Security+ exam tips: What changed and how to pass the new exam

Chris Sienko: 0:00

Cyberwork Hacks is here to answer your questions about the Security Plus exam Today. Infosec Boot Camp instructor, tommy Gober tells us about the new changes to the Security Plus exam and how it will, or will not, affect your study and preparation for the exam. Keep learning and keep it here for another Cyberwork Hack. Hey, welcome to a new episode of Cyberwork Hacks. The purpose of this spinoff of the popular Cyberwork podcast is to take a single fundamental question and give you a quick, clear and actionable solution to that problem, or a new insight on how to use and utilize InfoSec products and training to achieve your work and career goals. Today's guest, tommy Gober, is an InfoSec instructor and, among his many areas of expertise, he is our Boot Camp instructor for one of the most popular and in-demand certifications, comptia's Security Plus certification. For today's Cyberwork Hack, tommy and I will break down some of the forthcoming changes to the Security Plus exam. I'm looking forward to that. Thank you for joining me today, tommy. Hey, chris, good to be here. Thank you, it's good to have you. So, tommy, as we know, the Security Plus exam has made some noteworthy changes in its new exam. Can you explain for our listeners some of the key ways that the exam will be changing this year.

Tommy Gober: 1:15

Yeah, so things have been reordered, this go-around, okay. So a lot of the terms have remained in place. There's a lot of the same concepts, but they have been reordered or even have a new approach to them. Okay, and so for that, what I mean is in the past some of the concepts have really got out in the weeds. We really get real technical and detailed on some of this, and not everybody needs to know that, right? Not everyone's going to necessarily be in a hands-on kind of in-the-trenches technical individual. They might be overseeing a security project and so they may not need to know the technical ins and outs of some of these. So it's more generalized on some of these concepts. And then we also have some new technologies that have replaced old ones, but, of note, wpa3 for wireless security that gets included now. Up until now it's been WPA2, has been the bee's knees. WPA2 has been the solution for everything, but now we start to use WPA3. We don't have to really get into the individual types of encryption or ciphers that get used for cryptography and whatnot. So those are some of the things that have changed. Other topics that have. Other things that have been changed on the exam have been for the vocabulary, so some of the terms have been altered. Well, it can actually throw somebody for a loop. If you are coming into this with some technical background already, you're like, okay, I know this stuff, let's do it. You will see some changes in vocabulary. For example, I just actually just saw this question this morning on the Interwebs. Someone was confused about what the heck is an on-path attack. An on-path attack that's a new way of describing what we have up until now referred to as a man in the middle. Got it Okay? So it could be confusing if you are coming into this knowing things like man in the middle. You got the concept. It's just what is CompTIA referring to it as now moving forward and they've made some moves to be more inclusive with other topics, and so it helps to know the vocabulary.

Chris Sienko: 3:45

Okay, so why do you think CompTIA decided to make these changes to this extremely popular entry with certification and I'm not speaking here specifically about inclusive language, which makes sense, but you mentioned going from WPA2 to WPA3 and some of the other tech upgrades, but what aspects of the changing industry were they trying to address, do you think?

Tommy Gober: 4:05

Well, it's actually nothing that they just didn't wake up one day and just be like, hey, we're going to pull the rug out from all these people.

Chris Sienko: 4:11

It's completely changed everything.

Tommy Gober: 4:12

Yeah, right, it's every three years, give or take every three years round about that, comptia reassesses. They check in with a network of subject matter experts that they've got on hand and they kind of I would imagine they go through kind of a kind of pull the audience sort of thing a Delphi study, if you will and they go through and figure out what are the things that are happening in technology right now and what things maybe didn't pan out from last time we did this, and so they're going through and identifying things that have been deprecated and moving forward and saying, okay, this is the new standard, this is the way things are going now. Interesting too about WPA3 is that if you are following in the technology news and whatnot, there are some security concerns about WPA3. So shocker here. I know Marles is not bulletproof.

Chris Sienko: 5:10

Yeah, sure, of course.

Tommy Gober: 5:11

But it's you know that came out after things were solved.

Chris Sienko: 5:16

We're going to be yeah, we're going to have to. I mean, that's all the better for our security professionals of the future to know how to secure WPA3 here. So for people who are currently studying for the security plus but maybe not get scheduled to take the exam and maybe working sort of off old materials, do you need to change your study or learning strategy at all?

Tommy Gober: 5:39

No, I wouldn't. You're good to go If you're studying for the 601, the prior version you have until July 31st of this year, so you still have, you know, six, seven months to give it a go. If you have not begun yet, then you want to start with the 701. You know, it depends on what your study habits are like. If you're going to be doing this on your own, if you're joining us with Infosec, you know, I think I have one more 601 class that I'm doing Okay, and then we're going to be launching into the 701. And really, it doesn't matter which version you take. It does not print on your credential.

Chris Sienko: 6:27

This Joker took the 601. Yeah, look at Mr Old West here. Yeah, what's he doing? Yeah, they're not going to.

Tommy Gober: 6:37

It's like anyone that sees that you got the credential, they're not going to say well, what version did you take? When did you take it? Yeah, yeah.

Chris Sienko: 6:44

Okay, got it. Got it. Okay, that's good. So, yeah, obviously, Infosec here is all about helping you pass your certifications exams with flying colors, and Tommy can help you do that. But we also want to make sure that you retain that info and use it to level up your skills in your career. So, Tommy, what aspects of the information on the Security Plus exam would you say are most crucial to continue learning and practicing to keep your skills at the top of the heap?

Tommy Gober: 7:10

Oof, that's a hefty one. Yeah, there's a lot and there's we talk about some of those concepts that are kind of over the horizon things that you know we're looking ahead how are things shaping up between you know, over the next month and the next year, et cetera. So we look at those. But it's really up to the individual to look out where is their career trajectory taking them, because for security plus and I trust that everyone here knows that you know it's a huge field of cybersecurity and security plus doesn't cover everything. But it also, like I said earlier, we don't get down the weeds on some of these concepts. So it's we're kind of getting a sampling along the way of all these different topics on security plus. So it's, security plus is a mile wide and an inch deep, right, that's what can make it challenging for newcomers that are that are coming into, come into terms with all this content on the exam. They're like holy smokes. How do I keep up with all this? It's because there's so much is expanding the breadth of cybersecurity and I like to liken it to. It's kind of like a buffet. It's like all these different topics and we're just going to explore all of it. Just get a little bit of try, a little bit of everything Exactly and, if you want, go back for seconds, go back for thirds, dive deeper on this one particular aspect, because we talk about pen testing but we don't go in depth on pen testing. If you want to go deeper in depth, come check out pen test plus certified ethical hacker. There you go All the other topics there, but we just get a little smattering all along the way. We get a little bit of governance, we get a little bit of digital forensics, but we don't go in depth. So where you're going to fit in at your workplace, that's what's going to really decide where you dive deeper.

Chris Sienko: 9:06

Gotcha. Yeah, that makes sense. I guess I was thinking in terms of higher level things like CISSP, where you're going to be hanging by the sort of you know cedar, your pants, though I remember everything, but what do I really need to remember? But yeah, this makes more sense with the sort of buffet metaphor in terms of like you're given all these sort of like entrance ways and you have to decide which ones you want to sort of walk through at the next stage of your career, I suppose.

Tommy Gober: 9:31

But it's also fun too, right, Because we get to try a bunch of different things that maybe right now the role that you are in or the role you're thinking about going for is down this one track. But you're like, wow, I never really knew that was a thing. Yeah, what about this? I'm sorry. Explain that.

Chris Sienko: 9:45

That could be fun. So, tommy, someone who's taught hundreds of students over the years, what is your top piece of advice for studying for and taking the security plus exam?

Tommy Gober: 9:56

Learn the terminology, the vocabulary. Okay, yeah, it's enormous. That's probably the biggest stumbling block. I think that anybody that has taken the exam will agree that there is so much vocabulary that's in there. Going through and looking at what are, what's the terms that they're using, what's the? What are they getting at when they're asking these questions? What the heck are they asking? Yeah, being able to go through and unpack some of the acronyms that are in here and then being able to sleuth all that out. So here's my, my official answer to this one Chris, download the exam objectives. Comptia makes this list of objectives and it just lists out hey, these are all the things that are going to be on the exam. That's what we do. Day one in the bootcamp is we say get these things, print them out. I encourage folks to print these things out, keep a copy on hand and then go through with a pen, check off things as you understand them. If you can describe what this bullet point is about to your cat, to your neighbor's fence, post, whatever, put a line through it. Then if you don't understand it, skip it and move on. Do a real, honest, personal assessment of the content. Then, once everything's checked off, guess what You're ready to go.

Chris Sienko: 11:20

Love it Almost, as if they want you to pass no barrier of century but our own.

Tommy Gober: 11:27

Well.

Chris Sienko: 11:28

Tommy Gilbert. Thank you for taking some of the mystery out of the new Security Plus exam.

Tommy Gober: 11:31

Absolutely Thanks for having me.

Chris Sienko: 11:33

Thank you all for watching this episode. If you enjoyed this video and felt it help you, please share it with your colleagues, forums and on your social media accounts. Definitely subscribe to our podcast feed and YouTube page. You can just type in Cyber Work with InfoSec into any of them and you're on your way. There's plenty more to come, including several more Security Plus episodes with Tommy. If you have any topics you want us to cover, feel free to drop them in the comments below. Until then, happy learning. Hey, if you're worried about choosing the right cybersecurity career, click here to see the 12th most in-demand cybersecurity roles. I ask experts working in the field how to get hired and how to do the work of these security roles so you can choose your study with confidence. I'll see you there.