I'm a contractor working on a DoD project and my employer just told me I need to be certified under DoD 8570 within 6 months or they'll have to reassign me. I'm in an IAT Level II role, which means I need either CompTIA Security+, CCNA Security, or a handful of other options. I've been in IT for 4 years but never sat for any formal security certifications.
Security+ seems like the obvious starting point since it's the most widely accepted and the study materials are everywhere. I've been doing about 2 hours of prep a night and I'm hitting around 78-80% on practice exams. The passing score is 750 out of 900, which translates to roughly 83% depending on the question difficulty weighting.
My main weak spots are cryptography and PKI concepts - I understand the broad strokes but the specific algorithm details and certificate chain questions get me. I've got about 9 weeks until my self-imposed deadline. Anyone gone through the DoD compliance path and have advice on prioritizing study time?
For PKI specifically, focus on how certificate chains work and what happens when one breaks. The test loves scenarios where a cert is expired or the wrong CA signed it. Draw it out, don't just read about it.
Get the Jason Dion practice exams - they're harder than the real test, which is exactly what you want. I scored 72% on his exams consistently and got an 810 on the actual exam.
Make sure your employer actually submits your certification to DISA after you pass. I passed Security+ and almost missed my deadline because the paperwork sat on someone's desk for 3 weeks. Follow up aggressively.
Security+ is the right call for IAT Level II. I passed it in 6 weeks studying about 90 minutes a day from a similar baseline. The cryptography section clicks once you draw out the key exchange process on paper - stop trying to memorize and start trying to understand the flow.