The New Security Test -The SYO-401 and SYO-501 - What's the Difference ??

I had a student come to me today and ask - "What is the better for my IT Security Career?" - Here is my response.
The difference between the SY0-401 and SY0-501 there is about a 25% overall change in content. The new exam focuses more on:

• Attacks
• Risk management
• …and hands-on skills using technologies and tools

The main exam objectives have been re-ordered and re-named to better reflect instructional design organization as well as the changing emphasis of industry cybersecurity trends.

---

The broad brush
So what kind of new content can you expect to see in the Security+ SY0-501?
Remember that Security+ is about a mile wide and an inch deep, so we need a broad brush. Essentially, the new material in CompTIA’s Certification Exam Objectives for Security+ SY0-501 covers technologies that weren’t yet widely used when the SY0-401 was released.

These newer technologies include the following:
– Cloud support and cloud security
– Expansion of Virtualization and how to secure it
– Mobile device security and common breaches
– Securing cart technology and payment systems
– More on monitoring tools and the analysis of their metrics
– More on network access control models
– Sideloaded applications, including their management, verification and validation
– Samsung, LG and/or other manufacturer specific issues

Like previous CompTIA Security+ updates, the SYO-501 will also increase the emphasis on practical knowledge. These sub-objectives will start with phrases like “Given a scenario…”

The Job Task Analysis
The first step in any CompTIA exam update is to perform a Job Task Analysis (JTA), in which CompTIA consults hundreds of subject matter experts. These experts tell CompTIA exactly what changes are occurring in the profession and what trends to watch in the near future. CompTIA then updates its exam questions accordingly.

What has NOT changed: The job roles
The Security+ SY0-501 exam remains grounded in the same job roles as the SY0-401: security administrator and information assurance specialist.

Typical SY0-501 job titles include:

• Security Administrator
• Systems Administrator
• Network Administrator
• Security Specialist
• Security Administrator
• Security Consultant
• Junior IT Auditor
• Junior Penetration Tester

Nature of changes to the exam content
There are several new themes for the new Security+ 501 exam. Here are the main changes:

• Importance of risk mitigation concepts
• Best practices
• Techniques.

This is the result of seeing more Distribute Denial of Service (DDoS), ransomware, phishing, and business email attacks. These and other attacks have over the last few years become more varied, sophisticated and therefore more successful, it is more important than ever for security professionals to accurately identify these threats and understand how to rapidly deploy the most effective responses to resolve them.

There is also a new emphasis on policy-based decisions, as well as understanding frameworks. Increasingly, security procedures have become a policy-based. The exam includes a renewed emphasis on multifactor authentication techniques and tools.

What is all that security for?
It is important to set these very long lists of exam objectives in a meaningful context. Therefore, the Security+ 501 exam now includes an emphasis on how security techniques, policies, and best practices all are the foundation for privacy. For the security administrator, one of the job roles defined by the Security+ JTA, this must remain a critical focus. The surveys done in preparation for the SY0-501 update have shown that an organization must first have its security practices in order before it can address privacy properly.

Should I take the Security+ SY0-401 now or wait for the SY0-501 exam?
The short answer is of course that you should take the version available at the time you need to be certified. Doesn’t take a genius to figure that one out! However, there are other considerations too. One is that although the “latest and greatest” always has its appeal, chances of success at the exam matters too. When it comes to CompTIA certification your certification is valid for three years from the date you pass the exam. It doesn’t matter if that date happens to be one day before the retirement date of the exam, you are still certified for three years no matter what. The other consideration is always a tendency to prefer “the devil we know”. There is predictability in committing to Security+ SY0-401 that the SY0-501 objectives can’t offer just yet as it is known that CompTIA adjusts and recalibrates an exam for the first six months to a year post release date.

Here is the recommendation
If you are planning on getting certified in the spring/summer of 2018 you will have a choice of two versions: Pick whichever one you are the most comfortable with after taking a really close look at the exam objectives of both. I have the SYO-401 so I am going to take the SYO-501.

Written by Chip Harris