Going Into Security+, Request Help With Perspective
LawlessFlow
Registered Users Posts: 1 ■□□□□□□□□□
in Security+
Found this site through Google today, and it strikes me as a great resource as I go into this. I've read around a bit and I have a couple questions, but first some background.
I'm working on a masters in "Cybersystems and Information Security" and I've started looking into certifications. Now, I've never taken a certification before. Ever. The closest I've experienced was sitting for the GRE to get into graduate school. I work in IT as a systems admin at a very small bookkeeping company (I'm one of two in the IT/IS dept), and go to school as well. My boss(other IT guy/ network admin), everyone at school, and a couple of would be employers have sent me down this path of certification as something I need in order to have an edge in my career.
So my questions:
1) Is this a feasible first certification? I've had some people tell me, and have read others say, that this is a good first step and others (like my boss) suggest taking Network+ first (He himself has no certs, but has been studying on and off (mostly off) for both the Network+ and Security+ for... 4 years?(his words not mine)). I want to start working towards CEH and CISSP eventually, but I'm aware those are not by any means a starting point.
2) What's a feasible amount of study time? I'd like to take it in the next 3 months, preferably in one month, a week and a half after finals. It seems some people study a week and ace it and others spend months to fail. Is it just incredibly variable depending on pre-existing knowledge (I'd suspect so)? Right now, I'm planning to buy a book and base my examination date on how foreign the material strikes me.
3) I see that a lot of people suggest Gibson here, but after following the link in the sticky, under book recommendations, I did not see Gibson (I don't believe at least). Is there a consensus to a "best book" or are there a few that are equally as impressive?
4) I notice a lot of referencing everywhere to SY0-301 but the current exam is SY0-401 correct?
Probably basic questions, and I apologize for not reading through more. Thanks!
I'm working on a masters in "Cybersystems and Information Security" and I've started looking into certifications. Now, I've never taken a certification before. Ever. The closest I've experienced was sitting for the GRE to get into graduate school. I work in IT as a systems admin at a very small bookkeeping company (I'm one of two in the IT/IS dept), and go to school as well. My boss(other IT guy/ network admin), everyone at school, and a couple of would be employers have sent me down this path of certification as something I need in order to have an edge in my career.
So my questions:
1) Is this a feasible first certification? I've had some people tell me, and have read others say, that this is a good first step and others (like my boss) suggest taking Network+ first (He himself has no certs, but has been studying on and off (mostly off) for both the Network+ and Security+ for... 4 years?(his words not mine)). I want to start working towards CEH and CISSP eventually, but I'm aware those are not by any means a starting point.
2) What's a feasible amount of study time? I'd like to take it in the next 3 months, preferably in one month, a week and a half after finals. It seems some people study a week and ace it and others spend months to fail. Is it just incredibly variable depending on pre-existing knowledge (I'd suspect so)? Right now, I'm planning to buy a book and base my examination date on how foreign the material strikes me.
3) I see that a lot of people suggest Gibson here, but after following the link in the sticky, under book recommendations, I did not see Gibson (I don't believe at least). Is there a consensus to a "best book" or are there a few that are equally as impressive?
4) I notice a lot of referencing everywhere to SY0-301 but the current exam is SY0-401 correct?
Probably basic questions, and I apologize for not reading through more. Thanks!
Comments
-
PJ_Sneakers Member Posts: 884 ■■■■■■□□□□You don't need Network+ before Security+ if you already understand the concepts in Network+. It's a suggested prerequisite. If you have a decent understanding of TCP/IP in general and understand what switches, firewalls, and routers do you can pass Security+. Sec+ has a lot more than networking in it, but Net+ knowledge will definitely help you tie it all together. If nothing else, you can watch all of the Professor Messer Network+ videos prior to your Security+ studies to (re)familiarize yourself with the material. It would not hurt in the least.
-
gunther123 Member Posts: 12 ■□□□□□□□□□I don't have any certs myself but I have 19 years experience in IT. I am now looking at Info Sec certification to re-focus my career in a particular direction rather than being the jack-of-all.
I chose to start with Sec+ because I felt that my knowledge and experience would suffice for the Network+ recommendation and I think it has. But whether Sec+ is right for you or anyone else to start with, really depends on your knowledge and experience or how willing you are to dig into the concepts. This forum is a great resource to ask questions.
I picked up Darill's GCGA study guide and found it to be very helpful, even as a "quick" reference to lookup an acronym. I also went through some online videos but I found the book to be a much better resource for me as it went into more detail on topics. However, I did go through every online practice test I could find and found that the GCGA book does not cover EVERYTHING but it covers most of it. Each time I take a practice test, I find a few new things I had not covered yet. I have been at this for about a month now. And I'm planning to take my exam in a couple of weeks.
SY0-301 is the older exam. SY0-401 is the current exam. -
Russ5813 Member Posts: 123 ■■■□□□□□□□I agree with PJ-- if you have a good understanding of networking, you can skip Net+ for Sec+. For me, my degree covered a lot of the networking concepts I needed to know for the exam. I am, however, going back and studying for Net+ to round out my knowledge, as my college courses were more of an overview/mgmt. perspective, while the Net+ has slightly more practical application.
Not sure there's a "best" learning resource because everyone absorbs information differently. For me, the Sybex study guide made up the bulk of my Sec+ studies. Again, security classes from my degree program helped. I also made a ton (~500) of hand-written flashcards, which are great for helping me retain information. I studied casually (1 - 2 hours/day) for two months before taking the exam. YMMV. -
renacido Member Posts: 387 ■■■■□□□□□□If you understanding networking enough to be comfortable with the basics of the following topics you don't need Net+ (this isn't an all-inclusive list just a general gauge):
OSI model (especially layers 1-5)
Switching and routing
Access control lists
IP subnetting/supernetting
Common TCP/UDP ports and protocols
NAT
Basics of wireless networking
DNS
DHCP