The new version of CompTIA Security+ (SY0-501) places a greater emphasis on a security professional’s practical and hands-on ability to both identify and address security threats, attacks and vulnerabilities.
“The key to security today is wise resource management and the ability to pivot resources,” said Dr. James Stanger, chief technology evangelist for CompTIA. “Risk management makes that possible. CompTIA Security+ makes it possible for security professionals to use the same vocabulary and customize framework and move forward with confidence.”
CompTIA Security+ is a vendor-neutral, internationally recognized credential used by private and public employers, government agencies and others to validate foundation- and intermediate-level cybersecurity skills. Now in its fifth iteration, CompTIA Security+ was introduced in 2002. Since then, more 430,000 individuals have earned the credential.
One of the factors that sets CompTIA Security+ apart from other cybersecurity credentials is the use of performance-based exam questions. On average, a test taker can expect to spend up to one-third of the 90-minute exam completing performance-based items.
“These items include simulations of technology solutions and story-based items that require advanced cognitive thinking on the part of the test taker,” Stanger explained. “Cybersecurity professionals who pass the CompTIA Security+ have demonstrated that not only can they identify cyber threats, but they know how to respond to stop them quickly, efficiently and effectively.”
CompTIA Security+ is relevant for a wide range of technology positions, including systems administrator, network administrator, security administrator, and junior IT auditor/penetration tester.
While there is no required prerequisite to take the exam, candidates should be CompTIA Network+ certified or have equivalent experience; a minimum of two years in IT administration with a focus on security and day-to-day security experience. The exam requires a broad knowledge of security concerns and implementation, including:
- Identifying risk and participating in risk mitigation activities.
- Providing infrastructure, application, information and operational security.
- Applying security controls to maintain confidentiality, integrity and availability.
- Identifying appropriate technologies and products and troubleshoot security events and incidents.
- Operating with an awareness of applicable governance policies, laws and regulations.
CompTIA Security+ is ANSI accredited and complies with the ISO/IEC 17024 standard for personnel certification programs. The certification is also approved by the U.S. Department of Defense for Directive 8140/8570.01-M, which established department policies for its cyberspace workforce, including setting requirements for training and certification.