Check out the CompTIA Security+ SY0-601 Updates
Every three years CompTIA releases a new and updated version of its exams. This year, on October 4, 2020, CompTIA is releasing the new Security+ SY0-601 Exam. CompTIA Security+ is a global certification that validates the baseline skills you need to perform core security functions and pursue an IT security career.
The current Security+ SY0-501 was released on October 4, 2017, and will be retired in the spring of 2021, probably in March – there is a 6 month “grace period” where these two versions will overlap and you will actually be able to choose which exam you prefer to sit for (see bottom of this post for more on that).
Why is it different?
- More choose Security+ –chosen by more corporations and defense organizations than any other certification on the market to validate core security skills and for fulfilling DoD 8570 compliance.
- Security+ proves hands-on skills – the only baseline cybersecurity certification emphasizing vendor-neutral, hands-on practical skills, ensuring the security professional is better prepared to problem solve a wider variety of today’s complex issues.
- More job roles turn to Security+ to supplement skills – baseline cybersecurity skills are applicable across more of today’s job roles to secure systems, software and hardware.
- Security+ is aligned to the latest trends and techniques – covering the most core technical skills in risk assessment and management, incident response, forensics, enterprise networks, hybrid/cloud operations, and security controls, ensuring high-performance on the job.
About the exam
CompTIA Security+ is the first security certification a candidate should earn. It establishes the core knowledge required of any cybersecurity role and provides a springboard to intermediate-level cybersecurity jobs. Security+ incorporates best practices in hands-on troubleshooting, ensuring candidates have practical security problem-solving skills required to:
- Assess the security posture of an enterprise environment and recommend and implement appropriate security solutions
- Monitor and secure hybrid environments, including cloud, mobile, and IoT
- Operate with an awareness of applicable laws and policies, including principles of governance, risk, and compliance
- Identify, analyze, and respond to security events and incidents
Security+ is compliant with ISO 17024 standards and approved by the US DoD to meet directive 8140/8570.01-M requirements.
What’s in this Version?
Cybersecurity attacks continue to grow. Increasingly, more job roles are tasked with baseline security readiness and response to address today’s threats. Updates to Security+ reflect skills relevant to these job roles and prepare candidates to be more proactive in preventing the next attack.
These newer technologies include the following (some or all of which would end up on the new exam objectives):
- Cloud support to likely be enhanced as is and cloud security
- Growth of Virtualization platforms and how to secure them
- Common mobile device security breaches
- Securing online payment systems and cart technology
- More on monitoring tools, their metrics and the analysis of their data
- Emphasis on network access control models
- Manufacturer-specific issues regarding mobile device security
Like previous CompTIA Security+ updates, the SYO-601 will increase the emphasis on practical knowledge through Performance Based Questions (PBQs). The sub-objectives affected by that would start with a phrase like “Given a scenario…”
There are several new themes for the new Security+ 601 exam. Here are the main changes:
- Risk mitigation with increased device configuration
- Best practices for cybersecurity and organizational security
- Deeper penetration test and vulnerability scan
New updates to the Security+ exam domains:
- Attacks, Threats and Vulnerabilities–Includes updated coverage of the latest threats, attacks, and vulnerabilities, such as IoT device weaknesses, newer DDoS attacks, and social engineering techniques based on current events. 24%
- Architecture and Design – Includes coverage of enterprise environments and reliance on the cloud, which is growing quickly as organizations transition to hybrid networks. 21%
- Implementation–Has been expanded to focus on administering identity, access management, PKI, basic cryptography, wireless, and end-to-end security. 25%
- Operations and Incident Response-Includes organizational security assessment and incident response procedures, such as basic threat detection, risk mitigation techniques, security controls, and basic digital forensics. 16%
- Governance, Risk, and Compliance – Expanded to support organizational risk management and compliance to regulations, such as PCI-DSS, SOX, HIPAA, GDPR, FISMA, NIST, and CCPA. 14%
How do the Exam Domains apply to IT Jobs?
|How It Applies to IT Jobs
|Attacks, Threats and Vulnerabilities
|Includes attacks, threats and vulnerabilities from IoT and embedded devices, newer DDoS attacks and social engineering.
|According to Accenture, 68% of business leaders feel their cybersecurity risks are increasing. To combat these emerging threats, IT pros must help identify cyberattacks and vulnerabilities to mitigate them before they infiltrate information systems.
|Architecture and Design
|Includes coverage of enterprise environments and reliance on the cloud, which is growing quickly as organizations transition to hybrid networks (on-premises and cloud).
|To maintain a strong cybersecurity posture and to support hybrid environments, IT pros must understand secure virtualization, secure application deployment and automation concepts.
|Includes a focus on administering identity, access management, basic cryptography, PKI, wireless and end-to-end security.
|To support organizational cybersecurity, IT pros must identify and implement the best protocols and encryption for a particular network/cloud design, mobile solution or wireless setting, for example.
|Operations and Incident Response
|Includes organizational security assessments and incident response procedures, such as detection, mitigation and basic digital forensics of incidents.
|To support operations and the influx of recent cyberattacks, IT pros are called upon to perform incident response earlier in their careers. They must be able to apply basic mitigation techniques and security controls to protect systems.
|Governance, Risk and Compliance
|Includes how to support basic organizational risk management, security controls and teamwork to support regulations such as PCI-DSS, SOX, HIPAA, GDPR, NIST and CCPA.
|In a recent survey of CompTIA certification holders, nearly 60% reported an increase in compliance tasks. To support governance, risk and compliance, IT pros must understand compliance security controls, how they reduce risk and how to implement them to improve cybersecurity posture.
SY0-601 Related job roles that use baseline cybersecurity skills for part of the job :
- Helpdesk Managers and Analysts
- Network and Cloud Engineers
- IT Auditors
- Security Officer
- Security Manager
- IT Project Manager
- DevOps team
- Software Developer
How to Train for CompTIA Security+
This might seem like a lot of information to learn but we have your back at Intellectual Point! Sign up for one of our classes and we will cover what you need to know for your CompTIA Exam. Not only will you get a live instructor-led class you will also get access to some excellent learning tools. See our Exclusive Intellectual Point Educational Benefits.