The Ideal Security+ Candidate Just to give you some idea of what an ideal Security+ candidate is like, here are some relevant statistics about the background and experience such an individual might have. Don't worry if you don't meet these qualifications, or don't come that closethis is a far from ideal world, and where you fall short is simply where you will have more work to do. -
Academic or professional training in information security theory, concepts, and operations. This includes everything from "general security concepts, communications security, infrastructure security," and "basics of cryptography" to "operational/organizational security," to quote straight from the CompTIA Web page on general Security+ exam information. -
Academic or professional training in networking, with a particular emphasis on TCP/IP. This includes everything from networking media and transmission techniques through network operating systems, services, and applications, to the details involved in installing, configuring, and using common TCP/IP-based networking services such as FTP, Web (HTTP), and news (NNTP), among others. The official CompTIA verbiage for this requirement reads "two years of networking experience and a thorough knowledge of TCP/IP." -
Two or more years of professional networking experience, including experience with various networking media. This must include installation, configuration, upgrade, and troubleshooting experience. CompTIA recommends "that the Security+ test candidate have the knowledge and skills equivalent to those tested for in the CompTIA A+ and Network+ certification exams," to quote from the general exam information Web page yet again. -
General security concepts include access control, authentication tools and techniques, and services-management principles and practices. They also include understanding a broad variety of attacks, the various well-known types of malicious code or malware, and the insidious practices that lurk behind the innocuous -seeming term social engineering . Under this heading, candidates must also understand principles and practices related to system auditing, logging, and scanning techniques. -
Communications security covers a broad range of topics, including tools, protocols, and technologies relevant to managing security for remote access, email, Web services, directory services, file-transfer services, and wireless networking. -
Infrastructure security means learning the roles that key devicesrouters, switches, firewalls, and so forthplay in creating safe and secure networking infrastructures . It also means understanding networking media and security topologies, such as security zones, VLANs, NAT, and so forth. Other relevant concepts under this heading include intrusion-detection systems and establishing and maintaining security baselines for networks, servers, and applications. -
Basics of cryptography cover key algorithms, related benefits and services, public key infrastructures, security standards and protocols, and what's involved in managing keys and digital certificates. -
Operational/organizational security covers the key concepts and best practices related to physical security, disaster recovery, business continuity, and what's involved in formulating and maintaining security policies and procedures. It also embraces principles and practices that govern managing user and group privileges, gathering and managing evidence of security attacks or breaches (under the heading of forensics), risk identification and assessment, plus user education and important security documentation concerns. Fundamentally, this all boils down to a bachelor's degree in computer science with a strong focus on security topics, plus two years' experience working in a position involving network design, installation, configuration, maintenance, and security matters. We believe that under half of all certification candidates meet these requirements and that, in fact, most meet less than half of these requirementsat least, when they begin the certification process. But because so many other IT professionals who already have been certified in security topics have survived this ordeal, you can survive it, too, especially if you heed what our Self-Assessment can tell you about what you already know and what you need to learn.  |
