Over a year ago, I successfully passed the CompTIA Security+ (SY0-701) exam, and I'm thrilled to be officially certified currently. As a cybersecurity student, I knew this was a critical foundational certification to earn. Many people from my university ask me how to pass CompTIA Security+ SY0-701 and what my strategy was, so I decided to write this post to share my process.

If you're studying for the Sec+ right now, I hope my experience can help you.

My Core Study Resources

You don't need to buy a dozen different books. I focused on a few high-quality resources most of which were entirely free:

• Mike Chapple's Sybex Study Guide: This was my first and primary resource that I utilized. This book is chock-full of information that is presented in a very easy-to-understand manner... This Study Kit includes the textbook as well as over 1000 practice questions all for the cost of around $40. Here is the Amazon link: Amazon Link
• Mike Chapple's LinkedIn Learning Course: This was my primary video resource that acts as a perfect companion to the Sybex Study Guide... His explanations are clear, and he covers every objective on the exam in a logical order.
• Professor Messer's SY0-701 Videos (YouTube): Professor Messer's channel is another great resource. If you want a second opinion/reference, there is not a better place to go!
• Practice Exams & Questions: As mentioned previously, the primary source of test questions that I used was from the Sybex Exam Kit. However, there are a LOT of free resources out there. Quizlet has so many practice question sets...
• My Own Notes: This was the most important part of my study. As I went through the video courses, I compiled all my own notes into an organized Obsidian folder. My notes are attached to my website, and my LinkedIn so feel free to look over/download them... My GitHub Notes

My Study Strategy

My process was simple: Learn, Review, Practice.

1. Learn (The "First Pass"): I went through Mike Chapple's entire course, taking detailed notes as I went. The goal was just to get exposure to all the topics.
2. Review (The "Second Pass"): This is where my notes came in. I put away the videos and only studied my notes. I would read a section, look away, and try to explain the concept out loud.
3. Practice (The "Final Phase"): After I felt confident with my notes, I moved on to practice exams... The key here isn't just to get a good score, but to read the explanation for every single question you get wrong. This is how you find your weak spots.

Exam Day Tips

• Flag the PBQs: The Performance-Based Questions (PBQs) at the beginning are time-consuming. Flag them for review, blast through the multiple-choice questions, and then come back to the PBQs at the end.
• Read Every Word: CompTIA loves to try and trick you. Read the question twice. Look for keywords like "BEST," "MOST," or "NOT."
• Trust Your Gut: Your first instinct is usually the right one. Don't go back and change your answers unless you are 100% certain you misread the question.

Final Thoughts

Passing the Security+ is a marathon, not a sprint. It takes consistent effort, but it is absolutely achievable. My biggest piece of advice is to create your own study materials... That active learning process is what makes the information stick.

Good luck with your studies!

If you're exploring cybersecurity, you've probably heard the term "CTF." It stands for "Capture The Flag," and no, we're not running around in a field. In the hacking world, a CTF is a hands-on cybersecurity competition designed to challenge your skills.

As a member of the Maryville Ethical Hacking Team and a competitor in events like the National Cyber League (NCL), I've found that CTFs are, without a doubt, the single best way to learn practical, real-world skills.

But what are they, really? Here's a simple breakdown.

The Basic Idea

In a CTF, you're presented with a set of challenges. Each challenge has a hidden "flag" – a specific string of text, like flag{this_is_a_secret_key}. Your goal is to use your technical skills to find that flag. When you find it, you submit it to the competition scoreboard for points.

These aren't random guessing games. They are puzzles (often called jeopardy-style CTFs) that require you to act like a hacker—or a defender—to find a vulnerability and exploit it.

What Kinds of Challenges Are There?

CTFs are usually broken down into a few main categories. Here are some of the most common ones you'll see:

• Cryptography: You're given an encrypted message (a "ciphertext") and have to figure out how to decrypt it to find the flag.
• Web Exploitation: You're given a website and have to find a vulnerability. This might mean using SQL Injection to dump a database or bypassing a login page.
• Reverse Engineering: You're given a compiled program (like an .exe file) and you have to figure out what it does without seeing the source code.
• Forensics: You're given a "digital artifact," like a hard drive image or a network traffic capture (.pcap file). You have to play detective and analyze the file.
• Binary Exploitation (Pwn): A more advanced category where you find a vulnerability in a program (like a buffer overflow) and write your own code to "exploit" it.

It's important to note, that you don’t have to be an expert in all of these categories. That is why most of the CTFs you’ll encounter are team-based. You and your teammates can make up for each other’s weaknesses or knowledge gaps.

Why Should You Bother with CTFs?

Classroom learning is great for theory, but CTFs are where you apply it. I can without a doubt say that extracurricular activities is where I have learned the most! Here’s why I spend my time on them:

• It's the Fastest Way to Learn: You will learn more in one weekend-long CTF than you will in a month of just reading textbooks.
• You Learn to Think Like an Attacker: To be a good defender ("Blue Teamer"), you have to understand how an attacker thinks ("Red Teamer"). CTFs force you to adopt that offensive mindset.
• It's Great for Your Resume: When a recruiter sees "Participates in CTF competitions" on my resume, it's a concrete signal that I have hands-on experience and a genuine passion for the field.
• They're Fun! It's a game. It's a puzzle. It's incredibly frustrating right up until that "eureka!" moment when you finally find the flag, and that feeling is a huge rush.

How Can You Get Started?

If you're a student, the best way to start is to see if your school has a cybersecurity club or team. If not, there are amazing resources online:

• picoCTF: The best place for absolute beginners.
• CTFtime: A calendar of all upcoming CTF competitions.
• National Cyber League (NCL): A great, gym-style competition specifically for students to build and test their skills.

If you've been curious about cybersecurity but don't know where to start, I highly recommend trying a CTF. It might just be the thing that gets you hooked.

Ready for more? Read about my 3 biggest lessons from my first NCL competition →

In my last post, I explained what a "Capture The Flag" (CTF) competition is. Now, I want to share my personal experience and the biggest lessons I learned from my first major event: the National Cyber League (NCL).

The NCL is a "gym-style" competition, meaning you have one weekend to solve dozens of challenges. It was my first time facing so many different problems at once, and it was a huge learning experience.

I was hooked, but I also learned a few hard lessons. Here are my top three takeaways from that first season.

1. A Balanced Team is Essential

I quickly learned that you can't be an expert in everything. The NCL has nine different categories, including Cryptography, Web Exploitation, Forensics, and Reverse Engineering. While I was comfortable in a few areas, I hit a wall in others.

This is where your team comes in. Having a balanced team where each member has a different specialty is essential. Having a teammate who loves "Reverse Engineering" while you tackle "Web Exploitation" means you can cover more ground and learn from each other.

2. Time Management is Key

The NCL isn't a "solve one problem" test, it's a race against the clock. You have one weekend to complete dozens of challenges. My first instinct was to just pick one hard problem and grind until I solved it. I spent three hours stuck on a single, medium-difficulty challenge.

By the time I gave up, I had zero points and had wasted a huge chunk of my time. I soon learned the real strategy: go for the low-hanging fruit first. It's far better to spend that time solving 5-10 easy challenges across all categories to get points on the board.

3. Use Your Resources (But Use Them to Learn)

One of the best things about NCL is that it's "open-book." You are allowed—and encouraged—to use your resources. Whether it's Google, AI tools, or your own notes, anything is fair game.

I hit a "Forensics" challenge I had no idea how to even start. I started Googling key terms and even asked an AI to explain the core concept. Twenty minutes later, I had a new tool, a new method, and the flag.

But here’s the key: this is only allowed as long as you actually learn and don't just copy-paste verbatim. The goal is to learn how to find information and apply it. The NCL taught me that cybersecurity isn't about memorizing everything; it's about being an expert researcher who can find and apply new information fast.

My Final Takeaway

My first NCL was intense, a little overwhelming, and one of the most fun things I've done in my cybersecurity journey. I didn't get a perfect score, but I learned so much.

If you're a student on the fence about trying a CTF like the NCL, my advice is to just do it. You don't have to be an expert. Get some friends or schoolmates together and have a fun time! If it is your first time, don't expect too much. My advice is to not take it too seriously and just consider it a chance to learn, get some CTF tips for beginners, and be prepared for the next time. You'll be surprised at how much you can grow in a single weekend.