My Experience Preparing for and Passing the CompTIA Security+ Certification

WHY Pursue CompTIA Security+ as a Project Manager?
“Security isn’t just the responsibility of a dedicated team; it’s embedded in everything we manage. As project managers, understanding security fundamentals helps us make better-informed decisions.”

In today’s IT landscape, security risks are a constant factor. As project managers, we handle risk management, compliance, and incident response on a daily basis. A foundational understanding of security principles helps us mitigate threats proactively, manage projects more effectively, and ensure security is woven into every aspect of our work.

WHAT Does CompTIA Security+ Cover?
Security+ is a foundational certification, meaning it doesn’t go incredibly deep into any one topic but covers a broad range of cybersecurity areas. Here’s a summary of the core topics you’ll learn:

• Cybersecurity Threat Landscape: Threat actors (bad actors) and their techniques and tactics.

• Malicious Code: Types of malware, including ransomware.

• Social Engineering & Password Attacks: Tactics used to exploit human weaknesses.

• Application Security: Securing applications and incorporating patching strategies.

• Cryptography & PKI: Encryption methods, hashing, and digital signatures.

• Identity and Access Management (IAM): Best practices for managing access.

• Resilience and Physical Security: Securing physical assets and ensuring business resilience.

• Cloud and Virtualization Security: Securing cloud-based environments and virtualized resources.

• Endpoint Security: Protection strategies for devices.

• Network Security: Securing network infrastructure.

• Wireless & Mobile Security: Safeguarding wireless and mobile communications.

• Monitoring & Incident Response: Detecting threats and responding effectively.

• Digital Forensics: Investigating and analyzing security incidents.

• Security Governance & Compliance: Understanding frameworks like GDPR, HIPAA, etc.

• Risk Management & Privacy: Identifying, assessing, and mitigating risks.

HOW Does This Relate to Project Management?
You might be wondering: How does all this cybersecurity knowledge apply to project management? The answer is simple: everywhere. Here are some key areas where project management overlaps with security concepts from Security+:

1. Risk Management
As project managers, identifying and mitigating risks is part of our daily work. Security threats—like data breaches, malware, or ransomware—are significant project risks. The Security+ certification includes an entire domain on risk management, helping you identify potential vulnerabilities early and mitigate them effectively.

2. Incident Response, Business Continuity, and Disaster Recovery
When unexpected security breaches or data leaks occur, projects can be severely disrupted. Security+ covers incident response planning, which helps you understand how to respond swiftly and mitigate the impact on project timelines and deliverables.

3. Compliance and Governance
Many projects must adhere to regulations like GDPR, HIPAA, or PCI-DSS. These regulations have security at their core. Understanding security standards helps you ensure compliance and avoid costly non-compliance penalties.

4. Enhancing Technical Understanding
My biggest takeaway was the boost in my technical understanding of security concepts. For instance, knowing how a Zero Trust Network operates or understanding tools like DLP (Data Loss Prevention), IDPS (Intrusion Detection and Prevention Systems), Firewalls, EDR (Endpoint Detection and Response), and SIEM (Security Information and Event Management) helps you communicate more effectively with technical teams as well as your client.

My Study Materials and Preparation
Resources I Used

1. Books:

• CompTIA Security+ Certification Kit: Exam SY0-701 by David Seidl (Publisher: Sybex)

2. Videos:

• Professor Messer’s YouTube Channel: A comprehensive and free resource dedicated to CompTIA certifications.

3. Practice Tests:

• David Seidl’s Book Practice Exams

• Jason Dion’s Security+ (SY0-701) Practice Tests on Udemy

I aimed to consistently score 85%+ on these practice tests before taking the real exam.

My Study Plan
Balancing a demanding job, being a father of two, and my passion for aviation required discipline. I dedicated:

• 1 hour per day to studying during weekdays.

• Additional hours on weekends, when possible.

In total, this preparation plan took me 3 months. I also took a week-long vacation before the exam to refresh and focus purely on study.

Exam Day Experience

• Number of Questions: Up to 90 questions (I had around 80).

• Duration: 90 minutes – plenty of time for most test-takers.

• Passing Score: 750 out of a possible 900.

• Format: A mix of multiple-choice and Performance-Based Questions (PBQs) – I encountered 2 PBQs.

• Prerequisites: None, but Network+ and two years of security/admin experience are recommended.

Exam Tips

1. Know Your Terms: Be fluent in security terminology and definitions.

2. Practice Tests: The more, the better. Repetition reinforces understanding.

3. Use GenAI Tools: Tools like ChatGPT can simplify or deepen your understanding of complex topics.

WHO Should Consider Security+?
Security isn’t a separate discipline; it impacts every project we manage. Whether you’re a project manager, systems administrator, or business analyst, a foundational understanding of security is an invaluable asset.

If you want to expand your horizons or have an interest in security, I highly recommend pursuing the CompTIA Security+ certification.

I hope this guide helps you on your journey. Remember: security is everyone’s responsibility. Equip yourself with the knowledge, and you’ll be better prepared for the challenges ahead.

Happy studying!