|
I wasn't planning on doing the Sec+, but I'm starting to mess around with Kali Linux and metasploit for my company to do just some sort of basic passive vulnerability review of our network configuration and I wouldn't mind getting grounded with some fundamentals that I may not have picked up on otherwise. Does anyone have any good study guide recommendations for Sec+? When I did my Net+ I just used the Mike Meyers passport series and that worked fine for me... should I stick with that for Security+ or is there something better out there? Also, has anyone tried any of the paid education courses on Stack Social? I thought they looked like they might be a good review and they're cheap enough at ~50$, but I'm deeply skeptical of anything that says it's 99% off the "normal price" of $1500 "for a limited time only" with similar posts from last year, plus I feel like a lot of this information has a short half life unless you're actively using it and I'm just looking for continuing education kinda stuff. Are any of these like the ethical hacking or the 2017 coding bundle worthwhile, or should I stick with free courses like from datacamp and stuff?
|
#
¿
Apr 26, 2017 20:18
|
|
|
|
| # ¿ Apr 25, 2024 18:21 |
|
|
skooma512 posted:If you're already doing that, then you've already left Sec+ in the dust. There is no technical or implementation related material on this test. Thanks! I kind of got the impression that it's basically the same as Net+ from a few practice tests I took and passed with 100%. Since my employer is offering to pay for it I'll probably just knock it out got the sake of having it and keeping the cert ball rolling. Besides practical experience, is there any good basic certification or training for pentesting that you guys would recommend? I was looking at paid courses on stack social, but I'm leery of them being worthwhile.
|
|
#
¿
Apr 28, 2017 13:01
|
|
|
So I just signed up for a discounted Comptia Cloud+ Beta exam that's scheduled less than two weeks out. I just bought the study guide on Amazon, but are there any other helpful links or resources you guys could point me to? Has anyone here taken the Cloud+ exam, and if so, how was it comparative to the Net+?
|
|
#
¿
Oct 12, 2017 15:24
|
|
|
Judge Schnoopy posted:You fell for the emails they're sending every other day? Haha, yeah, I did... I'm probably just wasting my time and money, right? And yeah, it's bullshit you don't find out until some unspecified time next loving year. But hey, I figure fifty bucks it's worth a shot to snag another cert, even if I've only got a week to actually study the materials (that may or may not actually be on the exam). 
|
|
#
¿
Oct 12, 2017 20:44
|
|
|
skooma512 posted:Yeah if you're going to get the CCNA anyway you might as well do ICND1 and forget N+. N+ covers the same ground and isn't as respected as an ICND1. I take it that CompTIA certs aren't very much respected generally speaking? Because i just finished studying studying for the discount Cloud+ guinea pig exam tomorrow, and I really don't feel like I leaned anything useful from the experience.
|
|
#
¿
Oct 24, 2017 03:44
|
|
|
I took the beta cloud+ exam earlier this week, and holy gently caress that was godawful. The official preparation book is utterly worthless and had absolutely nothing to do with the obtuse content on the exam, and every question was a dense or nonsensical troubleshooting prompt. The study material was light to the point of being utterly useless, and was of almost negative value on the exam. I didn't figure it'd be a worthwhile cert anyways, but I figured hey fifty bucks would get me off my rear end and studying for new certs again. But after that experience, I really wish I hadn't wasted my time with it. I learned nothing of value from the official cert study guide, and the test had nothing to do with the study materials and the questions were stupidly obtuse. Worst part is, I won't find out how I did for another few months 
|
|
#
¿
Oct 29, 2017 15:34
|
|
|
Diva Cupcake posted:In case you're interested in what looks to be another grab for CompTIA dollars, the new PenTest+ beta is now available. Although I suppose cheaper marginally less scammy alternatives to CEH should be welcomed. Huh, interesting... Just yesterday I found out that I passed the Cloud+ Beta cert I took back in October (  ), even though the test itself was completely inane and covered absolutely zero of the study material from the official Comptia study book. Fifty bucks is tempting, but I don't think I would do a beta test again, way too much stupid bullshit, I learned basically nothing, and I guarantee the cert is pretty worthless.
Catatron Prime fucked around with this message at 15:15 on Feb 11, 2018 |
|
#
¿
Feb 11, 2018 15:11
|
|
|
Lets Get Patchy posted:Passed the Sec+ 401 cert yesterday. I know it's a babby cert but I'm still pretty proud. I'll probably take a breather for a few weeks and start on MCSA Server 2012. We're going over the Network and Identity portions in my advanced admin class so may as well. Congrats! I'm about to sit for that one next Thursday after putting it off for way too long All the material seems pretty straight forward and mostly review for me, I'm just really nervous about curveball questions... There always seems to be poorly explained/worded simulation questions and stuff on these exams that don't seem to have much bearing on the study material. I just want to knock it out so I can move onto the CCNA and SCCP since now I feel like I have a known cert path.
|
|
#
¿
Apr 6, 2018 16:06
|
|
|
Just passed Security+ exam, though I thought the material was either really banal (like someone is looking through the windows, do you put lighting or a fence or cctv up?) or nonsensical in certain questions, and then a bunch of stuff I didn't see anywhere on the online course I took through the local library or the Meyer's passport for Security+ or Professor Messer vids (like about Poodle attacks, or odd ACL wording). The ACL stuff especially, as I've put together a bunch of ACL's to segment out our internal network here at work, and I struggled a bit with the way they worded and asked stuff. Other stuff was like pick the least worst of a bunch of bad answers, or pick the protocol that maybe tangentially relates into what they're asking. Other stuff was painfully obvious... just a weird mix. Anyways... onto the CCNA and SCCP!  Can anyone recommend any study resources for the CCNA?
|
|
#
¿
Apr 12, 2018 18:17
|
|
|
AnonymousNarcotics posted:I got to chat with Mike Meyers today and was kind of star struck! Is that weird? That's actually really cool! You should've brought one of his study books to sign, lol Judge Schnoopy posted:Congrats on S+! Once you get over the hump of the type of answers they're looking for, it's fairly easy. Thanks! I'll pick that up, and probably also Todd Lammle's book as well!
|
|
#
¿
Apr 13, 2018 23:11
|
|
|
flatpack flapjack posted:This is helpful information. I plan on taking a spin thru Messer's material, and I'll definitely spend some time brushing up on my networking. Suddenly starting to wish I hadn't sold my Network Security textbook back to the bookstore It's hard in the sense that it's pick the least worst of a bunch of bad answers. It's worthwhile to study for so you know which if the banal answers is it. It's easy, but the questions run the gamut of "someone is peeking in the windows, do you put up fencing, lighting, CCTV, or barricades" to here's this stupidly worded ACL, figure something out. I've been a network admin for three years now, and I thought there's a fifty fifty chance of passing it with zero studying, but it's worthwhile to listen to professor Messer, take some practice tests, and read through the Mike Meyers sec+ passport. One of the practice test sites was much better than the others, I forget which, but probably half the test is either rote knowledge of abbreviations and basic familiarity, and the other half is trying to figure out what they're asking. It's probably easier than the Net+. Also keep in mind they're switching test versions in a few months. Also, don't forget to buy the academic discount voucher. If you've got a student email, it's a hundred bucks off the regular price. Also, I got an email from CompTIA saying I now have " stackable certs", which, looking at their choice of abbreviations, is just  "CSCP" and "CCAP" which sound an awful lot like CCNP and other more respected Cisco certs, lol E: I spent about two weeks studying for it, just fyi. I just read a chapter or more a day in the book, too some practice tests, and listened to the videos when I had downtime or was doing something else. I was going to study longer, but I had a backpacking trip this week and didn't want it hanging over my head. I'm not sure spending longer studying would have helped anyways, to be honest. Catatron Prime fucked around with this message at 21:20 on Apr 21, 2018 |
|
#
¿
Apr 21, 2018 21:18
|
|
|
sniper4625 posted:Does anyone have recommendations for Net+ study material? The Mike Meyers books worked well for me
|
|
#
¿
Apr 25, 2018 02:57
|
|
|
rafikki posted:Yeah, I'm currently a security engineer. I mostly work on firewalls with forays into setting up things like SIEMs, IDS/IPS, etc. It's free, so I can't really think of a reason not to, mostly curious about other people's experience with it. Especially this scholarship program. I just looked into it and it looks like the scholarship program is closed now... Are you just looking at taking the test? Would the cyber ops cert be a good pathway to the CISSP?
|
|
#
¿
May 24, 2018 05:29
|
|
|
rafikki posted:I was accepted into the scholarship program nearly two years ago. They told me after I was accepted that I was randomly assigned to a cohort for summer 2018, so I promptly forgot about it until they sent me a reminder this week. I doubt there's a ton of overlap with the cissp, since that one is focused more on high level policy making type material. There will likely be some common material but I wouldn't necessarily look at it as a jumping point. Ok, thanks! I'm trying to work towards getting in at a SOC, so I've been talking to a recruiter and several companies that are planning on opening positions in the next several months. I'm just trying to figure out how to best position myself to be the best candidate when they do open up that entry level analyst position. From what I've been told, a CISSP isn't necessary to start, it's something they want you to get after coming on. It sounds like the cyber ops cert might be worthwhile to pursue in advance though?
|
|
#
¿
May 24, 2018 15:43
|
|
|
rafikki posted:A CISSP requires a minimum of 5 years experience in infosec, so it's definitely not something you should be looking at right away. I haven't actually done this new cert yet, so I can't say for sure, but from what the other guy said previously in the thread it sounds like this has a lot of good material for someone looking to work in a SOC. Right, but you can take the test and get the cert provisionally, and then they'll give you six years to actually obtain the full endorsement front an ISC2 member, or at least that's my understanding. I was originally just going to go for the SCCP since that's only 1 year experience, which i can probably get signed off on, but after going to the Infosec conference it seems like I might as well just go straight for the CISSP (unless there's a better pathway)
|
|
#
¿
May 24, 2018 17:45
|
|
|
I need to get real familiar with AWS, real fast. I've been doing their online training courses (the South Park style ones) and I was wondering if I should just go ahead and pick up some AWS certs. Are the videos adequate material, or can anyone recommend supplemental stuff?
|
|
#
¿
Nov 22, 2018 12:27
|
|
|
Jeoh posted:familiar with what parts? All of it, but especially on the security side so I can dig around with splunk and better understand the python behind the scenes to pivot more effectively. I picked up a zero to hero Udemy course on python so I can sharpen that up (though any other recommendations are definitely welcome). Hell, while I'm asking for advice, Splunk is something else I need to sharpen up as well. I'm redoing the fundamentals course and looking to build on that. Tl;dr started a new job while they're in the middle of an infrastructure haulover, so new tools all around. During a training scenario I just felt like I had my pants yanked down in front of the class, so it's sink or swim for me right now 
|
|
#
¿
Nov 22, 2018 14:02
|
|
|
Thanks Ants posted:Learning “all of it” is going to overwhelm you. Spell out the likely scenarios and people can point you in the direction of what areas to focus on - and post in the thread in the Cavern of COBOL as well. I'm still very new at this job, hell I only just got my laptop about a week and a half ago so I'm not too sure on infrastructure other than that there's a general push to move away from dedicated data centers onto AWS. Several teams have been getting together and doing worst case scenarios where all we know is "something bad happened" and have to dig through splunk notable events and cloud trail to figure out what the hell happened, and there are glaring holes in my preparation for understanding the intricacies of IAM and EC2 Lambda responders being manipulated into deleting buckets for cloud trail monitoring and logging. Bit of a derail, but since I kinda need to learn everything about AWS and I've been investing a lot of time in their training courses, I was just wondering if it wouldn't be much of a stretch to pick up some foundational level AWS certs, and if any goons had done that and might have any advice on study materials or cert pathways.
|
|
#
¿
Nov 26, 2018 04:00
|
|
|
I’m currently schlepping through automate the boring stuff with python and I was wondering what the best way to quantify scripting resume wise would be? Googling around I’m seeing stuff about certified associate in Python Programming, and lacking specific work projects to point to, would that cert or a different one be of any use?
|
|
#
¿
Feb 5, 2019 11:06
|
|
|
Bonzo posted:the trick for me is to book the test 3 to 6 months out because it makes me get off my rear end and study That’s usually my strategy too. Book the exam and the pressure is on, otherwise it’s hard to focus. That being said,I would be curious if you wouldn’t mind posting the WGU study outline, FCKGW. Just interested in seeing what the recommended absorption rate is, since I usually try to target a chapter or 60 pages a day to learn and understand.
|
|
#
¿
Feb 14, 2019 02:46
|
|
|
Question for the smart peoples in this thread. I'm currently a contractor working in information security. By the end of my contract I want to have some more useful letters after my name, so I thought I'd cert whore it up this year. However, I'm paying for everything out of pocket at the moment, because I stupidly shacked up with a lovely contracting house. Presuming I get hired on next year, I'll have the budget for SANS courses and Splunk professional tier certs, but for now I'm trying to stay under 300$ish a cert. So far I've just got the entry level junk like Sec+, Cloud+, Net+, AWS fundamentals. My company is pushing AWS migration pretty hard, so I thought I'd try to knock out some associate level certs and hopefully the security specialization after that. In the meantime I was looking at the Splunk Core User (since I've already done the free fundamentals course and it's the same thing), CCNA plus CCNA cyber ops (because I've been putting professional level certs off for too long and just need to knock it out). E: looks like the Microsoft security fundamentals is even dumber than security plus, so I’m thinking it’s probably not of much value, so never mind on that. Catatron Prime fucked around with this message at 08:19 on Mar 29, 2019 |
|
#
¿
Mar 29, 2019 06:40
|
|
|
Scrapez posted:Not sure what your question is but on the AWS front, all the certs are $300 or below. Awesome, thanks! I'll knock out the associate level ones as well as the specialty AWS Security cert. I think I conflated the price for the class on the AWS security cert with the test, which is why I figured I'd put it off since it's several thousand dollars. My apologies, rereading my post I wasn't very clear as I edited out the main part of my question. I'm trying to solicit advice on useful or valuable security related certifications, preferably under 300$. I figure I'll wait on more expensive stuff till I get hired somewhere an employer would cover that cost. Someone mentioned the microsoft security essentials cert to me, but after looking at the study material, I don't see it as being any useful or new information that wasn't already covered by Sec+. I'm already planning on taking the CCNA and CCNA cyber ops, so I'm just looking for other stuff that's not SANS or Splunk level pricing that would be useful and security related if anyone has any recommendations. I guess SSCP would probably be the next best thing? Basically I'm looking at my pathway for the rest of the year and want to schedule out specific targets for each quarter, which is why I'm trying to plot stuff out now. I'm also doing stuff for my own technical learning benefit, like hackthebox and CTFs, but I just wanted to try and round out my resume so I'll be in good shape for when my contract ends.
|
|
#
¿
Mar 30, 2019 13:47
|
|
|
siggy2021 posted:I'm working through CompTIA Cloud Essentials as part of WGU, and it is the worst. It's just an entire course of cloud buzzwords thrown at you and I want to die right now. You’re not wrong, I took the beta test, the official study guide had zero bearing on the material quizzed, and I passed it with effectively zero studying. PaaS vs IaaS is literally the most difficult concept tested. Also, CompTIA Cloud+ was of zero help when it came to using AWS professionally. Cloud Guru + AWS Cloud Practicioner is a much more useful launch point, because you physically get into the console and go through stuff like spinning up your very own LAMP server and static site hosting on S3 and you realize just how powerful and neat the cloud really is (until you accidentally spin up a 500$ a month database server instead of a 5$ a month instance). Then you quickly realize just how lovely the cloud also is! Which is why I think cloud is such a failure at so many companies... very few people have the experience and skill to architect well with it, and those that do have to be skilled at all the services and concepts instead of being very good at a particular traditional IT role. This doesn’t even take into account that the price savings of a “lift and shift” are quite frankly minimal, until you redesign your applications from scratch to employ serverless architecture techniques, which requires even more expensive and scarce expertise. I work at a fortune 100 and the migration to the cloud is a loving nightmare and year(s) behind schedule. Said company has already sold off their datacenters and are now renting space there till the migration is complete. This is just my perspective, and maybe I’m wrong, but that has been my experience. Also, securing the cloud is a loving nightmare because there are a million completely unforeseen ways to break things, disable logging, switch code pipelines, disable lambda responders, lock out human responders, and exfil data...
|
|
#
¿
Apr 6, 2019 06:56
|
|
|
|
| # ¿ Apr 25, 2024 18:21 |
|
|
Just passed my SSCP certification! Now I just need to get an endorsement from another guy I work with who’s already an ISC2 member, and I’m good to go! loving awful exam though, mostly pick the best of a bunch of bad or indistinguishable options, and didn’t really reflect the study guide I bought. Oh, if anyone is looking at security certs and their organization uses Qualys for vulnerability management, Qualys offers  FREE training courses and certs! Qualys is stupid simple and if you’ve already used it and know it pretty well, you can test out in 20 minutes and get 8 CEUs. It’s even more hilarious because other people in my organization ostensibly spent two months working on this 20 minute cert. Of course, this is the same place that’s spending 2,500$ a pop for Sec+ training courses for their ID Admin team. All you need for that exam is a 20$ Mike Meyer passport study guide lol.Next up is to knock out the Splunk 1 cert since it’s super cheap. Probably Kali and Metasploit too since they’re free/cheap, even if they are of questionable value. Too much to learn and not enough time to do it all... Catatron Prime fucked around with this message at 18:18 on May 17, 2019 |
|
#
¿
May 17, 2019 18:16
|
|