New CompTIA Security+ Marches Forth

It's always interesting to see how well an organization adapts to change within its own ranks. For big certification sponsors like CompTIA, that often includes transitioning from an older version of a credential to a new one. Given its two-plus decades of experience, CompTIA is a pretty well-oiled machine in this regard.

The certification in the crosshairs here is Security+, just now transitioning into its sixth version, You can tell this because the cert ID is changing from SY0-501 to SY0-601, where the last three digits indicate the first minor version of the fifth and sixth major versions, respectively.

That's why the current Security+ certification page header also lists both "exam codes" as CompTIA calls those unique identifiers. Behold:

Out with the Old, In with the New

CompTIA is pretty practiced at transitioning from older cert versions to new ones, so they give candidates time to finish up on older versions even after newer ones come out. In this case, those boning up for SY0-501 have until the end of July (July 31, 2021, that is) to pass the older exam.

In fact, CompTIA's Director or Products, Patrick Lane, wrote a pretty peachy blog post on Aug. 14, explaining the differences between the two exams. It's entitled, prosaically enough, CompTIA Security+ 501 vs. 601: What's the Difference?

The best summary of those difference comes in the form of a side-by-side comparison of Exam Domains and their weights, which I reproduce verbatim here:

The old "Technologies and Tools","Cryptography and PKI", and "Identity and Access Management" domains are gone, replaced by the new "Implementation" and "Operations and Incident Response" domains. The names of the other domans get tweaked, as risk gets folded in with governance and compliance.

Lane also proffers an instructive list of the "most up-to-date and current skills needed" to handle tasks that Security+ certified professionals should be prepared to tackle (also quoted verbatim):

? Assess the cybersecurity posture of an enterprise environment
? Recommend and implement appropriate cybersecurity solutions
? Monitor and secure hybrid environments
? Operate with an awareness of applicable laws and policies
? Identify, analyze and respond to cybersecurity events and incidents

Looks to me like, as usual, CompTIA is listening to its consortium membership and adapting well to the changing role of information/cybersecurity in modern organizations. Ditto for cybersecurity's increasing importance in not just avoiding and mitigating risk, but also ensuring proper adherence to compliance and regulatory requirements, and ever-evolving best industry practices, processes and procedures.

Which Version Should You Get?

If you're preparing for the old exam, you might want to start over, and get on top of the new exam instead. Why do I say this? Because it looks much more relevant to the kinds of skills and knowledge that people need in today's workplace.

This is true even for entry-level security-focused or -related positions (this latter category covers most jobs in IT these days, all of which have at least a minimal security component). And with CompTIA certs lasting but three years before renewal nowadays, best to jump on something with its own expiration date not already looming in the near future.

But hey! It's up to you. I just call them as I see them. Check out both versions of the Security+ exam on this certification's home page.