Understanding ‘Why’ you should take CompTIA’s Security+ Exam for DoD Programs
As an IT worker for several Department of Defense (DoD) agencies, one of the most challenging aspects is to maintain a baseline of accreditation for handling privileged information. The CompTIA Security+ certification is designed to do just that; assess an individuals’ Information Assurance skills and create a reference of common responsibility for individuals who must protect that sensitive information. In effect, Security+ is an authorized certification for the US Department of Defense and a subset of a much broader initiative commonly referred to DoD-Directive 8140/8570; a compliancy policy required of all authorized users of a DoD Information System. It is required for all government employees, military service members, contractors, or others who have approved clearances to DoD networks to perform information security roles. This article will address the benefits and outline preparation tips to achieving Security+ accreditation.
DoD 8570 with Security+
The Department of Defense document DoD 8570.01-M (11/10/2015) provides direction for the training, certification and administration of the DoD workforce leading Information Assurance (IA) functions.
The DoD 8570 was initially published to address the wider DoD community performing tasks on critical cyber functions. By establishing the guideline, the DoD was able to identify specific resource needs for personnel to successfully complete their jobs. Using this standard, the Department of Defense was able to raise the standards of their profession. The DOD 8570 was broken down into categories, and certifications helped define those standards.
Figure 1 outlines the DoD approved baseline certifications. In fact, there are several certifications one can take to become compliant for a job within a DoD environment. However, it is the CompTIA Security+ certification that is often requested on the job boards; and thus, internal DoD staffing requirements. Security+ meets Information Assurance Technical IAT Level II and Information Assurance Management Level I.
So, what does all this mean pursuing a certification of CompTIA’s Security+?
In short, obtaining a Security+ accreditation meets the certification requirement for IAT Level II (Figure 2). This is a network designed certification guideline for the DoD and the typical job activities are:
- End User Support
- Managing accounts (permissions)
- System performance tuning (network traffic monitoring, patches, upgrades)
For those more in a management role, IAM Level I (Figure 3) is also achieved by completing the Security+ accreditation. This role typical involves:
- Identifying and reporting security violations
- Following security guidelines
- Managing corrective measures
CompTIA’s Security+ is the most popular DoD 8570 compliance certification for most DoD personnel largely because it validates basic security familiarity, has no mandatory experience or prerequisite requirement, is vendor agnostic, and focuses on the following broad range of topics:
- Threats, Attacks and Vulnerabilities
- Technologies and Tools
- Architecture and Design
- Identity and Access Management
- Risk Management
- Cryptography and PKI
It goes without saying that any certification or exam you are gearing up for takes a time commitment and mental readiness. There are literally hundreds of resource materials at your disposal to help you understand the concepts of Security+ and that everyone has a different approach to learning. For those whose daily activities do not revolve around network administration, or infrastructure management, the exam’s key concepts may be hard to fathom at first. If that is you, a good study tip is to not dive in too deep, but to select topics that are easy to understand, relatable, and not overwhelming. Over time, you will start to tackle the more challenging topics gaining confidence; and like anything else, the challenge is constant persistence of learning the key fundamentals and equally important is picking the right material and resources that fits a style of study you are comfortable with and motivated to learn.
Understanding what is on the exam, how the exam is structured, and the types of questions are also good strategies preparing for the Security+ exam. Identifying what you already know, and taking notes will accelerate your progression toward learning the material.
Security+ is the only certification that measures cybersecurity skills having performance-based questions on the exam. The exam stresses applied practical skills, warranting that the individual is prepared to identify problems and solve a variation of presented problems.
Exam specifics around the topics and general examination questions can be found on CompTIA’s website and scheduling for an exam can be found at Pearson Vue. After gaining a good understanding of the concepts; do not be intimated to pursue by not knowing all the material. Schedule an exam and learn from it, knowing how the exam is structured, what types of questions are generally found on it, and you may just have learned enough of the material to pass. A few online self-study materials are described below. These are excellent resources that include labs, self-paced study, and samples of practice exams.
It is extremely difficult to find individuals with Security+ accreditation. Achieving this accreditation not only helps you but also helps defense contracting companies and the DoD community to fill in those national security related positions with those specialized needs. Defense contracting companies are often competing to find qualified individuals with Security+ skills to meet an Agency’s requirement which leads to more opportunities and interesting work for the individual in the future.