Kirkian Computing

Tag: CompTIA

  • My first 50 certifications

    I did my first (vocational) IT exam in 1999. This was after an annual appraisal from my (then) manager, who said “I’ve spoken to lots of people, and they’re all very impressed with your work. However, there’s no way for me to quantify your performance, so you don’t get a pay rise.” Based on that, I decided that it would be useful to have some objective evidence of my abilities from a neutral 3rd party, so I took the Visual Basic 5.0 exam and became a Microsoft Certified Professional.

    Fast forward to 2023: I’ve now passed 41 exams and earned 50 certifications. In all honesty, this process has been a bit haphazard; I’ve picked certifications based on what looked interesting at the time, or what related to a skill I’d been using at work, rather than having a clear roadmap of where I wanted my career to go. I’ve also sometimes leant towards the Pokémon approach of “gotta collect them all!” So, I think it’s time to look back and review which of these were worthwhile, and which I’d recommend to other people.

    NB I’m not including my university degrees in this list, because they’re academic rather than vocational. I’m also not including the European Computer Driving License (ECDL), because that’s aimed at end users rather than IT professionals.

    (more…)

  • CASP+ (CAS-004)

    In Feb 2023, I took CompTIA’s CASP+ (Advanced Security Practioner) exam, and I passed first time.

    I used Jason Dion’s Udemy course to prepare for this. That was the only specific training that I did for this exam, but I also spent the previous 6 months preparing for the OSCP, and I have prior knowledge/experience.

    (more…)

  • Project+ (PK0-005)

    In April 2022, I did a beta exam for Project+. The beta exam was PK1-005, and then the “real” exam was released as PK0-005 (which is what shows on my exam history at CertMetrics).

    Beta exams aren’t free, but they’re significantly cheaper than a normal exam. In this case, it cost me £30 rather than £212 (both prices exclude VAT). There are two main drawbacks:

    a) There won’t be any training material ready for the new exam.

    b) You’ll have to wait a long time to get your results. (In this case, I took the exam on 4th April, but I didn’t get the results until 11th October, i.e. there was a 6 month delay.)

    This certification wasn’t on my “to do” list until I saw the email about the beta program, and I don’t have any intention of becoming a project manager. However, I’ve worked with project managers in a few organisations, so I thought that it would be useful to “speak the same language” (i.e. share the same specialised vocabulary). If I failed the exam, it wouldn’t really cause me any problems, so I could take a fairly relaxed view towards it. I think some of this material might also be relevant for personal projects, e.g. a house renovation with dependencies between various tasks.

    NB This certification is “good for life”, i.e. it’s not part of the CE (Continuing Education) program where you have to repeat the exam after 3 years.

    (more…)

  • Server+ (SK0-004)

    In May 2020, I took CompTIA’s Server+ exam. This certification is “good for life”, i.e. it’s not part of the CE program and I don’t have to recertify.

    As with all of CompTIA’s exams, there are no formal prerequisites, but they advise you to have A+ first (or at least know the material that’s covered by the A+ certification) along with 18 months of IT experience. I found that there was quite a bit of overlap with the Network+ and Security+ syllabus, so I’d prefer to see it aimed at people who’ve already done those exams. That would reduce duplication in the training material, and allow for more depth on the topics that are server/storage specific. (This certification has absorbed the old Storage+.)

    NB I did the SK0-004 syllabus, and the current syllabus is SK0-005. Based on the exam objectives, SK0-005 seems like an improvement, e.g. it goes into more detail about high availability clusters. However, I think that most of the information in this blog post will still be relevant.

    (more…)

  • CySA+ (CS0-001)

    In March 2020, I took CompTIA’s CySA+ (Cybersecurity Analyst) exam. Along with PenTest+, this bridges the gap between Security+ and CASP. In simple terms, PenTest+ is about “red team” activities (attack) whereas CySA+ is about “blue team” activities (defence). This certification was launched in 2017 as CSA+, but it was rebranded in January 2018 because someone else had already registered “CSA” as a trademark. The exam (CS0-001) stayed the same, although this was retired in October 2020.

    NB The CS0-002 exam was launched in April 2020, giving a 6 month overlap, but this blog post covers the older exam. I noticed a bit of overlap between CS0-001 and PT0-001 (possibly because CySA+ launched first), so I’m guessing that CS0-002 will make them more distinct, but I can’t confirm that.

    Thinking about the target audience for this certification, it seems to cover a hybrid role. Some of the objectives cover hand-on skills, e.g. configuring a firewall or doing forensic analysis on a PC that’s infected with malware. Other objectives are on the management side, e.g. risk assessments and data classification.

    (more…)

  • PenTest+ (PT0-001)

    In April 2019, I took CompTIA’s PenTest+ exam. Along with CySA+, this bridges the gap between Security+ and CASP. As the name suggests, it’s all about penetration testing.

    This is a relatively new exam, and it’s still on the first release (PT0-001). Because of that, it’s not very well known, so I haven’t seen any job adverts asking for it. Personally, I took the Security+ exam in November 2016, so that was due to expire in November 2019 (along with the A+ and Network+). Doing this exam was a good way to renew all of my existing CompTIA certifications, while learning some new skills, so I don’t regret it. However, I mainly see it as a stepping stone towards a more useful certification.

    Pen testing exams generally fall into two categories: theory and practical. Like the other CompTIA exams, PenTest+ is (primarily) multiple choice. This has the advantage that it can be graded automatically by the testing software. However, it also has the downside that it’s less realistic, because it’s more fragmented. It’s entirely possible to pass this exam without ever actually doing a penetration test, which makes the certification less valuable to employers.

    As an analogy, think of a driving test. Normally, you would drive around the area for a while to demonstrate your general ability, then the examiner would ask you to perform a few manoeuvres (e.g. parallel parking). Imagine instead that the examiner drove you to a suitable location, then you swapped seats so that you could do a manoeuvre, then you swapped seats again so that they could drive you to the next location. PenTest+ feels a bit like this, e.g. they might ask you how you would set up a reverse shell but you won’t need to choose when to do that.

    (more…)

  • Security+ (SY0-401)

    In November 2016, I took CompTIA’s Security+ exam.
    NB I did the SY0-401 syllabus; CompTIA replaced it with SY0-501 in October 2017, so some of the info in this blog post will now be a bit out of date.

    In brief, I think that this is a worthwhile certification. It emphasises breadth rather than depth, so if you want to specialise in IT security then it’s really just a starting point. However, if you’re doing general IT work then it covers a lot of topics that it’s useful for you to know. Similarly, from an employer’s point of view, someone with this certification should have a decent overview of security concepts.

    (more…)

  • CompTIA CE

    In 2007, I passed CompTIA’s A+ exams; that gave me a qualification which is valid for life. In April 2012, I enrolled in the CE (Continuing Education) program. In April 2015, I passed the Network+ exam, which gave me the Network+ ce qualification (valid for 3 years). Since I was within the deadline, I could also use this exam to get the A+ ce qualification, but that involved navigating CompTIA’s website: this blog post explains how to do it, since they haven’t made it obvious.

    My main concern was that I’d cut it quite close with the timings. I took the Network+ exam on 2015-04-24, and the deadline for A+ ce was 2015-04-26. When I got the printed report after the Network+ exam, it said: “Please allow five business days for your CompTIA web record to be updated with exam results.” So, if the website didn’t process my results until after the deadline had passed, would I still be ok? Also, I took the exam on Friday and my deadline was Sunday, so I had less than 1 working day. However, it was all fine so if you’re in a similar situation then don’t worry about it.

    (more…)

  • Network+

    I recently sat CompTIA’s Network+ exam. I’ve been meaning to do this for a while, and as I mentioned in 2012, passing this exam would give me 2 new qualifications: A+ ce and Network+ ce. I did pass the exam, but the CE side of it was sufficiently complex to warrant a separate blog post.

    (more…)

  • CompTIA exams

    Back in 2007, I passed the CompTIA A+ exams. Since then, there have been a few changes to the way these exams work. Unfortunately, CompTIA haven’t done a very good job of explaining it all; it makes volume licensing seem clear and simple by comparison!

    In brief, if you currently have the A+, Network+, or Security+ qualification, you should enroll in the CE program. The deadline for enrollment is 31st December, so there’s not much time left. (If this applies to anyone you know, please pass this info on to them.)

    (more…)