Not to long ago taken the Comptia Sec+ certification, and is no working on the pentest + cert. The Sec+ was accually the first certification i took. I did accually passed the test on my first attempt, even tough i sat in the exam room with a failure of certain feeling of failure. And was already starting to plan how to study for the next attempt around, imagine my suprice when it said CONGRATULATIONS on the screen….The funny thing is that i passed with a ok margin to. I scored something like 870 points, where the 750 mark is the passing score.
So how hard wass the cert ? I’ve started to explain its difficulty in its width, meaning the broad range of topcis, rather then the depth of the topics themselfs. You see the Comptia Sec+ isnt a technically deep certiffication. Its difficulty comes from the broadness, and beeing able to sort out the best answer for each question given any setting in the exam. Because the exam is after the best answer not necessarily the “one and only” answer, making you have to understand the context of the question before answering it. I personally think the coricilum lack depth way to much teoretical conecpts, yes we have to undertand the underlying reasoning as to why we need x,y and z. But I would argue the need to know how to implement the solution in an enviorment is as important. And that might be because Comptia is a vendor neatural certification, and it will have its posetives and negatives.
Still I am aiming for Pentest+, if for nothing more than to have a pice of paper that i can point to and say heres the evidence I have some understanding of this. For the more distant future i hope to get started on OSCP in the not to distant future, I wan to act whilst the iron is still red as the saying goes.