience at the outset of my Security+ studies.

By May 2019 I was on the way to a big and glorious career change and a couple months into Evolve Security Academy’s remote cybersecurity bootcamp. The Security+ certification seemed to me like a perfect way to demonstrate that I have the knowledge it takes to work in the industry — and I still feel this way. For career changers like myself, I believe it can be a critical first certification.

By September I graduated the bootcamp, and made my first mistake: I did not buy an exam voucher or schedule my exam. Life happened. January 2020 arrived and I finally committed to studying for the exam. I selected and gathered my study guides, practice exams, and other material, but still had not purchased the voucher or scheduled it. I tentatively decided on March for the exam. I studied all January and February, then March came, COVID-19 struck, and the Pearson VUE testing centers were closed.

My entire plan to study and sit for the exam completely crumbled. Work took over and it wasn’t until July 2020 that I picked up studying again. While the pandemic did genuinely throw a wrench in my plans, my lack of initial commitment led to me completely neglecting my goal instead of sticking to it.

How Not to Study for Security+ tip: Set your exam date roughly 45 days out from when you want to start studying. This will mentally (and financially) commit you to studying (and PASSING!). This will also give you plenty of time to really dig in, but not too much time to wallow or get distracted.

Listed below are the study materials I used to pass the Security+ exam and a few notes about each. These are also in order of most utilized to least utilized study resource.

CompTIA Security+ SY0–501 Exam Objectives (pdf). The only thing that CompTIA provides you with are the exam objectives — get them off the CompTIA website. Read them often while you study to check in on what you’re missing, where you’re weak or need to study more.

Darril Gibson’s Get Certified Get Ahead Security+ Study Guide (book). Very readable book, with a fantastic intro that provides a ton of information on what the exam will be like, and the best strategies to take it. I definitely recommend this purchase. Read this cover to cover and take notes. I promise it won’t take long.

GCGA Website Full Study Package. I bought the extra package, and I’m not sure that it was totally necessary. Check out the perks, and before you decide scour the complete GCGA website and blog for all the free information you can gather. The practice tests were not similar to the exam, but they were still explanatory.

McGraw Hill CompTIA Security+ Exam Guide (book). This book was high-level and dry. I used it mostly for reference and for anything that the Gibson book did not cover, which was only a little. I only recommend this book to folks who have zero tech background like myself.

Jason Dion CompTIA Security+ (SY0–501) Practice Exams with Simulations Udemy course. Reddit users said the Dion practice exams were the most like the real thing, and after taking the exam I agree. Gibson says you should be scoring 90% on practice tests in order to pass the real thing: I never scored higher than 85% on these exams.

Total Seminars CompTIA Security+ Cert. (SY0–501) Practice Tests Udemy course. Also felt these were really close to the real thing. Again, never scored more than 85% on these exams.

Total Seminars: CompTIA Network+ Certification (N10–007) Udemy course. This might be the largest time investment, and to be fair I started this course way before I ever began studying for Security+. However, the first 9 sections of the course are a solid introduction to networking, subnetting, TCP/IP, all that good stuff. Helps lay a foundation for the Security+ especially if you are planning to skip the Network+ certification, like I did.

Handmade Flashcards. I made roughly 200 flashcards when it was all said and done. All the hashing algorithms, asymmetric cryptographic protocols, symmetric cryptographic protocols, acronyms, concepts, everything. Writing is a really powerful learning strategy, and cramming with the cards before the exam also helps.

CertMike Security+ SY0–501 Practice Tests (kindle book). A whole boat load of practice exams with an overwhelming amount of information and explanations. I didn’t even manage to take all the exams or ever get better than 75% on them, but I still recommend at how affordable this was.

Exam Compass free practice exams. I used these for testing the “memorizable” pieces of information like port numbers, cryptographic algorithms, acronyms, etc. Since they’re free, take them all. However, they don’t provide explanations so they will not provide you with much help as to why something is right or wrong.

Professor Messor Youtubes Videos. I would put these videos on in the background while I worked. Generally though, videos did not jive with my learning style. I felt that reading the books and taking practice exams were the most helpful for me.

How Not to Study for Security+ tip: Focus on finding high-quality practice exams and don’t forget about those exam objectives — let them guide your studies and identify your weak points.

You probably want to know what the exam was like, right? It wasn’t easy. I consider myself a skillful test-taker, so read what follows with that in mind.

I tried to budget my time as best I could, and I still nearly ran out. Do the performance based questions (PBQs) last, but leave plenty of time to work on them! Make a note of how many PBQs you have and budget yourself out at least a few minutes for each question. The exam is only 90 minutes and you will have anywhere between 70–90 questions to answer. Do the math on that, folks! You will need to work at a steady speed.

Memorization will not carry you through this exam. The vast majority of the concepts you are tested on you must genuinely understand. There is a reason CompTIA recommends two years of industry experience before taking this exam. For you noobies attempting to skirt that prerequisite, you must study extra hard to compensate!

Read the question prompts carefully. Any given question might have 2 to 3 reasonably valid answers. Process of elimination will help only so much. You must be able to read the question prompt for context clues that will help you determine which answer is the absolute best. And then, sometimes even the question won’t provide you with enough information and you just have to select the one you think is best.

Can you answer which hashing algorithm is stronger? Can you describe why COPE devices benefit the company? Does a site-to-site VPN make sense for the given scenario? Try your best to truly comprehend the material. Google all your questions big and small. If you find yourself asking “why?”, stop and Google it!

How not to study for Security+ tip: Remember that if you don’t have two years of industry experience, you’re going to have to compensate with thorough studying!

One final tip: find a study buddy if you can, or join the Reddit CompTIA forum for some camaraderie. Being accountable to another person is a great motivator, so don’t underestimate that. Study hard, strategize, and pass that exam! Good luck.