Danny Bruce Blog

Earning CompTIA Security+: Building a Foundation for a Career in Cybersecurity

Published by

Its Bruce

on

CompTIA security+ certificate validates the baseline skills you need to peformk core security functions and prusue an IT security career. Below I go over how I prepared, the exam domains, why it matters, and a stackable certification I earned for achieving the CompTIA trifecta. I am really proud this feat and this is the blog post to show my exuberance.

In the certification image there is a link to it

Security operations (28%)

  • Computing resources: applying secure baselines, mobile solutions, hardening, wireless security, application security, sandboxing, and monitoring.
  • Asset management: explaining acquisition, disposal, assignment, and monitoring/tracking of hardware, software, and data assets.
  • Vulnerability management: identifying, analyzing, remediating, validating, and reporting vulnerabilities.
  • Alerting and monitoring: explaining monitoring tools and computing resource activities.
  • Enterprise security: modifying firewalls, IDS/IPS, DNS filtering, DLP (data loss prevention), NAC (network access control), and EDR/XDR (endpoint/extended detection and response).
  • Identity and access management: implementing provisioning, SSO (single sign on), MFA (multifactor authentication), and privileged access tools.
  • Automation and orchestration: explaining automation use cases, scripting benefits, and considerations.
  • Incident response: implementing processes, training, testing, root cause analysis, threat hunting, and digital forensics.
  • Data sources: using log data and other sources to support investigations.

Security program management and oversight (20%)

  • Security governance: summarizing guidelines, policies, standards, procedures, external considerations, monitoring, governance structures, and roles/responsibilities.
  • Risk management: explaining risk identification, assessment, analysis, register, tolerance, appetite, strategies, reporting, and business impact analysis (BIA).
  • Third-party risk: managing vendor assessment, selection, agreements, monitoring, questionnaires, and rules of engagement.
  • Security compliance: summarizing compliance reporting, consequences of non compliance, monitoring, and privacy.
  • Audits and assessments: explaining attestation, internal/external audits, and penetration testing.
  • Security awareness: implementing phishing training, anomalous behavior recognition, user guidance, reporting, and monitoring.

To conclude these lectures gave me extensive insight over all of these domains. Upon completion of these lectures, I gained 31 CEU’s which translates to 31 hours worth of lectures.

Certification of Completion for Lectures

CompTIA Security+ is known as the worlds most popular cybersecurity exams. This course is designed to prepare an individual for that particular exam. Below are the five domains covered for the exam and I will give you a brief overview of those domains.

General security concepts (12%)

  • Security controls: comparing technical, preventive, managerial, deterrent, operational, detective, physical, corrective, compensating, and directive controls.
  • Fundamental concepts: summarizing confidentiality, integrity, and availability (CIA), non repudiation, authentication, authorization, and accounting (AAA), zero trust, and disruption technology.
  • Change management: explaining business processes, technical implications, documentation, and version control.
  • Cryptographic solutions: using public key infrastructure (PKI), encryption, obfuscation, hashing, digital signatures, and blockchain.

Threats, vulnerabilities, and mitigations (22%)

  • Threat actors and motivations: comparing nation states, unskilled attackers, hacktivists, insider threats, organized crime, shadow IT, and motivations like data exfiltration, espionage, and financial gain.
  • Threat vectors and attack surfaces: explaining message based, unsecure networks, social engineering, file based, voice call, supply chain, and vulnerable software vectors.
  • Vulnerabilities: explaining application, hardware, mobile device, virtualization, operating system (OS) based, cloud specific, web based, and supply chain vulnerabilities.
  • Malicious activity: analyzing malware attacks, password attacks, application attacks, physical attacks, network attacks, and cryptographic attacks.
  • Mitigation techniques: using segmentation, access control, configuration enforcement, hardening, isolation, and patching.

Security architecture (18%)

  • Architecture models: comparing on premises, cloud, virtualization, Internet of Things (IoT), industrial control systems (ICS), and infrastructure as code (IaC).
  • Enterprise infrastructure: applying security principles to infrastructure considerations, control selection, and secure communication/access.
  • Data protection: comparing data types, securing methods, general considerations, and classifications.
  • Resilience and recovery: explaining high availability, site considerations, testing, power, platform diversity, backups, and continuity of operations

Earning the Security+ Certificate

CompTIA Sec+ is the first security certification IT professionals should earn. It establishes the core knowledge required of any cybersecurity role and highly regarded for certain roles. Successful candidates will have the following skills:

  • Detect various types of compromise and vulnerability scanning concepts.
  • Install, configure, and deploy network components while assessing and troubleshooting issues to support organizational security.
  • Implement secure network architecture concepts and systems design.
  • Install and configure identity and access services, as well as management controls.
  • Implement and summarize risk management best practices and the business impact.
  • Install and configure wireless security settings and implement public key infrastructure.

The Sec+ exam focuses on today’s best practices for risk management and risk mitigation, emphasizing the practical and hands on ability to identify and address security threats, attacks, and vulnerabilities.

In the certification image there is a link to it

Final Thoughts

The certification is widely recognized as one of the most popular and respected entry level cybersecurity certifications in the world. It serves as a foundational credential for individuals looking to start or advance a career in cybersecurity, validating both theoretical knowledge and practical, real world security skills.

Whether you’re entering the field or strengthening your security skill set, Security+ provides a strong foundation for long-term growth in cybersecurity.

In the certification image there is a link to it

Final Thoughts

The CompTIA Secure Infrastructure Specialist (CSIS) certification highlights your commitment to professional growth and your ability to operate in today’s security focused IT environments. It reflects not only technical competence, but also a comprehensive understanding of how to protect, manage, and maintain critical infrastructure.

What does having the comptia csis mean

Having the CompTIA Secure Infrastructure Specialist (CSIS) certification means you have the knowledge and skill required to support hardware and software systems, protect an organization’s assets from interal and external threats, and manage technology infrastructure environments.

Having this stackable certificate show your readyness to handle a wide range of IT tasks, from securing network infrastructure to managing identity and access controls, and ensuring security operations. this cert is a testament to my foundation in IT security and my ability to protect and manage IT infrastructure.

What else

Earning the CompTIA Secure Infrastructure Specialist (CSIS) certification represents a significant milestone in an IT or cybersecurity career. CSIS validates that you possess the knowledge, skills, and hands on understanding required to support, secure, and manage modern IT infrastructure environments.

To qualify for the CSIS certification, candidates must first complete CompTIA A+, Network+, and Security+. Together, these certifications demonstrate a strong, well rounded foundation.

I am a ski lift mechanic now and working towards a career change. Here’s a view of the sunrise the other day. In look to take the ITIL foundation 4 certification exam soon, start Isc2 SSCP, and CompTIA Project+ courses. The learning never ends with technology.

Leave a comment

Previous Post

Recent posts

Quote of the week


“Education is the most powerful weapon which you can use to change the world.”

~ Nelson Mandela.

Danny Bruce Blog

About

From ski lift mechanic to cybersecurity student, I’m making the journey back into tech to pursue what truly drives me solving complex problems and protecting digital systems. With a hands on background in mechanical systems and a growing expertise in cybersecurity, I’m blending practical experience with technical knowledge to build a career in a field I’m passionate about.

Contact Me

Email: brucedanny45@gmail.com

Follow Me

Blog at WordPress.com.