Navigating the Study Terrain: How I Prepared for the CompTIA Security+ Exam

Background

I am beyond thankful to God for passing the CompTIA Security+ SY0-601 exam. I am blessed with time, a good support system, a great professor, a quiet area to study, and much more. For context, I did go over ALL of the exam objectives a year prior, but it was only with Professor Messer's videos and that was when I had no IT background. So most of the concepts did not make sense at the time. The second time that I studied for it, I had the Network+ under my belt and it made the exam WAY easier. I also had less time than before because I picked up Jiu-Jitsu as a new hobby.

Books I used

The book our class used was the CompTIA Security+ Certification SY0-601 by 30 Bird Media on Ucertify. I supplemented this book with Darril Gibson’s “Get Certified Get Ahead SY0-601 Study Guide”. The pro of the first book is that it covers all the security best practices. The cons are that they do not base their book on the CompTIA exam objectives, which means that it does not go in chronological order according to the exam objectives. This makes it harder for studying because you have to refer back to the exam objectives constantly. As you are reading, you have to search every word you think is a term on the exam objectives list manually which is more frustrating, repetitive, and inefficient. Also, it does not cover all of the terms on the exam objectives in-depth enough. They do go in-depth over the major topics which is good, but some terms on the objectives list are barely touched at all. I think it is an overall great book for security best practices, but I prefer a book like Darril Gibson’s more. Also, I feel like the 30 Bird Media book covers additional information that is not on the exam. If you are in crunch time, then you do not want to use your extra time going over terms that are not on the exam.

What I did differently

From my last certification experience, I concluded that my studying was not the most efficient. I was spending too much time writing notes for all the exam objective terms, and I didn't spend enough time reviewing all of my notes. What I did differently this time was the implementation of Anki cards. Also, I didn't watch Professor Messer's videos this time after every lesson because I felt that the two books were enough for me to understand the terms. I only watched them when it was something that I really struggled with even after reading the text like CASB and SWG, more of the cloud stuff for me.

How I studied

I would read the text and understand the terms, then make an Anki card (or several depending on the topic). On Anki, I mainly used cloze deletion cards and image occlusion. The former gives you the power to blank out words in a sentence and then you try to guess them. The latter lets you blank out words in a picture, which I used to sort of memorize longer processes like PCI-DSS, or the CA digital certificate process. The key to making Anki cards is to not load each card with too much information. Instead, you spread it out by making several easy cards. Before making my cards, I made sure I truly understood each term, or else the card would not make sense and the information would not matter because it would just be mindless memorization without knowing the context of each word. When I was making my anki cards I simply copy pasted the context of each term under the notes section because it saves time instead of having to paraphrase each term definition. Also, it is more accurate that way, because you are getting the definition straight from a professional and not from your misinterpretation.

For me, I would spend 1 hour reviewing my Anki cards that were due every day, and that would keep me up to date with my overall knowledge level of all the topics. After that, I would spend the rest of the time I had reading new chapters and making cards for them. I definitely did not spend 4 hours on average each day in comparison to when I studied for the Network+. This time I spent probably 2-3 hours of study time on average in addition to going to lecture. I spent less time on this exam because I feel like the terms were not as technical as the Network+, also since I was already somewhat familiar with the terms from the year before when I watched all the Professor Messer videos, and lastly because of the use of Anki. Then the last week I still reviewed my daily cards and then used Jason Dion’s practice exams on Udemy to mesh everything together and to get into the CompTIA mentality.

Pros and cons of using Anki

The reason I used Anki was because it uses an algorithm for spaced repetition. I saw some videos from Ali Abdaal and others that say spaced repetition is the best way to retain information long-term, because of how quickly the forgetting curve is in our brain. Anki feeds you each card in a determined time interval depending on the difficulty you rated the card when you reviewed it. So the harder words come up more frequently, and the easier words would show up less frequently. Over time, you are just refreshing your memory according to the Anki algorithm. You cannot skip a day or else the algorithm is not as effective.

The bad thing with my Anki cards is that I felt like some cards were too easy and when I wanted to go back to a specific term's notes, it was difficult to see them. The previous study method I used was better in this aspect because all the information for each word was organized on a page. And with the cards, there was a notes section under each card where I put my notes for that term. I had just under 1000 cards so trying to search up the word and its context would get messy. Instead of having the word and context right there all on a page in chronological order like the method I used before.

Conclusion

I believe the Security+ exam is a great exam to understand the basics of the broad amount of IT and cybersecurity topics. From the many cybersecurity frameworks to the various types of VPNs to the different methods of cryptography to red team CLI tools, the exciting list goes on and on. It was a joy learning about these topics, and I cannot wait to experience them out in the field. I definitely think this study technique I used worked for me and was pretty efficient in comparison to my previous one, with some adjustments here and there, I will perfect it for my next rodeo.

Planning ahead

For my next certification the CompTIA Pentest+ next semester, I will definitely incorporate Anki. I plan on having a similar study plan, but I will have to adjust my studying schedule again because I plan on having a full-time job. I will have to make some sacrifices and probably give up Jiu-Jitsu or sleep, but after analyzing my options and my priorities, I am confident that I will make it work.

Thank you for your time, I hope this provided valuable insight!