CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Passed Sec+ with Two weeks of studying!

Just passed the Security+ exam today with a score of 800 and I'm so relieved! This was a prerequisite for a job that had to get done within the next few weeks so I set myself a two week deadline (also in case I didn't pass the first try). I was so nervous about taking this exam that I ended up rescheduling my at-home exam to the next day, so don't be afraid to reschedule if you're not feeling well/confident yet!

When I went through the questions I legitimately thought I was going to fail but as I reviewed questions, I felt a lot more confident in my answers. I took the advice of others and skipped the PBQs and came back to those at the end which was an excellent suggestion because those eat up SO MUCH of your time.

Background:

I'm a recently graduated Computer Engineering student and had experience in a few internships with web development but not anything in the security sector specifically. I had one cyber security course that really helped with understanding the types of attacks and a cryptography course where we utilized some of the algorithms mentioned in the exam. Otherwise, the material was brand new for me.

Study Materials:

I used the following study materials:

• Get Certified Get Ahead by Darril Gibson - this book was an absolute lifesaver for me. This book really does have all of the information you need to know in order to pass this exam. Take notes as you read, it really reinforces the concepts. Be sure to take the end of chapter quizzes too!

• Jason Dion's Practice Exams on Udemy - These questions help you to get into the mindset of what the actual test questions will look like. I found a few of the questions to have irrelevant content that wasn't covered in the objectives but otherwise they helped me to really think about the answer carefully as the questions can be worded weird sometimes. I was averaging around 65-78% on the 5 exams I took.

• Fellow Redditor's study guide - When I was looking up tips for studying I came across a guide someone else had made on here. It had all of the objectives and their corresponding terms and definitions. Definitely look at the objectives CompTIA provides on this exam and made sure you have a good grasp of all of them.

I've heard great things about Professor Messer videos too, but I'm more of a visual learner rather than auditory so a book was what I felt more comfortable with.

If I can do it in two weeks without knowing a majority of the content, you can too! :)

Security+ passed with 865

First, thanks to this subreddit for the great information. It helped me a lot in my prep!

Background

Been working in different capacities in IT for the past 20 years, starting with basic desktop support, administering Linux servers, networks in a small company environment and working the last years in software development. I have a MSc in Computer Science. I have no in-depth networking or Linux knowledge, just the basics.

Goal

Looking for a new challenge in IT and always been interested in the security aspects of it. This is my first certificate of any kind, btw. Wanted to spend as little money as possible and do it in the least amount of time.

Prep material

Darril Gibson book, $10: https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059

Excellent book. Well explained, covers it all. Only a few points are not explained in-depth enough, I googled those.

Darril Gibson app, $15: https://apps.apple.com/us/app/comptia-security-sy0-501-prep/id482991132

Practice exams on-the-go plus flashcards. I was too lazy to write those myself.

Jason Dion practice exams, $14 or so: https://www.udemy.com/course/comptia-security-practice-exams/

Good to practice some of the basics, helped me to build my confidence. Explanations are short and not very good.

Boson Practice Exams: $85 with a coupon: https://www.boson.com/practice-exam/sy0-501-security-plus-practice-exam

These had the best explanations by far. I still consider this purchase a mistake as quite a few questions were referring to subjects that are not part of the 501 syllabus and I spent too much time trying to figure this out. Also, this is a Windows-only software download, a hello from the 1990s.

Timeline

Spent around 12 hours a day learning.

Day 1-7: Read Darril's book, making notes along the way in Notability. Did all the practice exams in the book as I went along.

Day 8: Read all the notes again, went on Google to clarify a few points, started doing the practice exams with Boson.

Day 9: Practice exams all day, from 9 in the morning until midnight.

Day 10: Exam in the morning. Passed, thankfully.

Exam

After some connection troubles (use a wired connection!) everything went fine. I had to show that a TV in the same room is disconnected. Customer service was helpful and patient.

The exam contains quite a few hands-on questions that the Darril book won't teach you. The best way to prepare is to play around with some network equipment at home, set up a firewall in a VM for example, set up a small linux server and become familiar with the shell etc. You can probably pass without any hands-on experience but it will make it MUCH harder.

As far as exam tactics, this has been mentioned a few times before: skip the PBQs in the beginning and come back to them at the end. Otherwise you'll spend way too much time on them and mess up the rest of the questions. Also, read the questions super-thoroughly, all the hints are in there.

Wish all of you the best of luck, you can do it!

Passed CompTIA Security+ (online) with no previous experience! 769/750

Hi everyone! I work for an IT company for a non-security related position. Currently, I started MS in Cybersecurity a week ago to further my career. The only experience I did have was one month's worth of book reading and watching online videos. I only paid for the Gibson's book and nothing extra.

Resources I used:

• Darill Gibson's "CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide - This book covers pretty much everything. I read every single page of the book.
• I set a goal to read about 20 pages/day during the week, since I work full-time; this took me about two hours a day including looking up difficult terms and concepts.
• Every time I finished reading a page, I drew a check mark; this was surprisingly satisfying to see how much I was actually reading.
• Did all the quizzes and practices questions - make sure you understand why the answers are correct and why the other options are wrong! Don't just read explanation for the questions you got right/read all of them!
• Professor Messer’s CompTIA SY0-501 Security+ Course - it's incredible all the videos are free to watch! I used his videos if I didn't understand something while reading Gibson's book. I probably watched the same videos multiple times until I understood the concepts clearly.
• Gibson's performance based questions - For performance based questions, you really need to understand everything in the book and more. This was a great place for me to get hands on experience. I also did all the labs (free ones) from his site.

My brief impression of the test:

• It's hard!!! - I mean I knew it was going to be hard, but not this hard. Questions were worded in a way that you need to know everything about the specific terms/concepts that they are asking about.
• Experience needed for some questions - there were some questions that I just didn't see in the textbook, such as looking at specific Linux Logs and identify issues and stuff. I feel like you need experience in the field to answer those harder technical questions.
• In order to be able to answer questions like above, I highly recommend to spend some time on looking up real life examples of specific concepts you see in the book, such as configuring firewalls for an organization, implementing physical controls for a data center, and so on.

Tips for the exam:

• Make sure you rest well on the day before!
• Set a daily goal/weekly goal/pick a day to take the cert - setting goals are very important. Once you pick the long term goal/the day to take the cert, you can set smaller goals to see how much work you need to do daily to get there.
• Skip the PBQ/hard questions. - don't spend too much time on PBQ/long and complex questions. SY0-501-security has some mean and confusingly long questions which trick people to answer wrong. You can always flag them and come back after you get to the last question. I did have 2 PBQs that I knew in my heart and I was able to answer them quickly, but I skipped other 3 and came back after.
• Re-read questions - you need to really understand what they're asking in order to answer them.
• i.e ) Are we trying to prevent the issue or detect the issue?
• Is it asking most cost-effective method or Fastest method?

I know everyone learns differently, so please don't get mad at me if my studying method doesn't work for you :) but I hope it helps some people prepare for the cert. I know you can pass it because I passed it!!!!

I never used Mike's book. It's so dense. Gibson's book for SEC+ is the best

https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059

Passed CompTIA Security+ SY0-501 today with 813!!!!!

This is far better than I was expecting with 813/900.

​

I used Jason Dion's Udemy video series:

https://www.udemy.com/share/101Wj8AEcbc1pXRX8D/

​

And I used Daryl Gibson's "Get Certified Get Ahead SY0-501" Book

https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059

​

The best advice I can give is don't rely on any practice questions to solidify your understanding. Make sure you fully understand each of the exam objectives. By all means, use the practice questions to get a feel for how the test is gonna be, but note that the actual test (to me) was far more difficult than any of the practice questions I went through.

Print the exam objectives and mark off items as you get an understanding of it. Be able to explain what it is, how it is used, and when it is used. If you can comfortably explain each item in the objectives list to someone else then you are ready to take the test. You can get the objectives from here https://www.comptia.jp/pdf/Security%2B%20SY0-501%20Exam%20Objectives.pdf

​

Good luck and the huge weight has been lifted off my shoulders for now... Deciding on what I should go for next.

Hope this helps you

https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059

I’m currently a 3D1. Start studying for Security Plus now. The test itself is a beast and not a lot of people pass. I used the Gibson book and took like 100 practice tests.

https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/ref=mp_s_a_1_3?dchild=1&keywords=security+%2B+book&qid=1602864078&sprefix=security+%2B&sr=8-3

Get certified get ahead Security+

Right off Amazon, easy to read and friendly book.

Better then then the actual comp tia book because it’s more friendly and less dry.

Did you read this book and make flash cards and mind maps?

CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

Sorry, it’s Get Certified Get Ahead.

Good book with some practical application exercises built in.

Professor Messer is great. The only two resources I used were Darril Gibson's Security+ Guide and Professor Messer.

Professor Messer vids, and are often used.

https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/ref=sr_1_2?keywords=comptia+sec%2B&qid=1582403201&sr=8-2

Id get those certs on my resume and linkedin , you should be able to get a job with those

Your sec+ will be the last part of your tech school

Resources for sec+ check out cyberforce and the AF e learning

https://portal.cyberforce.site/

https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059

>how many chances am i getting to pass sec+ exam? is it just one take or am i getting like 2 or 3 attempts

It depends on the person, ive seen some people take it 3 times and ive seen people only get 1 chance. It really depends on a lot of factors

For Security+ I would add Darril Gibson's book:

https://www.amazon.com/dp/1939136059/ref=cm_sw_em_r_mt_dp_U_Z.m6EbJYA0VY6

CCNA and Security+ are the ones to go for first. Here's a great study guide:

https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/ref=tmm_pap_swatch_0?_encoding=UTF8&qid=1604068113&sr=8-3

I studied 3-4 hours every day and 5-6 hours on the weekends for two months. Watched Udemy course, made notes, read the book, it has exam highlights throughout the chapters highly recommend reading those. Then spent at least 3 weeks taking the practice exams till I was getting 95%+

Used theses resources

Darril Gibson

CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide

https://www.amazon.com/dp/1939136059/ref=cm_sw_r_cp_apa_i_8or.EbA5MBR4K

And Jason's Dion udemy course and practice exams

https://www.udemy.com/course/securityplus/ https://www.udemy.com/course/comptia-security-practice-exams/

The books questions were the most accurate to the test and Jason Dion's test were great but not as accurate but still amazing.

I took the coursework for the CCNA in 2018, which helped with the networking portion of this test. Then, I read just over half of Gibson's 501 book before getting bored and it not being the best way for me PERSONALLY to learn. I also used Dion's Security Plus course and practice tests. Finally, I used professor Messer's youtube course to touch up on certain concepts I didn't fully understand.

(I also took a single practice test from Boson's practice test. I failed that test miserably, but passed with a 850+, so I don't exactly recommend those (They had some questions that seemed realllly outside of the scope of the exam.)

It appears that everything but the book is up to date. I think that, if you learn well from reading, the 501 book I mentioned above would be a good read, and the videos would cover anything that the book missed

Passed Security+ SY0-501 with a 825/900

After passing my Network+ in December of 2019, I started studying for Security+ about a month after. Studying slowed down just a bit when I landed my first IT job at a CSP in February, but I slowly chipped away at it until I felt very confident. Like many posters suggest, I used several different sources of material to help me study, which mirrored almost exactly how I studied for Network+.

​

I started with Darril Gibson's CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide. After reading through the entire book, I then watched Professor Messer's CompTIA Security+ SY0-501 Training Course, taking notes and highlighting things that didn't click right away.

After studying my notes and watching the videos that covered topics I felt I was weak in, I purchased Jason Dion's CompTIA Security+ (SY0-501) Practice Exams with Simulations from Udemy. For the practice tests I scored in this order: 70%, 77%, 81%, 82%, 80%, and 82%. The practice tests prepared me well for the multiple choice section of the exam, however the PBQ's were significantly harder on the actual exam. Also, my father is currently studying for Sec+ and has had great things to say regarding Professor Messer's practice exams, so those are definitely worth a shot as well.

Lastly, I did a TON of Q&A using Professor Messer's study groups. He holds a Security+ study group every single month that includes 1 PBQ and 5-6 multiple choice questions, and then \~1 hour of viewer calls/questions. Additionally, he has a Security+ pop quiz on his Twitter/Instagram every week that helps a bunch. /u/professormesser Thank you from the bottom of my heart. After "spending" all this time with you through your video series on Network+ and Security+ along with your study groups that date back almost 2 years for each exam, I feel like we're great friends, even though you have no idea who I am. You are a saint, and I can't thank you enough for the content you create. Please keep doing exactly what you're doing.

​

With all that being said, I am talking a small break to rest my brain, and then it's onward to the CCNA!

This book?

https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059

this one here: https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059

These are the materials that I used to pass Security+ last year:

• Professor Messer Videos
• Professor Messer study notes
• Darril Gibson's study guide: https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059
• Darril Gibson's practice tests (with simulations): https://getcertifiedgetahead.com/index.php/about-security-sy0-501/ (This was my favorite resource and helped me to retain a lot of the stuff that I learned through the videos and study guide.)

I haven't used Udemy for Security+, but I did use Jason Dion's course and practice tests for the CySA+. The course came with one practice test, and an additional bundle of practice tests was sold separately. Some courses on Udemy also provide supplemental reading sources and instructions to create virtual labs for practice.

I passed Security+ with a 837!

tl;dr Study materials: Professor Messer videos, CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide" by Darril Gibson, practice tests (CompTIA Security+ SY0-501 Prep, Jason Dion - CompTIA Security+ (SY0-501) Practice Exams with Simulations (Udemy). Tip: Schedule the exam asap.

​

​

-----

I graduated with a BS in IT in 2008. Since then, I have been mostly working as a web developer. I started developing an interest in security and I figured studying for this exam would give me an overview.

This was my first certification. I didn't take a+ or network+ even though that seems to be the typical order of things. My main goal in all of this was to learn and I really had no interested in the a+ material or networking. I do think that it may have been helpful to learn the networking material first, as it seemed to overlap with the material for security+.

My biggest issue with this process was probably self-confidence. Even after studying for months, I didn't feel like I had everything down pat and I was scared of taking the test and failing. What helped with this was:

1. buying the voucher for the test, this way I was limited by how long I could actually let myself keep studying.
2. being an impulsive type - one day I just scheduled the test without thinking about what I was doing
3. My coworker and husband both were helpful. They are both in IT and have the certification. They would answer questions and especially with my husband, I felt like I had a private tutor who could answer any questions I had (especially network related things). He knew how much I had studied and he would keep encouraging me to "just take the test already".

I also have ADHD and struggle with being overwhelmed with things. That is where breaking down the chapters and scheduling them for certain days really helped.

Another worry of mine, was that because of covid, I couldn't take the test at a testing center unless I wanted to keep delaying it, so I scheduled an online exam. This was a new thing with Comptia and I was really worried about something going wrong during the test. Luckily I had no issues with anything. I recommend getting everything prepared the day before if you are going to do it online. I had a whole todo list of things, including using the bathroom, because you cannot take a break for any reason.

​

Study Resources

• Professor Messer videos
  I started with these videos, I would watch them while walking on the treadmill at the gym. It really helped that there are captions to the videos, as I usually have trouble retaining information from audio. For me, these videos gave me a good overview of all of the topics. I'm sure they would have been even more helpful if I had taken notes while watching.

​

• "CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide" by Darril Gibson
  I then read the book and highlighted and took notes while reading the entire book, front to back. I set a reading schedule for myself so I wasn't overwhelmed. Each chapter is pretty long, so I split the reading for each chapter into 3 parts and I read 1 part per day.

​

• Practice Tests

• CompTIA Security+ SY0-501 Prep app.
  This app had similar questions as the book, but the repetitiveness of the app flashcards helped me solidify my knowledge and see where my gaps were. I would just use this app causally as I was watching tv/relaxing for the night or waiting for an appointment. I really liked how I could do small amounts of questions at a time because even if I had only 5 minutes, I could still study. I did the tests on here over and over until I was at 100% in all topic areas.

• Jason Dion - CompTIA Security+ (SY0-501) Practice Exams with Simulations (Udemy)
  I took each of the 6 tests until I scored above 95% in all categories.

​

My advice is to create a list of things you want to do to prepare for the exam. My todo list looked similar to this:

• Read book
• Read chapter 1
• Read chapter 2
• Watch videos
• Watch videos 1.1
• Watch videos 1.2

Once you have a study plan, schedule the test.

​

I started studying for this test over a year ago, but once I finished the videos and reading the book, I should have scheduled the test. I kept putting it off because of self-confidence issues, so I highly recommend scheduling the test asap.

Here is what I used:

• CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide by Darrill Gibson -- there are 2 entire tests in there and each chapter has 15 questions after it, so more like 3 tests
• CompTIA Security+ (SY0-501) Practice Exams with Simulations -- There are 7 tests here.
• Professor Messer's Practice Exams -- There are 3 tests here.

I liked Professor Messer's Tests the best, and then the ones in the Darrill Gibson book. The Dion ones were just OK, but there were 7 of them, so they made up for being a little sub-par by having volume.

In addition to reading the Gibson book, I also watched all of Professor Messer's videos once and a few of the videos twice. And then I did a bunch of Googling to get things like port numbers and for other odds and ends.

I've actually been doing software development for almost 30 years, but I was surprised by how many gaps I had in my knowledge. I knew encryption and the vulnerability issues really well going in, and the physical security was common sense to me, but a lot of the network hardware, software and tools; authentication protocols; and intrusion detection and intrusion prevention I knew embarrassingly little about, so those were the hardest parts for me. I've walked through plenty of server rooms and data centers, but never had to touch much network hardware and software.

I was in a position where I was changing jobs and everything was set up before the pandemic hit, and then everyone went into hiding at home once the stay at home orders happened. About a week before I started, they said "you have Security+, right?" And I didn't have it, so I had to get it ASAP. I crammed for about 2 weeks and still didn't feel 100% confident, but I figured I'd go for it and keep my fingers crossed. I had a pretty good feeling that I would pass it, but you never know.

Defensive Security Handbook: Best... https://www.amazon.com/dp/1491960388?ref=ppx_pop_mob_ap_share

Blue Team Field Manual (BTFM) (RTFM) https://www.amazon.com/dp/154101636X/ref=cm_sw_r_cp_api_i_LcKqEbV50ZSRG

CompTIA Security+ Get Certified... https://www.amazon.com/dp/1939136059?ref=ppx_pop_mob_ap_share

Hey! I'll break my experience down from start to finish:

So originally I started with just the Darril Gibson: SY0-501 Get Certified Get Ahead Study Guide. This piece of material is daunting when you first pick it up, it looks like a big giant textbook, and it is, but the content inside it is brilliant. Everything is broken down into a really clear and concise format, the diagrams are detailed and well explain and the analogies and style of writing means that is not a grind to pick it up and read 40-50 pages at a a time. A really worthwhile investment. All in all, I'd say to full study this and take a lot of the key topics from this book took me about a month, back to front.

Link to Darril Gibson Study Guide: https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/

I also get a bit of time to study in work and usually kept my textbook at home, so I found Mike Chapple's video course online. The entire watch is around 17 hours, but it's detailed and provided a little something different/more relaxed than reading and note taking. 1 topic (6 in total) averaged at around 2.5-3 hours I'd estimate, so you could cover a topic an evening if you were feeling motivated. Definitely worth looking into.

Into the week before the exam, I recapped with some, not all, of Prof. Messer's quick videos on Youtube. These were really useful for a quick recap, but not as detailed as Chapple's. They were especially useful if I had a 'oh crap, what is this again' or 'is this a scenario where I use this? Or use a different technology'. I personally didn't attend any of his live study classes as the times didn't suit, but I've heard good things about them too from others.

Link to Professor Messers SY0-501 course: https://www.youtube.com/playlist?list=PLG49S3nxzAnnVhoAaL4B6aMFDQ8_gdxAy

So yesterday, the day before the exam, I was ready for a big day. I had the day off work, the fridge was stacked with food, the laptop was ready, books out. I made the decision to buy Jason Dion's examination pack of 6 practise tests on Udemy (£11) and I really think this paid off and may have pushed me over the line. Exposure to mock PBQs will help tremendously as they're different from the standard multiple choice questions you'll be used to from other resources.
I was averaging around 82% on these the day before the exam and they were great for a confidence builder and very easy to use.

Link to Jason Dion's Practice Exams: https://www.udemy.com/course/comptia-security-practice-exams/

My tips:

• Keep going: Once you start, just keep going. There will be nights you're tired and the last thing you want is to pick up a book, or make flash cards, or anything to do with the course, but I cannot stress enough how important this is. Forgetting key topics is very simple, and many topics are related to others once they first appear. Even reading your notes from the night before to keep it fresh is a massive step in the right direction.

• Familiarise yourself with command line experience: Get into your computers CLI and have a poke around, see what makes what tick, be inquisitive and you'll learn. I was not prepared for the amount of command line questions and log reviews I had to perform during the test, and this definitely left me feeling uneasy. Some of the resources I used didn't seem to place as big an emphasis on log reviews etc, but you will get questions regarding this.

• Keep asking questions, always: Don't suffer in silence and think: "this will be fine, it won't come up". This happened me and I had two questions that I knew the vague concept, but didn't dig deep enough to fully grasp the question. Sometimes you'll need to follow your curiosity to gauge a deeper understanding. Ask yourself 'why' from time to time, e.g. 'DES is a weak algorithm for encryption. Why?'. If you're not sure to the answer, the chances are CompTIA will have a question lined up surrounding this.

Exam Experience:

The exam experience I had was very different to anything I've experienced in school/university. It's a basic room, 3-4 computers and that's it. The stress is horrible, I had butterflies in my stomach, you've paid for the exam, you think you're ready but you're also barely confident you know how to spell 'cyber security', never mind sit an exam in it.

After 25-30 questions I had resigned myself to the fact that I had failed, I wasn't focused, I wasn't confident I'd even answered a single question right, but I kept going. I've read of multiple people having this issue, but it's like a marathon runner hitting the wall, just push past it, flag questions, use your time wisely and keep going. You'll feel a sense of relief when you finish.

I'd also like to note I rescheduled my exam. I found I wasn't on top of my resources, I'd forgotten half the information I'd learnt in the priors weeks and I wasn't ready. I think this was the smartest decision I made in the entire journey. I'd recommend booking the exam, see how you feel 2 weeks out and ask yourself are you on target? Sit a practise exam and see if you need to. Rescheduling takes all of 5 minutes and could save you a couple of hundred shiny coins down the line.

Any more questions, fire ahead. I took so much from this community when studying, it's only right I give back.

I also used this book which had lots of good information

https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/ref=asc_df_1939136059/?tag=hyprod-20&linkCode=df0&hvadid=312045876164&hvpos=&hvnetw=g&hvrand=14127343541693825443&hvpone=&hvptwo=&hvqmt=&hvdev=c&hvdvcmdl=&hvlocint=&hvlocphy=9014907&hvtargid=pla-435990382313&psc=1

And here is where I did my practice questions

https://gcgapremium.com/sy0-501-security-practice-test-questions/

The current Exam Code is SY0-501. Please download the objectives from CompTIA (to ensure you get the latest version) and go through that item by item.

https://www.comptia.org/certifications/security

I really enjoyed using CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide 4th Edition by Darril Gibson. https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/ref=sr_1_3?keywords=security%2B&qid=1581046519&sr=8-3

Study hard!

Here are some books that are well-regarded for this certification:

Best Books

• Get Certified Get Ahead by Darril Gibson & Book Errata

Pearson Books

• CompTIA Security+ SY0-501 Cert Guide Premium Edition and Practice Tests, 4th Edition
• ExamCram series
• Buy 2 books from Pearson and get a 35% discount use code: BUY2

Wm. Arthur Conklin

• Security+

Security Best Sellers

Amazon

More security+ resources here.

Regarding technical knowledge - absolutely!! One of the things about security functions is that there is always inherent friction between flod, slod, and tlod roles. Especially with external consultants. So having some level of technical proficiency will be most helpful.

IMO - A good way to learn some of the technical concepts are actually to prepare for certifications. A very broad certification if you don't have a lot of experience is Comptia Sec+ - The Darril Gibson book is considered pretty good - https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059

If you are inclined to dive deeper into technical side of security, building yourself a lab where you can experiment can be helpful - you can always get a free 1 year AWS account. You can use this inexpensive training - https://www.udemy.com/course/aws-certified-solutions-architect-associate/ to learn.

As for certifications related to governance and risk assessments - you will probably notice that a lot of Big4 assessors have the CISA - so that could be a good one to get. As well as the CISM.

https://www.isaca.org/credentialing/cisa

https://www.isaca.org/credentialing/cism

​

BTW - FLOD, SLOD, TLOD are mostly used in finsrv but applies in other industries. https://na.theiia.org/standards-guidance/Public%20Documents/PP%20The%20Three%20Lines%20of%20Defense%20in%20Effective%20Risk%20Management%20and%20Control.pdf