What is the Best Security Certification Path

Posted by in Security+ | 52 comments

I’m frequently asked, “What is the best security certification path for someone pursuing an IT job in security?” It’s not an easy question to answer because there are many variables but let me give it a try.

The Certified Information Systems Security Professional (CISSP) certification is considered by many to be a premier security certification. If you have the CISSP, it will open the door to many opportunities related to IT security. With this in mind, I’m focusing this post on the CISSP as the ultimate goal.

I don’t mean to imply that the CISSP is the only premier security certification. Any individual employer might value another security certification more. However, the CISSP is widely recognized and understood.

Security Certification Path for those Working in IT

If you’re working in an IT job, you have some experience. You understand many of the basics related to computers. One popular path to the CISSP is:

  • CompTIA Network+
  • CompTIA Security+
  • (ISC)2 SSCP
  • (ISC)2 CISSP

Security Certification Path for those Working in IT

 

Network+ – Security Certification Path

The Network+ certification ensures you don’t have any holes in your networking knowledge. These knowledge holes can impede your progress because the remaining certifications assume you understand these topics.

With the right study materials, most people can pass the Network+ certification within 30 to 60 days after they start. This page includes links to many posts and other resources to help you pass.

Get Certified Get Ahead

Security+ – Security Certification Path

After passing the Network+ certification, the Security+ certification builds on that knowledge with a focus on security principles. If you pursue it right after the Network+, you can probably pass it within 30 days. The How To Pass A Certification post outlines steps you can take to pass this and other exams. Additionally, this page includes links to many posts and other resources to help you pass.

In addition to helping you lay a solid foundation of security topics, the Security+ certification is a required cert for U.S. Department of Defense (DoD) IT jobs.

The CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide is a popular study guide and has helped many people pass this certification the first time they took it.

Full Security+ (SY0-401) Course

Full Security+ Course Now Available

Helping you Pass the First Time

Online access includes all of the content from the

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

  • Introduction
  • About the exam (including types of questions and strategies for performance-based questions)
  • 100 question pre-assessment exam
  • Mastering Security Basics (full content from Chapter 1 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Control Types and Methods (full content from Chapter 2 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Basic Network Security (full content from Chapter 3 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Your Network (full content from Chapter 4 of the study guide including the exam topic review and 20 practice test questions)
  • Securing Hosts and Data (full content from Chapter 5 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Malware and Social Engineering (full content from Chapter 6 of the study guide including the exam topic review and 20 practice test questions)
  • Identifying Advanced Attacks (full content from Chapter 7 of the study guide including the exam topic review and 20 practice test questions)
  • Managing Risk (full content from Chapter 8 of the study guide including the exam topic review and 20 practice test questions)
  • Preparing for Business Continuity (full content from Chapter 9 of the study guide including the exam topic review and 20 practice test questions)
  • Understanding Cryptography (full content from Chapter 10 of the study guide including the exam topic review and 20 practice test questions)
  • Exploring Operational Security (full content from Chapter 11 of the study guide including the exam topic review and 20 practice test questions)
  • 100 question post-assessment exam
  • Security+ Acronyms

Get the Full Security+ Course Here

 Full Security+ Course Now Available


Test your readiness with these quality materials

Random 100-question tests

Random practice tests from the all of the practice test questions in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. All questions include explanations so you'll know why the correct answers are correct, and why the incorrect answers are incorrect.

34 Simulated Performance-based Questions

Eight sets of performance-based questions with multiple questions in each set. These questions help you understand and prepare for performance based questions.

22 Realistic Performance-based Questions

Two new sets of performance-based questions with a total of 22 questions. These new questions use a new testing engine that includes realistic drag and drop, matching, sorting, and fill in the blank questions.

Flashcard Set

  • 273 Security+ Flashcards to reinforce key testable concepts
  • 280 Security+ acronyms flashcards to help you master the required acronyms
  • 204 Security+ Remember This slides

Audio - SY0-401 Security+ Remember This Audio Files

Learn by Listening. Over one hour and 15 minutes of audio (MP3 downloads.)

Audio - SY0-401 Security+ Question and Answer Audio Files

Learn by Listening. Over three hours hour and 15 minutes of audio (MP3 downloads.)

Bonus #1

Audio from the end of chapter reviews from each of the chapters in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. Over one hour and 15 minutes of additional audio.

Bonus #2

Subnetting mini-tutorial that will help you answer two key question types:
  • Identify how many hosts a subnet supports
  • Identify valid IP addresses within a subnet

Bonus #3 

Access the study materials for a total of 60 days because sometimes life happens.

Get the Full Security+ Course Here

SSCP – Security Certification Path

The (ISC)2 Systems Security Certified Practitioner (SSCP) certification is a good stepping stone to the CISSP. You’ll find that there is a lot of overlap with the Security+ exam and the SSCP so pursuing it after the Security+ certification reduces your study time. Many people take about 60 days to prepare for this exam after the Security+ certification.

One of the challenges with the SSCP compared to the Security+ exam is that the content is broad and not clearly defined. CompTIA takes the time to identify many of the specific objectives of what you’re expected to know. However, the SSCP paints these objectives in much more generic domains. The SSCP Systems Security Certified Practitioner All-in-One Exam Guide is a popular study guide for the SSCP.

This page talks about the objectives and some of the requirements. One requirement is you need one year of experience to become an SSCP. You can still take and pass the exam without the experience. Instead of a full SSCP, you’ll be an SSCP associate until you build up the required experience.

You can skip the SSCP and go right to the CISSP. Many people do. However, studying for the CISSP takes quite a long time and due to the difficulty, many people drop it the first time they take it. It can be quite discouraging stopping people in their tracks. However, when people do the SSCP first, they build up knowledge that applies directly to both the SSCP and CISSP. Also, they understand the (ISC)2 exam process which eliminates some of the unknowns.

CISSP – Security Certification Path

The CISSP certification is much more difficult than the other certifications. However, the tradeoff is that it is well respected. If you earn it, most people understand that you’ve put in a lot of time and effort into it, and that you have a wide breadth of security related knowledge.

Just as the SSCP uses generic domains to identify what you need to know, the CCISP exam also uses domains. The SSCP includes seven domains and the CISSP includes ten domains. Much of the content from the SSCP overlaps with the CISSP but in general, the SSCP is more technical while the CISSP includes more administrative topics.

If you’re planning to take the CISSP exam, make sure you check out the details on the (ISC)2 site. Many people take as long as six months to prepare for this exam. However, if you take it after the SSCP, you can usually shorten this to 90 days.

Security Certification Path for those Without Experience

If you don’t have any work experience in an IT job, I suggest you add in the CompTIA A+ certification. This will give you a solid understanding of the basics related to computers. It isn’t needed by most people working in an IT job, but is valuable for people trying to get into IT. The CompTIA A+ Training Kit (Exam 220-801 and Exam 220-802) is a popular study guide for this certification. The modified path is:

  • CompTIA A+
  • CompTIA Network+
  • CompTIA Security+
  • (ISC)2 SSCP
  • (ISC)2 CISSP

Security Certification Path for those Working in IT

What About CASP?

The CompTIA Advanced Security Practitioner (CASP) certification is a newer CompTIA certification. People are beginning to understand it a little better and it has been getting more respect. As an example, the DoD Department of Defense (DoD) listed it as an approved certification on the same level as the CISSP certification. However, many security professionals question whether it is truly on the same level as the CISSP.

If you wanted to substitute the CASP for the CISSP, you can pursue it after the SSCP or skip the SSCP and pursue it after the Security+. These posts cover the CASP in more detail:

Summary – Security Certification Path

What is the best path security certification path? I suggest Network+, Security+, SSCP, and CISSP. If you study these certifications and learn the material, you will find that you are well prepared to land an IT security job.  No promises, of course. You still need to submit resumes to get interviews and demonstrate your knowledge in the interviews.

Security+ Practice Test Questions

SYO-501 Practice Test Questions Now Available

SYO-401 Practice Test Questions

Over 440 realistic Security+ practice test questions

All questions include explanations so you'll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.
  • Learn mode - randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Learn mode - not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you'll see the explanation. Click here to see how learn mode works.
  • Test mode - randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
  • Test mode - 100 random questions. View 100 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 100 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

 SYO-401 Practice Test Questions


INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS 

Bonus - Performance Based Questions

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ (SYO-401) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you're looking for SYO-501 Practice Test Questions

Simulated Performance-based Questions

Bonus - Performance Based Questions

Simulated performance-based questions included with all

packages that include practice test questions.

Additional Security+ questions to help you prepare for the new performance based questions. These are included with the full bank of Security+ practice test questions and are divided into different sections. For example, you'll have access to the following links:

- Performance Based Question - Set 1

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of security to mobile devices and servers in a data center. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 2

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 3

You'll see a graphic showing a network with computers and servers separated by a firewall. The firewall is used to control traffic between the computers and users using rules within an access control list (ACL).  You'll have three questions that test your knowledge and ability to correctly identify the relevant components of the rule. The incorrect answers and explanation provide you with insight into how to correctly answer this type of question on the actual exam.

- Performance Based Question - Set 4

You'll see a graphic explaining what you might be required to do on the actual exam related to what a forensic analyst would do during an investigation. You'll then have two questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 5

You'll see a graphic explaining what you might be required to do on the actual exam to match protocols and ports. You'll then have seven questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 6

You'll see a list of security controls along with a graphic showing devices and locations within an organization, along with instructions on what you might be required to do on the actual exam to match the controls with the devices and locations. You'll then have four questions that test your knowledge and ability to correctly answer the questions. This question also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 7

You'll see a list of authentication methods and authentication factors along with instructions on what you might be required to do on the actual exam to match the authentication methods with the authentication factors. You'll then have six questions that test your knowledge and ability to correctly answer the questions. This set also includes a link to a graphic showing the end solution for the overall performance based question simulation.

- Performance Based Question - Set 8

You'll see a graphic explaining what you might be required to do on the actual exam to match different types of attacks with the name of the attack type. You'll then have five questions that test your knowledge and ability to correctly answer the questions. This is similar to Set 2 but expands on the possibilities. The set also includes a link to a page showing the end solution for the overall performance based question simulation.

New - Performance Based Question - Set 9

New questions recently added using a different testing engine. See a demo here. This set includes drag and drop and matching questions on ports.

New - Performance Based Question - Set 10

A random set of 20 performance-based questions using drag and drop, matching, sorting, and fill in-the blank. This set includes performance-based questions on RAID.

Get the full bank of Security+ Practice Test Questions Here

Simulated performance-based questions included with

all packages that include practice test questions.

Security+ Full Access Package

Get Certified Get Ahead Security+

Pass the First Time!

Up-to-date Content

New multiple-choice and performance-based questions added regularly

Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.

Buy The Full Access Study Package Today

60 Days Access For Only $55.98

Need more time? You can easily renew for another 60 days at a significantly reduced price.

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. They can also be used to help ensure you're ready no matter what study guide you're using.

This exam is expensive.

Make sure you're ready before exam day. 

Here's what you'll get:
  • All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide. See a demo here. All questions have full explanations so you'll know why the correct answers are correct and why the incorrect answers are incorrect.
  • Over 35 new multiple-choice questions we've added after publishing the study guide.
  • Over 70 performance-based questions. See a demo here.
  • All of the flashcards from the study guide. View them in any Web browser.
  • All of the audio from the study guide. Listen to a sample here.
  • A subnetting mini-tutorial to help you answer key question types in the Security+ exam.
  • Access to a free discount code for 10% off your Security+ voucher. Save $31.10 off the US retail cost for this voucher.

Buy The Full Access Study Package Today

60 Days Access For Only $55.98

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

52 Comments

  1. HI,

    I have 10 years of experience in Network and security field and am Jnice-Sec certified, am planning to take CISSP , i need your suggestion on this

  2. Darril, CompTIA just releasaed a new cert called CSA+ that is supposed to be a steppingstone from Security+ to CASP. I assume it may be comparable to SSCP? They willrelease the new book April 24th which I just pre-ordered at a discount on Amazon.

    However, you may be able to get a preview copy of it to evaluate. Im leaning towards the SSCP since its the industry standard, but am curious about CSA+

  3. Hi Darril,
    Hope all is well. What is your opinion on the following order. I am intending to take the CASP after SSCP and then to CISSP.
    After reading your post on CFR exam, i am somewhat interested in that as well. Please share your insight on the order below and whether CFR could be handy after SSCP or before that. Its not set in stone so I am open to your suggestion.
    Thank you for writing an excellent book on SEC+.
    Fahim

    Network+ –> done long ago
    Security+ –> done last year
    SSCP –> in a month
    CASP –> After SSCP
    CEH –> early next year.
    CISSP –> early next year

    • That path works.

      I encourage you to check out this post.

      • Hi Again,
        Thanks for your link. The reason I brought this up was due to my existing work experience as vulnerability assessment guy at my current job. I am just not quite sure if the CyberSec First Responder would make sense to add to my list of skill sets or whether GIAC Certified Incident Handler would be better choice.
        With about 12+ yrs Of IT work exp. including 6+ years of work experience related to intermediate level IT security, I was wondering if adding CEH and CFR would make sense or any other skill-sets.
        Thank you, Fahim

        • > Network+ –> done long ago
          > Security+ –> done last year
          > SSCP –> in a month
          > CASP –> After SSCP
          > CEH –> early next year.
          > CISSP –> early next year

          You’re working on SSCP now and plan to take CASP next. Considering that you took the Network+ long ago and Security+ last year.

          And, you’re asking about what you should take after these next two certs.

          I recommend you focus on the certification you are currently working on.

          While studying the current certification, you are likely to learn more about what you enjoy and create some clear goals about what you want to do.

  4. Congratulations Kate. You’re absolutely correct. Pass CASP and it renews A+, Net+, and Sec+. It’s an easy way to renew them all.

    Thanks for the kind words. A CASP book may be in my future, but not soon. I have written some practice test questions for it.

    Good luck with the CISSP. Not sure if you’ve picked up a book yet, but we’re getting a lot of favorable comments out the CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide.

  5. Just sat and passed CASP on July 22nd. I needed CASP or CISSP for a DoD contractor job. Went with CASP because it’s a shorter test. I hold the Sec+, CEH, and CASP certs. Difficulty-wise, CEH is Sec++ and CASP is Sec +++.

    If you pass CASP and hold A+, Sec+, and (I think) Net+, CompTIA will renew the other certs automatically (no continuing ed fees required). That’s a nice little perk for CASP that people may not consider.

    I loved your Sec+ book for SY0-301 and I recommend your Sec+ book to everyone I know. Please get cracking on writing a CASP book. Neither one of the two leading CASP-02 books is that great. I also wish you would write a CHFI book because I’ll have to sit that exam for a WGU class.

    Rather than lose my certification momentum, I’m sitting CISSP in October. I wrote this comment to plead for a high quality, readable CASP prep book and to add some recent CASP insight.

  6. Hi Darril,
    First, I would like to echo another poster and say that I used your Security + guide to pass my Security+ certification; it was a great help! I enjoyed the style and presentation of the layout and found it to be enjoyable to study.
    Second, as this thread was started quite a while ago, I wanted to ask if you still thought that the path you laid out was still the best path to the CISSP? Also, Is your book for the SSCP that you have linked still current with the exam? Can it be studied as the sole source for the exam like your Security+ guide was for that exam? If not, what other study materials would you recommend?

    Thank you for your help!

    • Congratulations on the pass.

      > I wanted to ask if you still thought that the path you laid out was
      > still the best path to the CISSP?
      Yes. Many people are still using this path (Sec+, SSCP, CISSP) successfully. I also hear from people that jump straight to the CISSP, but with mixed results.

      I’m hesitant to recommend any single book as a single source for an (ISC)2 exam. I’d recommend you use Google for anything that isn’t clear.

      Good luck.

  7. Hey, Can I putsue CISSP without any job experience?

  8. Darril,
    I am an active duty service member (army). I have been in the army for over two years and my work has consisted of managing Cisco and Brocade Routers and switches (which has security involved all over it). By the time I leave the military, I will have 5+ years of experience in this field. I already have SEC+ and I am planning on taking Net+ soon.

    I want to get an IT Security/Network Administrator job when I get out. Taking into consideration that I have free access to any IT related certification (including CISSP) and its respective training, which certifications do you recommend me to get in order to be above the rest when I get out onto the job marketplace.
    Thank you.

    • Hi Max.

      > I already have SEC+ and I am planning on taking Net+ soon.
      Congrats on the Security+. While taking the Network+ might appear to be going backwards, you will gain valauable knowledge in the process.

      > I want to get an IT Security/Network Administrator job when I get out.
      > …which certifications do you recommend me to get in order to be above the rest when > I get out onto the job marketplace.

      If you want to stand out, build a solid foundation of certifications in topics that interest you. Many people wait until they have six months until they’ll get out and try to rush to get certs. If you get just one new cert every 6 months or even once a year, you’ll be ahead of them.

      These blog posts might help.

      Recommended Certification Path
      IT Certification Path for Network Administrators
      Just Lean Into It

      Also, with your experience, you might like to consider the CCNA or CCNP.

      Good luck.

  9. Darril,
    I’ve been in the IT field for a few years now (about 13) and I’m planning on taking CASP. I’ve been told that I can get additional certifications simply by passing this exam. Is this true? If it is, what are the steps I need to take?
    I’ve passed SEC+ many times over and now I’m looking to expand my knowledge vice just taking the SEC+ exam over and over again.

    • > I’ve been told that I can get additional certifications simply by passing this exam. Is this true?

      No. Passing the CASP does not give you additional certifications.

      However, passing the CASP does automatically renew lower level certifications (such as Security+) without the need to do the CEUs.

      • I was told it can give you Linux+ and others but only if you submit for them. They aren’t automatically given to you. I’ll keep looking online because I know I saw it as well, with a full explanation how to get them. I was hoping you would know. I’ll be sure to post it if I find it again.

  10. Darril,

    Thank you for taking the time to write this and answer so many people individually. I have one question for you: Considerings that I don’t possess IT security knowledge, but have worked as both software developer and BI developer for over 12 years, how long will it take an average person such as myself to pass the CISSP without the above listed certs? I plan to set about 4-5 months of full time study to it, do you think it should suffice?

    • > I plan to set about 4-5 months of full time study to it, do you think it should suffice?

      Yes. People with less experience than you have gotten the CISSP within 4-5 months. Your software and database experience are sure to help you.

      Recently, one person told me that he did the Security+ first (completing it within 30 days) and then moved onto the CISSP and finished it after another 70 days. He stressed that the Security+ knowledge built a solid foundation for him. He said that it was relatively easy for him to grasp the Security+ concepts, and then add a little when he moved into the CISSP. He also mentioned that the “win” after getting the Security+ gave him some positive feedback before he took on the CISSP exam.

      In contrast, I have heard from people that have gone to the CISSP only, but failed it the first time they took it. Afterwards, it took them a long time to “get back on the horse” and try it again.

      Good luck whatever path you take though. It is definitely achievable within 4-5 months of full time study.

      Darril

      • Darril,

        What do you consider full time study? I have always been dreadful when it comes to time management but I am sure if I approach it like I did in school along with asking my wife to get on my case about it if she sees me slacking that I can knock these out.

        • Hi Nicholas,

          The better question is what do you consider full time study?

          Words have power. With that in mind, you might like to change the words you’re using. Otherwise, you might find them constantly echoing in your self-talk.

          Instead of “I have always been dreadful when it comes to time management”
          Try
          “Up until now, I haven’t been the best with time management.”
          Or
          “I’m sure that if give this some effort, I can figure out the best way to manage my time.”
          Or
          “I was great with time management in school and I can be just as good or better while pursuing this certification.”

          Good luck.

  11. Hi DARRIL,

    I am taking CISA exam this December and planning on studying CISSP soon after. Will it be necessary for me to write Security +. Iv already attained the CCNA Security and ITIL certifications.

    • Hi Walter,

      > Will it be necessary for me to write Security +.

      Other than experience requirements, there aren’t any prerequisites for the CISSP exam.

      I’m not close to the CISA cert so can’t speak to it. Similarly, I’m not close to the CCNA Security cert but do think it would help you with the networking part of the CISSP.

      I do know that many people that attempt the CISSP exam without an adequate foundation of knowledge end up with an opportunity to take the exam more than once. Successfully passing the Security+ exam does help build a good foundation.

      Hope this helps.

      • Thank you, I have 3 years Experience in IT Security and one as an IT auditor. So from your own point of view, do you think Security + will be necessary or I can just get into CISSP

        • Hi Walter,

          Security+ is not “necessary.” Having the Security+ knowledge is recommended.

          Based on your level of uncertainty, I’d say get it. You’ll create a solid foundation of overall security and you’ll also have an intermediate victory.

          In contrast, some people pursue the CISSP first and fail it due to the overwhelming amount of material it covers. They then get discouraged and never pursue it again.

  12. Hi
    Earlier this year, my company notified me they were closing the office, leaving me back in the job market.
    I got my Network+, Security+ VMware DCV, ITIL Foundations, CISSP all in a 5 month period.
    The CISSP was what got me my current job as system administrator with the US Navy in the Seattle/Tacoma area.
    Even with over 15 years experience as sys admin, all the certs, most of my resumes were ignored. It’s a very different game here than it was 15 years ago when I was hired as sys admin with Expedia. Also at the age of 59 most people I work with are younger. My advice, before you study for a cert, go to Indeed.com , careerbuilder.com, monster.com. See what certs they are looking for. I didn’t see anyone here looking for SCCP or CASP.
    Government jobs really like certs. They are paying for my MCSE now and after that certs with Nessus vulnerability scanner.
    And forget what they articles say about how much pay you will get. It’s not going to be that much, but take the job and start getting experience and don’t stop taking that next cert exam.
    Good Luck

    • Congrats on landing the system administrator job with the Navy.

      Everyone isn’t able to get the five certs you achieved in five months.

      That said, the SSCP is often a good stepping stone to the CISSP exam.

      Also, while the CASP has been a slow starter, it is being recognized by many hiring managers as an alternative to the CISSP. This includes many DoD jobs.

      Of course the easiest course of action is to just get the cert that your next employer wants. Unfortunately, you rarely know what that cert is until after you get the job.

      Good advice on checking the job boards and continuing to pursue the next cert. As long as you’re working for someone else, there simply aren’t any guarantees about tomorrow.

  13. No question here; rather a thank you. I used your book to self-study for Sec+ and passed. I learned a ton, and I like the way you set up the materials in the book. I’ve got your SSCP book now and need to stop procrastinating and get going on it, but just wanted to say thanks again as I attribute a large portion of my passing to your excellent study material.

    Keep up the good work.

    • Thanks Brad. Congratulations on the pass – it’s not an easy test to pass, but I’m very happy to hear you say that the book helped you.

      Good luck with your next adventure.

  14. Hi Darril

    After getting my Security+ certification (with the help of your material), I plan on studying for the SSCP certification or the Certified Authorization Professional (CAP) certification. What is your opinion of the CAP and how does it compare to the SSCP? Thanks you your advise!

    • Congrats on the Security+ pass. Sorry, but I don’t have much knowledge about the CAP so can’t give you any advise there. Good luck whichever path you take.

  15. > is if I have work experience in IT support and want to change to security is that possible?
    Absolutely.

    > Don’t I need experience in addition to certs?
    That is best, but everyone starts somewhere.

    >In the country I am living its hard to get a job in an area I don’t have experience in.
    It can be the same in any country. I recommend you look for reasons why you can can succeed rather than reasons why you can’t. Set a goal and pursue it. Good luck.

  16. Hi There,

    I am planning to go through the recommended path but my question is if I have work experience in IT support and want to change to security is that possible? Don’t I need experience in addition to certs? In the country I am living its hard to get a job in an area I don’t have experience in. Please advise.

  17. Hi Darril,

    I am looking at changing career paths to IT Security and I wanted to ask you a few questions

    1) What is the IT Security job market like? Is it a good idea to get into the IT Security industry? I ask because I am looking for a career path that will provide me a 6 figure plus salary

    2) What is the salary ranges in 2015? and are 6 figure salaries common for security experts who are certified? I ask this because when I was a Network Specialist in 2001 making $70,000 a year was common now the market is saturated.

    3) I understand the training path of

    Security+
    SSCP
    CISSP

    Any recommendations how to properly prepare to pass these certifications?

    Thank you Darril

    • Hi Brandon.

      Check out this 2015 IT Salary Survey, which shows some good trends.

      Here’s a cut and paste from part of it:

      Security Talent Is Red-Hot

      Security pros are in demand, and companies are willing to pay top dollar for the right candidates. Do you have what it takes to succeed on the infosec career track?

      I hear from people almost daily that have passed the Security+ exam using the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide to self-study and pass the Security+ certification, typically within a month. Many people supplement their studies with online materials here.

      Additionally, I often hear from people that pass the SSCP exam quickly afterward using the SSCP Systems Security Certified Practitioner Exam Guide: All-In-One as a self-study source. The objectives have changed but I’m finding that they aren’t significantly different.

      CISSP is more complex and covers a wide range of topics. People typically use multiple books to study. Here’s one: CISSP: Certified Information Systems Security Professional Study Guide

      Hope this helps.

  18. Hi Darril,

    I have 8 years of enterprise application development and maintenance experience and I wish to tend my IT career towards Security as it provides unique job opportunities and better salary and I dont have previous experience in IT Security. When I am looking for security certifications I found CSSLP which is about secure programming oriented for which I had past experience, my question is it correct path to follow from app development to Security domain through CSSLP ? Is it worth to take CSSLP certification ? What will be my next path after getting CSSLP to progress in IT security?

    Regards,
    Raj

    • Hi Raj. Sorry, but I don’t have any experience with the CSSLP so I don’t have any advise. I do know that Security+ provides a solid foundation for all of the security certifications. Good luck no matter what path you take.

  19. If you have no experience can you still work your way up to CISSP? I’m just a bit confused as to the requirements, I saw on one website that you need 5+ years experience in two of ten fields to acquire CISSP.

    • Also what can you tell me of CEH? I’ve heard that is good as well. If i went with CEH where along the path should I take it? Or is it something that I need not take? There are so many certificates that I am lost on what exact path I should take.

      • > Also what can you tell me of CEH?

        Not much.

        I’m not close to that cert and have not seen it as a highly valuable cert. I’m not saying it isn’t valuable. Instead, I haven’t seen it highly valued by others.

    • > If you have no experience can you still work your way up to CISSP?

      Absolutely. Everyone starts without any experience but work their way up to where they are now.

      > I saw on one website that you need 5+ years experience in two of ten fields to acquire CISSP.

      Yes. If you don’t have the experience though, you can still take and pass the CISSP exam and earn an Associate of CISSP certification. Check out this page: https://www.isc2.org/how-to-become-an-associate.aspx

  20. I’m a senior J2ee web engineer, looking forward to make a turn in my career path toward information security, the question is: is it necessary in my case to pass network+ prior to secuity+.
    In another hand, as SSCP has a lot of overlap with security+, shouldn’ t one consider other options ?
    Thanks.

    • > is it necessary in my case to pass network+ prior to secuity+.

      No. However, having the Network+ knowledge will help you pass the Security+.

      > In another hand, as SSCP has a lot of overlap with security+, shouldn’ t one consider other options ?

      While the Security+ and SSCP overlap, the SSCP builds on the Security knowledge so it is a logical path. Similarly, the SSCP and CISSP overlap, but the SSCP gives you a solid foundation and the CISSP builds on that knowledge.

      That said, you could take a completely different path of CCNA, CCNP, and CCIE Security.

      However, many people don’t know what they enjoy or what they ultimately want to end up with. A path of Network+, Security+, SSCP, and CISSP helps them learn the basics and build on it to get some advanced security knowledge, get some certs that will make them more marketable, and in the process, learn what they enjoy. They can consider an alternate path later, but the knowledge they gain in the process will help them in the long run.

      I’m reading the Alchemist this week and love this line: “And, when you want something, all the universe conspires in helping you achieve it.”

      That said, if you want to turn your career towards information security, focus on what you can learn to take in that path. Your path to get there might be different than a path someone else might take, but that’s OK. It’s your path.

  21. Is this post still relevant for 2014… I’m looking to follow the recommendations you have posted.

  22. Hi Darril,
    Quick question; If I go for SSCP immediately after taking my Seurity+ do they still need me to have a year experiance before I can become SSCP or I can use my Sec+ as 1 year experience??
    Thanks

  23. I did CASP as the predecessor to CISSP and found that to be a great stepping stone. Great test. It was refreshing to not see all multiple choice questions.

Leave a Comment

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!

Get Certified Get Ahead is a participant in the Amazon Services LLC Associates Program,
an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.

Copyright © 2015 Get Certified Get Ahead. All Rights Reserved.