There is often a misconception in the business world: information security, or more specifically cybersecurity, are problems assigned solely to the IT department. Of course, that’s not true. People also tend to believe that information technology is the same as information security – also not true. These foundational misconceptions can dictate not only your organization’s information security strategy, but can also impact your security posture.
Information Security Requires a Specific Skill Set
Information security is its own domain that requires a very specific skill set, framework and concepts. If information technology was indeed the same as information security, we wouldn’t have a shortfall of security experts or a worldwide skills gap .
As an information security practitioner with 12 years of experience, I have seen many things. The incredible amount of ingenuity and time threat actors have always amazed me. I often think that if they used their skills for good, our world would be a much better place. Add to that the fact that many organizations are extremely ill prepared for a cybersecurity attack – from the top all the way down to those expected to implement security controls. In my experience, the best way to remedy this situation is through consistent learning, training and certifications. The knowledge gained can help pave the way for a more informed and viable community of technical experts to be a source of sound information for organizations to absorb.
Training IT Pros to Meet That Need
Given that many organizations view information technology and information security as the same team, (and smaller organization aren’t able to employ a dedicated information security team), we have to train and educate the staff we have to be able to assume the role to secure the organization. In the absence of a dedicated team, this approach is in the best interest of the organization.
Personally, I find that IT certifications are a good way to validate my efforts at understanding a particular subject, either conceptually or technically. Knowledge provides a contextual basis to aid in decision making. If you pair that with extensive experience, then you are able to make impactful, operational, tactical and strategic decisions.
How IT Certifications Validate Knowledge
When it comes to IT certifications, everyone should understand the intent, not the ask. The end goal isn’t the certification itself, it’s the knowledge gain.
Let me repeat that because it’s important – the end goal isn’t the certification itself, but the knowledge gained.
For information security roles, the end goal is the underlying comprehension of foundational security knowledge and concepts, and how that knowledge increases your skill set and the value you bring to the organization and the team.
The certification itself, is a way to confirm you have this knowledge. By no means, do we want anyone to be under the illusion that earning an IT certification is a checkbox activity. It’s important to understand that the intent of this requirement is to increase skills and knowledge attainment to best support the expectations of the business.
And I’m not just talking the talk. I have implemented a requirement for my staff to earn CompTIA Security+ for the exact reasons stated above. This requirement helps ensure that everyone on my team has the same foundational knowledge, is able to communicate with the same base lexicon and can act as additional resources to aid in securing the organization, including education and advocation. Taking advantage of IT certifications are essentially open-door opportunities to increase your skill set and to potentially advance your career.
Learn More About CompTIA Security+
Not familiar with CompTIA Security+ or wondering if it’s right for you? We’ve compiled some of our most frequently asked questions about this cybersecurity certification. We just launched a new version in November 2020, so you can be confident that the skills you’ll learn are relevant to today’s cybersecurity jobs, including cybersecurity specialist, network administrator, security administrator and systems administrator.
Learn more in The New CompTIA Security+: Your Questions Answered
My CompTIA Security+ Journey
Even with 12 years of experience under my belt and existing security certifications in hand, there are a few specific objectives I looked to fulfill as I worked toward getting CompTIA Security+ myself in January 2021.
First and foremost, I wanted to show that continuous learning and skills development doesn’t stop once you hit a certain level. A close second is the fact that continuous learning in your area of direct or indirect responsibility is expected to provide value and impact to an organization.
Of course, I wanted to be able to understand and verify the content with which I am charging my team. By earning the certification myself, I can determine if what’s covered by CompTIA Security+ is commensurate to the knowledge-base, experience and expectations of my team’s job roles.
And by going through the process myself, I can also determine the potential root-cause of any challenges my team may have as they work toward getting certified. For example, I wanted to be able to identify if the content is too challenging, if their preparation was not adequate and if my expectations are in line.
It’s clear that in this day and age, everyone in IT needs to understand the basics of information security – and my way of ensuring that is to require my team (and myself) to earn CompTIA Security+. Of course, the “why” is easy to comprehend. But what about the “how”?
Getting an IT Certification: My Recipe for Success
Before you get started, having these characteristics are critical for IT certification success:
- A dedication to your craft: To advance your career, you must be open to learning.
- A dedication to learning: You need a willingness to learn, otherwise it will be a hard endeavor.
- A dedication to preparation: Proper preparation requires a serious time commitment and discipline.
What I Used to Study for CompTIA Security+
The study aids I used to prepare for the CompTIA Security+ exam included the Official CompTIA Security+ Study Guide, other exam preparation books and a self-paced online class. It’s important to remember that no one singular source is sufficient. A variety of sources helps to ensure coverage of the exam objectives from differing perspectives and to fill any gaps.
Speaking of the exam objectives, they are the first place you should start to get a sense of what topics the certification exam will cover. You can download them for free from the CompTIA website.
Remember that cybersecurity knowledge doesn’t stop with this certification. CompTIA Security+ is a starting point for you to get a taste of important cybersecurity topics. It is incumbent upon you, as the learner or budding security practitioner, to continue to learn, stay curious and move beyond what you learned for the exam. The exam is just a starting point or gateway into a much deeper domain of knowledge and skills acquisition.
My IT Certification Preparation Plan in 6 Steps
Having a plan sets you up for success. Here’s my typical preparation plan:
1. Jump in and set a date.
If you wait for the perfect time to mentally start prepping, it will never come. Put a date on the calendar and commit to it.
2. Plan to take the exam in about 6 weeks.
You will have to gauge (depending on the complexity of the subject) if this needs to be moved out further. But 6 weeks is a good starting point.
3. Make your purchases.
You have some options here. You can purchase a book or two for reference, take a live, instructor-led course or participate in a pre-recorded self-paced course. You can also purchase practice exams (some courses/books provide them as part of the purchase). Additional practice never hurts.
4. Commit time each day (more on weekends) to study.
I look to carve out 2-3 hours a day for the training aspect (self-paced class or book). I try to aim to complete the book or class within two weeks. Live training or self-paced online training should also take about two weeks to complete, followed by reviewing a reference book to fill any gaps.
5. Review your notes.
Class notes or book notes usually highlight key concepts. I recommend taking notes on index cards for areas that need improvement.
6. Practice, practice, practice.
Study the note cards and take practice exams for 1-2 weeks until you get to a point where you are internalizing the concepts and successfully scoring over 85% on the practice exams.
A Few Extra Notes
Sometimes the process may not flow as easily as it sounds. If the material is particularly complex, or you’re having trouble understanding certain concepts, extra work is necessary.
Here’s a few tips:
- Fix your mistakes: On the practice exam go back to questions you got incorrect to ensure you understand the concepts behind the correct answer.
- Don’t over-do it: Do not take practice exams more than twice. At that point, you increase your success rate based on familiarity more than conceptual understanding.
- Assess your readiness: If you need more time, it’s okay to reschedule the exam. I would caution not to exceed an additional two weeks.
- Work the exam: On the day of the exam, skip the scenario-based questions until the end. They tend to be anxiety producing – especially being the first few questions. Work on the multiple choice first to get comfortable and boost your confidence, then circle back.
This method has worked well for me. I passed my last 7 IT certifications using this method and even completed the exams in half of the allotted time – including when I earned CompTIA Security+ in January 2021. Remember, this is not a test of speed, but rather an outcome of proper preparation.
Best of luck in your journey.
Ready take your IT career to the next level with CompTIA Security+? Complete six real exam questions* in six minutes or less to get an idea of where you stand.
*Please note that these exact questions are not part of the current exam version.