Studying for the CompTIA Security+

I received my CompTIA Security+ certification in October of 2022 completing the SYO-601 after 4 months of studying. I accomplished this task using a few different tools and techniques that I wanted to outline here in case any Sec+ hopefuls were looking at how others studied. I used a combination of free and paid tools (Professor Messer and ITproTV) to immerse myself in the content and fully grasp the concepts outlined in the CompTIA learning objectives using both active and passive learning techniques.

Day to day learning:

 I set aside 1-2 hours per day (mine happened to be while I was commuting to and from work) and watched the Security+ videos on ITproTV taking the time to rewind and rewatch any videos or topics I didn’t fully comprehend. I actively focused on the visualization of the topics and ensuring I was fully grasping what they were saying while covering them. Then while at work I played the Professor Messer Youtube series dedicated to the same topic. I found he went through the materials in a different order which helped break up any monotony. While at work I couldn’t afford to watch the video most of the time and was not always at my workstation where the video would be playing but while at my workstation I tried my best to be listening to the videos while I concentrated on doing my job. I considered this to be passive learning since it was background noise that I was listening to but didn’t occupy the forefront of my thoughts. Then on my way home if I still felt fresh I would spend another hour picking up where I left off on ITproTV fully engaged in the topics. I cruised through the Professor Messer content relatively quickly considering it was playing most days for about 10 hours per day so I kept replaying it. Each pass through I would hear something new that I had missed on a previous iteration, however after 3 replays I sought out new SY0-601 full study guides on Youtube and played those.

Bigger picture:

Since CompTIA also implements performance based questions I knew going in videos wouldn’t be enough, which is why I decided to choose to pay for ITproTV. On my days off I would sit down at my PC and do 2-3 virtual labs offered by ITproTV in their Security+ course. I also went a step further and stood up a small virtual network using VMware Workstation. The network only consisted of 3 machines 1 I downloaded from Vulnhub, the second was Metasploitable 2, and the last machine was just Kali Linux. I installed a couple of the tools that are in the learning objectives for the exam (Harvester, Nessus, and Sn1per) which I used to probe the metasploitable box. The installation was a learning process in and of itself but I got to play with the interfaces unrestricted by a virtual lab in a safe and legal manner. As I drew closer to finishing my ITproTV course I substituted the course material Professor Messer offered for his study group podcasts on Spotify. This gave me the opportunity to annoy my coworkers by blurting out random answers to questions I thought I knew throughout my work day. This is also where I took my first practice test on ITproTV and got a 78%.

Finale:

Once I felt comfortable with the materials and had finished the ITproTV course I purchased the voucher and carefully scheduled my on premise test for the last day of my 5 day weekend. When that 5 day off period came, I sat down and started rewatching the ITproTV course on 2x speed until I felt my brain start melting. Then I would play video games with it playing in the background the rest of the day. The day before the exam I didn’t study at all, instead I took another practice test and only scored 56%! I was crushed but I was still being optimistic and thought even if I take the test and fail I can take it again (not that I could necessarily afford it again) and decided to hop on my motorcycle and go down to the testing facility (a local community college). Once there I wanted to scope out the parking, campus layout, find the testing room, and ask about accommodations for me to keep my helmet. After I took the rest of the day off from studying, rode around on my bike, enjoyed some face time with my significant other, and got plenty of rest. The next morning I arrived early to the testing center, got all checked in, and took the test. I passed, with a 782 (750 is minimum) which while not the highest score is still a passing score! I am now onto studying for my Network+ using these same TTPs.