Renewing your Security+ certification

Chris Sienko: 0:00

Infosec and Cyborg Hacks wants to help you pass the Security Plus exam. We have three separate hacks on the channel helping you through the process of studying for and taking the exam. What about the years after, when it's time to recertify? Infosec bootcamp instructor Tommy Gober walks you through all the different ways you can earn your continuing education units, how many you need to recertify your Security Plus, and some less known activities that can keep your CEU numbers rising and making ongoing learning and ongoing process, not something you need to cram at the end of three years. If you want to know more well, it's all here today in this Cyborg Hack. Hey, welcome to this new episode of Cyborg Hacks. The purpose of this spinoff of our popular Cyborg podcast is to take a single fundamental question and give you a quick, clear and actionable solution or a new insight into how to utilize Infosec products and training to achieve your work and career goals. Now, to that end, tommy Gober is an Infosec instructor and among his many areas of expertise, he is a bootcamp instructor for CompTIA's Security Plus certification. I've talked to him for several episodes now Please go back and check them out, but for today's Cyborg Hack specifically, tommy is going to walk us through CompTIA's continuing education requirements and how to renew your Security Plus certification a few years after you've received it. So thanks for joining me today, tommy, thanks for having me, ben. So, tommy, let's start with the cert renewal process. I mean, we're starting with people who may not have ever gone for certification before. Why does CompTIA require cert holders to pursue additional learning in order to keep their cert current, and how long after being certified do you have to start thinking about being recertified?

Tommy Gober: 1:42

Why do we have to do it? I mean, look at the pace of technology changing, right, I mean, it's changing so quick and the amount of time that CompTIA and instructors invest in the instructional material leading up to an exam. There's kind of a lock-in effect. That happens because technology continues to evolve and we can't change all of it all the time, and so some of the material can age out, and so we need to consistently go through and refresh to that end. Comptia refreshes their exams every three years, and so sometimes people are like, oh, that seems so quick. I'm like, yeah, but that's like a that's in a lifetime of technology. I mean, when you look through any kind of, there have been several huge things. This is going to revolutionize all technology, and then it fizzles out in a year 18 months later, it's a completely different thing.

Chris Sienko: 2:40

It's going to revolutionize everything I mean at the time.

Tommy Gober: 2:43

At the time we're recording this right, Chat GPT has only been out for a little over a year and so much has changed in that past year. Yeah, and so there's just, things are constantly evolving, and so every three years CompTIA comes out with a new form of their certification and you need to re-up your certification in that same three-year cycle. So whatever day you took the exam, you have three years to renew your certification. You can re-up either by sitting for another exam Some people do that or you can take a new exam so you can take a higher level, as CompTIA refers to them. So for security plus, for example, you can take either the CYSA or the Pintest Plus, and those renew your security plus. Also, if you have like Network Plus, for example, when you pass your security plus, that renews your Network Plus as well and your A Plus. So there's this stackable thing that they've got.

Chris Sienko: 3:49

But by any time lifting all boats. Yeah, right, yeah.

Tommy Gober: 3:52

So there's new material in those new exams, and so you need to take the same exam. You can take a higher level one, or the third option that you've got and what we're talking about here today are the continuing education units, and so there are different numbers of continuing education units. You need four different CompTIA exams, but you can gain those different through different avenues, different channels, and you present those, say like, hey, I did this, this, this and this, this prepares me for you know, this keeps me current with the current state of the art and technology. Comptia looks at those signs off. So yep, you're good to go, and so there's a fee associated with that, but it is far and way cheaper than sitting for another exam. Gotcha.

Chris Sienko: 4:37

So what are some of the common methods that CompTIA suggests for continuing education units, or CEUs?

Tommy Gober: 4:44

Yeah. So they've got a few different ways you can do this. You can take other vendor certifications, so ISC, squared, ec, council, cisco, amazon, any of the other that exist out there in the wild. You can take those and you get. You are granted so many continuing education units for completing those. You can also do any kind of professional development training. So maybe you go and sit on a training for a week on AWS or something you can get for the amount of time you didn't get a certification out of that, but the time spent you get. That If you take college courses, take an entire semester, that will count for that as well. So those of you that are working on cybersecurity degrees or maybe a second degree, if you're on an MBA or something too, that counts, you can also. You can do what they, how they frame it. It's like IT functions. You know the things that you're doing in the IT world. So you can teach and mentor others, and if you have a beginner coming in, you can, or in credits, that way you can create instructional materials. So like new hires coming in, like hey, here's a how-to guide for doing this, having that, and then also if you help CompTIA develop the next round of instructional or test items, test development. Comptia has a method for that. They're subject matter experts, comptia SME you can search for that whole thing there. They'd love to get input for that. Publishing articles, white papers, academic papers, blog posts, books, podcasts, videos. That's why you're doing it all right, chris.

Chris Sienko: 6:26

It is. Yeah, I know I'm accruing CEUs for a certification that I don't hold, but you know, someday it's gonna happen. So yeah, but yeah, I think that's. There's some really great insights in there, especially the idea that, like you learn, you retain information best by teaching it to someone else. I mean, I think that's one of the great x-years of all time, so you've given us a bunch of great ways right there. Do you have any unusual sort of hacks or suggestions for interesting ways to earn your CEUs? Anything that certain holders frequently forget about or don't know exist? I mean, you mentioned things like writing blog posts or writing course material. What are some of the deep cuts?

Tommy Gober: 7:06

I would say becoming a bootcamp instructor. No, that's what. I do yeah, some of the ones that ways. A lot of folks forget to do this is to publish blogs. You don't have to have a major blog. What does it take to create a blog? Back in the day, we had what was it? Blogger and all those blog spot and such. Yeah, absolutely, but you're just documenting. It's kind of like a journal. You're putting stuff out there. You're creating that how to guides, making a little quick YouTube videos, tiktok videos. All of that counts and so, yeah, those are the fun ones to do. Teaching and mentoring others. You got a new hire. Tell your supervisor like, hey, I need to be doing this, continuing to good education. This can out take her under my wing and grow this new hire into being our next sysad then.

Chris Sienko: 8:04

Yeah, Now is there a particular way of logging your hours or whatever? How do you document this for them to you?

Tommy Gober: 8:12

I recommend folks keep a folder in your bottom desk drawer Any documentation that you've got if you're going to a conference. If you're going to go to a conference and you're getting all the swag and all that, yeah, generally you can check with those organizers and they will provide some certificate for you being at their event and talking with vendors and finding out what the current material is. If you have a vendor coming to your organization's offices, you can get documentation from them just doing a sales pitch, showcasing their information. That's a fun way to do anything. This documentation, any kind of documentation you get, drop it in that binder. Comptia has a little web form that they've got where you can put in all the stuff. You provide evidence of that. If you get it all parked in one spot, that's not a hard thing to do. If you've just kind of stepped up with this over the years, it's not all coming out of the wire there.

Chris Sienko: 9:16

Let's talk about down to the wire. We had a previous hacks episode. I hope you'll all check out about the pros and cons and mostly pros of doing bootcamp style training to get the, and one of the things we said with self-learning, of course, is that in theory, you're going to buckle down every single day, but in practice you might skip three days or seven days or 45 days or whatever. So what advice do you have to make sure that people are not leaving the process of earning CEUs until the last minute before your cert expires? What's a good way to incorporate CEU earning behaviors into your day-to-day operations?

Tommy Gober: 9:58

That's that bottom desk drawer. You become, like this, ceu addict. Is this documentable? Is this a certificate of this? Can I get a certificate of?

Chris Sienko: 10:10

this. It's like a coupon flipper Like you're just like where's my? Next discount coming from yeah.

Tommy Gober: 10:17

There's going to be some CEU influencers out there that you could follow. Oh yeah, there's a niche.

Chris Sienko: 10:22

Yeah, I know Tic-Tac, here we come. Man, I love that. Okay, so your advice here is to just be constantly looking for the opportunity and constantly documenting it.

Tommy Gober: 10:35

Documenting it, and if you see someone's how-to guide and it's maybe a little out of date update that share with the technology community. I mean it's the whole standing on the shoulders of giants. Yes, we all owe where we're at in technology to those who came before us who documented this stuff and shared it. I mean, looking back even back in the late 90s the Linux documentation project. I mean I learned so much back in the day growing through what that team of contributors were all putting in, and then I was proud of the day that I was able to provide my own input to such resources, helping others. Hopefully it's hard for me to quantify how many people have engaged with that, but if it's smoothing the path for others behind me, it's doing some good and so that's what Comtee is looking for. So just document, document, document.

Chris Sienko: 11:36

Yeah, and for people who are, who maybe feel a little insecure about that or whatever, the first time that you do something like that, where you write even the most perfunctory how-to guide or an update or whatever, the first time that someone writes you and says, oh, that really helped me out, thank you so much, or whatever Like it, just that's a boost Boy, that is a serotonin ping right there that's gonna keep you going, yeah. So yeah, I mean, and it is very much about standing on the shoulders of giants, but it's also about like many hands make light work, like every one of us is gonna be pushing a few grains of sand out of the way to sort of like smooth the field or whatever. And if you doing that can help you also to keep your cert up to date, I think that's really great advice. So before we wrap up, tommy, are there any commonalities between the CEU project for other comp T asserts? I'm assuming that these all sort of worked the same way and you have, as suggestions you gave us, also work for these other comp T asserts.

Tommy Gober: 12:40

Yeah, so they are all the same documentation. How many hours you need does vary. So, for example, the security plus requires 50 continuing education units, like 50 hours, it's not a one to one. You know, an hour instruction yields an hour of CEUs and the amount of hours you can get does max out. So if I'm getting, if I take a, if I sit through a vendors presentation, that might only count for one hour. But we had to listen to this dude for three hours. That's right right, so it's not necessarily a one to one but you get that, I think the two ones that almost completely fulfills it is like doing a taking a college class. They have publishing a book. So if you look for a book out, that counts for 60 hours and it's like that'll put me over the mark.

Chris Sienko: 13:45

Yeah, that's definitely how long it takes to write. A book is 60 hours.

Tommy Gober: 13:49

So sometimes some of these are a little bit harder than others.

Chris Sienko: 13:51

Right right. Okay, yeah, so I'm assuming power level search is like just you're like a hundred or above hours and things like that for like a CISP or whatever.

Tommy Gober: 14:01

Yeah, so well, like, so the CASP, for example. So you got like, or I think they're rephrasing it or they're rebranding it. Now CompTIA is changing CASP into security X. Yes, Okay so, but CASP, for example, is kind of the highest cybersecurity certification that CompTIA offers and it requires 75 hours within those three years. So that means that every year you're putting in roughly about 25, you're getting 25 CEUs per year, but they, you know, if you have PIN test or CYSA that renews security, plus If you have CASP that renews PIN test and CYSA and renews your security. So it's like you can kind of keep this whole progression and then you're only having to focus on doing those hours for whatever you're. Quote. Unquote top.

Chris Sienko: 14:48

Okay, and it seems like they also kind of encourage you to do a sort of a little bit of everything rather than just do all you know apart from writing a book. But, like you know, don't just all, just don't sit through a million vendor.

Tommy Gober: 15:00

You know demonstrations or whatever and things like that. Yeah, they don't want you doing that, they don't want you like, only doing, you know, blog posts or TikTok videos or whatever Gotcha.

Chris Sienko: 15:10

Okay, well, that's great Time to go over. Thank you for making the the cert renewal process a bit less fraud. I know we we get that kind of that question constantly, where you know what what's what's, you know what can we technically use and how do we document it. So I think this is going to be very helpful to people. Don't wait, that's the big thing. Don't wait, get it going now. All right, well, time to go over. Thank you again for that. Thanks a lot and thank you all for watching this episode. If you enjoyed this video and felt it helped you, I hope you'll share it with your colleagues and with forums and other social media accounts and, as always, please subscribe to our podcast feed and YouTube page. You can just type in cyber work info second to any of them and you'll be well on your way. There's more to come, more security, plus videos with Tommy. So check those out and if you have any topics you want us to cover, drop them into the comments. A lot of people who have commented have gotten gotten their wish, so it could be you next, and until then, we will see you next time and everybody, happy learning.