Why is there a new version of Security+?

And the answer can be found at s.comptia.org/3tcAmzh
Well, something else to consider - since all of the CE certifications are on a three-year renewal schedule, and the rules state you cannot take and pass the same examination twice, this means that CompTIA must release a new version of the examination every three years.

I always felt like CompTIA painted itself into a corner on that one - because of all the development work, time, and planning to bring a certification version to market, and banking on the notion that the industry will change enough every three years to make a new version meaningful - rather than just a matter of rote.

/r
 
ISC2 has a similar issue. The new CISSP comes out in April 2024, and the changes are minor at best. They shifted a couple of points for each of the domains and made the exam 25 questions shorter.

 
ISC2 has a similar issue. The new CISSP comes out in April 2024, and the changes are minor at best. They shifted a couple of points for each of the domains and made the exam 25 questions shorter.

Yeah, on one hand, employers want you to have a "current certification". It's in the certification vendor's interests because it keeps people coming back for more testing and to get new products, so it protects the revenue stream. That's just the business of it all - can't necessarily fault CompTIA for wanting that. There are certs that I think a three year clip would be good, like ITF/Tech+, and some, like Network+, where changes seem to be, in my view, overrated.

Case in point - I got into a little of a spirited argument one time with none other than James Messer (yes, that one), about how much of the Net+ between 007 and 008 had changed. His view was about 40%, based on objectives and components of those objectives. I put it to 25% based on content. Messer maintained that 40% of the objectives had changed - hundreds of different things to know, which they did in reality. It was my observation that some content was brought to the surface as an objective (like IP headers), that was always part of the exam, but never articulated as an objective. And conversely, some objectives sank below the waterline - still stuff you needed to know, but it wasn't specifically an objective.

I based my contention on CompTIA's Transition Guide that gets published as part of the Instructor offering of materials. To me, this document is very important when asking that "how much has actually changed" question - probably as important to an instructor as the guides themselves.

/r
 
Yeah, on one hand, employers want you to have a "current certification". It's in the certification vendor's interests because it keeps people coming back for more testing and to get new products, so it protects the revenue stream. That's just the business of it all - can't necessarily fault CompTIA for wanting that. There are certs that I think a three year clip would be good, like ITF/Tech+, and some, like Network+, where changes seem to be, in my view, overrated.

Case in point - I got into a little of a spirited argument one time with none other than James Messer (yes, that one), about how much of the Net+ between 007 and 008 had changed. His view was about 40%, based on objectives and components of those objectives. I put it to 25% based on content. Messer maintained that 40% of the objectives had changed - hundreds of different things to know, which they did in reality. It was my observation that some content was brought to the surface as an objective (like IP headers), that was always part of the exam, but never articulated as an objective. And conversely, some objectives sank below the waterline - still stuff you needed to know, but it wasn't specifically an objective.

I based my contention on CompTIA's Transition Guide that gets published as part of the Instructor offering of materials. To me, this document is very important when asking that "how much has actually changed" question - probably as important to an instructor as the guides themselves.

/r
Let's be honest. The overwhelming majority of the content doesn't change. A+ has been talking about operating systems, software, and hardware for decades. Net+ has been talking about the OSI model, ports, protocols, network appliances, and wired/wireless standards for decades. Sec+ has been talking about confidentiality, integrity, availability, authentication, authorization, accounting, encryption, and physical security for decades. Some information is added, some is modified, and some is removed, but the bulk of the material has been rather consistent for a long time.

James Messer is entitled to his own opinions, but he is not entitled to his own facts. The percentage of changes from one version to the next is closer to your estimation than his. A person would have to skip a few versions of an exam to notice a significant difference between exams.

But what do I know? I've only taken 4 A+ exams, 4 Net+ exams, 4 Sec+ exams, 3 CySA+ exams, and 2 Project+ exams.
 
Let's be honest. The overwhelming majority of the content doesn't change. A+ has been talking about operating systems, software, and hardware for decades. Net+ has been talking about the OSI model, ports, protocols, network appliances, and wired/wireless standards for decades. Sec+ has been talking about confidentiality, integrity, availability, authentication, authorization, accounting, encryption, and physical security for decades. Some information is added, some is modified, and some is removed, but the bulk of the material has been rather consistent for a long time.

James Messer is entitled to his own opinions, but he is not entitled to his own facts. The percentage of changes from one version to the next is closer to your estimation than his. A person would have to skip a few versions of an exam to notice a significant difference between exams.

But what do I know? I've only taken 4 A+ exams, 4 Net+ exams, 4 Sec+ exams, 3 CySA+ exams, and 2 Project+ exams.
I don't disagree with any of this - including the parts about what you may or may not know. ;)

And you're right - the content hasn't changed THAT dramatically, year over year. Few years now taking tests myself as well as the Train the Trainer - all that evidence seems to support it as well - which basically gives some credence to the motivation behind the CE credentialing. I'm usually a big proponent of CompTIA, but I've always had an irk about CE. Not as big a deal since my testing is covered in one form or another, and I just test and re-test to stay sharp.

I always thought Messer's numbers were inflated on that, but I understand his methodology and certainly mean the guy no disrespect. Last year, I got the chance to talk to Jason Dion and he seemed to agree more with me as well. There are changes, always. Again - read that Transition Guide - I totally love that publication.
 
  • Like
Reactions: Gregory Childers
The newness will come in the form of new certifications. For example, somebody may write a book on AI and try offering certifications on AI. It will be a completely new certification and revenue stream for whomever can publish current curriculum and exams.

That of course will be the challenge. AI is changing fast. Someone selling books on AI will find the landscape has changed before the ink is dry. The curriculum and cert will have to present a timestamp. This may look like "AI certified 2023Q3" or AI certified v7."
 
The newness will come in the form of new certifications. For example, somebody may write a book on AI and try offering certifications on AI. It will be a completely new certification and revenue stream for whomever can publish current curriculum and exams.

That of course will be the challenge. AI is changing fast. Someone selling books on AI will find the landscape has changed before the ink is dry. The curriculum and cert will have to present a timestamp. This may look like "AI certified 2023Q3" or AI certified v7."
Both ISACA and CertNexus have AI certifications.


 
Not all People ned to take the new Exam for Recertification. But the 3 Year cycle makes it hard, so that new stuff needs to be implemented, but sometime i wonder why? Because one or two SME say, that is important too there company (or the US DoD)? or is it sometimes, other Certs from a vendor talk about this topic, so i can`t be let out (Like Homophobic Encryption, Quantum Computing, could go on here). It gets more Content in the same time. But i would not say, that there are 40% of changes... more like rick said: 25% percent...
 
Both ISACA and CertNexus have AI certifications.


Certnexus is like 3 years old? i took the Beta of this one... Microsoft has also their own AI Courses and Certs...
 
Case in point - I got into a little of a spirited argument one time with none other than James Messer (yes, that one), about how much of the Net+ between 007 and 008 had changed. His view was about 40%, based on objectives and components of those objectives. I put it to 25% based on content. Messer maintained that 40% of the objectives had changed - hundreds of different things to know, which they did in reality. It was my observation that some content was brought to the surface as an objective (like IP headers), that was always part of the exam, but never articulated as an objective. And conversely, some objectives sank below the waterline - still stuff you needed to know, but it wasn't specifically an objective.

I based my contention on CompTIA's Transition Guide that gets published as part of the Instructor offering of materials. To me, this document is very important when asking that "how much has actually changed" question - probably as important to an instructor as the guides themselves.

/r
James Messer is telling people on Reddit that "half of the SY0-701 is new from the SY0-601."

I've lost a lot of respect for him making statements as intellectually dishonest as that.

I have passed five different versions of the Security+ (SY0-101, SY0-201, SY0-301, SY0-501, and SY0-601) and I'm preparing for the SY0-701 right now. I've also been teaching Security+ since 2005. The SY0-101 and the SY0-701 aren't 50% different from each other, and the 601 and 701 have even fewer differences. And the 101 and 701 versions are 21 years apart.
 
Last edited:
James Messer is telling people on Reddit that "half of the SY0-701 is new from the SY0-601."

I've lost a lot of respect for him making statements as intellectually dishonest as that.

I have passed five different versions of the Security+ (SY0-101, SY0-201, SY0-301, SY0-501, and SY0-601) and I'm preparing for the SY0-701 right now. I've also been teaching Security+ since 2005. The SY0-101 and the SY0-701 aren't 50% different from each other, and the 601 and 701 have even fewer differences. And the 101 and 701 versions are 21 years apart.
That's what raised my eyebrow last time with the Network+. I'm sure in saying that, it draws attention to his products and such.

Again, if you really want to know the differences question, look at the Transition Guide that CompTIA publishes with every exam version. That's my go-to resource.

/r
 
That's what raised my eyebrow last time with the Network+. I'm sure in saying that, it draws attention to his products and such.

Again, if you really want to know the differences question, look at the Transition Guide that CompTIA publishes with every exam version. That's my go-to resource.

/r
Maybe James Messer is using the Lindsay Lohan strategy of self-promotion. Good news. Bad news. Its all news, and helps bring in the $$. People will stop caring about the accuracy within a month.