It is always interesting to see how well an organization adapts to change within its ranks. For large certification sponsors like CompTIA, this often includes moving from an old version of a credential to a new one. Considering its over two decades of experience, CompTIA is a pretty well-oiled machine in this regard.


The certification in the spotlight here is Security +, which has just moved to its sixth version. You can see this because the certificate ID changes from SY0-501 to SY0-601, where the last three digits indicate the first minor version of the fifth and sixth major versions, respectively.

That’s why the header of the current Security + Sy0-601 Exam Dumps page also lists the two “exam codes,” as CompTIA calls them unique identifiers.

CompTIA has a great deal of practice in transitioning from old versions of certificates to new ones, giving candidates time to finish with old versions even after newer versions have been released. In this case, those preparing for SY0-501 have until the end of July 2021 to pass the above exam.

CompTIA Product Manager Patrick Lane wrote a pretty interesting blog post on August 14, explaining the differences between the two reviews. It’s prosaically titled CompTIA Security + 501 vs. 601: What’s the difference?

The best rundown of these distinctions comes as one next to the other correlation of test areas and their loads, which I repeat verbatim here:

The old “Technologies and Tools”, “Cryptography and PKI” and “Identity and Access Management” domains have disappeared, replaced by the new “Deployment” and “Operations and Incident Response” domains. The names of the other domains change as risk is built into governance and compliance.

Lane also offers an informative list of the ‘most up-to-date and necessary skills’ to handle the tasks Security + Certified Professionals should be prepared for:

  • Evaluated the cybersecurity posture of a business environment.
  • Recommend and implement appropriate cybersecurity solutions.
  • Monitor and protect hybrid environments.
  • Operate knowing the applicable laws and policies.
  • Identify, analyze, and respond to cybersecurity events and incidents.

It seems to me that, as usual, CompTIA listens to consortium members and adapts well to the changing role of information/cybersecurity in modern organizations. So too is the growing importance of cybersecurity not only for avoiding and mitigating risk but also for ensuring compliance with regulatory and compliance requirements, as well as evolving industry best practices, processes, and procedures.

Which version should I get?

If you are preparing for the old exam, you may want to start over and catch up on the new exam. Why am I saying this? Because it seems so much more relevant to the types of skills and knowledge that people need in the workplace today.

This is genuine in any event, for section level security-engaged or related positions. And with CompTIA certificates only lasting three years before renewal today, it’s best to jump on something with its expiration date that isn’t looming soon.