Certifications

CompTIA Security+ has a domain called “Security Operations.” It is the largest domain on the exam at 28%. CompTIA CySA+ has a domain called the same thing, at 33%. The Security+ version covers asset management, vulnerability management, identity controls, and incident response. The CySA+ version names specific tools in its exam objectives: Wireshark for traffic analysis, SIEM platforms for detection and correlation, VirusTotal for threat investigation. Security+ covers enough to recognize those concepts in a multiple-choice question. CySA+ covers enough to use them in an investigation. ...

I got my Novell NetWare certification in the 1990s. Between jobs after that, I ran network cables and configured routers as freelance work. When I moved into IT full time, I was configuring the same routers. When I eventually moved into cybersecurity, I did not struggle with the concepts the way I watched others struggle. Not because I was smarter. Because I already knew what a subnet was, how routing worked, and what happened to a packet between point A and point B. ...

The Security+ exam will ask you to match a port number to a protocol. The job will ask you to look at a SIEM alert at 2 AM and decide whether it is worth waking someone up. Those are different skills. The certification is still worth getting. But going in without understanding the gap leaves you underprepared for the work even after you pass. What the Exam Tests The current Security+ (SY0-701) has up to 90 questions across 90 minutes. CompTIA divides the content into five domains: General Security Concepts, Threats, Vulnerabilities and Mitigations, Security Architecture, Security Operations, and Security Program Management and Oversight. ...