Time to get started

Time to get started.

The notion of using blog posts was inspired by this post that I found while searching for security-related webinars that would earn CEUs but had low or no cost. Turns out there really aren't many (any?).  I figure it can't be too difficult to write a handful of posts. They just need to be relevant to the Security+ exam objectives. I'll be using the SY0-301 list.

But first a quick rant about the cost of all these certifications and their maintenance.
I am not an "IT guy". My actual job role has always been software developer/analyst/engineer/architect, but during my career (almost 23 years now), out of both necessity and personal interest , I have learned many of what we now collectively refer to as "IT skills". I've always been on small-ish teams and we've rarely had the luxury of someone dedicated to taking care of our IT needs. So I volunteered a lot of such effort over the years and learned all kinds of things. Computer security has always been one of my interest areas.

More recently, our team moved to a new facility that had significantly higher security standards than our previous home. We were short on staff at the time and in order for me to be permitted to keep helping out with the IT tasks, I would have to meet the same criteria as our formal IT guys, i.e. certifications. So I self-studied the CompTIA Security+ and passed the exam. And I have to maintain the certification in order to retain my administrative privileges.

Philosophically, I completely support the notion of certified individuals doing something to maintain their knowledge and skills and present some evidence of having done so. (Sometimes while driving, I think folks ought to have to retake their drivers license exam every so often...) In the case of all these IT and security certifications, however, I find a significant financial barrier. If your primary job role is one of these areas and your employer will pay for the time and expense of training and taking the exams, then that's great for you. But if you fall into my case and you're just doing it out of self-interest or "on the side" as it were, then a lot of these certifications and their maintenance are likely WAY out of your budget.

The CompTIA certifications seem to be some of the least expensive options.
There are usually some good self-study books available for less than $50 and the exam fees are $200 - $300. Not so bad.

But take a look at some of the other stuff, like the SANS, Cisco, EC Council, etc.
Sticker shock! The exam fees are $500+ and you really need to buy either their training material or take one of their training courses, which will run from many hundreds to a couple thousand dollars.
Wow. It would be easy to get cynical and say they're all just taking us for what they can. But I can also see that these certs are not desired by enough people for any kind of Wal-Mart style volume discounts to start happening.

Maybe that will change over time. We'll see. Until then, the unsupported enthusiasts and non-IT people like me will just need to look for the affordable options where we can.