SY0-401 or SY0-501? Darril Gibson or? Security+ VS Security+CE?

N7Valiant

I guess I'll start off with the CE designation, which I found to be confusing when I saw it listed a as a requirement for some of the positions I was looking to get in(generally a private contractor to the DoD for an internal help desk or PC/IT Technician). Google tells me it's Continuing Education, which made me wonder if I needed to immediately renew my Security+ after passing the exam to get it.

But then I saw some people here refer to Security+ Certification Exam, so I was just wondering if it's all the same and I just created a difference where one didn't exist.


Next question is whether people would put Darril Gibson's work over the "All-in-One" series. I used the two prior All-in-One series written by Mike Myers to help me get through my A+ and Network+ exams, but I only barely passed those by about 10-20 points. I already own the All-in-One exam guide for the SY0-401 by different authors Arthur Conklin and Gregory White, so I'm not sure if a change is necessary if Mike's work wasn't exactly quite where I wanted it to be. Though at a mere $10 for a Kindle version, I'll definitely sink the money in if people are of the opinion that Darril's work is easier to swallow.

That leads me to my next question:
401 or 501?

I figure if one exam guide doesn't get me to where I want to be(usually 90% or higher on a practice test), I could simply go through the other one to supplement my knowledge. But that option is a tad more expensive on the 501 route since I'd need to spend $57 for a hard copy of the All-in-One 501 version.


Also curious, but do people normally have work experience before taking these? Some of the performance questions on the A+ and Network+ left me the impression that it was prepared for someone with actual working experience. I'm just not sure if it catches anyone's attention if they see me with all 3 certs and little to no experience in the field.

victor.s.andrei

N7Valiant wrote: »

I guess I'll start off with the CE designation, which I found to be confusing when I saw it listed a as a requirement for some of the positions I was looking to get in(generally a private contractor to the DoD for an internal help desk or PC/IT Technician). Google tells me it's Continuing Education, which made me wonder if I needed to immediately renew my Security+ after passing the exam to get it.

But then I saw some people here refer to Security+ Certification Exam, so I was just wondering if it's all the same and I just created a difference where one didn't exist.


Next question is whether people would put Darril Gibson's work over the "All-in-One" series. I used the two prior All-in-One series written by Mike Myers to help me get through my A+ and Network+ exams, but I only barely passed those by about 10-20 points. I already own the All-in-One exam guide for the SY0-401 by different authors Arthur Conklin and Gregory White, so I'm not sure if a change is necessary if Mike's work wasn't exactly quite where I wanted it to be. Though at a mere $10 for a Kindle version, I'll definitely sink the money in if people are of the opinion that Darril's work is easier to swallow.

That leads me to my next question:
401 or 501?

I figure if one exam guide doesn't get me to where I want to be(usually 90% or higher on a practice test), I could simply go through the other one to supplement my knowledge. But that option is a tad more expensive on the 501 route since I'd need to spend $57 for a hard copy of the All-in-One 501 version.


Also curious, but do people normally have work experience before taking these? Some of the performance questions on the A+ and Network+ left me the impression that it was prepared for someone with actual working experience. I'm just not sure if it catches anyone's attention if they see me with all 3 certs and little to no experience in the field.

Take the most recent exam SY0-501 and use Darril Gibson's book. You should not need any other resources.

When I passed S+ (two different versions of S+ on two different dates), I already had work experience as a network operations engineer, which might help. The S+ exam will be more challenging without experience, whether at work or at home.

As for the CE designation, you can play CompTIA's game with submitting documentation and paying annual fees...or you can just take the updated test every two to three years, something that I am fairly sure the Feds prefer.

ivyvald

Darril Gibson's stuff is legit. For Sec+, all I used was his AI1 book & Professor Messer **** Sheet.

501 because it's newer and covers more modern infosec topics.

Everyone has a different experience dealing with recruiters/hiring managers. It's all about how well you can sell yourself.
In my opinion, experience is a must have. If you can't get it at your job, then lab it up!

Here are two of my favs:
Blue Team Lab (security administration - threat hunting): https://cyberwardog.blogspot.com/2017/02/setting-up-pentesting-i-mean-threat.html
Red Team Lab: I can't find my bookmarks ...just google Metasploit Unleashed, Vulnhub.

N7Valiant

Ah, so the CE designation is something you have to do extra for? I only now looked at the cards sent to me by CompTIA for A+ and N+ and noted that both of them denotes "Certified - CE", so I was wondering if some wires were crossed in interpretation.

Regrettably I had already scheduled a date for the SY0-401 since I wanted to take it while I still qualified for the academic discount and already purchased Gibson's book for that one, which I find is more easily digestible (and better priced) than Mike Meyer's work.

I am curious though, would independent lab testing be something you could legitimately put down on your resume, perhaps in an "activities" section? I guess you'd need to carefully document exactly which virtual machine you broke into and how you did it in case you ever get the opportunity to bring it up in an interview.

My college IT club might have an opportunity to do an actual penetration test next month under mentoring from FBI/CIA professionals, so that might be something juicy to put in my belt.

TechGuru80

CE means you take courses, webinars, etc and get credits much like in college. A lot of the sources are free and then you pay $50 to CompTIA every year. The other option is to retake the exam every 3 years for automatic renewal, however your cost is dramatically higher because the exam cost is far greater.

Either way, you will have ‘ce’ on your certification...the non ‘ce’ certifications were several years ago where they did not require you maintain continuing education and the certifications were awarded as Good-for-life or ‘gfl’.

You can list the additional stuff but it probably won’t do anything more than show an interest in the field...unlikely to show a true understanding since a lot of the real knowledge would be above somebody’s head with just a Security+.

N7Valiant

Hmm, but would it be valuable to get your foot in the InfoSec door? I'd like to think pentesting is where I want to go, though I believe that's more like a leg in the door rather than a foot. Still, my college coursework qualifies me to take the CEH, which is more of an intermediate certification(still not really hands-on work though).

I am under the impression that perhaps that stuff might not qualify me immediately for penetration testing, but it might get me into entry level InfoSec and let me inch my way closer faster so maybe I can just do 6 months in help desk instead of a year or two.

TechGuru80

Of course it’s worth it...other similar options are SSCP (less known), and GSEC (expensive). It’s more likely to take you 2-5 years to get into pentesting unless you have a stellar profile, so getting into InfoSec is the first step.