About an year of studying random security concepts and about six months of focused approach for the topics that come under the exam! That might appear too much to people who have appeared for and cleared the COMPTIA Security+ exam, but that’s how I approached this exam. For me, it wasn’t just about clearing the exam, I wanted to build a strong foundation of security concepts, to imbibe security into the way I think about IT.
I have cleared the COMPTIA Security+ exam with a score of 890 out of 900 (about 99%). The passing score for the exam is about 84%, which makes this exam a little difficult target despite the definition that it is a Security Basics exam.
I had to study various new concepts related to Access Controls, Cryptography, Malware and Attacks, Security Policies, Communications Security and so on. The (suggested) pre-requisite for the exam is a Network+ and A+ certification. I don’t have any of these and I am a Mechanical Engineering graduate. So, I had to dig into networking concepts first before touching security.
90 minutes, 100 questions – appeared a little tough. Infact after the pass percentage, this was looking as the next big challenge. But I was wrong. I completed the 100 question test (with marking) in 25 minutes. Along the process, I had marked 23 questions for review, for which I spent next 40 minutes. Getting 22 correct out the 23 marked questions was a pleasant surprise!
All in all, it was a good learning experience. I read a lot of security literature, visited several sites. Most of them were not directly related to the exam in that much detail e.g. assembly language, buffer overflow exploitation, dissassembling and debugging, web application security, Cross Site Scripting, Fuzzing etc. But reading these kept me interested in the exam (which is otherwise a theoratical concepts based exam) and in the process helped in learning much beyond the scope of the exam.
Some experts talk against certifications (especially in the testing world). I found appearing for this certification very challenging and the approach which I followed helped me learn a lot. This is in contradiction to the dumps-based-preparation approach which such experts talk of and assume when talking about certifications.
If interested, you can visit the COMPTIA Security+ site for more details about the exam.
Rahul Verma
Site Admin, Testing Perspective
Hi Rahul,
I am Santhosh. This is a good blog for the people who are in testing department. Of course you know that. Otherwise why you spent your valuable time on this.
Would you please suggest me on writing certification like ISTQB and ISEB.
Among the two, to which one I should preapare and attempt .. Please suggest.
Would be great if you suggest me on how to develop my career in this testing department.
Currently I am involving in writing test cases, automating testcases and prioritizing the bugs, signing off for the release based on the Quality, managing QA team. Supporting dev team in solving the issues.
Will these skill helpfull in growth of my career. Please suggest. Hope you read this and respond.
Thank you,
Santhosh.
Certification is a matter of choice. But make sure whatever you choose, you are studying well for the same. Refer different texts.
I found ISTQB’s Advanced Level Technical Test Analyst to be very interesting. But before that you would have to clear Foundation Level as well.
I don’t know anything about ISEB, so you might have to explore more on it. Take a good decision for yourself.
Would be great if you suggest me on how to develop my career in this testing department.
Currently I am involving in writing test cases, automating testcases and prioritizing the bugs, signing off for the release based on the Quality, managing QA team. Supporting dev team in solving the issues.
Career development is subjective in nature. In my opinion, it starts with what interests you. Identify what areas of testing you would like to work on. Locate opportunities for the same. Identify and study literature for the related areas. Whatever you do on the job would definitely add value to a certain point. Redundant and repetitive things don’t help when done for a long time.
Regards,
Rahul