Unlock the door to next-level cybersecurity expertise with our exploration of CompTIA's latest Security+ 701 exam, hot off the press since November 7, 2023. I, Professor Jay Rod, am your guide, clarifying the must-know trends and pivotal skills spotlighted in this new benchmark for IT security professionals. If you're on track for the 601, there's a ticking clock to beat its June 2024 retirement, so gear up to transition smoothly to the 701's updated focus areas. We’re not just talking about dry theory; this is about real-world applications in risk management, incident response, and mastering hybrid cloud complexities that will propel your cybersecurity career to its peak performance.
Strap in as we navigate the intricate maze of career development within the vast cybersecurity and IT landscape. It's a marathon, not a sprint, balancing the grind of education with the realities of financial commitments, yet the finish line promises lucrative rewards with salaries that can soar beyond $100k. We'll candidly dissect what it takes to thrive in this high-stakes industry—from the relentless pursuit of knowledge to the art of keeping cool under pressure in team environments. Plus, with a teaser about upcoming changes to CompTIA's Network+ certification, rest assured, you'll be the first to hear all the details right here, where we're committed to keeping you ahead of the curve in the ever-changing tech world.
If you want to help me with my research please e-mail me.
Professorjrod@gmail.com
If you want to join my question/answer zoom class e-mail me at
Professorjrod@gmail.com
Art By Sarah/Desmond
Music by Joakim Karud
Little chacha Productions
Juan Rodriguez can be reached at
TikTok @ProfessorJrod
ProfessorJRod@gmail.com
@Prof_JRod
Instagram ProfessorJRod
Unlock the door to next-level cybersecurity expertise with our exploration of CompTIA's latest Security+ 701 exam, hot off the press since November 7, 2023. I, Professor Jay Rod, am your guide, clarifying the must-know trends and pivotal skills spotlighted in this new benchmark for IT security professionals. If you're on track for the 601, there's a ticking clock to beat its June 2024 retirement, so gear up to transition smoothly to the 701's updated focus areas. We’re not just talking about dry theory; this is about real-world applications in risk management, incident response, and mastering hybrid cloud complexities that will propel your cybersecurity career to its peak performance.
Strap in as we navigate the intricate maze of career development within the vast cybersecurity and IT landscape. It's a marathon, not a sprint, balancing the grind of education with the realities of financial commitments, yet the finish line promises lucrative rewards with salaries that can soar beyond $100k. We'll candidly dissect what it takes to thrive in this high-stakes industry—from the relentless pursuit of knowledge to the art of keeping cool under pressure in team environments. Plus, with a teaser about upcoming changes to CompTIA's Network+ certification, rest assured, you'll be the first to hear all the details right here, where we're committed to keeping you ahead of the curve in the ever-changing tech world.
If you want to help me with my research please e-mail me.
Professorjrod@gmail.com
If you want to join my question/answer zoom class e-mail me at
Professorjrod@gmail.com
Art By Sarah/Desmond
Music by Joakim Karud
Little chacha Productions
Juan Rodriguez can be reached at
TikTok @ProfessorJrod
ProfessorJRod@gmail.com
@Prof_JRod
Instagram ProfessorJRod
And welcome to the technology tab. I'm Professor Jay Rod. In this episode, we're going to talk about security plus 701. Let's get into it, alright, welcome to technology tab. For those of you who don't know me, my name is Professor Jay Rod JROD and I'm Professor of Cybersecurity and I love doing this podcast and also my TikTok, because I like to help students pass their security plus, network plus and a plus series of exams. I'm a very big believer of that. In this episode, we are going to talk about the new security plus exam that came out. It's been a while. So the new security 701 was released on November 7, 2023.
Speaker 1:According to CompTIA, is the best version yet and, as you may or may not know, every three years CompTIA updates its exams to incorporate the latest development in technology and security practice. Now does that mean that if I've been studying for the 601 all this time that I can, I cannot take the 601 exam? Yeah, you still can. They'll run in parallel until June. I think it's the end of June, june 30, 2024. It's the last day that you can take the 601. So if you have not done so, study and take the 601 now, or if you take it to class, or if you take it to bootcamp, make sure that you finish by June 30, because then you 601 won't be available anymore. Yeah, you can take the 701 with the stuff that you study, but they may have been stuff that have changed or they've added new stuff and in my you may not have studied it. So let's take a look.
Speaker 1:The new CompTIA security exam addresses the latest cybersecurity trends and techniques, including the most core technical skills in risk assessment and management, incident response, forensics, enterprise networks, hybrid cloud operations and security controls, ensuring high performance on the job. These skills include assessing the security posture of an enterprise environment and recommend and implement appropriate security solutions. Monitoring and securing hybrid environment environments, including cloud, mobile internet and interactive things in operational technology. Operating with an awareness of applicable regulations and policies, including principles of governance, risk and compliance. Identifying, analyzing and responding to security events and incidents. About 20% of the exam objectives were updated to include current trends. The latest in threat attacks, vulnerabilities, automation, zero trust, risk, iot, ot and cloud environments are emphasized, as well as communication, reporting and teamwork. I always tell my students that computers or IT in general is under the overall umbrella of communications Hybrid environment the latest techniques for cybersecurity professionals working in hybrid environments that are located in the cloud and on premise.
Speaker 1:So let's take a look at the difference between the 601 and the 701. 601. 24% was on attack, threats and vulnerabilities, 21% was on architecture and design, 25% was on implementation, 16% was on operations and incident response, 14% was governance, risk and compliance. The new 701 is 12% general security concepts, 22% threats, vulnerabilities and mitigation, 18% security architecture, 20% security operations and 20% security program management and oversight. So in a field like cyber security, with job continuity evolving is continuing and evolving comp T exam domains need to reflect what is happening in the industry. So let's take a look at what each domain is and the description of it and how it applies to IT jobs.
Speaker 1:The first is general security concepts. Include various types of security controls, fundamental security concepts, the importance of change management processes and using cryptographic solutions. Understanding cyber security terminology and core concepts are essential to cyber security work and provides a common language of communication for cyber security industry workers. These threats, vulnerabilities and mitigation, which includes threat actors and motivations, threat vectors, attack services, types of vulnerabilities, mitigation and techniques and indicators of malicious activity. Cyber security professionals must be aware of the threat, attacks and vulnerabilities that may impact the network in order to mitigate them. To prevent data breaches, malicious activity must be identified, analyzed and mitigation techniques implemented to secure the enterprise. Next, we have security architecture includes implications of different architecture, models, concepts and strategies to protect data security, principles to ensure enterprises and the importance of resistance and recovery and security architecture. Security professionals must be familiar with different types of security architecture and different techniques are needed to secure them, including on premise, the cloud and the hybrid networks. Next, we have security operations includes security techniques, security learning and monitoring, concepts and tools, vulnerability management activities, security implications of proper hardware, software and data asset management, identity and access management, as well as the importance of automation and orchestration and incident response activity. Security operations includes the important day to day work that cybersecurity professionals do, such as monitoring systems, finding vulnerabilities, hardening systems and incident response. Incident response is a key function of cybersecurity professionals. Skilled employees are needed to implement an effective incident response program. And then last is security program. Management and oversight includes elements of effective security governance, the risk management processes, including third party risk assessments and management, types and purpose of audits and assessments, security awareness practice and elements of security compliance. Security professionals are responsible for reporting and communicating the activity, such as security, incident information, the types of threats, attacks and vulnerabilities, files, transient counter, etc. Savage security professionals must learn the latest trends of effective security governance, including third party risk management concepts to help with security compliance for an organization.
Speaker 1:Now again, the same rules apply with this as with any other comtea exam. They expire after three years and one of the several ways that you could upgrade it or keep your cybersecurity cert While you could do continuing education I think it's 60, you need 60 continuing education credits in order to renew your cybersecurity cert. You could always take another exam higher than this, like CYSA plus is one, pen plus is another that's higher than this, one that you could take that are renew it. You could also take the exam again, but you know you're gonna have to Study for everything again. You might as well just take a different one, right? Why would you take the same one if you already took it Right? And it doesn't matter for the two things that don't well, as far as I know, don't matter. One definitely doesn't matter which is the score that you have Right.
Speaker 1:You need to score 750 out of 900. That's what you should be aiming for. Don't aim for 900 out 900, because I'm telling you, and I've been teaching this for a little bit now you will fail the exam. If you try to get a perfect score on this exam and Getting a perfect score does not mean anything, does not mean anything. All you need to do is to pass. Right steel joke right, if ten lawyers I'll pass the bar exam, and they put a list of you know, from highest score to lowest score, what do they call the guy on number 10? They call him a lawyer. Right, because he he passed Right.
Speaker 1:So your, your job is to pass the exam. Your job is not to get a 900 or 900, because nobody was gonna ask you. Nobody's gonna ask you, no one's gonna care. Maybe a teacher like me will ask you hey, what was your score? But when you apply for a job and they say, hey, you have your security plus, sir, and you say yes, then I gotta ask you you know, you know what's the. What score do you have? Nobody cares it's, they don't really care if you pass.
Speaker 1:I once had a student who Passed a think it was a plus, and wanted me to help them get a higher score. I'm sick. I'm not. I'm not wasting my time on this. You have your a plus. Why am I gonna waste my time doing this? You know, I said I'd rather help a student who doesn't have an a plus, then help you get a higher score. Oh, my friend got a higher score. I want to. I want to beat that score. All right, you do it on your own. I'm not no waste my time doing that. So you know that nobody, nobody cares, nobody care.
Speaker 1:And the other thing is, for the most part, nobody cares what version of security plus that you have. So you have. You take the 601, right. You may think, oh, the 601, the 7-1's coming out, the employee might ask for a 701. They're not gonna ask. Most of them will not ask. I've never encountered Anybody telling me like, oh, I didn't get a job because I I got the 501 instead of the 601. I've never heard of that. I've never heard of that. I mean the only ones who might, again, if you teaching it, that's different, right, they might want you to have the, the latest one, but for the most part, nobody cares, nobody, as long as you, you know, have your security plus and it's valid, right. You know, mine is is I took mine in 2016, right, it is not valid.
Speaker 1:I'm I still valid? I renewed it twice. So, and then I renewed it One by taking the cert master 150 questions in 2016. I did in 2016. I renewed it that way, no 2016, I got it 2019. I renewed it that way by the cert master 2022. I renewed it by CEs because since I presented at conferences, I teach this, I have a syllabus, I have PowerPoints, you know I was able to renew it that way and Then that was April of 2022 and then October 2022. I renewed it again because I took the CYSA plus Exam and the years go by quick. Right, I did October 2022 already next October, not this October, next October I have to renew it. So I'll probably take pen plus and renew all my certs again. So I should have done Well, cloud cloud plus is the equivalent of security plus.
Speaker 1:It doesn't get renewed. You take cloud plus, it would only get renewed if you take CYSA. That's the next one up. I mean, if you take pen plus, you know that. Or Casp, it'll renew it, of course, it'll renew it, of course. But like I want to take pen plus and then wait a couple of years and then take CESP Plus. They might be one in the middle between pen and that one.
Speaker 1:Um, I'm just hoping that, that I don't have to take these exams again, because they're a lot of work and this gets to the point of of of investing in yourself, right, which is something also that I want to quickly touch on. You know, you have to invest in yourself and be willing to sit in classes and and go home and study, you know, and and maybe spend a little bit of money on yourself via spending your money or or taking out a student loan. I mean, I know this we Adversed, a lot of us are adverse to taking loans, but you have to take, you have to invest in yourself, and I think it is one of those like nursing is one. There's a couple other ones where Taking the loan and finishing that's the key word finishing Will get you a job that will enable you to pay back your student loan, a job that will pay you more than what you previously earned and and be able to take, uh, pay, your student loan.
Speaker 1:I have a bachelor's in psychology, I have a master's in cyber and I'm finishing up my doctorate in educational technology. But you know, I, through through the process, I've taken loans, through the loans, and I've seen because I'm, you know, I've been completing that. It has paid off for me professionally. It's a, you know, as long as you finish right. Like I did take a year off of my doctorate program Because I got an opportunity to do stuff at work. That was one was gonna pay me more and two was gonna be, you know, more Career-wise and advantage to me. So I decided to take a year off. But I'm almost done now. I'm just I'm up to my dissertation. You know I'm finished, that I'm. I'm actually in in the process of finishing. I should be finishing a month or so. So you know you could stop and start and stop and start. I mean, but as long as you finish Right, because if you're sitting home and you say I don't want to, I don't want to go to school, it's gonna take me three years.
Speaker 1:Guess why? The three years are gonna pass by anyway. Right, you're gonna. The three years are gonna pass by, right? Either you do the degree or you don't do the degree. The three years are, they're gonna pass by and as you get older it goes by a lot faster than what you actually think, and those of you who are, you know, a little bit older know what I'm talking about. When you get older, the years go by really, really quick. So you know, the three years are gonna, the three years are gonna come and go. So depends on do you want to do this or not, right?
Speaker 1:I have students who can't even do nine weeks. I have students who are taking a free, a plus course for nine weeks and someone already Dropped out because they can't do the commitment. They can do two hours a week, two days a week, three hours. They can't, they just they can't do it for whatever reason. They can't do it. So and I know sometimes life gets in the way you know, people have issues, people have problems, I get that, but you can't sacrifice nine weeks, six hours a week, to take it and then, plus the studying that you have to do, you can't, you, you cannot do that. That means you, you not. Not only are you not ready for it, you're not ready for anything. Right, you have to be able to, to, to take that time and and study. All right, let's see what kind of roles you can get For this. So there's three job roles. Come, tia says you can get with this job security specialist, security administrator and systems administrator. So let's talk about that.
Speaker 1:What is a cyber security specialist. Cyber security specialist must continually adapt to stay ahead of cyber attackers. They must remain up to date on the latest method attackers are using to infiltrate computer systems in IT security, cyber security specialist continually analyze risk and develop strategies to prevent breaches. They rely on teamwork because of the broad scope of security measures that need to be applied To protect the integrity of the network. And again, my students who are listening see how we say teamwork, collaboration and cooperation. See it's, it's there. Other duties include keeping a close watch For the organization's network and making sure there are no security breaches, investigating any violations and running defensive protocols. Protecting sensitive information by installing and using software such as a firewall and data encryption programs. Documenting security breaches and the extent of the damage caused by the breaches through extensive reports. Simulating attacks to look for vulnerabilities in their system before they can be exploded, exploded and write reports based on the simulation results One of the roles and responsibilities of security a cyber security specialist.
Speaker 1:I adapt to constant change, continuously educating yourself. Work well on the pressure, except that you might be ignored by executives and they will ignore you because IT does not make money. It spends money Right and executives like to look for departments that make money, I teach is spends money. Except failure and blame, even though it's not your fault, it is true. Learn this concept you know better, right? They always gonna tell you. When it's somebody, when somebody does something, they gotta say, oh, but you knew better, but you know better than them. You know better, you, the tech, you know better. So get Get used to that. We remain calm and not lose your temper. Be able to complete, comfortably, explain what went wrong, including the details. Expect that sometimes there will be no ideal Solution. And I would add, you know you gotta work on the fly. In general, it and cyber security jobs require humidity. In general, it and cyber security jobs require humidity. The more you work in the field, the more you realize how little you know. These examples are from tech Republic article that rings true to this day.
Speaker 1:You must be able to take rejection. You must Understand you are part of a larger cybersecurity team, a team that may not put your interest first Wow, that is true, brings back a lot of fun memories but you get paid very well. The average advertised salary, including According to cyber seek in 2023, for a cybersecurity specialist, is 106,265 dollars. So there is money to be made in IT Right, but you got to take the go with the bad Right. The good news is you get paid, you know you make a decent wage, very decent. Bad news is a lot of headaches that come with it. You got to remember most part. For the most part it's a 95 job. But when things pop off you have to be there overnight, early in the morning on the weekends Right. Just remember that. They may not pay you for that either if you're salary. So just know that that's. That's part of it. You cannot be like, oh something, something goes down and you're home on on you know the weekends and you say, oh, I don't want to come in because it's the weekend. No, that's not how it works. So you might not have a job come Monday if you do that. So Next we have a security administrator.
Speaker 1:A security administrator is the point person for a cyber security team. They are typically responsible for installing, administrating and troubleshooting organization security solutions. They also write up security policies and training documents About security procedures for your colleagues. Security administrators are responsible for the system overall rather than for a specific part. One network and system administrators set up and maintain the system. Security administrators take a step back from overall view of security rather than focusing on hardware and software. Like the counterparts, they work to defend the system as a whole and keep it secure from threats. As a security administrator, you may have the following responsibilities Defending the system against unauthorized access, modification and or destruction.
Speaker 1:Scanning and assessing network for vulnerabilities. Monitoring network traffic for unusual activities. Configuring and supporting security tools such as firewall, anti-virus software and patch management system. Implementing network security policies. Application security, access control and corporate data safeguard. Training fellow employees in security awareness and procedures. Developing and updating business continuity and disaster recovery protocols. Here's some of the skills needed by a security administrator knowledge of common protocols such as SSL, https, dns, smtp and IPsec. Now, if I have to explain what they are to you, you don't belong in, you don't belong in security. Right now saying that you belong, you don't belong in IT, but definitely you don't, you don't belong in security. A stronger understanding of firewall technologies, package shaper, low balancer and proxy server knowledge. Intermediate to expert intrusion detection and intrusion prevention system knowledge. Deep understanding of IT infrastructure, including protocols, operating systems and networks. And according to cyber seek 2023, the average advertised salary for security administrator is 128 thousand $665 All right. Last is sub-skew analyst. A sub-skew analyst. Detects Cyber threats and then implements changes to protect an organization. Is following ways, manages and configures tools to monitor activity on the network. Analyze reports from the tools to identify unusual behavior on the network. Proactively identifies network vulnerabilities through penetration testing, vulnerability scanning and vulnerability assessment. Reports, plans and recommends changes to increase the security of the network. Applies security patches to protect the network.
Speaker 1:And the role of the cyber security and analysts varies depending on the company size. For example, at a small company, information security analysts and intrusion detection may be part of a larger IT role Held by one person. So in a smaller company, you got to be doing more than one job. A Media-sized company may have one full-time information security analyst who handles intrusion detection, firewalls and antivirus. An Enterprise level Analyst may work in a security operation center, or sock, on a team that centralized cyber security efforts. A sock team likely has several tiers of sock analysts that monitor, detect, contain and Remediate IT threats and report to a sock manager. So the average salary advertised for information security analysts, according to cyber seek in April 2023, is 107,517 dollars.
Speaker 1:Now a lot of money, right? A lot of money. But if you do this for money, it's not gonna work for you, right? I've seen a lot of students who want to make money and they want to take. They want to go from cyber security, from Installing flaws which is, you know, that's a good living to to write into security plus. Right, they don't want to take a plus. I don't want to take, never plus. They don't want to take. You know, they just want to jump right into security plus because they feel like security plus is going to make them the most money. But Especially if you're taking a bootcamp, right, there's things that they're not gonna go over. They're not gonna go. They're not gonna go over cabling. They're not gonna go over all the protocols right, you know they do. They're gonna talk about DHCP and DNS. If you don't know what that means, they're not gonna stop the class to explain the whole thing to you.
Speaker 1:So my advice to you if you want to get into it, if you listen to this because you want to get into it, start with a plus. That's the best. This stuff scaffolds, right, it leads to other things. So the more you advance, the easier it gets, because you already know some of it. Right, you take a plus and you take network plus. You already know some stuff from a plus. That's a network plus. You take security plus. You already know some stuff. That's a network plus. So you it's scaffold, you know knowledge. It's less for you to study because they you already know some of the concepts. They overlap, they overlap.
Speaker 1:I Took a plus for the bootcamp. Then I took Monday, tuesday, wednesday, thursday. Then I took both exams on Saturday. The following week I did the same thing Monday, tuesday when the Thursday network plus. Saturday. I took the exam.
Speaker 1:This was in 2015. Then I stopped. I couldn't do it anymore. You know I was gonna do security plus. I couldn't do it. Then I did security plus April. The following year teacher was when I was doing my master's. Teacher was offering a class on the weekend, seven, seven Saturdays, I don't know three or four hours Saturdays. After the fourth class I took the exam and passed. Then I didn't take a cert. You know I renewed it 2019, renewed in 2022, didn't take a cert since 2016 it's been six years decided to take the CYSA and the cloud plus.
Speaker 1:I did those. I have those I don't want to take. I have an employer who pushed me to take the, the CCNA. I just, I just don't. I just doesn't appeal to me at all at all. Never want to take that one.
Speaker 1:The next one I'm shooting for his pen plus. I'll get it this year, maybe, might wait maybe to October, november, so that way I can take advantage. And if I wait till November, everything will renew three years. So I don't have to wait. You know, 2020, 28, will be when I have to worry about my security plus. I think 2031 because I renewed it CYSA and and Cloud, if we do my a network plus on our way to 2028 and if I take the pen plus, it'll renew it another three years, so I won't have to worry about that. To 2031, the a plus in the network plus if I take the pen plus. But listen, I'm trying to get to retirement Before and not letting these expire, you know. You know that way I don't have to take them again. But listen, this is what I'm here for.
Speaker 1:My name again. My name is professor J rod JROD and I'm here to help you with a plus. That were plus and security plus. Follow me on tic toc again. It's that. It's also professor J rod. I go there, do you know? Two minutes.
Speaker 1:Oh, I do one question, try to. I try to do it three times a day. I mean it's. It's extremely hard. You know, like I said, I'm working on my dissertation. I'm almost done, guys. I mean I'm done.
Speaker 1:I just handed in my draft so I have to, you know, see, you know do revisions on that, but you know it's really hard to do three a day. I try to do a bunch in one day and then I schedule them, but it's tough. It's tough, but I've. I've implemented something, so hopefully it'll make it a lot easier. Follow me on Tic-Tac at professor J rod.
Speaker 1:If I get a thousand followers I can go live and then, if you have any issues on why you not passing the exam, maybe we can go over. I could do a mini lesson or something. I'm here to help. I want as many people as as possible To get there a plus, that were plus security, plus all the exams that you want. I'll help you. Just keep to continue following me and continue Support this channel and all my other platforms. So and I thank you for listening, I, you know.
Speaker 1:Next, I don't know what I'm gonna, what's gonna be the next episode, but I do know that come Tia just announced that I think last week that net were plus is Getting a new exam, so let me see if I can find some information about that. Maybe not, maybe won't be the next episode, but Surely as soon as I can find information on it, were plus I'll, I'll send it out to you guys. All right, that's gonna be a wrap on today's show. Thank you for everybody listening Until next time. This has been a production of little Chacha. Productions are by Sarah Music by Joe Kim. You can reach me at professor J rod, j R O D I gmailcom, also on Instagram at professor J rod, and also on tiktok at professor J rod.