My CompTIA Security+ Journey
A comprehensive guide to passing the SY0-701 exam
From initial decision to passing the exam as a working Security Analyst. This is my real experience preparing for and passing the CompTIA Security+ certification, complete with study strategies, resources, and lessons learned along the way.
What is Security+?
CompTIA Security+ is a globally recognized certification that validates foundational cybersecurity skills and knowledge. It’s often described as the “baseline” certification for anyone looking to build or advance a career in information security.
The Security+ certification covers five core domains: general security concepts, threats and vulnerabilities, security architecture, security operations, and security program management. What makes it particularly valuable is its vendor-neutral approach – the skills you learn apply across any platform, technology, or security tool.
CompTIA Security+ had been lurking in the back of my mind for years throughout my IT career. Its name appeared everywhere I looked – the endless army of YouTube videos promising to help you pass, the CompTIA subreddit flooded with hundreds of posts asking “Is it worth it? Will I actually learn anything?” I’d even noticed it as a minimum requirement on job listings for entry level cybersecurity roles.
Having already earned my Network+ certification, Security+ felt like the natural next step in my progression. It wasn’t just about collecting certifications – it was about building something solid. The Security+ promised an opportunity to gain real confidence in the fundamental principles of cybersecurity. Its aim is to give you a foundation to build your cybersecurity house on top of, and if you want to break into a competitive field like this, you need that solid foundation underneath you.
Identifying My Knowledge Gaps
But there was a more personal reason driving me. I had specific gaps in my security knowledge that I couldn’t ignore. The basic principles of cybersecurity frameworks such as SOC 2 or NIST weren’t comfortable territory for me yet. While I could name popular attack vectors like phishing or brute forcing, SQL-based attacks remained a mystery – I couldn’t explain much about them or how to recognize them in the wild.
The reasons above I just described became a pivotal moment of realisation that I had to take the Security+ SY0-701 exam.
In order to get ready for the exam, I had to decide on the most important part – the timeline. Only thing is, unlike my previous exam prep, I didn’t actually stick to a dedicated study timeline. I’d originally decided to start studying in May of 2025 and be exam-ready within four weeks. It wasn’t until July and August when I was able to knuckle down and discipline myself enough to go through the process and learn what I could.
Understanding the Exam Domains
I would always recommend to download the exam objectives from CompTIA’s official website, whilst the exam objectives won’t offer you a step-by-step tutorial on passing this cert, it covers the 5 domains that encompasses the subject matter of the exam.
- Domain 1: General Security Concepts (12%)
- Domain 2: Threats, Vulnerabilities, and Mitigations (22%)
- Domain 3: Security Architecture (18%)
- Domain 4: Security Operations (28%)
- Domain 5: Security Program Management and Oversight (20%)
My commitments as a Security Analyst made it increasingly difficult to find time to sit down and do the work. Combine that with a hectic social life, and I had quite the hurdle to overcome.
You might make a plan to achieve a goal within a given timeframe, but it’s okay to stray from the original plan. Just make sure you stay consistent and lock in with your chosen study methods when you do get started. You can always make up for lost time.
I also had to decide on an effective study strategy – understand what the scope of Security+ was asking for, then commit to studying using the materials I had available.
Study Resources
I’d learned many lessons from my Network+ adventure and knew I could rely on proven study methods that had worked for me in the past. Professor Messer is famous for his free CompTIA YouTube certification courses, so I added his Security+ (SY0-701) playlist to my toolkit. Jason Dion also had a popular Security+ course on Udemy for the very reasonable price of £12.99 in the UK. Suddenly I had two powerful study resources which allowed me to create structure around my studying.
Why I Chose Budget-Friendly Options
Another benefit of the Udemy course wasn’t just the content – it was the free practice exam at the end, plus a study plan with set schedules to take (and hopefully pass) the exam within 30 or 60 days. Both options depend entirely on your existing skill level and experience.
It’s no secret that CompTIA’s certification exams can be pricey. I always aim to spend as little as possible when it comes to study materials – it forces you to be creative, reduces procrastination, and helps you put your best foot forward with what you have. As the famous saying goes: a poor workman blames their tools.
Building a Sustainable Schedule
How did I take these resources and mold them into a consistent schedule?
My wife and I agreed: no study or personal projects on evenings or weekends. This left me with the option to study on the train for about 45 minutes, study during lunch breaks at work, or during quieter periods. I’ll admit to studying a few hours on a few evenings per week as exam day drew closer. Studying genuinely added purpose to not only my professional life, but also my personal life. It becomes addictive and even fun when you find a method that works for you.
Challenge for You:
Try different study methods early: videos, note-taking, hands-on practice, flashcards. Through trial and error, you’ll quickly figure out what sticks. Once you find your approach, double down on it.
First, I went through the entire free YouTube playlist of Professor Messer’s Security+ (SY0-701) course, I downloaded the entire 121 lessons into my local YouTube playlist and would listen to the video’s whilst walking to the train station to work for my morning commute, directly from my trusty ol’ reliable iPhone 11 Pro Max (which still gets the job done to this very day). This added a relaxed approach to studying and focused on passively taking the content in.
Professor Messer’s Free Security+ Course
Here’s the first video from the 121-video playlist I used for studying:
Comparing Course Formats
Once I finished that, I took the same approach with Jason Dion’s course, download the videos, use any free time I could get to take something in, and would put the videos on at work during quiet periods of the day.
Whilst I appreciate Professor Messer’s course, I realised that Jason Dion seemed to be my preferred favourite, I think this was because the Udemy course came with 29 lectures (26 if you don’t count the beginning and end of the course) I would aim to complete at least one lecture daily, doing the math with this approach. I should have this in a little over the month, taking into account resting on weekends.
121 YouTube videos sounds like a large task to get through, I recognise that this is more of a me problem as ticking off lectures of a course adds to my tick box based mentality. Messar does have his own course on his website which will be more structured than his free but incredibly valuable YouTube playlist.
What I Already Knew
Throughout my studying – I realised that there were some concepts I were already familiar with, like:
Security awareness: implementing phishing training, anomalous behavior recognition, user guidance, reporting, and monitoring.
Mitigation techniques: using segmentation, access control, configuration enforcement, hardening, isolation, and patching. Largely because my own role deals with improving security awareness programs by simulating real Phishing attacks and then training my users how.
I’d also learnt about key security principles like Defense In Depth or Zero Trust from previous Microsoft certifications such as the SC-900, cloud infrastructure and archetecture was also something I was not a stranger to when taking the AZ-900, and MS-900.
The Pain Points
The pain points became clear though – topics such as:
Cryptographic solutions: using public key infrastructure (PKI), encryption, obfuscation, hashing, digital signatures, and blockchain. Remembering some facts about Common cipher modes include ECB, CBC, and GCM. This certification’s broadness added onto the challenges I had to overcome as well.
At the very beginning of this post, I mentioned that I didn’t stick to a set timeframe for studying. The truth is, booking the exam in advance wasn’t something I did at the beginning of my journey. Instead, I booked it a week before taking it. Looking back, it’s hard to say if it was procrastination, hesitation, or a healthy dose of imposter syndrome that made me hold off from spending my hard-earned money on booking an exam slot for so long.
Practice Exam Results
I wanted to be sure that I was scoring high in practice exams. Jason Dion’s practice tests became my benchmark for readiness. I took the same practice test three times to track my progression.
My Practice Test Journey
A reality check that showed I had work to do.
Progress was undeniable – feeling more confident!
Magic! This delivered the message loud and clear – I was ready.
That third attempt delivered the message loud and clear – I was ready to sit for the exam.
Choosing the Testing Method
A challenge I have always faced with IT certifications is whether or not to take them at home or at a testing site, the nearest testing site was well over 15 miles away and would amount to a disappointing car drive home if I were to fail.
I have always gone with Pearson VUE to test remotely at home – as long as you stick to their testing policies and don’t cause trouble, you will be fine! If I had the option of a test centre I would take it as they take overall responsibility for any technical hiccups if you are unfortunate enough to have any in your testing experience.
I was incredibly excited once I received the official email from Pearson VUE stating my exam date at the end of August.
Final Preparation
Because the exam was a matter of a couple of days away from when I booked it. My final study prep was light, I made sure to go through my practice exams again, but only a couple of times a day. I tried to relax as much as possible. I had already put the hard work in, half the battle with exams is mental, meaning if you don’t have a calm mind, that could effect your overall testing experience.
Leveraging ChatGPT as a study buddy was pivotal in my study approach. I used a prompt similar to this which allowed ChatGPT to create tailored quizzes for me and evaluate my performance:
Out of respect for CompTIA’s exam confidentiality agreement, I’ll be keeping specific exam details vague. I won’t share actual questions, answers, or detailed scenarios. What I share here is general exam experience and the types of question formats you can expect.
The day had finally arrived. I’d booked my Security+ exam for a Friday evening at 7:15 PM – right after work. Looking back, this timing was both a blessing and a curse. On one hand, I had the entire day to mentally prepare (or overthink, depending on how you look at it). On the other hand, I had to get through a full day of work whilst knowing that in a few hours, months of preparation would be put to the test.
Choosing My Testing Location
After much internal debate, I’d decided to take the exam at home rather than travel to a testing center. The nearest Pearson VUE location was 15 miles away, and I didn’t fancy the prospect of a disappointing car journey home if things went south. At least at home, I could maintain some control over my environment and immediately decompress in familiar surroundings.
The Exam Begins
As soon as the exam loaded, reality hit hard. Right off the bat, I was presented with around 5 Performance-Based Questions (PBQs). My heart sank a little – these would be time-consuming and complex. Following advice I’d read countless times during my preparation, the strategic decision was made: skip them all and flag them for review. Coming back to tackle them at the end would give me a better sense of my time remaining.
The Middle: Doubt and Recovery
I won’t lie – after flagging those PBQs, I felt nervous going into the multiple-choice questions. CompTIA has a reputation for wording their questions in ways that can throw you for a loop, and Security+ was no exception. The early questions had me second-guessing myself, that familiar feeling of “did I study enough?” creeping in.
But something interesting happened as I progressed through the exam. I started to gain confidence. The beauty of CompTIA exams is that they often revisit concepts from different angles, and I began recognizing patterns. Answers to earlier questions I’d been uncertain about became clearer as I encountered related material later in the exam. That cross-referencing gave me a confidence boost I desperately needed.
The Final Push
I finished the multiple-choice section with around 13 minutes to spare – enough time to circle back to those dreaded PBQs. If I’m being honest, I don’t think I performed particularly well on them. They involved tasks like drag-and-drop exercises for firewall configurations and a couple of command-line interface scenarios – the kind of hands-on problems that test whether you truly understand the concepts or just memorized definitions. I answered them to the best of my ability, drawing on both my study material and my practical experience as a Junior Security Analyst.
The Moment of Truth
When I submitted that final answer, a wave of relief washed over me. It was done. No more studying, no more practice exams, no more second-guessing. But that relief quickly transformed into anticipation as I was directed to the post-exam survey.
My heart was beating faster and faster as I clicked through the survey questions. Each click felt like it took an eternity. CompTIA makes you answer these questions about your testing experience before revealing your score – a mild form of torture when all you want to know is whether you’ve passed or failed.
And then, finally, my score appeared on the screen.
I was over the moon. I’d passed.
The feeling was incredibly rewarding – knowing that all those hours on the train, all those practice exams, all that dedication had paid off. It wasn’t just the study materials that got me through; my existing experience as a Junior Security Analyst had given me practical context that made the concepts stick. Theory and practice had come together, and the result was sitting right there on my screen.
I’d done it. I was now CompTIA Security+ certified.
My final score was 774 out of 900. When I saw those numbers on the screen, the weight of months of preparation lifted instantly. I’d passed – and that’s all that mattered.
The first thing I did? Went out for beers with my wife to celebrate. There’s something special about sharing these moments with the people who supported you through the journey. She’d put up with me studying on train rides, watching videos during lunch breaks, and occasionally breaking our “no evenings” rule when exam day drew closer. The best part? We even got a beer on the house when I mentioned why we were celebrating. Small victories!
What It All Means
Earning Security+ has allowed me to see what’s possible within cybersecurity. Setting a goal, planning an approach, and achieving it – that’s what made cybersecurity more accessible to me in the process. That’s the real win here. It’s not just about having another certification on my CV; it’s about proving to myself that I could tackle something this comprehensive whilst juggling a full-time security analyst role and life commitments.
The certification has given me a confidence boost because I now know I understand the fundamentals across all five domains. When conversations at work turn to security controls, threat mitigation, or compliance frameworks, I’m no longer second-guessing whether I truly grasp the concepts. I have that foundational knowledge validated, and it shows in how I approach problems and contribute to discussions.
Career Impact (So Far)
To be completely honest, I haven’t seen dramatic career changes yet. I did get a call from a recruiter shortly after passing, which was encouraging. But more importantly, the confidence I’ve gained in understanding security fundamentals has been invaluable in my current role. These certifications are long-term investments – they open doors gradually, not overnight.
What I’d Do Differently
If I could go back and do it all again? I would have bit the bullet and booked the exam on day one. Having a clear deadline from the start would have given me better structure and motivation. Instead of studying indefinitely with no end date in sight, I would have known exactly how many weeks I had to prepare. That sense of urgency can be incredibly helpful for maintaining momentum.
Final Thoughts
The Security+ journey taught me more than just cybersecurity concepts. It reinforced the importance of consistency, realistic goal-setting, and finding study methods that actually work for you rather than what everyone else says you should do. If you’re reading this and considering taking Security+, my message is simple: you can do this. It won’t be easy, but with the right approach and dedication, it’s absolutely achievable.
Now, onto the practical advice…
Before we wrap up, I wanted to share some concrete tips that would have made my journey smoother. These are lessons learned the hard way, and I hope they save you some stress along the way.
📚 Study Phase Tips
This is the single most important piece of advice I can give you: book your exam as soon as you feel remotely ready. That way you have a clear goal in mind and a deadline to work towards. Without a firm date, it’s too easy to keep studying indefinitely, always feeling like you need “just a bit more time.” The deadline forces you to commit.
Don’t be afraid to break away from your usual study methods. Maybe you thought writing down the same information over and over again was effective, but perhaps you’d benefit more from trying something different:
- Interactive flashcards for memorization
- Treating study material like watching YouTube videos (my approach!)
- Getting hands-on with practical work – configuring firewall rules, using command line interfaces on switches, running network commands
- Creating mind maps or diagrams to visualize relationships between concepts
The best study method is the one that actually works for you, not what worked for someone else.
Don’t forget to get a good night’s rest the day before your exam. Eat well in the lead-up to test day. Your brain needs to be functioning at its best, and that means proper sleep and nutrition. Don’t sacrifice these basics for last-minute cramming.
🎯 Exam Day Tips
Test at a test centre if you can and it’s accessible. If anything goes wrong at the test centre – technical issues, power problems, internet connectivity – it’s their responsibility, not yours. If you test at home and experience a power cut or internet outage, it’s on you and you may not be reimbursed. Consider this carefully when making your decision.
If you encounter quite a few PBQs at the start of your exam, DON’T PANIC. This is completely normal. Flag them for review and circle back to them once you’ve answered all the multiple-choice questions. This strategy helps you:
- Build confidence by answering questions you know
- Better understand what the exam is testing
- Manage your time more effectively
Don’t forget to breathe and try not to let the excitement and nerves get to you. If you think you’ve failed right from the start, you probably haven’t! CompTIA exams are designed to challenge you, and feeling uncertain is part of the process. Trust in your preparation.
You’ve Got This
That’s everything I learned from my Security+ journey. Your path might look different from mine – different study methods, different timeline, different challenges – and that’s perfectly fine. The important thing is to start, stay consistent, and keep pushing forward even when it feels overwhelming.
Good luck on your Security+ journey. I’m rooting for you!