CompTIA, the provider of vendor-neutral skills certifications for the IT workforce, has updated its CompTIA Security+ certification exam to reflect the changing and expanding responsibilities of cybersecurity professionals.
The new version of CompTIA Security+ (SY0-501) released this month places a greater emphasis on a security professional's practical and hands-on ability to both identify and address security threats, attacks and vulnerabilities.
"Cybersecurity jobs continue to 'morph', with new skills in areas such as risk management, risk mitigation, threat management and intrusion detection taking on more prominence," said Dr. James Stanger, chief technology evangelist for CompTIA. "The new exam addresses the increased diversity of knowledge, skills and abilities required of today's cybersecurity professionals, who are expected to know more and do more than ever before."
CompTIA Security+ is a vendor-neutral, internationally recognised credential used by private and public employers, government agencies and others to validate foundation- and intermediate-level cybersecurity skills. Now in its fifth iteration, CompTIA Security+ was introduced in 2002. Since then, more 430,000 individuals have earned the credential.
Emphasis on Performance
One of the factors that sets CompTIA Security+ apart from other cybersecurity credentials is the use of performance-based exam questions. On average, a test taker can expect to spend up to one-third of the 90-minute exam completing performance-based items.
"These items include simulations of technology solutions and story-based items that require advanced cognitive thinking on the part of the test taker," Stanger explained. "Cybersecurity professionals who pass the CompTIA Security+ have demonstrated that not only can they identify cyber threats, but they know how to respond to stop them quickly, efficiently and effectively."
CompTIA Security+ is relevant for a wide range of technology positions, including systems administrator, network administrator, security administrator, and junior IT auditor/penetration tester.
While there is no required prerequisite to take the exam, candidates should be CompTIA Network+ certified or have equivalent experience; a minimum of two years in IT administration with a focus on security and day-to-day security experience. The exam requires a broad knowledge of security concerns and implementation, including:
- Identifying risk and participating in risk mitigation activities.
- Providing infrastructure, application, information and operational security.
- Applying security controls to maintain confidentiality, integrity and availability.
- Identifying appropriate technologies and products and troubleshoot security events and incidents.
- Operating with an awareness of applicable governance policies, laws and regulations.
CompTIA Security+ is ANSI accredited and complies with the ISO/IEC 17024 standard for personnel certification programmes. The certification is also approved by the U.S. Department of Defense for Directive 8140/8570.01-M, which established department policies for its cyberspace workforce, including setting requirements for training and certification.
The credential is also a key element in the CompTIA Cybersecurity Career Pathway, which helps IT professionals achieve cybersecurity mastery, from beginning to end.