Security+ is a hellaciously broad survey exam over the entire subject area of computer security, though it doesn't go into much depth in any one place.
We created a 220-page annotated guide to Decrypting the Security+ Beta Objectives, just before the beta exam went live last September, and put it up for free use at http://www.alphageekproductions.com. Within a month, there had been 10,000 downloads from its official home site, PLUS, in one of the more modern forms of flattery, it made its way onto kazaa. Dozens/hundreds of beta participants told us how helpful it was in doing well on the exam.
It's not exactly open source documentation, as redistributing a *revised* document is not permitted, but as long as you're willing to live with the original as a unit, you can pass it around to your heart's content for non-commercial purposes. For that matter, even if you have commercial purposes at heart, we might be willing to let you distribute it if we see the opportunity as good marketing for us. Please contact us with your requests!
It's not completely uncommon for publishers to release drafts of technical books for open peer review, much as software companies release alpha and beta code. But it was unheard of (AFAIK) for someone publishing in the cert space to do this. Normally in this market segment, peer review is done (if at all) by the folks who buy the first printing and unhappily report errors. And if you're in that (significant) percentage of customers who wouldn't know an error when it hit them in the face, because you're using exam study to learn the product in the first place... well, you lose. Through our release, we gained an army of tech reviewers who were not shy about making comments. The final result includes their feedback as well as our own revisions.
Why did we make a draft available for free at the start of the beta? Oh, for zillions of reasons, like:
1. We wanted to get the information out there, in hopes of making people better prepared for the exam; this would hopefully raise the average exam score, and result in the "cut score" that determines pass/fail for the exam being higher than it otherwise would have been. Many certs get a bad rap. We wanted to try to raise the quality of this one, because we feel it's especially important.
2. Free is a good price. If you're not really at the point of wanting to BUY a book on security, you might be willing to download a free one. If you learn something you didn't know before reading our book, we've just had a positive impact on the world, and this is something, as responsible humans, that we like.
3. Market share and mind share are good things. Currently, we've got the lion's share of both, for this particular subject area. Generally the best way to get the word out about something without pissing folks off is to give them something they want, along with the marketing message (be it trade show schwag, "marketing betas" of software which are so named for exactly that reason, free news in magazines or web sites such as
4. If we wrote and timestamped the document before the start of the beta exam period, we were safe from any cries of "braindump" (people complaining we were distributing actual exam content, which is against the rules). Our final book was built primarily from this first draft for the same reason. I think, actually, that draft is the ONLY study material certified to have been produced prior to someone involved in the book taking the exam. Normally, this would not be something to crow about, but in this case... folks, we guessed remarkably well as to the types of questions that might be asked about each topic area. Incomplete though it is, the freebie guide is nonetheless a very useful prep tool.
5. Of course, since this is
After the Security+ book is out, watch for my comments on the security-related chapters I'm starting to write for a VB.Net book.