Exam Profile: CompTIA's New Security+ SY0-301 Exam
Editor's Note: This article was updated in February 2012 to reflect the latest recommended study resources available.
The CompTIA Security+ certification is an entry-level certification focused on IT security. A security professional with the Security+ certification is expected to have at least two years of experience in IT administration with a focus on security. However, this two-year requirement is not as strict as it with some other security certifications, and it is not enforced. In other words, as long as you can pass the exam, you earn the certification.
Security+ has gained a lot of recognition in the past few years and is a required certification by many organizations. For example, the U.S. Department of Defense (DoD) published DoD directive 8570, requiring many administrators to have at least a Security+ certification. This includes active duty personnel, civilians, and contractors. Many IT contracts specifically state that hired contractors must have at least the Security+ certification to work on the contract, so having this on your resume often opens many more doors of opportunity.
Security+ started with the SY0-101 version and was revised in 2008 to the SY0-201 version. It has been revised again as SY0-301, and the SY0-301 version was made available in May 2011. However, the SY0-201 version expired in December 2011.
Certifications Must Be Renewed
Anyone that took and passed the Security+ certification on or before December 31, 2010, is certified for life. However, anyone certified after December 31, 2010, is only certified for three years from the date they first became certified. This renewal also applies for anyone with the CompTIA A+ and Network+ certifications, but not any other CompTIA certifications. This policy is in line with other certifications such as (ISC)2’s SSCP and CISSP, and Cisco’s CCNA. It became a requirement after the A+, Network+ and Security+ certifications became accredited under ANSI/ISO/IEC 17024. You can read more on the certification renewal policy here.
There are two basic requirements to renew the Security+ certification:
- Earn at least 50 continuing education units (CEUs)
- Pay an annual fee of $49 (for a total of $147)
There are multiple ways you can earn CEUs. For example, you can take non-degree courses or training sessions relevant to Security and earn 1 CEU for each hour of training up to a maximum of 40 CEUs. If you took a 40-hour SSCP training course, you’d earn 40 CEUs. Similarly, you can earn as many as 20 CEUs for creating and presenting IT Security related material. You’ll earn 2 CEUs for each hour spent on creating the material, and 1 CEU for each hour you spend presenting the material. Different activities have different submission requirements. For example, when attending a class, you need to be able to provide a description of the training, the content covered, dates, hours, and proof of completion.
You can also earn a full 50 CEUs if you complete a qualified higher level certification. There are many higher level certifications that fall into this category, A few are: SANS GSE, SCP SCNP, ISACA CISA, (ISC)2 SSCP or CISSP, Microsoft MCSA or MCSE, and Cisco CCNA Security. While Microsoft’s MCITP certifications aren’t currently listed, some of them probably will be at some point in the future.
You can view a full listing of all qualifying activities to earn CEUs, and all approved higher level certifications here.
It’s expected that you’ll earn the 50 CEUs over the course of a three-year period. For example, you may earn 10 credits the first year and 20 credits in years 2 and 3, for a total of 50 credits. However, you have to earn the 50 CEUs at some point within the three year cycle, and submit the CEUs to CompTIA or your certification will expire. When you submit the CEUs for evaluation, you’ll be required to pay the annual fee, and you can pay for all three years at once. If you don’t submit CEUs in years 1 and 2, and want to submit 50 CEUs in year 3, you’ll still be required to pay a total of $147. After you submit the CEUs, they’ll be evaluated to ensure they meet the requirements and you’ll be certified for another three years.