Clickbait
Did I pass it in a week? No. In hindsight, do I think it can be passed in a week? Yes… Well, it depends.
Ok whats the story
Security+ validates the baseline skills necessary to perform core security functions and pursue an IT security career. I stole that definition from somewhere, but basically this certification removes the training wheels from your security bike and allows you to cycle into your next interview without your Da holding the back of your bike, and not falling flat on your face. The cert seems to be an requirement for most entry level security related jobs in the US, but I’ve also seen it pop up for miscellaneous jobs in the EU.
Some boring faces and figures please
Security+ is compliant with ISO 17024 standards and approved by the US DoD to meet directive 8140/8570.01-M requirements. Regulators and government rely on ANSI accreditation, because it provides confidence and trust in the outputs of an accredited program. Over 2.3 million CompTIA ISO/ANSI-accredited exams have been delivered since January 1, 2011.
More choose Security+ - chosen by more corporations and defense organizations than any other certification on the market to validate baseline security skills and for fulfilling the DoD 8570 compliance.
I do hope the Department of Defence are getting their staff more training than just Security+, but it ticks a box that they need to tick, and who am I to argue to ISO 17024 and 8140⁄8570.01-M requirements. Also, I mentioned before that this is an entry level cert, so don’t expect to be appointed the director of S.H.I.E.L.D. as you strut out of the exam hall.
Right come on, what is it
The Security+ syllabus aligns itself with the latest trends in cyber security and tries to provide students with a foundational knowledge of multiple different disciplines. Some of the content pretty much requires hands on experience but some areas are more abstract concepts and don’t require the student to have ever opened a laptop before. Expect to learn the fundamentals of risk assessment and management, incident response, forensics, enterprise networks, code quality and secure coding principles, hybrid/cloud operations, and security controls.
Attacks, Threats and Vulnerabilities
Focusing on more threats, attacks, and vulnerabilities on the Internet from newer custom devices that must be mitigated, such as IoT and embedded devices, newer DDoS attacks, and social engineering attacks based on current events.
Architecture and Design
Includes coverage of enterprise environments and reliance on the cloud, which is growing quickly as organizations transition to hybrid networks.
Implementation
Expanded to focus on administering identity, access management, PKI, basic cryptography, wireless, and end-to-end security.
Operations and Incident Response
Covering organizational security assessment and incident response procedures, such as basic threat detection, risk mitigation techniques, security controls, and basic digital forensics.
Governance, Risk and Compliance
Expanded to support organizational risk management and compliance to regulations, such as PCI-DSS, SOX, HIPAA, GDPR, FISMA, NIST, and CCPA.
How do I pass it in a week?
Providing you have worked in IT for a while, you should be familiar with a lot of the terms that pop up in the exam. Luckily, although the exam claims to test your hands-on knowledge, it serves more as a memory test as you really only skim the surface of each topic, no deep understanding is required. My advice would be buy some practice exams, download some free Security+ sample question apps and just start answering questions. Any time you get a question wrong, google the topic, read about it on wiki if thats all you have time for, write down the correct answer in your own words and start over. I think if you spent 4 to 5 hours a day doing this, you could pass it in a week.