February 26, 2024 • 31 mins
Unlock the door to next-level cybersecurity expertise with our exploration of CompTIA's latest Security+ 701 exam, hot off the press since November 7, 2023. I, Professor Jay Rod, am your guide, clarifying the must-know trends and pivotal skills spotlighted in this new benchmark for IT security professionals. If you're on track for the 601, there's a ticking clock to beat its June 2024 retirement, so gear up to transition smoothly to the 701's updated focus areas. We’re not just talking about dry theory; this is about real-world applications in risk management, incident response, and mastering hybrid cloud complexities that will propel your cybersecurity career to its peak performance.
Strap in as we navigate the intricate maze of career development within the vast cybersecurity and IT landscape. It's a marathon, not a sprint, balancing the grind of education with the realities of financial commitments, yet the finish line promises lucrative rewards with salaries that can soar beyond $100k. We'll candidly dissect what it takes to thrive in this high-stakes industry—from the relentless pursuit of knowledge to the art of keeping cool under pressure in team environments. Plus, with a teaser about upcoming changes to CompTIA's Network+ certification, rest assured, you'll be the first to hear all the details right here, where we're committed to keeping you ahead of the curve in the ever-changing tech world.
If you want to help me with my research please e-mail me.
Professorjrod@gmail.com
If you want to join my question/answer zoom class e-mail me at
Professorjrod@gmail.com
Art By Sarah/Desmond
Music by Joakim Karud
Little chacha Productions
Juan Rodriguez can be reached at
TikTok @ProfessorJrod
ProfessorJRod@gmail.com
@Prof_JRod
Instagram ProfessorJRod
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:29):
And welcome to the technology tab.
I'm Professor Jay Rod.
In this episode, we're going totalk about security plus 701.
Let's get into it, alright,welcome to technology tab.
(01:08):
For those of you who don't knowme, my name is Professor Jay
Rod JROD and I'm Professor ofCybersecurity and I love doing
this podcast and also my TikTok,because I like to help students
pass their security plus,network plus and a plus series
of exams.
I'm a very big believer of that.
(01:29):
In this episode, we are goingto talk about the new security
plus exam that came out.
It's been a while.
So the new security 701 wasreleased on November 7, 2023.
According to CompTIA, is thebest version yet and, as you may
(01:50):
or may not know, every threeyears CompTIA updates its exams
to incorporate the latestdevelopment in technology and
security practice.
Now does that mean that if I'vebeen studying for the 601 all
this time that I can, I cannottake the 601 exam?
Yeah, you still can.
They'll run in parallel untilJune.
(02:13):
I think it's the end of June,june 30, 2024.
It's the last day that you cantake the 601.
So if you have not done so,study and take the 601 now, or
if you take it to class, or ifyou take it to bootcamp, make
sure that you finish by June 30,because then you 601 won't be
(02:38):
available anymore.
Yeah, you can take the 701 withthe stuff that you study, but
they may have been stuff thathave changed or they've added
new stuff and in my you may nothave studied it.
So let's take a look.
The new CompTIA security examaddresses the latest
cybersecurity trends andtechniques, including the most
core technical skills in riskassessment and management,
(03:00):
incident response, forensics,enterprise networks, hybrid
cloud operations and securitycontrols, ensuring high
performance on the job.
These skills include assessingthe security posture of an
enterprise environment andrecommend and implement
appropriate security solutions.
Monitoring and securing hybridenvironment environments,
(03:22):
including cloud, mobile internetand interactive things in
operational technology.
Operating with an awareness ofapplicable regulations and
policies, including principlesof governance, risk and
compliance.
Identifying, analyzing andresponding to security events
and incidents.
About 20% of the examobjectives were updated to
(03:45):
include current trends.
The latest in threat attacks,vulnerabilities, automation,
zero trust, risk, iot, ot andcloud environments are
emphasized, as well ascommunication, reporting and
teamwork.
I always tell my students thatcomputers or IT in general is
(04:08):
under the overall umbrella ofcommunications Hybrid
environment the latesttechniques for cybersecurity
professionals working in hybridenvironments that are located in
the cloud and on premise.
So let's take a look at thedifference between the 601 and
(04:28):
the 701.
601.
24% was on attack, threats andvulnerabilities, 21% was on
architecture and design, 25% wason implementation, 16% was on
operations and incident response, 14% was governance, risk and
(04:48):
compliance.
The new 701 is 12% generalsecurity concepts, 22% threats,
vulnerabilities and mitigation,18% security architecture, 20%
security operations and 20%security program management and
oversight.
So in a field like cybersecurity, with job continuity
(05:12):
evolving is continuing andevolving comp T exam domains
need to reflect what ishappening in the industry.
So let's take a look at whateach domain is and the
description of it and how itapplies to IT jobs.
The first is general securityconcepts.
Include various types ofsecurity controls, fundamental
(05:33):
security concepts, theimportance of change management
processes and usingcryptographic solutions.
Understanding cyber securityterminology and core concepts
are essential to cyber securitywork and provides a common
language of communication forcyber security industry workers.
These threats, vulnerabilitiesand mitigation, which includes
(05:56):
threat actors and motivations,threat vectors, attack services,
types of vulnerabilities,mitigation and techniques and
indicators of malicious activity.
Cyber security professionalsmust be aware of the threat,
attacks and vulnerabilities thatmay impact the network in order
to mitigate them.
To prevent data breaches,malicious activity must be
(06:17):
identified, analyzed andmitigation techniques
implemented to secure theenterprise.
Next, we have securityarchitecture includes
implications of differentarchitecture, models, concepts
and strategies to protect datasecurity, principles to ensure
enterprises and the importanceof resistance and recovery and
(06:38):
security architecture.
Security professionals must befamiliar with different types of
security architecture anddifferent techniques are needed
to secure them, including onpremise, the cloud and the
hybrid networks.
Next, we have securityoperations includes security
techniques, security learningand monitoring, concepts and
(06:59):
tools, vulnerability managementactivities, security
implications of proper hardware,software and data asset
management, identity and accessmanagement, as well as the
importance of automation andorchestration and incident
response activity.
Security operations includesthe important day to day work
that cybersecurity professionalsdo, such as monitoring systems,
(07:22):
finding vulnerabilities,hardening systems and incident
response.
Incident response is a keyfunction of cybersecurity
professionals.
Skilled employees are needed toimplement an effective incident
response program.
And then last is securityprogram.
Management and oversightincludes elements of effective
(07:43):
security governance, the riskmanagement processes, including
third party risk assessments andmanagement, types and purpose
of audits and assessments,security awareness practice and
elements of security compliance.
Security professionals areresponsible for reporting and
communicating the activity, suchas security, incident
information, the types ofthreats, attacks and
(08:05):
vulnerabilities, files,transient counter, etc.
Savage security professionalsmust learn the latest trends of
effective security governance,including third party risk
management concepts to help withsecurity compliance for an
organization.
Now again, the same rules applywith this as with any other
(08:29):
comtea exam.
They expire after three yearsand one of the several ways that
you could upgrade it or keepyour cybersecurity cert While
you could do continuingeducation I think it's 60, you
need 60 continuing educationcredits in order to renew your
(08:49):
cybersecurity cert.
You could always take anotherexam higher than this, like CYSA
plus is one, pen plus isanother that's higher than this,
one that you could take thatare renew it.
You could also take the examagain, but you know you're gonna
(09:09):
have to Study for everythingagain.
You might as well just take adifferent one, right?
Why would you take the same oneif you already took it Right?
And it doesn't matter for thetwo things that don't well, as
far as I know, don't matter.
One definitely doesn't matterwhich is the score that you have
Right.
You need to score 750 out of 900.
That's what you should beaiming for.
(09:32):
Don't aim for 900 out 900,because I'm telling you, and
I've been teaching this for alittle bit now you will fail the
exam.
If you try to get a perfectscore on this exam and Getting a
perfect score does not meananything, does not mean anything
(09:53):
.
All you need to do is to pass.
Right steel joke right, if tenlawyers I'll pass the bar exam,
and they put a list of you know,from highest score to lowest
score, what do they call the guyon number 10?
They call him a lawyer.
Right, because he he passedRight.
(10:15):
So your, your job is to pass theexam.
Your job is not to get a 900 or900, because nobody was gonna
ask you.
Nobody's gonna ask you, noone's gonna care.
Maybe a teacher like me willask you hey, what was your score
?
But when you apply for a joband they say, hey, you have your
security plus, sir, and you sayyes, then I gotta ask you you
(10:35):
know, you know what's the.
What score do you have?
Nobody cares it's, they don'treally care if you pass.
I once had a student who Passeda think it was a plus, and
wanted me to help them get ahigher score.
I'm sick.
I'm not.
I'm not wasting my time on this.
You have your a plus.
Why am I gonna waste my timedoing this?
You know, I said I'd ratherhelp a student who doesn't have
(10:59):
an a plus, then help you get ahigher score.
Oh, my friend got a higherscore.
I want to.
I want to beat that score.
All right, you do it on yourown.
I'm not no waste my time doingthat.
So you know that nobody, nobodycares, nobody care.
And the other thing is, for themost part, nobody cares what
version of security plus thatyou have.
(11:21):
So you have.
You take the 601, right.
You may think, oh, the 601, the7-1's coming out, the employee
might ask for a 701.
They're not gonna ask.
Most of them will not ask.
I've never encountered Anybodytelling me like, oh, I didn't
get a job because I I got the501 instead of the 601.
I've never heard of that.
(11:41):
I've never heard of that.
I mean the only ones who might,again, if you teaching it,
that's different, right, theymight want you to have the, the
latest one, but for the mostpart, nobody cares, nobody, as
long as you, you know, have yoursecurity plus and it's valid,
right.
You know, mine is is I tookmine in 2016, right, it is not
(12:08):
valid.
I'm I still valid?
I renewed it twice.
So, and then I renewed it Oneby taking the cert master 150
questions in 2016.
I did in 2016.
I renewed it that way, no 2016,I got it 2019.
I renewed it that way by thecert master 2022.
(12:29):
I renewed it by CEs becausesince I presented at conferences
, I teach this, I have asyllabus, I have PowerPoints,
you know I was able to renew itthat way and Then that was April
of 2022 and then October 2022.
I renewed it again because Itook the CYSA plus Exam and the
(12:52):
years go by quick.
Right, I did October 2022already next October, not this
October, next October I have torenew it.
So I'll probably take pen plusand renew all my certs again.
So I should have done Well,cloud cloud plus is the
equivalent of security plus.
It doesn't get renewed.
You take cloud plus, it wouldonly get renewed if you take
(13:16):
CYSA.
That's the next one up.
I mean, if you take pen plus,you know that.
Or Casp, it'll renew it, ofcourse, it'll renew it, of
course.
But like I want to take penplus and then wait a couple of
years and then take CESP Plus.
They might be one in the middlebetween pen and that one.
(13:40):
Um, I'm just hoping that, that Idon't have to take these exams
again, because they're a lot ofwork and this gets to the point
of of of investing in yourself,right, which is something also
that I want to quickly touch on.
You know, you have to invest inyourself and be willing to sit
(14:00):
in classes and and go home andstudy, you know, and and maybe
spend a little bit of money onyourself via spending your money
or or taking out a student loan.
I mean, I know this we Adversed, a lot of us are adverse to
taking loans, but you have totake, you have to invest in
yourself, and I think it is oneof those like nursing is one.
(14:23):
There's a couple other oneswhere Taking the loan and
finishing that's the key wordfinishing Will get you a job
that will enable you to pay backyour student loan, a job that
will pay you more than what youpreviously earned and and be
(14:43):
able to take, uh, pay, yourstudent loan.
I have a bachelor's inpsychology, I have a master's in
cyber and I'm finishing up mydoctorate in educational
technology.
But you know, I, throughthrough the process, I've taken
loans, through the loans, andI've seen because I'm, you know,
(15:08):
I've been completing that.
It has paid off for meprofessionally.
It's a, you know, as long asyou finish right.
Like I did take a year off ofmy doctorate program Because I
got an opportunity to do stuffat work.
That was one was gonna pay memore and two was gonna be, you
know, more Career-wise andadvantage to me.
(15:29):
So I decided to take a year off.
But I'm almost done now.
I'm just I'm up to mydissertation.
You know I'm finished, that I'm.
I'm actually in in the processof finishing.
I should be finishing a monthor so.
So you know you could stop andstart and stop and start.
I mean, but as long as youfinish Right, because if you're
(15:51):
sitting home and you say I don'twant to, I don't want to go to
school, it's gonna take me threeyears.
Guess why?
The three years are gonna passby anyway.
Right, you're gonna.
The three years are gonna passby, right?
Either you do the degree or youdon't do the degree.
The three years are, they'regonna pass by and as you get
older it goes by a lot fasterthan what you actually think,
(16:14):
and those of you who are, youknow, a little bit older know
what I'm talking about.
When you get older, the yearsgo by really, really quick.
So you know, the three yearsare gonna, the three years are
gonna come and go.
So depends on do you want to dothis or not, right?
I have students who can't evendo nine weeks.
I have students who are takinga free, a plus course for nine
(16:39):
weeks and someone alreadyDropped out because they can't
do the commitment.
They can do two hours a week,two days a week, three hours.
They can't, they just theycan't do it for whatever reason.
They can't do it.
So and I know sometimes lifegets in the way you know, people
have issues, people haveproblems, I get that, but you
can't sacrifice nine weeks, sixhours a week, to take it and
(17:04):
then, plus the studying that youhave to do, you can't, you, you
cannot do that.
That means you, you not.
Not only are you not ready forit, you're not ready for
anything.
Right, you have to be able to,to, to take that time and and
study.
All right, let's see what kindof roles you can get For this.
(17:25):
So there's three job roles.
Come, tia says you can get withthis job security specialist,
security administrator andsystems administrator.
So let's talk about that.
What is a cyber securityspecialist.
Cyber security specialist mustcontinually adapt to stay ahead
of cyber attackers.
They must remain up to date onthe latest method attackers are
(17:51):
using to infiltrate computersystems in IT security, cyber
security specialist continuallyanalyze risk and develop
strategies to prevent breaches.
They rely on teamwork becauseof the broad scope of security
measures that need to be appliedTo protect the integrity of the
network.
And again, my students who arelistening see how we say
teamwork, collaboration andcooperation.
See it's, it's there.
(18:12):
Other duties include keeping aclose watch For the
organization's network andmaking sure there are no
security breaches, investigatingany violations and running
defensive protocols.
Protecting sensitiveinformation by installing and
using software such as afirewall and data encryption
programs.
Documenting security breachesand the extent of the damage
(18:34):
caused by the breaches throughextensive reports.
Simulating attacks to look forvulnerabilities in their system
before they can be exploded,exploded and write reports based
on the simulation results Oneof the roles and
responsibilities of security acyber security specialist.
I adapt to constant change,continuously educating yourself.
(18:56):
Work well on the pressure,except that you might be ignored
by executives and they willignore you because IT does not
make money.
It spends money Right andexecutives like to look for
departments that make money, Iteach is spends money.
Except failure and blame, eventhough it's not your fault, it
(19:18):
is true.
Learn this concept you knowbetter, right?
They always gonna tell you.
When it's somebody, whensomebody does something, they
gotta say, oh, but you knewbetter, but you know better than
them.
You know better, you, the tech,you know better.
So get Get used to that.
(19:39):
We remain calm and not loseyour temper.
Be able to complete,comfortably, explain what went
wrong, including the details.
Expect that sometimes therewill be no ideal Solution.
And I would add, you know yougotta work on the fly.
In general, it and cybersecurity jobs require humidity.
In general, it and cybersecurity jobs require humidity.
(20:03):
The more you work in the field,the more you realize how little
you know.
These examples are from techRepublic article that rings true
to this day.
You must be able to takerejection.
You must Understand you arepart of a larger cybersecurity
team, a team that may not putyour interest first Wow, that is
(20:26):
true, brings back a lot of funmemories but you get paid very
well.
The average advertised salary,including According to cyber
seek in 2023, for acybersecurity specialist, is
106,265 dollars.
So there is money to be made inIT Right, but you got to take
(20:49):
the go with the bad Right.
The good news is you get paid,you know you make a decent wage,
very decent.
Bad news is a lot of headachesthat come with it.
You got to remember most part.
For the most part it's a 95 job.
But when things pop off youhave to be there overnight,
early in the morning on theweekends Right.
(21:12):
Just remember that.
They may not pay you for thateither if you're salary.
So just know that that's.
That's part of it.
You cannot be like, ohsomething, something goes down
and you're home on on you knowthe weekends and you say, oh, I
don't want to come in becauseit's the weekend.
No, that's not how it works.
So you might not have a jobcome Monday if you do that.
(21:35):
So Next we have a securityadministrator.
A security administrator is thepoint person for a cyber
security team.
They are typically responsiblefor installing, administrating
and troubleshooting organizationsecurity solutions.
They also write up securitypolicies and training documents
About security procedures foryour colleagues.
(21:55):
Security administrators areresponsible for the system
overall rather than for aspecific part.
One network and systemadministrators set up and
maintain the system.
Security administrators take astep back from overall view of
security rather than focusing onhardware and software.
Like the counterparts, theywork to defend the system as a
(22:16):
whole and keep it secure fromthreats.
As a security administrator,you may have the following
responsibilities Defending thesystem against unauthorized
access, modification and ordestruction.
Scanning and assessing networkfor vulnerabilities.
Monitoring network traffic forunusual activities.
Configuring and supportingsecurity tools such as firewall,
(22:38):
anti-virus software and patchmanagement system.
Implementing network securitypolicies.
Application security, accesscontrol and corporate data
safeguard.
Training fellow employees insecurity awareness and
procedures.
Developing and updatingbusiness continuity and disaster
recovery protocols.
Here's some of the skillsneeded by a security
(23:01):
administrator knowledge ofcommon protocols such as SSL,
https, dns, smtp and IPsec.
Now, if I have to explain whatthey are to you, you don't
belong in, you don't belong insecurity.
Right now saying that youbelong, you don't belong in IT,
but definitely you don't, youdon't belong in security.
A stronger understanding offirewall technologies, package
(23:25):
shaper, low balancer and proxyserver knowledge.
Intermediate to expertintrusion detection and
intrusion prevention systemknowledge.
Deep understanding of ITinfrastructure, including
protocols, operating systems andnetworks.
And according to cyber seek2023, the average advertised
(23:47):
salary for securityadministrator is 128 thousand
$665 All right.
Last is sub-skew analyst.
A sub-skew analyst.
Detects Cyber threats and thenimplements changes to protect an
organization.
Is following ways, manages andconfigures tools to monitor
activity on the network.
Analyze reports from the toolsto identify unusual behavior on
(24:11):
the network.
Proactively identifies networkvulnerabilities through
penetration testing,vulnerability scanning and
vulnerability assessment.
Reports, plans and recommendschanges to increase the security
of the network.
Applies security patches toprotect the network.
And the role of the cybersecurity and analysts varies
depending on the company size.
(24:31):
For example, at a small company, information security analysts
and intrusion detection may bepart of a larger IT role Held by
one person.
So in a smaller company, yougot to be doing more than one
job.
A Media-sized company may haveone full-time information
security analyst who handlesintrusion detection, firewalls
and antivirus.
An Enterprise level Analyst maywork in a security operation
(24:55):
center, or sock, on a team thatcentralized cyber security
efforts.
A sock team likely has severaltiers of sock analysts that
monitor, detect, contain andRemediate IT threats and report
to a sock manager.
So the average salaryadvertised for information
security analysts, according tocyber seek in April 2023, is
(25:19):
107,517 dollars.
Now a lot of money, right?
A lot of money.
But if you do this for money,it's not gonna work for you,
right?
I've seen a lot of students whowant to make money and they
want to take.
They want to go from cybersecurity, from Installing flaws
(25:44):
which is, you know, that's agood living to to write into
security plus.
Right, they don't want to takea plus.
I don't want to take, neverplus.
They don't want to take.
You know, they just want tojump right into security plus
because they feel like securityplus is going to make them the
most money.
But Especially if you're takinga bootcamp, right, there's
things that they're not gonna goover.
(26:05):
They're not gonna go.
They're not gonna go overcabling.
They're not gonna go over allthe protocols right, you know
they do.
They're gonna talk about DHCPand DNS.
If you don't know what thatmeans, they're not gonna stop
the class to explain the wholething to you.
So my advice to you if you wantto get into it, if you listen to
this because you want to getinto it, start with a plus.
(26:27):
That's the best.
This stuff scaffolds, right, itleads to other things.
So the more you advance, theeasier it gets, because you
already know some of it.
Right, you take a plus and youtake network plus.
You already know some stufffrom a plus.
That's a network plus.
You take security plus.
You already know some stuff.
(26:48):
That's a network plus.
So you it's scaffold, you knowknowledge.
It's less for you to studybecause they you already know
some of the concepts.
They overlap, they overlap.
I Took a plus for the bootcamp.
Then I took Monday, tuesday,wednesday, thursday.
Then I took both exams onSaturday.
The following week I did thesame thing Monday, tuesday when
(27:10):
the Thursday network plus.
Saturday.
I took the exam.
This was in 2015.
Then I stopped.
I couldn't do it anymore.
You know I was gonna dosecurity plus.
I couldn't do it.
Then I did security plus April.
The following year teacher waswhen I was doing my master's.
Teacher was offering a class onthe weekend, seven, seven
(27:30):
Saturdays, I don't know three orfour hours Saturdays.
After the fourth class I tookthe exam and passed.
Then I didn't take a cert.
You know I renewed it 2019,renewed in 2022, didn't take a
cert since 2016 it's been sixyears decided to take the CYSA
and the cloud plus.
(27:51):
I did those.
I have those I don't want totake.
I have an employer who pushedme to take the, the CCNA.
I just, I just don't.
I just doesn't appeal to me atall at all.
Never want to take that one.
The next one I'm shooting forhis pen plus.
I'll get it this year, maybe,might wait maybe to October,
(28:16):
november, so that way I can takeadvantage.
And if I wait till November,everything will renew three
years.
So I don't have to wait.
You know, 2020, 28, will bewhen I have to worry about my
security plus.
I think 2031 because I renewedit CYSA and and Cloud, if we do
(28:39):
my a network plus on our way to2028 and if I take the pen plus,
it'll renew it another threeyears, so I won't have to worry
about that.
To 2031, the a plus in thenetwork plus if I take the pen
plus.
But listen, I'm trying to getto retirement Before and not
letting these expire, you know.
(29:00):
You know that way I don't haveto take them again.
But listen, this is what I'mhere for.
My name again.
My name is professor J rod JRODand I'm here to help you with a
plus.
That were plus and securityplus.
Follow me on tic toc again.
It's that.
It's also professor J rod.
I go there, do you know?
(29:20):
Two minutes.
Oh, I do one question, try to.
I try to do it three times aday.
I mean it's.
It's extremely hard.
You know, like I said, I'mworking on my dissertation.
I'm almost done, guys.
I mean I'm done.
I just handed in my draft so Ihave to, you know, see, you know
do revisions on that, but youknow it's really hard to do
(29:43):
three a day.
I try to do a bunch in one dayand then I schedule them, but
it's tough.
It's tough, but I've.
I've implemented something, sohopefully it'll make it a lot
easier.
Follow me on Tic-Tac atprofessor J rod.
If I get a thousand followers Ican go live and then, if you
have any issues on why you notpassing the exam, maybe we can
go over.
I could do a mini lesson orsomething.
(30:04):
I'm here to help.
I want as many people as aspossible To get there a plus,
that were plus security, plusall the exams that you want.
I'll help you.
Just keep to continue followingme and continue Support this
channel and all my otherplatforms.
So and I thank you forlistening, I, you know.
(30:28):
Next, I don't know what I'mgonna, what's gonna be the next
episode, but I do know that comeTia just announced that I think
last week that net were plus isGetting a new exam, so let me
see if I can find someinformation about that.
Maybe not, maybe won't be thenext episode, but Surely as soon
(30:48):
as I can find information on it, were plus I'll, I'll send it
out to you guys.
All right, that's gonna be awrap on today's show.
Thank you for everybodylistening Until next time.
(31:09):
This has been a production oflittle Chacha.
Productions are by Sarah Musicby Joe Kim.
You can reach me at professor Jrod, j R O D I gmailcom, also
(31:35):
on Instagram at professor J rod,and also on tiktok at professor
J rod.
And welcome to the technology tab.
I'm Professor Jay Rod.
In this episode, we're going totalk about security plus 701.
Let's get into it, alright,welcome to technology tab.
(01:08):
For those of you who don't knowme, my name is Professor Jay
Rod JROD and I'm Professor ofCybersecurity and I love doing
this podcast and also my TikTok,because I like to help students
pass their security plus,network plus and a plus series
of exams.
I'm a very big believer of that.
(01:29):
In this episode, we are goingto talk about the new security
plus exam that came out.
It's been a while.
So the new security 701 wasreleased on November 7, 2023.
According to CompTIA, is thebest version yet and, as you may
(01:50):
or may not know, every threeyears CompTIA updates its exams
to incorporate the latestdevelopment in technology and
security practice.
Now does that mean that if I'vebeen studying for the 601 all
this time that I can, I cannottake the 601 exam?
Yeah, you still can.
They'll run in parallel untilJune.
(02:13):
I think it's the end of June,june 30, 2024.
It's the last day that you cantake the 601.
So if you have not done so,study and take the 601 now, or
if you take it to class, or ifyou take it to bootcamp, make
sure that you finish by June 30,because then you 601 won't be
(02:38):
available anymore.
Yeah, you can take the 701 withthe stuff that you study, but
they may have been stuff thathave changed or they've added
new stuff and in my you may nothave studied it.
So let's take a look.
The new CompTIA security examaddresses the latest
cybersecurity trends andtechniques, including the most
core technical skills in riskassessment and management,
(03:00):
incident response, forensics,enterprise networks, hybrid
cloud operations and securitycontrols, ensuring high
performance on the job.
These skills include assessingthe security posture of an
enterprise environment andrecommend and implement
appropriate security solutions.
Monitoring and securing hybridenvironment environments,
(03:22):
including cloud, mobile internetand interactive things in
operational technology.
Operating with an awareness ofapplicable regulations and
policies, including principlesof governance, risk and
compliance.
Identifying, analyzing andresponding to security events
and incidents.
About 20% of the examobjectives were updated to
(03:45):
include current trends.
The latest in threat attacks,vulnerabilities, automation,
zero trust, risk, iot, ot andcloud environments are
emphasized, as well ascommunication, reporting and
teamwork.
I always tell my students thatcomputers or IT in general is
(04:08):
under the overall umbrella ofcommunications Hybrid
environment the latesttechniques for cybersecurity
professionals working in hybridenvironments that are located in
the cloud and on premise.
So let's take a look at thedifference between the 601 and
(04:28):
the 701.
601.
24% was on attack, threats andvulnerabilities, 21% was on
architecture and design, 25% wason implementation, 16% was on
operations and incident response, 14% was governance, risk and
(04:48):
compliance.
The new 701 is 12% generalsecurity concepts, 22% threats,
vulnerabilities and mitigation,18% security architecture, 20%
security operations and 20%security program management and
oversight.
So in a field like cybersecurity, with job continuity
(05:12):
evolving is continuing andevolving comp T exam domains
need to reflect what ishappening in the industry.
So let's take a look at whateach domain is and the
description of it and how itapplies to IT jobs.
The first is general securityconcepts.
Include various types ofsecurity controls, fundamental
(05:33):
security concepts, theimportance of change management
processes and usingcryptographic solutions.
Understanding cyber securityterminology and core concepts
are essential to cyber securitywork and provides a common
language of communication forcyber security industry workers.
These threats, vulnerabilitiesand mitigation, which includes
(05:56):
threat actors and motivations,threat vectors, attack services,
types of vulnerabilities,mitigation and techniques and
indicators of malicious activity.
Cyber security professionalsmust be aware of the threat,
attacks and vulnerabilities thatmay impact the network in order
to mitigate them.
To prevent data breaches,malicious activity must be
(06:17):
identified, analyzed andmitigation techniques
implemented to secure theenterprise.
Next, we have securityarchitecture includes
implications of differentarchitecture, models, concepts
and strategies to protect datasecurity, principles to ensure
enterprises and the importanceof resistance and recovery and
(06:38):
security architecture.
Security professionals must befamiliar with different types of
security architecture anddifferent techniques are needed
to secure them, including onpremise, the cloud and the
hybrid networks.
Next, we have securityoperations includes security
techniques, security learningand monitoring, concepts and
(06:59):
tools, vulnerability managementactivities, security
implications of proper hardware,software and data asset
management, identity and accessmanagement, as well as the
importance of automation andorchestration and incident
response activity.
Security operations includesthe important day to day work
that cybersecurity professionalsdo, such as monitoring systems,
(07:22):
finding vulnerabilities,hardening systems and incident
response.
Incident response is a keyfunction of cybersecurity
professionals.
Skilled employees are needed toimplement an effective incident
response program.
And then last is securityprogram.
Management and oversightincludes elements of effective
(07:43):
security governance, the riskmanagement processes, including
third party risk assessments andmanagement, types and purpose
of audits and assessments,security awareness practice and
elements of security compliance.
Security professionals areresponsible for reporting and
communicating the activity, suchas security, incident
information, the types ofthreats, attacks and
(08:05):
vulnerabilities, files,transient counter, etc.
Savage security professionalsmust learn the latest trends of
effective security governance,including third party risk
management concepts to help withsecurity compliance for an
organization.
Now again, the same rules applywith this as with any other
(08:29):
comtea exam.
They expire after three yearsand one of the several ways that
you could upgrade it or keepyour cybersecurity cert While
you could do continuingeducation I think it's 60, you
need 60 continuing educationcredits in order to renew your
(08:49):
cybersecurity cert.
You could always take anotherexam higher than this, like CYSA
plus is one, pen plus isanother that's higher than this,
one that you could take thatare renew it.
You could also take the examagain, but you know you're gonna
(09:09):
have to Study for everythingagain.
You might as well just take adifferent one, right?
Why would you take the same oneif you already took it Right?
And it doesn't matter for thetwo things that don't well, as
far as I know, don't matter.
One definitely doesn't matterwhich is the score that you have
Right.
You need to score 750 out of 900.
That's what you should beaiming for.
(09:32):
Don't aim for 900 out 900,because I'm telling you, and
I've been teaching this for alittle bit now you will fail the
exam.
If you try to get a perfectscore on this exam and Getting a
perfect score does not meananything, does not mean anything
(09:53):
.
All you need to do is to pass.
Right steel joke right, if tenlawyers I'll pass the bar exam,
and they put a list of you know,from highest score to lowest
score, what do they call the guyon number 10?
They call him a lawyer.
Right, because he he passedRight.
(10:15):
So your, your job is to pass theexam.
Your job is not to get a 900 or900, because nobody was gonna
ask you.
Nobody's gonna ask you, noone's gonna care.
Maybe a teacher like me willask you hey, what was your score
?
But when you apply for a joband they say, hey, you have your
security plus, sir, and you sayyes, then I gotta ask you you
(10:35):
know, you know what's the.
What score do you have?
Nobody cares it's, they don'treally care if you pass.
I once had a student who Passeda think it was a plus, and
wanted me to help them get ahigher score.
I'm sick.
I'm not.
I'm not wasting my time on this.
You have your a plus.
Why am I gonna waste my timedoing this?
You know, I said I'd ratherhelp a student who doesn't have
(10:59):
an a plus, then help you get ahigher score.
Oh, my friend got a higherscore.
I want to.
I want to beat that score.
All right, you do it on yourown.
I'm not no waste my time doingthat.
So you know that nobody, nobodycares, nobody care.
And the other thing is, for themost part, nobody cares what
version of security plus thatyou have.
(11:21):
So you have.
You take the 601, right.
You may think, oh, the 601, the7-1's coming out, the employee
might ask for a 701.
They're not gonna ask.
Most of them will not ask.
I've never encountered Anybodytelling me like, oh, I didn't
get a job because I I got the501 instead of the 601.
I've never heard of that.
(11:41):
I've never heard of that.
I mean the only ones who might,again, if you teaching it,
that's different, right, theymight want you to have the, the
latest one, but for the mostpart, nobody cares, nobody, as
long as you, you know, have yoursecurity plus and it's valid,
right.
You know, mine is is I tookmine in 2016, right, it is not
(12:08):
valid.
I'm I still valid?
I renewed it twice.
So, and then I renewed it Oneby taking the cert master 150
questions in 2016.
I did in 2016.
I renewed it that way, no 2016,I got it 2019.
I renewed it that way by thecert master 2022.
(12:29):
I renewed it by CEs becausesince I presented at conferences
, I teach this, I have asyllabus, I have PowerPoints,
you know I was able to renew itthat way and Then that was April
of 2022 and then October 2022.
I renewed it again because Itook the CYSA plus Exam and the
(12:52):
years go by quick.
Right, I did October 2022already next October, not this
October, next October I have torenew it.
So I'll probably take pen plusand renew all my certs again.
So I should have done Well,cloud cloud plus is the
equivalent of security plus.
It doesn't get renewed.
You take cloud plus, it wouldonly get renewed if you take
(13:16):
CYSA.
That's the next one up.
I mean, if you take pen plus,you know that.
Or Casp, it'll renew it, ofcourse, it'll renew it, of
course.
But like I want to take penplus and then wait a couple of
years and then take CESP Plus.
They might be one in the middlebetween pen and that one.
(13:40):
Um, I'm just hoping that, that Idon't have to take these exams
again, because they're a lot ofwork and this gets to the point
of of of investing in yourself,right, which is something also
that I want to quickly touch on.
You know, you have to invest inyourself and be willing to sit
(14:00):
in classes and and go home andstudy, you know, and and maybe
spend a little bit of money onyourself via spending your money
or or taking out a student loan.
I mean, I know this we Adversed, a lot of us are adverse to
taking loans, but you have totake, you have to invest in
yourself, and I think it is oneof those like nursing is one.
(14:23):
There's a couple other oneswhere Taking the loan and
finishing that's the key wordfinishing Will get you a job
that will enable you to pay backyour student loan, a job that
will pay you more than what youpreviously earned and and be
(14:43):
able to take, uh, pay, yourstudent loan.
I have a bachelor's inpsychology, I have a master's in
cyber and I'm finishing up mydoctorate in educational
technology.
But you know, I, throughthrough the process, I've taken
loans, through the loans, andI've seen because I'm, you know,
(15:08):
I've been completing that.
It has paid off for meprofessionally.
It's a, you know, as long asyou finish right.
Like I did take a year off ofmy doctorate program Because I
got an opportunity to do stuffat work.
That was one was gonna pay memore and two was gonna be, you
know, more Career-wise andadvantage to me.
(15:29):
So I decided to take a year off.
But I'm almost done now.
I'm just I'm up to mydissertation.
You know I'm finished, that I'm.
I'm actually in in the processof finishing.
I should be finishing a monthor so.
So you know you could stop andstart and stop and start.
I mean, but as long as youfinish Right, because if you're
(15:51):
sitting home and you say I don'twant to, I don't want to go to
school, it's gonna take me threeyears.
Guess why?
The three years are gonna passby anyway.
Right, you're gonna.
The three years are gonna passby, right?
Either you do the degree or youdon't do the degree.
The three years are, they'regonna pass by and as you get
older it goes by a lot fasterthan what you actually think,
(16:14):
and those of you who are, youknow, a little bit older know
what I'm talking about.
When you get older, the yearsgo by really, really quick.
So you know, the three yearsare gonna, the three years are
gonna come and go.
So depends on do you want to dothis or not, right?
I have students who can't evendo nine weeks.
I have students who are takinga free, a plus course for nine
(16:39):
weeks and someone alreadyDropped out because they can't
do the commitment.
They can do two hours a week,two days a week, three hours.
They can't, they just theycan't do it for whatever reason.
They can't do it.
So and I know sometimes lifegets in the way you know, people
have issues, people haveproblems, I get that, but you
can't sacrifice nine weeks, sixhours a week, to take it and
(17:04):
then, plus the studying that youhave to do, you can't, you, you
cannot do that.
That means you, you not.
Not only are you not ready forit, you're not ready for
anything.
Right, you have to be able to,to, to take that time and and
study.
All right, let's see what kindof roles you can get For this.
(17:25):
So there's three job roles.
Come, tia says you can get withthis job security specialist,
security administrator andsystems administrator.
So let's talk about that.
What is a cyber securityspecialist.
Cyber security specialist mustcontinually adapt to stay ahead
of cyber attackers.
They must remain up to date onthe latest method attackers are
(17:51):
using to infiltrate computersystems in IT security, cyber
security specialist continuallyanalyze risk and develop
strategies to prevent breaches.
They rely on teamwork becauseof the broad scope of security
measures that need to be appliedTo protect the integrity of the
network.
And again, my students who arelistening see how we say
teamwork, collaboration andcooperation.
See it's, it's there.
(18:12):
Other duties include keeping aclose watch For the
organization's network andmaking sure there are no
security breaches, investigatingany violations and running
defensive protocols.
Protecting sensitiveinformation by installing and
using software such as afirewall and data encryption
programs.
Documenting security breachesand the extent of the damage
(18:34):
caused by the breaches throughextensive reports.
Simulating attacks to look forvulnerabilities in their system
before they can be exploded,exploded and write reports based
on the simulation results Oneof the roles and
responsibilities of security acyber security specialist.
I adapt to constant change,continuously educating yourself.
(18:56):
Work well on the pressure,except that you might be ignored
by executives and they willignore you because IT does not
make money.
It spends money Right andexecutives like to look for
departments that make money, Iteach is spends money.
Except failure and blame, eventhough it's not your fault, it
(19:18):
is true.
Learn this concept you knowbetter, right?
They always gonna tell you.
When it's somebody, whensomebody does something, they
gotta say, oh, but you knewbetter, but you know better than
them.
You know better, you, the tech,you know better.
So get Get used to that.
(19:39):
We remain calm and not loseyour temper.
Be able to complete,comfortably, explain what went
wrong, including the details.
Expect that sometimes therewill be no ideal Solution.
And I would add, you know yougotta work on the fly.
In general, it and cybersecurity jobs require humidity.
In general, it and cybersecurity jobs require humidity.
(20:03):
The more you work in the field,the more you realize how little
you know.
These examples are from techRepublic article that rings true
to this day.
You must be able to takerejection.
You must Understand you arepart of a larger cybersecurity
team, a team that may not putyour interest first Wow, that is
(20:26):
true, brings back a lot of funmemories but you get paid very
well.
The average advertised salary,including According to cyber
seek in 2023, for acybersecurity specialist, is
106,265 dollars.
So there is money to be made inIT Right, but you got to take
(20:49):
the go with the bad Right.
The good news is you get paid,you know you make a decent wage,
very decent.
Bad news is a lot of headachesthat come with it.
You got to remember most part.
For the most part it's a 95 job.
But when things pop off youhave to be there overnight,
early in the morning on theweekends Right.
(21:12):
Just remember that.
They may not pay you for thateither if you're salary.
So just know that that's.
That's part of it.
You cannot be like, ohsomething, something goes down
and you're home on on you knowthe weekends and you say, oh, I
don't want to come in becauseit's the weekend.
No, that's not how it works.
So you might not have a jobcome Monday if you do that.
(21:35):
So Next we have a securityadministrator.
A security administrator is thepoint person for a cyber
security team.
They are typically responsiblefor installing, administrating
and troubleshooting organizationsecurity solutions.
They also write up securitypolicies and training documents
About security procedures foryour colleagues.
(21:55):
Security administrators areresponsible for the system
overall rather than for aspecific part.
One network and systemadministrators set up and
maintain the system.
Security administrators take astep back from overall view of
security rather than focusing onhardware and software.
Like the counterparts, theywork to defend the system as a
(22:16):
whole and keep it secure fromthreats.
As a security administrator,you may have the following
responsibilities Defending thesystem against unauthorized
access, modification and ordestruction.
Scanning and assessing networkfor vulnerabilities.
Monitoring network traffic forunusual activities.
Configuring and supportingsecurity tools such as firewall,
(22:38):
anti-virus software and patchmanagement system.
Implementing network securitypolicies.
Application security, accesscontrol and corporate data
safeguard.
Training fellow employees insecurity awareness and
procedures.
Developing and updatingbusiness continuity and disaster
recovery protocols.
Here's some of the skillsneeded by a security
(23:01):
administrator knowledge ofcommon protocols such as SSL,
https, dns, smtp and IPsec.
Now, if I have to explain whatthey are to you, you don't
belong in, you don't belong insecurity.
Right now saying that youbelong, you don't belong in IT,
but definitely you don't, youdon't belong in security.
A stronger understanding offirewall technologies, package
(23:25):
shaper, low balancer and proxyserver knowledge.
Intermediate to expertintrusion detection and
intrusion prevention systemknowledge.
Deep understanding of ITinfrastructure, including
protocols, operating systems andnetworks.
And according to cyber seek2023, the average advertised
(23:47):
salary for securityadministrator is 128 thousand
$665 All right.
Last is sub-skew analyst.
A sub-skew analyst.
Detects Cyber threats and thenimplements changes to protect an
organization.
Is following ways, manages andconfigures tools to monitor
activity on the network.
Analyze reports from the toolsto identify unusual behavior on
(24:11):
the network.
Proactively identifies networkvulnerabilities through
penetration testing,vulnerability scanning and
vulnerability assessment.
Reports, plans and recommendschanges to increase the security
of the network.
Applies security patches toprotect the network.
And the role of the cybersecurity and analysts varies
depending on the company size.
(24:31):
For example, at a small company, information security analysts
and intrusion detection may bepart of a larger IT role Held by
one person.
So in a smaller company, yougot to be doing more than one
job.
A Media-sized company may haveone full-time information
security analyst who handlesintrusion detection, firewalls
and antivirus.
An Enterprise level Analyst maywork in a security operation
(24:55):
center, or sock, on a team thatcentralized cyber security
efforts.
A sock team likely has severaltiers of sock analysts that
monitor, detect, contain andRemediate IT threats and report
to a sock manager.
So the average salaryadvertised for information
security analysts, according tocyber seek in April 2023, is
(25:19):
107,517 dollars.
Now a lot of money, right?
A lot of money.
But if you do this for money,it's not gonna work for you,
right?
I've seen a lot of students whowant to make money and they
want to take.
They want to go from cybersecurity, from Installing flaws
(25:44):
which is, you know, that's agood living to to write into
security plus.
Right, they don't want to takea plus.
I don't want to take, neverplus.
They don't want to take.
You know, they just want tojump right into security plus
because they feel like securityplus is going to make them the
most money.
But Especially if you're takinga bootcamp, right, there's
things that they're not gonna goover.
(26:05):
They're not gonna go.
They're not gonna go overcabling.
They're not gonna go over allthe protocols right, you know
they do.
They're gonna talk about DHCPand DNS.
If you don't know what thatmeans, they're not gonna stop
the class to explain the wholething to you.
So my advice to you if you wantto get into it, if you listen to
this because you want to getinto it, start with a plus.
(26:27):
That's the best.
This stuff scaffolds, right, itleads to other things.
So the more you advance, theeasier it gets, because you
already know some of it.
Right, you take a plus and youtake network plus.
You already know some stufffrom a plus.
That's a network plus.
You take security plus.
You already know some stuff.
(26:48):
That's a network plus.
So you it's scaffold, you knowknowledge.
It's less for you to studybecause they you already know
some of the concepts.
They overlap, they overlap.
I Took a plus for the bootcamp.
Then I took Monday, tuesday,wednesday, thursday.
Then I took both exams onSaturday.
The following week I did thesame thing Monday, tuesday when
(27:10):
the Thursday network plus.
Saturday.
I took the exam.
This was in 2015.
Then I stopped.
I couldn't do it anymore.
You know I was gonna dosecurity plus.
I couldn't do it.
Then I did security plus April.
The following year teacher waswhen I was doing my master's.
Teacher was offering a class onthe weekend, seven, seven
(27:30):
Saturdays, I don't know three orfour hours Saturdays.
After the fourth class I tookthe exam and passed.
Then I didn't take a cert.
You know I renewed it 2019,renewed in 2022, didn't take a
cert since 2016 it's been sixyears decided to take the CYSA
and the cloud plus.
(27:51):
I did those.
I have those I don't want totake.
I have an employer who pushedme to take the, the CCNA.
I just, I just don't.
I just doesn't appeal to me atall at all.
Never want to take that one.
The next one I'm shooting forhis pen plus.
I'll get it this year, maybe,might wait maybe to October,
(28:16):
november, so that way I can takeadvantage.
And if I wait till November,everything will renew three
years.
So I don't have to wait.
You know, 2020, 28, will bewhen I have to worry about my
security plus.
I think 2031 because I renewedit CYSA and and Cloud, if we do
(28:39):
my a network plus on our way to2028 and if I take the pen plus,
it'll renew it another threeyears, so I won't have to worry
about that.
To 2031, the a plus in thenetwork plus if I take the pen
plus.
But listen, I'm trying to getto retirement Before and not
letting these expire, you know.
(29:00):
You know that way I don't haveto take them again.
But listen, this is what I'mhere for.
My name again.
My name is professor J rod JRODand I'm here to help you with a
plus.
That were plus and securityplus.
Follow me on tic toc again.
It's that.
It's also professor J rod.
I go there, do you know?
(29:20):
Two minutes.
Oh, I do one question, try to.
I try to do it three times aday.
I mean it's.
It's extremely hard.
You know, like I said, I'mworking on my dissertation.
I'm almost done, guys.
I mean I'm done.
I just handed in my draft so Ihave to, you know, see, you know
do revisions on that, but youknow it's really hard to do
(29:43):
three a day.
I try to do a bunch in one dayand then I schedule them, but
it's tough.
It's tough, but I've.
I've implemented something, sohopefully it'll make it a lot
easier.
Follow me on Tic-Tac atprofessor J rod.
If I get a thousand followers Ican go live and then, if you
have any issues on why you notpassing the exam, maybe we can
go over.
I could do a mini lesson orsomething.
(30:04):
I'm here to help.
I want as many people as aspossible To get there a plus,
that were plus security, plusall the exams that you want.
I'll help you.
Just keep to continue followingme and continue Support this
channel and all my otherplatforms.
So and I thank you forlistening, I, you know.
(30:28):
Next, I don't know what I'mgonna, what's gonna be the next
episode, but I do know that comeTia just announced that I think
last week that net were plus isGetting a new exam, so let me
see if I can find someinformation about that.
Maybe not, maybe won't be thenext episode, but Surely as soon
(30:48):
as I can find information on it, were plus I'll, I'll send it
out to you guys.
All right, that's gonna be awrap on today's show.
Thank you for everybodylistening Until next time.
(31:09):
This has been a production oflittle Chacha.
Productions are by Sarah Musicby Joe Kim.
You can reach me at professor Jrod, j R O D I gmailcom, also
(31:35):
on Instagram at professor J rod,and also on tiktok at professor
J rod.
Popular Podcasts
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.