Security+
CompTIA's entry-level security certification — vendor-neutral, globally recognised, and DoD-baseline approved.
CompTIA
Computing Technology Industry Association — the non-profit vendor behind Security+, Network+, and CySA+.
SY0-701
The current exam code for Security+, released in November 2023. Previous version SY0-601 retired in July 2024.
DoD 8570
US Department of Defence directive requiring all IT personnel in certain roles to hold specific certifications — Security+ is on the baseline list.

Why Security+ matters

Security+ occupies a unique position in the certification landscape: it is the minimum expected baseline for anyone entering a cybersecurity role in most large organisations, especially in regulated industries and government. It does not require previous security experience to sit, making it the natural starting point for career changers and IT professionals moving into security.

Unlike vendor-specific certifications (AWS, Cisco, Microsoft), Security+ is entirely vendor-neutral — the knowledge applies regardless of which tools or platforms an organisation uses. This broad coverage makes it universally applicable and widely accepted across industries.

#1
Most widely held foundational security certification globally — with hundreds of thousands of certified professionals.
DoD 8570
US government baseline — required for IT positions in defence, federal agencies, and thousands of government contractors.
3 years
Certification validity. Renewed through CompTIA's Continuing Education (CE) programme with 50 CE credits or by retaking the exam.

The five SY0-701 domains

The SY0-701 exam is divided into five domains, each weighted by percentage of exam content:

  1. 12%
    General Security Concepts — Security controls frameworks, cryptography basics, authentication, authorisation, PKI, digital certificates, and foundational security principles. The vocabulary and conceptual foundation for everything else.
  2. 22%
    Threats, Vulnerabilities and Mitigations — Malware types, social engineering, application vulnerabilities, threat actors, threat intelligence, vulnerability scanning, and attack techniques. This is the core technical domain.
  3. 18%
    Security Architecture — Network security design, cloud security, virtualisation, zero trust, network segmentation, infrastructure as code, and secure network topologies. Critical for understanding modern enterprise environments.
  4. 28%
    Security Operations — The largest domain. Identity and access management, log analysis, endpoint security, incident response, digital forensics, data loss prevention, and security monitoring. Most directly applicable to day-to-day security work.
  5. 20%
    Security Program Management and Oversight — Risk management, compliance (GDPR, HIPAA, PCI-DSS), data privacy, third-party risk, security policies, auditing, and data classification. Increasingly important as security becomes a business function, not just a technical one.

The Security+ examination

  • Format: Up to 90 questions over 90 minutes. Mix of multiple choice and performance-based questions (drag-and-drop, scenario analysis, simulations).
  • Passing score: 750 on a scale of 100–900.
  • Prerequisites: No mandatory prerequisites. CompTIA recommends CompTIA Network+ and 2 years of IT experience with a security focus — but many candidates pass without these.
  • Delivery: Pearson VUE testing centres or remotely proctored online.

Roles Security+ opens

Security+ is explicitly listed as required or preferred in a wide range of entry and mid-level roles:

  • Security Analyst / SOC Analyst
  • Systems Administrator (security-focused)
  • IT Auditor
  • Network Security Engineer
  • Security Operations Centre (SOC) Tier 1 / Tier 2
  • Junior Penetration Tester
  • Cybersecurity Specialist (government/defence)
Study Security+ SY0-701 with VAPTIC

VAPTIC's Security+ course covers all five domains with live instruction, practice exams, and scenario-based exercises designed for first-time certification candidates.

View Security+ Course