What I Learned From Security+

Actual picture of me studying for Security+!

I recently became Security+ certified. I didn’t pass it on the first try, so I took a break from studying for a few months and then tried again. This exam wasn’t easy for me because I’m naturally better at open-answer and essay-style exams then at multiple choice exams, and because I’d never taken an IT certification exam so I wasn’t used to the format. However, not passing on the first try allowed me to step back and analyze my weak points in a constructive way that will benefit me with the future IT certification exams that I sit for. The key points I improved on before taking the exam a second time included:

1. A lot of the questions have multiple correct answers, and it comes down to choosing the best one. These questions were difficult for me because my open-answer self wants to launch into an explanation about which answer is best for each possible scenario, and the exam rarely provides enough detail to make the scenario clear. In instances like this, I would have to zoom out and imagine what would be the best answer in general. Even when I retook the exam, there were still some questions that didn’t have a clear-cut answer. Knowing all the little details as well as the go-to general answer made it easier for me to answer questions like this!
2. A lot of the questions appear to only have wrong or confusing answers. Even when I retook the exam, there were some questions that were worded oddly or set up so none of the answers looked right. However, there were always some answers that were blatantly wrong. I ended up answering those types of questions by crossing out the blatantly wrong answers, and then narrowing it down until I ended up with the one answer left. To prepare for taking Security+ a second time, I worked on improving my speed when answering these types of questions.
3. Some of the questions seem to test knowledge of concepts more than what is truly the most secure answer. For instance, using MAC address filtering isn’t very effective, because MAC addresses are so easy to spoof. If you want to secure your wireless network in real life, using WPA-2 Enterprise is much more secure than MAC address filtering. In my mind, whenever I saw a question along the lines of “How do you stop random people from connecting to your network?” I would search for an answer like “Use WPA-2 Enterprise for Authentication.” Often, that real-life answer wasn’t listed, and the exam right answer would be “Use MAC address filtering.” For my second time, I tried to note discrepancies like this and learn what the right answer for the exam would be as opposed to the real-life best answer.
4. This quote from Ralph Waldo Emerson has always motivated me, and with Security+ it took on further relevance: “Concentration is the secret of strength.” Unlike the ACT or a test for school, Security+ was an optional exam. I chose to take it to learn more about cybersecurity and prepare for the CISSP. Since I was taking Security+ of my own volition and not to earn a scholarship or pass a class, studying for it required different reserves of self-discipline. I had to be careful about taking 10-minute breaks every 50 minute of studying, and not letting 10 minutes (then 20 then 30) on Instagram count as a break.
5. My primary method of learning is through practice, but I bought a book to make sure that I was studying all the right topics. Even though reading the book wasn’t a huge factor in helping me pass the exam, it made it easier for me to keep track of which areas I needed to focus on.
6. Practice questions, practice questions, practice questions!

Studying for Security+ taught me a lot about how I learn. The first time I took the test, I did not take my personal learning style into account. I didn’t study enough in advance, I crammed, I didn’t use a large enough pool of practice questions, and I scheduled the exam to take place the day after spring break. The second time I took Security+ I felt relaxed and well-prepared because of how I changed my approach. Thanks to this experience, I am confident about studying for my next IT certification!