Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Solaron
Sep 6, 2007

Whatever the reason you're on Mars, I'm glad you're there, and I wish I was with you.


Now that my CISSP is out of the way and I've had a couple weeks to breathe, I'm looking for the next thing I want to tackle. I come from a Windows sysadmin background and have little development experience. I'm already working as an Analyst at a very large company with a not-very-mature security team so I don't need to mess with Network+ or Security+, but I'm not getting any real direction or guidance from my management on where they'd like me to focus to advance in my career here. Since my company has recently rescinded their offer to send us Security folks to any real training, I'm looking for things I can putter around with on my own.

OSCP looks very interesting to me but it's not an area I've done a lot with aside from the basics. I found this write-up that looks very helpful: http://www.abatchy.com/search/label/OSCP%20Prep

Anyone here who has been through it - what are your thoughts on OSCP and do you have any recommendations on how I approach it?

Adbot
ADBOT LOVES YOU

Kashuno
Oct 9, 2012

Where the hell is my SWORD?


Grimey Drawer

If you can, just watch the prof messer youtube vids for sec+ and you'll probably pass no problem.

MrBigglesworth
Mar 26, 2005

Lover of Fuzzy Meatloaf

Speaking of Sec+ mine just expired today!

BallerBallerDillz
Jun 10, 2009

Cock, Rules, Everything, Around, Me


Scratchmo

MrBigglesworth posted:

Speaking of Sec+ mine just expired today!

Have you been hacked yet? Fallen victim to war ballooning?

Judge Schnoopy
Nov 2, 2005

dont even TRY it, pal

I'm gonna phish a bunch of companies using a link that simply reports back when it's clicked, then report those addresses on a website so other hackers know who's vulnerable. I'll do this for exactly two days and then sell my expert inside knowledge of War Phishing to CompTIA.

Then all you suckers will have to deal with learning War Phishing for your S+ exams.

Contingency
Jun 2, 2007

MURDERER

Judge Schnoopy posted:

I'm gonna phish a bunch of companies using a link that simply reports back when it's clicked, then report those addresses on a website so other hackers know who's vulnerable. I'll do this for exactly two days and then sell my expert inside knowledge of War Phishing to CompTIA.

Then all you suckers will have to deal with learning War Phishing for your S+ exams.

If we can get 3 or 4 people to attend the same CompTIA workshop, getting topics added to the required body of knowledge is entirely possible.

Dr. Arbitrary
Mar 15, 2006



Bleak Gremlin

I'm going to use warchalk signs to trick security experts into believing that there are juicy networks to exploit, but while they're distracted with the Honeypot, I'll steal their identities.

Warchalkphishing will be on the next exam.

Japanese Dating Sim
Nov 12, 2003

hehe

Lipstick Apathy

I remember feeling proud when I got my Sec+.

Renegret
May 26, 2007

THANK YOU FOR CALLING HELP DOG, INC.

YOUR POSITION IN THE QUEUE IS *pbbbbbbbbbbbbbbbbt*


Cat Army Sworn Enemy


Japanese Dating Sim posted:

I remember feeling proud when I got my Sec+.

I remember feeling proud when I got my A+.

I still carry my original card in my wallet as a memory of simpler and happier times.

BaseballPCHiker
Jan 16, 2006



OSU_Matthew posted:

I wasn't planning on doing the Sec+, but I'm starting to mess around with Kali Linux and metasploit for my company to do just some sort of basic passive vulnerability review of our network configuration and I wouldn't mind getting grounded with some fundamentals that I may not have picked up on otherwise.

Does anyone have any good study guide recommendations for Sec+? When I did my Net+ I just used the Mike Meyers passport series and that worked fine for me... should I stick with that for Security+ or is there something better out there?

I got the security+ by pretty much just watching the Prof Messer videos. A lot of it is just common sense stuff, and memorizing a few tables basically. The only thing I personally found useful was going over crytographic keys which gave me a better understanding of the subject. Otherwise maybe just pick up a cheap sybex book on it and dont worry to much.

Speaking of worry, I have to renew my CCNA soon and I haven't done much networking work day to day in a while. Hopefully I can pick it all up again relatively quickly, and I see frame relay is off the syllabus now.

Kazinsal
Dec 13, 2011






Ordered the CCNA Datacenter books today, hoping to crank those exams out in a couple months' time.

Anyone have any tips or anything to be wary of?

skooma512
Feb 8, 2012

You couldn't grok my race car, but you dug the roadside blur.


OSU_Matthew posted:

I wasn't planning on doing the Sec+, but I'm starting to mess around with Kali Linux and metasploit for my company to do just some sort of basic passive vulnerability review of our network configuration and I wouldn't mind getting grounded with some fundamentals that I may not have picked up on otherwise.

If you're already doing that, then you've already left Sec+ in the dust. There is no technical or implementation related material on this test.

YOLOsubmarine
Oct 19, 2004

When asked which Pokemon he evolved into, Kamara pauses.

"Motherfucking, what's that big dragon shit? That orange motherfucker. Charizard."



Kazinsal posted:

Ordered the CCNA Datacenter books today, hoping to crank those exams out in a couple months' time.

Anyone have any tips or anything to be wary of?

Sadly my best advice is don't take the CCNA data center exams. Most of the actually useful material is on the first test and already covered in the route/switch track. The second exam is highly Cisco product focused in a frustrating way. Questions about port counts or licensing or specific features that vary across the product line where you would normally just check a data sheet. And some stuff like the Cisco 1000v is all but dead, but still on the test. I sell and deploy UCS and I still think the CCNA DC was a waste of my time.

OSU_Matthew
Aug 23, 2010

IT ME




Toilet Rascal

skooma512 posted:

If you're already doing that, then you've already left Sec+ in the dust. There is no technical or implementation related material on this test.

Thanks! I kind of got the impression that it's basically the same as Net+ from a few practice tests I took and passed with 100%. Since my employer is offering to pay for it I'll probably just knock it out got the sake of having it and keeping the cert ball rolling.

Besides practical experience, is there any good basic certification or training for pentesting that you guys would recommend? I was looking at paid courses on stack social, but I'm leery of them being worthwhile.

rafikki
Mar 8, 2008

I see what you did there. (It's pretty easy, since ducks have a field of vision spanning 340 degrees.)

~SMcD

OSU_Matthew posted:

Besides practical experience, is there any good basic certification or training for pentesting that you guys would recommend? I was looking at paid courses on stack social, but I'm leery of them being worthwhile.

Not necessarily basic, but check out the OSCP.

Doug
Feb 27, 2006

This station is
non-operational.


OSU_Matthew posted:

Besides practical experience, is there any good basic certification or training for pentesting that you guys would recommend? I was looking at paid courses on stack social, but I'm leery of them being worthwhile.

Check out https://www.elearnsecurity.com/course/ . They have Pentest Student and Pentest Professional certifications which would be pretty decent stepping stones to OSCP they even have a similar lab environment but by all accounts not quite as difficult. Also worth looking at https://pentesterlab.com/ . It's more specifically for web app hacking, but it covers a lot of modern material and attacks.

MrBigglesworth
Mar 26, 2005

Lover of Fuzzy Meatloaf

Kazinsal posted:

Ordered the CCNA Datacenter books today, hoping to crank those exams out in a couple months' time.

Anyone have any tips or anything to be wary of?

Jesus christ you dumb bastard! No seriously, these tests are brutal. YOU WILL FAIL THE FIRST ONE.

The official guides will not do or show ANYTHING about what image management with the kickstart and boot options/sequences are.

I dug up my post history and found this link here from what I posted in the past, you MUST know the information in these pages OR YOU WILL FAIL.

https://forums.somethingawful.com/showthread.php?threadid=3521165&userid=76442&perpage=40&pagenumber=5#post457575426

Verisimilidude
Dec 20, 2006

Strike quick and hurry at him,
not caring to hit or miss.
So that you dishonor him before the judges





I'm not sure if this belongs here, but I have a question about Cybertraining 365. It's offering a certificate program for "ethical hacking" for about $45, and it's a field im looking to get into, but I can't find any information about CT365 other than stuff from their own website and a couple advertisements on other tech sites. They claim to have over 1600 reviews, but I can't seem to find them, and all of their individual programs have maybe 1 to 20 reviews rating them between 3 and 5 out of 5 stars. $45 isn't a lot, but I am looking for certificate programs that will be strong on a resume so I can find something entry-level. I'm also looking to not get scammed out of my money, as I don't have a lot to start out with. Any information regarding CT365 or other starting certificate programs for programming would be appreciated.

Yeast Confection
Oct 7, 2005

by Nyc_Tattoo


Kazinsal posted:

Ordered the CCNA Datacenter books today, hoping to crank those exams out in a couple months' time.

Anyone have any tips or anything to be wary of?

Unless your company is paying for you to do this exam, don't do it. Stick with the routing & switching track, but dear god don't punish yourself with this one.

Kazinsal
Dec 13, 2011






Oh boy am I ever glad work's paying for these

Thanks for the help guys.

YOLOsubmarine
Oct 19, 2004

When asked which Pokemon he evolved into, Kamara pauses.

"Motherfucking, what's that big dragon shit? That orange motherfucker. Charizard."



Kazinsal posted:

Oh boy am I ever glad work's paying for these

Thanks for the help guys.

I used the Lammle book for the first test and didn't have any problems, fwiw. It's mostly the same material as the route switch tests except with a Nexus focus.

Verisimilidude
Dec 20, 2006

Strike quick and hurry at him,
not caring to hit or miss.
So that you dishonor him before the judges





Outside of going to school for it (I'm about to finish my bachelors in physics already), what is a good avenue for getting involved in IT at an entry-level position? Are there certifications or classes that can be taken?

Judge Schnoopy
Nov 2, 2005

dont even TRY it, pal

Buy a book for the Network+ exam. You'll learn real quick if IT work is up your alley, and it will be good for landing interviews at entry-level positions.

e: to this point, I had a friend of a friend talk to me about getting into IT. He was really psyched about working with computers. I handed him my N+ book and told them to give it a look-through, and a month later followed up asking how it was going. He said he read the first few chapters over and over again because he just wasn't getting it or retaining any of the information. On the one hand I didn't want to scare him out of a career path, but on the other hand there are a lot more complicated things you'll have to learn than the first few chapters of N+. It's not for everyone.

Judge Schnoopy fucked around with this message at 18:21 on May 2, 2017

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Verisimilidude posted:

Outside of going to school for it (I'm about to finish my bachelors in physics already), what is a good avenue for getting involved in IT at an entry-level position? Are there certifications or classes that can be taken?

You could also find an MSP and work tier 1, most of the time they will hire a warm body to fill a seat, that's how I got my start. You could do this while studying for an easy cert like Net+ or A+

MF_James fucked around with this message at 18:19 on May 2, 2017

Verisimilidude
Dec 20, 2006

Strike quick and hurry at him,
not caring to hit or miss.
So that you dishonor him before the judges





Judge Schnoopy posted:

Buy a book for the Network+ exam. You'll learn real quick if IT work is up your alley, and it will be good for landing interviews at entry-level positions.

e: to this point, I had a friend of a friend talk to me about getting into IT. He was really psyched about working with computers. I handed him my N+ book and told them to give it a look-through, and a month later followed up asking how it was going. He said he read the first few chapters over and over again because he just wasn't getting it or retaining any of the information. On the one hand I didn't want to scare him out of a career path, but on the other hand there are a lot more complicated things you'll have to learn than the first few chapters of N+. It's not for everyone.

Are there any books you'd suggest for this? I already have some minor professional experience with networks and computer security, so I'd be interested in learning more.

Japanese Dating Sim
Nov 12, 2003

hehe

Lipstick Apathy

Either Mike Meyers or Todd Lammle's Network+ books are fine and should get you what you need. There's also these videos which are pretty good, too.

Jimbot
Jul 22, 2008



Holy balls, I hope the next revision of the Cisco curriculum doesn't use Flash. I hate Flash. Chrome hates Flash. No one likes Flash. Insisting that the exams use it for those matching questions is just a sure-fire way of people not doing them.

Less customer service questions too "What do you do in this situation? [Ever answer is something you'd do in that situation]"

Edit: Oh yeah, less Java too. Gotta have you launch Packet Tracer to figure out something to answer in the exam!

Jimbot fucked around with this message at 20:39 on May 3, 2017

Renegret
May 26, 2007

THANK YOU FOR CALLING HELP DOG, INC.

YOUR POSITION IN THE QUEUE IS *pbbbbbbbbbbbbbbbbt*


Cat Army Sworn Enemy


Turns out the Network+ is a lower cert than the Security+, so my S+ wasn't renewed when I passed my N+.

I probably should've put more than 30 seconds of research into this considering the entire reason I took N+ was because I didn't want everything to expire.

Oh well.

Now that I am no longer security certified my networks are now at risk for being war ballooned.

Potato Salad
Oct 23, 2014

Nobody Cares




I think balloon/dronekilling is more of an FAA or Fish & Wildlife activity, depending on what you're employing as a kill vehicle.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Potato Salad posted:

I think balloon/dronekilling is more of an FAA or Fish & Wildlife activity, depending on what you're employing as a kill vehicle.

My kill vehicle is a buffalo

Japanese Dating Sim
Nov 12, 2003

hehe

Lipstick Apathy

Renegret posted:

Turns out the Network+ is a lower cert than the Security+, so my S+ wasn't renewed when I passed my N+.

I probably should've put more than 30 seconds of research into this considering the entire reason I took N+ was because I didn't want everything to expire.

Oh well.

Now that I am no longer security certified my networks are now at risk for being war ballooned.

They'll run faster though, now that you're N+.

Solaron
Sep 6, 2007

Whatever the reason you're on Mars, I'm glad you're there, and I wish I was with you.


It's been 3 weeks to the day since my endorsements were submitted and I just got an e-mail from ISC2. I was excited, but it's just an automated update that my endorsement is still being processed and to plan on waiting the entire 6 weeks.

Diva Cupcake
Aug 15, 2005



Solaron posted:

It's been 3 weeks to the day since my endorsements were submitted and I just got an e-mail from ISC2. I was excited, but it's just an automated update that my endorsement is still being processed and to plan on waiting the entire 6 weeks.
You're in luck then. My endorsement was official literally the day after I got that same 3 week still processing request email. Soon.

FCKGW
May 21, 2006



Going to be going to WGU in July for BSIT - Security track (the CCNA one). I have an AS in Computer Science that should transfer.

I know a few guys posted in here about a year ago that it was a good track, any regrets from anyone? I'm working at a tech company in QA right now and have a lot of downtime at work where I could knock this stuff out quick.

Also, they introduced a new Cybersecurity and Information Assurance BS that tracks into their Masters program. Any thoughts on this program instead?
https://www.wgu.edu/online_it_degrees/cybersecurity_information_assurance_bachelor_degree

Certs Earned:
  • Certified Cloud Security Professional (CCSP) – Associate of (ISC)² designation
  • Systems Security Certified Practitioner (SSCP) – Associate of (ISC)² designation
  • Certified Encryption Specialist (EC-Council ECES)
  • Certified Incident Handler (EC-Council ECIH)
  • Certified Internet Webmaster – Site Development Associate (CIW-SDA)
  • Certified Internet Webmaster – Web Security Associate (CIW-WSA)
  • A+ (CompTIA)
  • Network+ (CompTIA)
  • Security+ (CompTIA)
  • Project+ (CompTIA)
  • ITIL® Foundation

Yeast Confection
Oct 7, 2005

by Nyc_Tattoo


Any Canadians ever go through WGU? I'll need a degree in the next 5-10 years but I'm not american. The certs you get are a plus.

Judge Schnoopy
Nov 2, 2005

dont even TRY it, pal

I'm 4 classes from finishing the security track and it was good. The easy bullshit classes will take a few days so you can cruise through credits.

I've tried convincing friends to give wgu a shot or at least look them up and none are even remotely interested, one choosing instead to give up two nights a week at a local community college on a 4 year track towards an associate's. I just don't understand the stigma.

HotCarl
Aug 20, 2002
FUCK YOU,
GOT MINE


So I've passed the SSCP ISC^2 test a month ago. I had a distant coworker who is a CISSP say that he'll endorse me but after sending him two emails with no endorsement, I'm wondering what the gently caress?!? What should one do? I don't think I know anyone else with a CISSP or SSCP, and I want this cert so I can move on from my current position.

Crosby B. Alfred
May 20, 2006


FCKGW posted:

Going to be going to WGU in July for BSIT - Security track (the CCNA one). I have an AS in Computer Science that should transfer.

I know a few guys posted in here about a year ago that it was a good track, any regrets from anyone? I'm working at a tech company in QA right now and have a lot of downtime at work where I could knock this stuff out quick.

Also, they introduced a new Cybersecurity and Information Assurance BS that tracks into their Masters program. Any thoughts on this program instead?
https://www.wgu.edu/online_it_degrees/cybersecurity_information_assurance_bachelor_degree

Certs Earned:
  • Certified Cloud Security Professional (CCSP) – Associate of (ISC)² designation
  • Systems Security Certified Practitioner (SSCP) – Associate of (ISC)² designation
  • Certified Encryption Specialist (EC-Council ECES)
  • Certified Incident Handler (EC-Council ECIH)
  • Certified Internet Webmaster – Site Development Associate (CIW-SDA)
  • Certified Internet Webmaster – Web Security Associate (CIW-WSA)
  • A+ (CompTIA)
  • Network+ (CompTIA)
  • Security+ (CompTIA)
  • Project+ (CompTIA)
  • ITIL® Foundation

That's good but certifications complement your education. What are the classes in the curriculum?

FCKGW
May 21, 2006



Tab8715 posted:

That's good but certifications complement your education. What are the classes in the curriculum?

They're at the link on the site. Program goes live in June I believe.

Program Guide PDF

Adbot
ADBOT LOVES YOU

quicksand
Nov 21, 2002

A woman is only a woman, but a good cigar is a smoke.

Yeast Confection posted:

Any Canadians ever go through WGU? I'll need a degree in the next 5-10 years but I'm not american. The certs you get are a plus.

I did, I went through the BS IT Security degree. Graduated about a year and a half ago.
There isn't really an issue other than any of the grants and financial aid programs don't really apply.

Feel free to shoot me a PM if you have any questions.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply