Reddit reviews CompTIA Security+ All-in-One Exam Guide, Fourth Edition (Exam SY0-401)

Let me start by telling you that InfoSec jobs are in-demand now more than ever and that's not likely to change as more and more of the world are starting to use computers, computers continue advancing, etc. So, barring any sort of impending dark ages and assuming you're putting enough effort into your education and continuing education, you should be able to work your way up without too much trouble. Focus on getting your foot in the door and be professional.

 

Now then, I'm currently an Information Security Analyst in the US, so this information may be completely irrelevant to you out there in NZ. I initially only graduated with an Associate's (2-year) in Information Security & Computer Forensics. I managed to get my job before I had even graduated as I worked hard in school (a stressful amount, really) and knew how to conduct myself in a professional manner. They actually paid for my certifications, and a lot of companies out there will as well. Here's the tiered structure we followed - all InfoSec related certifications:

 

Within the first 6 months, we are sent to training to obtain our CompTIA Security+ certification. This is roughly a 1-hour, multiple choice test and you need at least an 80% to pass. I would recommend any of these three books to study from:

This is the book that my company had provided me to study from

This is the book my friend had given me. Both her and I studied from this and passed successfully

This is the book we are currently learning from in my Bachelor's program

Take your pick, they'll all achieve the same essentials, mostly. I am awful at studying and mainly just crammed the few topics I wasn't sure about in the night/morning before my test and passed with an 86%.

 

Next, we're sent to get our GSEC, which is the GIAC Security Essentials Certification. The Security+ focuses on several main topics and gets in-depth with the information, whereas GSEC covers a wide span of topics but doesn't get very in-depth. This test takes about 5 hours to complete also, compared to the 45 minutes that it took to take the Security+. It's important to note that the GSEC, while 5 hours long, is open-book. My company sent me to a training class that provided 6 different books to cover any topic on the GSEC, however you also need an index. The books themselves don't have a table-of-contents, so you need to make an index yourself that covers just about every topic on every page. In my case, a coworker sent me his that he had used, and it turns out it was out of date so not a single page was correct. Much to my own surprise, I passed with an 82% (the minimum passing score is 74%) so while the index/books are important - they're not completely necessary as long as you paid attention in your classes. It should also be noted that I did not actually study for this. Most of it was just common-sense stuff like "Which of the following does an Intrusion Prevention Device do?" and knowledge that I had obtained from school/work.

 

After GSEC is the GCIH, or, GIAC Certified Incident Handler. I haven't taken this yet, nor the next one, so I can't speak to their difficulty or process, but I've been told by other analysts it's roughly the same as GSEC, just different information and more hands-on like capture the flag runs.

 

Finally, after GCIH, we are sent to get our GCIA, or, GIAC Certified Intrusion Analyst. Same with GCIH, I have not been sent to obtain this cert just yet, but I can only imagine it's somewhat similar to the last 2 as they follow GIAC's tiered structure.

 

So TLDR - as a current InfoSec Analyst - the recommended certs are Security+, GSEC, GCIH, and GCIA. There are many more certs out there, though, these are just the ones my company values currently.

 

Good luck!

Referring to Security+ books. I like the Security+ ExamCram (https://www.amazon.com/CompTIA-Security-SYO-401-Exam-Cram/dp/0789753340/ref=sr_1_7?ie=UTF8&qid=1520956323&sr=8-7&keywords=security%2B+401) a lot better than All in One Comptia Security+ (https://www.amazon.com/CompTIA-Security-Guide-Fourth-SY0-401/dp/0071841245/ref=sr_1_4?ie=UTF8&qid=1520956323&sr=8-4&keywords=security%2B+401)

So I pulled up a few things:

I found CompTIA's (Computing Technology Industry Association) Wiki Page. They have a list of the different certifications they offer and it's quite extensive.

Then I just found some general info on what Security+ is.

Finally I pulled up the Security+ Book on Amazon, it looks like they're on the 4th Edition so that would be the one you would want to get.

You may also want to look at what your college offer's course wise because they might have a class or 2 on Computer/IT Security and those can always go on your resume as "related coursework". After looking at the Security+ it does say that it recommends 2 years of experience in IT Security before taking the test, just a heads up. A lot of these certifications help your resume out and they will help you stand out above the other CIS grads that have a CIS degree and some IT experience. Anyways, hope this helps somewhat.

I took and passed the sec+ yesterday.

Resources I used were CBTNuggets as the primary study guide-these are the best-he goes through each of the objectives point by point. And you can speed up the videos if you don't have a lot of time.

Also squeezed in some professor messer, those free youtube videos. Sometimes he expands a particular objective point you're lacking on.
And then used this book from amazon, but I'm sure any would do-I just liked to have a physical copy of something to flip through.

I didn't find it too difficult-I definitely had to focus and think, but I was confident at the end that I had passed.