Where I’m Coming From

One of the reasons why I pursued the Security+ certification was to help get my foot into the industry. I just graduated from college with a Computer Science degree, I took on some programming fellowship opportunities, and I just wanted to make sure that I expanded my horizons a little more as I was job hunting. I never dabbled into cybersecurity or any hacking whatsoever. I had not yet gotten any internship opportunities, nor job offers after graduation. And frankly, I was also growing an interest toward government jobs at the time that now required CompTIA certifications in their job descriptions. If I was pursuing a clearance, then I needed to get certified to show my eagerness.

What Was In My Tool Belt (Resources)

• Security+ Study Guide (could vary for which exam version you decide to take)

• Sticky notes, sticky tabs, highlighters, physical flashcards

• Professor Messer Playlist (Youtube)

• Jason Dion practice exams (Udemy)

• Remnote for all of my flashcards

• Ports pop quiz

My Game Plan

For the frame of time, I initially wanted to spend one month studying, and then schedule the exam in the month after. I started studying in August, however I quickly learned that I wasn’t going to get through each chapter as quick as I thought I could. So I buckled down for another whole month in September, and scheduled my exam for early October.

I originally had a goal of firstly using the Study Guide book and completing a chapter of typed notes/flashcards every day. However, I quickly learned that this study guide was pretty dense, and I had to dial down on how many pages I was realistically going to read and annotate through. Thus, I had a daily goal of reading approximately 10-25 pages with intense annotations, sticky notes, and written summaries on large flashcards that forced me to recall what I read within that chapter. I also notated specific concepts, diagrams, and relationships between terms on these large flashcards, as well (I wanted to be as thorough as possible). To specify a little further, I created written flashcards with drawings and charts to help me visually deepen my understanding of a topic.

After every couple of days, sometimes after a full week, of working through a chapter, I would migrate written notes and summarize each chapter’s section onto Remnote. For my Remnote setup, I created a folder that held documents, which would act as individual chapter notes. For each chapter from the Study Guide, I broke it down into corresponding sections, and would hammer down into typing summaries and concepts. With Remnote, I can easily turn these bullets and sentences into flashcards. These Remnote flashcards differ from the written flashcards I mentioned earlier because these acted as vocabulary flashcards, as well as question and answer cards that forced me to think about how something worked. Alongside these Remnote flashcards, I also am able to reference chapter notes between each other and visualize the relationship between ideas.

The main reason why I used Remnote was not just to be able to convert typed notes automatically into flashcards, but to also utilize the software’s feature of practicing these flashcards with spaced repetition. If you were not aware, spaced repetition is the idea of learning information spaced out between days so that you can determine how well you can recollect it over time. Within the settings of my Remnote, I set a goal to practice a certain number of flashcards daily, along with pre-set breaks in-between studying them daily. I also changed the spaced repetition algorithm in the settings to allow me to add in newly made flashcards in my daily deck to gradually introduce me to new terms and concepts over time. To make things easier, since I’m a visual person, I downloaded the Remnote app and set up homescreen widgets to see my daily practice streak every time I opened my phone. (By the way, I’m not a sponsor for Remnote, I just really like their tool.)

Ports are also significant on the exam, so I spent just about an equal amount of time taking this small ports quiz, so that I could list off what each port was for off of the back of my head. I highly recommend doing this in case a PBQ is port-heavy.

During my errands, lunches and dinners, sometimes even as I was going to bed, I would listen to Professor Messer videos from his Security+ playlist. Many of his examples are well thought out and differ from the Study Guide book’s because he sets up the context of an example into realistic situations. I managed to get through 80% of the playlist, as I did skip around the videos to watch whichever sections corresponded to the section of the book that I was on. I definitely recommend watching or listening to his playlist (which he also has on Spotify), when you’re trying to ensure that you understand a concept clearly.

As I was nearing the end of the Study Guide, I started to take Jason Dion practice exams on Udemy. Admittedly, I had gotten free access to his course through a friend, so I don’t have thoughts on its price. However, I confess that I only completed about 3 or 4 of the practice tests. And something interesting happened when I took these practice exams, I was scoring humiliating low - averaging at about 30-50/100%. Jason Dion’s questions were challenging due to the context its questions provides (they’re not quick questions), and also its multiple choice options were tricky due to how similar they read. Some questions were also written, however majority of them were lengthy multiple choice questions. Compared to the actual exam’s questions, Jason Dion’s questions were slightly more challenging. However, these practice exams are definitely effective in pushing you to think thoroughly and strategically about the possible solutions to real-world security contexts.

As I inched closer to my actual exam date, I admittedly crammed PBQ questions. Just about 3 days prior to my testing day, I crammed in about 5 PBQ Youtube videos and skimmed through the logic behind multiple choice PBQ’s and a couple of other PBQ simulations. I did not spend much time on preparing for these questions at all. Looking back, I do wish that I carved out time to work of them longer, so definitely do not overlook them like I did.

My Daily Non-negotiable ❗️

Some days definitely were not idealistic when it came to the grind. Some days, I managed to get through large chunks of review, while other days I had to accept with the bare minimum. This bare minimum was an action item that I designated as being my non-negotiable, meaning that if I were to not have done anything else that whole day, completing this action was sufficient enough to move the needle. This action was to practice a handful of flashcards from my Remnote deck by the end of the day. It didn’t matter if I did this early in the morning, or late at night after my shower - my eyes had to graze through at least 10-25 flashcards before I laid my head to rest.

My Obstacles

I ran into several obstacles, mainly ones that related to staying disciplined. I had plenty of days where I felt like I made underwhelming progress when moving through the Study Guide chapters. I also had days where I could not be bothered to sit down and read or type out notes, especially when I was looking at how much further I had to go.

To combat these, I did a couple things. When it came to not meeting my personal goal of how many pages I’d work through in a day, I kept a planner where I recorded exactly how pages I read and annotated, as well as what topics I touched on those pages. As for the days, I felt extremely demotivated, I either studied alongside my partner or I would give into resting for a full day of recuperation (contrary to popular belief, rest is natural and we are entitled to it).

What Went Down During Exam Day

Like most people, I had a test day strategy. I scheduled my test for 5 PM and told myself that because I could use up most of the day for review. However, it didn’t totally go as planned. Because I scheduled it in the evening, I became hungry (it was closer to my dinner time). I also ran into troubleshooting problems due to network connection errors and worked with about three different proctors. My neighbors periodically decided to zoom through my street with their motorbikes. I even had my mom interrupt me in the middle of my test because she thought I was too quiet (LOL, luckily I didn’t get in trouble for it).

Remember when I told you that I barely prepared for PBQ’s? Yeah, well I was face to face with them immediately when I started the exam. Admittedly, I took my time with these - which is not what I recommend doing because you’re working against a timer. I managed to work through 2/3 PBQ’s and begrudgingly moved forward onto the rest of the test.

What surprised me was that majority of the questions were written simply, which mirrored the simple formatting of Professor Messer’s questions. I believe that I only came across two to three lengthy questions that favored the style of Jason Dion’s. I also recall having been asked questions that literally asked what the definition of a term was.

I had about 5 questions left on the test as my timer ran out. This was annoying to me because I regretted having spent so much time trying to configure my PBQ’s from the beginning. But having gotten close to the end, I had to brace myself.

And, Victory!

Aaand, it’s a pass 🥹! I scored just 5 points above the minimum passing score and felt a tsunami wave of relief wash over me. All of the work and time I invested into this exam paid off.

If you’re looking for a sign to get your Security+ certification, this is it. Coming from someone who battled a lot of doubt on this journey, entertain the idea that maybe no mountain is high enough to make you question your ability to conquer it.