In observance of Memorial Day, the 30 Bird shipping department will be closed on Monday, May 27. Click here to download the 2019 UPS holiday operations schedule.

Security+ SY0-501: Let’s Do Launch!

Posted by Cliff Coryea 10/04/2017 0 Comment(s)

As the author of 30 Bird’s new CompTIA Security+ course, this October 4th is a very exciting day for me. That’s because as of today the new Security+ SY0-501 exam is live! Our courseware has been available since August (first to market? you bet!), but you might just be starting to plan for the new exam. So I’m here to help.

First, let’s take a step back. Each CompTIA exam gets a refresh every three years in accordance with ISO/ANSI guidelines. Similarly, students must renew their certifications every three years. But these requirements aren’t just about making busy work. Compared to its predecessor, the SY0-501 exam reflects some major changes in objectives and focus. Areas of increased attention include:

  • Risk mitigation
  • Vulnerability management
  • Privacy protection
  • Policy-driven security
  • Multifactor authentication

There’s also a greater emphasis on hands-on skills over theory. So be prepared to get your hands dirty. To make up for the increased breadth, some areas of coverage are less in depth than they were in SY0-401. And some of the more complex and specialized topics have been moved to the new intermediate-level CSA+ exam (more on that in my next blog post!).

We also paid close attention to feedback submitted by instructors who teach our SY0-401 course. First, we moved cryptography and networking earlier in the course to give a stronger foundation for later coverage of host and data security modules. There’s also one entirely new module covering the nature and motivations of attackers themselves.

Beyond that, there are significant content changes throughout the course. Enhanced coverage includes:

  • Application security, both from the perspective of recognizing exploits and practicing secure development
  • Authentication and access control technologies such as biometrics, single sign-on, and attribute-based access control
  • Hardening networks via security device placement and host security templates
  • Penetration testing methods and phases
  • Security policy topics such as frameworks, risk assessments, and regulatory compliance
  • Security risks and deployment concerns related to mobile devices, peripherals, virtual desktops, and other computer  systems outside the traditional server and workstation paradigm
  • Threats to hardware, firmware, and supply chains
  • Use of command line networking utilities

Just like its predecessor, our new Security+ course includes numerous hands-on labs. The environment consists of a fully functional virtual network that can run directly on the student workstation, including a client, server, router, and two specialized security appliances. All are preconfigured virtual machine images, ready for you to download and install. But unlike SY0-401, the new environment uses the freely available Oracle VirtualBox, so there’s no need to have a paid VMware license to use the virtual environment indefinitely.

We also sharpened the focus of our application security labs. Students will perform simulated application attacks such as generating buffer overflows, exploiting race conditions, and performing cross-site request forgery.

If you want an even simpler setup, soon we will offer an online version of our labs. For a modest charge, you’ll get the same virtual network with the same functionality. The difference is that the labs will be accessible directly from any web browser with no configuration needed on your part. And the lab steps will appear right in the browser along with the virtual machines.

Finally, while SY0-501 is now live, the SY0-401 exam will still be offered until July 2018. No matter which exam you take or teach, the certification will be good for just as long. But as you now know, the courseware and the exams themselves are very different. During the overlap period make sure you know exactly which products you should be using.
Have questions or comments? Please e-mail me at cliff@30bird.com. I’d love to hear from you!

Cliff Coryea
Instructional Design Lead
Sec+ and CSA+
30 Bird Media