When you’re hunting through job postings, sometimes you may see Security+ as a requirement. Sometimes you might see Security+ce instead. Theoretically, I’m out of luck if they really want Security+ce. Let’s talk about Security+ vs Security+ce and whether the difference means anything for you.
Security+ vs Security+ce really comes down to when you took the exam. If you took the exam after 2010, and certainly after 2011, you have both. If, like me, you took the exam before 2010 and didn’t convert it, you just have Security+. And some jobs require ce.
The difference is that in 2010, CompTIA started requiring continuing education and charging an annual fee for membership. Prior to 2010, when you took a CompTIA exam, you were certified for life. Technically, I still am certified for life, and I never pay CompTIA a fee, and I never submit CEUs. But I have the older, theoretically less desirable certification.
My then-employer told me to convert my Security+ to Security+CE in 2011, and told me I had three months to do it. I looked at the requirement, and one of the ways to fulfill that requirement was to get CISSP. I happened to be studying for CISSP at the time. But my job didn’t require both Security+CE and CISSP. It just required one of them. So I told them I wasn’t going to waste my time with Security+CE. I’d just hang on to my old certification and get CISSP.
My then-supervisor said I had an attitude problem. But I think in time he saw my logic. Why pay money to two certifying bodies and submit the same continuing education to two certifying bodies if I can do that with just one?
Continuing education is important, so I understand why CompTIA added the requirement. Not everything I learned in 2008 to pass the test back then is still a good idea now. Most of it’s still relevant. But in 2008 it was still perfectly OK to use SSL. If I still think that’s OK, then I’m dangerous. I’ll admit it’s nuanced, but I know the question of securing HTTP is nuanced because I keep up with the industry.
Does the employer want Security+ or Security+ce?
If a job posting says Security+, in theory having either one will get you through HR. And once you get into the job interview, if the interviewer can tell your knowledge is current, the interviewer may very well not care when you got the certification and whether you’re paying dues. That’s my attitude. If I’m interviewing someone, I want to make sure they have the knowledge that certification requires today.
Sometimes a job posting will say Security+ce and it will require a current Security+ce in good standing. This is especially true on government contracts. Most government contracts require certifications at a certain level or above, so if it says Security+ce and all you have is the old Security+ like I have, and you don’t have any higher-level certification like CEH, CISM, or CISSP, you’ll need to sit for Security+ce and start paying the annual fee and submitting CEUs.
But in theory, if you passed Security+ once, you shouldn’t have much trouble passing the current version of the test.
Using a higher certification as an exception
You’ll want to be careful how you say it so you don’t come off as arrogant, but if you don’t have Security+ce and you have a limited time to get it, you might think about getting something higher. Having CEH opens a lot of doors for you in the government contracting space. CISSP opens almost every door for you. Having both CISSP and CEH opens virtually every security job up to you.
I think it’s a good idea to get some of your continuing education from studying for a higher-level certification. In contracting, it’s easy enough to find someone younger than you who’s willing to work cheaper and can pass Security+. Even if there’s nowhere for you to go on your current contract, once you achieve a higher level certification, you can jump to an opportunity on another contract. Having something more than Security+ also makes it easier to find work in the private sector.
Technically my Security+ is still valid, but literally no one has asked me about that certification since 2011.