The 15-year old Security+ certification from CompTIA just got a makeover. The industry organization this week announced the fifth version of the certification. This latest iteration emphasizes a security pro’s practical and hands-on ability to identify and address security threats, attacks and vulnerabilities.

Since the Security+ certification was introduced in 2002, the international, vendor-neutral certification is updated every three years to keep it – and IT pros – relevant. The new Security+ (SY0-501) certification tackles the latest cybersecurity trends.

CompTIA’s Patrick Lane

“The new version of Security+ focuses more on hands-on skills and risk management,” Patrick Lane, director of product development with CompTIA, told us. “Our exam is a reflection of the current state of cybersecurity field and represents the foundational cybersecurity skills needed today, such as risk mitigation, risk management and intrusion detection.”

No prerequisites are required to take the new Security + (SYO-501) exam, but candidates should be CompTIA Network+ certified or have equivalent experience, and have a minimum of two years in IT administration with a focus on security and day-to-day security experience, the organization suggests.

The exam requires a broad knowledge of security concerns and implementation, including: identifying risk and participating in risk mitigation activities; providing infrastructure, application, information and operational security; applying security controls to maintain confidentiality, integrity and availability; identifying appropriate technologies and products; troubleshooting security events and incidents; and operating with an awareness of applicable governance policies, laws and regulations.

These are the exam domains for the Security+ exam. With the latest Security+ exam, about one-quarter of the objectives have changed to reflect the emphasis on risk management and hands-on skills.

“The exam domains have also been rearranged to follow a better instructional design,” said Lane.

So, for example, the first domain is about threats and vulnerabilities and starts off with hand-on activities involved with that exercise, i.e. a threat that might occur in the network and mitigating that threat.

The CompTIA Security+ is ANSI-accredited and complies with the ISO/IEC 17024 standard for personnel certification programs. The certification also has approval from the U.S. Department of Defense for Directive 8140/8570.01M, which established department policies for its cyberspace workforce including setting requirements for training and certification, CompTIA said.

The number of new IT pros taking the Security+ certification is increasing on a month-to-month basis, Lane said. That’s because Security+ is the centerpiece of CompTIA’s CyberSecurity Career Pathway, announced in February, which is being adopted by schools in North America and worldwide.

The new Security+ is now available. Anyone who has already been studying for the previous Security+ version will still be able to take that exam as CompTIA currently makes both available.