Best security certification books according to redditors
We found 414 Reddit comments discussing the best security certification books. We ranked the 110 resulting products by number of redditors who mentioned them. Here are the top 20.
We found 414 Reddit comments discussing the best security certification books. We ranked the 110 resulting products by number of redditors who mentioned them. Here are the top 20.
This is from "Mike Meyers' CompTIA Security+ Certification Guide, Second Edition (Exam SY0-501), 2nd Edition"
(Amazon link: https://www.amazon.com/Meyers-CompTIA-Security-Certification-SY0-501/dp/126002637X)
It's on page 459.
I'm the manager of application security and research at a mid-level software vendor with over 400 developers and testers and I want to recommend you ignore all of the more generic advice currently in this thread. As someone with coding experience and interest, you have a unique path to infosec that so many companies want, but find it extremely difficult to hire for.
Any company that ships software has to consider the security of their application - full stop. Most rely on scanners or annual third-party vulnerability assessments for this, but obviously that falls short. They need people who can build security in from an architectural standpoint. Someone who can actually implement the fixes suggested by the above methods, and ideally, someone who can help implement security as an integral part of the SDLC instead of as a bolt-on premise.
My recommendation is to make your way through 24 Deadly Sins of Software Security and The Web Application Hacker's Handbook. If you can understand the bulk of concepts in these two books, you'll be leagues ahead of almost any developer you find yourself up against in a hiring scenario. For the coup de gras, learn about threat modeling. It's a great way to teach other developers and testers security and to build security into any system during design instead of post-release. Check out this book which is actually probably a little too comprehensive, use this card game from Microsoft (it seems silly, but I promise you it works), and watch this talk one of the guys on my team gave at BSides Cincinnati.
If you have any questions, PM me.
Professor Messer's content is not enough IMO, it very lightly touches upon a large number of subjects, and completely ignores others. I purchased Darril Gibson's Security + Get Certified Get Ahead: SY0-501 Study Guide and used it alongside Professor Messer's videos.
The study guide provides a great pool of test questions (per chapter) and the summaries are extremely helpful.
Hey OP, I love the enthusiasm, it's what people in this career need! I'd like to provide some advice before the class begins.
I'm in cyber security, participate in pentesting for clients, and visit local security meetups between Miami, Tampa, and Orlando.
Take my advice with a grain of salt as I'm just a person on the internet:
I have the CEH, took it v9. It did nothing for my career. The CEH is basically a memorization exam that doesn't teach practical skills. Some topics include, what tool would you use for this? Or for that?
The CEH's only merit is it complies with the DoD's requirements 8570.01-M requirements. That being said, paying for the bootcamp and the exam will cost a lot of money for little gain. Reason? Many companies hiring for pentesters/red teams overlook the CEH.
CompTIA's Security+ is $339 (you can get it cheaper with a student email/voucher) and once completed, you fulfill the same DoD requirements and you're able to jump into the Cyber Security field. There are free resources on YouTube and a great book on Amazon costs $30.
>But what if I want to get into PenTesting and Exploit Hunting?
Take the OSCP. That certification hold a lot more value as it's a 24 hour exam based on your performance hacking boxes.
The EJPT is also one that hold more weight than the CEH.
And if you can afford it or, preferably, your employer will pay for it, a SANS is highly regarded.
Swing by r/SecurityCareerAdvice - It's a great community willing to help you get that career you want.
Here is messer's sec+ video list. Here is ExamCompass, it's a link to the first test, notice below are 23 more free tests and 9 drill down topic tests. Here is, Darril Gibson's certification book, the best book on the subject.
I scored a 795 just last week on Sec+. I recommend Darril Gibson's book totally and completely. It currently costs 23 bucks on amazon prime but comes with a 10% discount for your test voucher so it literally pays for itself.
ExamCompass is great to figure out what sections you are week on, the topic tests will give you the best idea of where you need help or you can refer to your post-test printout.
Messer's videos are great to watch at 1.25 - 1.5 speed to better understand areas of weakness.
I used Mike's practice tests on udemy but didn't use any of his videos or his book for Sec+. He tends to spend too much time outside the test materials for me. I totally get why he does that and it's great to understand how these technologies came about and some of the depth as to why they are and do what they do but.... fuck man I'm just trying to get a cert, ya' know? I'm currently using his book for Net+ and I can't for the life of me get through it.
When I started my Sec+ studying, I was recommended a book called,
"Security+ get Certified Get Ahead" by Darril Gibson
It's regarded as one of the best books and it has that littke CompTIA certified material thing or whatever. Great book that's straight to the point with a lot of examples and practice questions.
Just get the Darril Gibson book.
https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059
Check out this stickied post
Its a lot of good stuff posted there. If you're looking for just the basics and general information, not so much the what is happening now, check these things out:
For all 3 exams, I followed the same order of study materials. I would first read a book that covered the whole exam. Next, I would watch a video series about the exam(I would read a book and watch videos at the same time). I then would go through the exam objectives and look up anything else I didn't learn from the books or the video series. Lastly, I would some practice exams to practice test questions (look up any terms you don't know in any questions).
|Exam|Step 1: Read a Book|Step 2: Watch a video series|Step 3: Go over exam objectives|Step 4: Practice tests|
:--|:--|:--|:--|:--|
|Network+|https://www.amazon.com/gp/product/1260122387/ref=ppx_yo_dt_b_asin_title_o02_s00?ie=UTF8&psc=1|https://www.professormesser.com/network-plus/n10-007/n10-007-training-course/|https://certnet.de/wp-content/uploads/2017/08/Network-N10-007-Exam-Objectives.pdf|Didn't actually use any practice tests for net+ but would recommend|
|Security+|https://www.amazon.com/gp/product/1260019322/ref=ppx_yo_dt_b_asin_title_o02_s00?ie=UTF8&psc=1|https://www.udemy.com/comptia-security-certification-sy0-501-the-total-course/|https://www.comptia.jp/pdf/Security%2B%20SY0-501%20Exam%20Objectives.pdf|https://www.udemy.com/comptia-security-practice-exams/|
|CySA+|https://www.amazon.com/gp/product/126001181X/ref=ppx_yo_dt_b_asin_title_o00_s01?ie=UTF8&psc=1|https://www.udemy.com/comptiacsaplus/|https://www.comptia.jp/pdf/comptia-cybersecurity-analyst-(cs0-001).pdf|https://www.udemy.com/comptiacsa/|
https://www.amazon.com/Deadly-Sins-Software-Security-Programming/dp/0071626751
https://www.amazon.com/Writing-Secure-Code-Strategies-Applications/dp/0735617228
>I know I likely won't do well in the event, however, I want to challenge and provide myself a goal
Why not? You'll just have to study like hell.
PM if needed
Current Mid-Level SysAdmin here, maybe pass by the A+ unless you absolutely know nothing of the field. The Network+ and/or Security+ will open more doors. The Security+ is required in a lot of government contract positions. On the security side you can branch out into certifications like the CISSP and the CASP. On the networking side you can look into specific vendor certs (Arista, Juniper, Cisco...) Just my 2 cents.
Edit: If you're going to pursue the Sec+, I'd recommend this book. It's all I used to study for the exam. I passed the 1st time. It's a steal at $10 on Kindle: https://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-401/dp/1939136024/ref=asap_bc?ie=UTF8
Darill Gibson's books are usually always cream of the crop for a primary Sec+ resource - https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059
Supplemental videos are also a good thing to have for both review + the fact that when you learn similar material through a different presentation -- you'll usually find that you understand it better. https://www.professormesser.com/security-plus/sy0-501/sy0-501-training-course/
Definitely recommend also signing up for his monthly study group. https://www.professormesser.com/security-plus-study-group-registration/
From there, go absolutely nuts on the practice tests. Here's one resource I found. - https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests
Something I did when I was studying for the Sec+ a while ago, was print out the objectives and check off the concepts I felt that I could explain to someone -- who is completely unfamiliar with the topic.
As an aside, it also helps to have good note taking practices. I personally use Joplin (First iteration of note taking) + Anki (For transferring my more detailed notes to flash cards), while following this advice: https://www.youtube.com/watch?v=nqYmmZKY4sA
Alternative note taking software includes: Evernote, CherryTree, OneNote, etc. It's more of a matter of preference, but regardless I'd still recommend Anki no matter what.
Hope this helped you out.
I'd highly recommend that all programmers read the book 24 Sins of Software Security. It goes over all of this stuff, but in more detail and with examples.
First things first. Learn to google. it will be invaluable to your security career.
Secondly, try these links:
And there are plenty more out there.
IT security is about learning what the industry is doing. Staying fluid is key. keeping upto date it the most important part of it.
https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119042712
One more point, we are now involved in the Sybex series of study guides (SSCP and CISSP right now). These are more akin to our standards.
CISSP Study Guide
SSCP Study Guide
https://www.amazon.com/CompTIA-CySA-Study-Guide-CS0-001/dp/1119348978/ref=sr_1_1?ie=UTF8&qid=1519675757&sr=8-1&keywords=CSA%2B
https://www.amazon.com/CompTIA-Cybersecurity-Analyst-Guide-Certification/dp/0789756951/ref=sr_1_2?ie=UTF8&qid=1519675757&sr=8-2&keywords=CSA%2B
I passed CySA+ using This book and This video course.
Security+ has a bit of overlap, especially if you took the 501. Focus well on the information about regulations, chain of custody, and forensic processes.
> I have my A+ cert
>
>they recommended a segmented network. and I had to google what that even was.
>
>I am the "IT Guy" The previous "IT Guy" got me this job
You need to start reading cbks right now in all your free time. Even if you don't take the cert exams for the cbks below, it is knowledge you need to know asap.
​
I suggest these (in order):
​
https://www.amazon.com/CompTIA-Network-Certification-Seventh-N10-007/dp/1260122387/ref=sr_1_3
https://www.amazon.com/CompTIA-Server-Certification-Guide-SK0-004/dp/125983803X/ref=sr_1_1
https://www.amazon.com/Windows-Server-Complete-Study-Guide/dp/111885991X/ref=sr_1_4
https://www.amazon.com/Windows-PowerShell-Cookbook-Scripting-Microsofts/dp/1449320686/ref=pd_sbs_14_5/143-0552349-3403540
https://www.amazon.com/Windows-Server-Complete-Study-Guide/dp/1119359147/ref=sr_1_3
https://www.amazon.com/CompTIA-Security-Guide-Fifth-SY0-501/dp/1260019322/ref=sr_1_4
There's only one book you need to read. I read this book, used no other resources and passed with a 93% in 30 days:
https://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-401/dp/1939136024
Edit - corrected link! thanks /u/rNyhm
Start with printing the Security+ objectives so you know exactly what you nee to study for. You've taken the A+, so the construct should be familiar to you.
Darril Gibson's Get Certified Get Ahead is the gold standard book for this exam. Read this cover to cover! In addition to the book, many people like the extra material on his GCGA website.
Keep in mind that it's suggested to have some networking knowledge when taking this exam, but not required. Many people will take the Network+ or CCNA before taking the Security+.
Check out Professor Messer on YouTube, he has some great study guides and also videos on the CompTIA SYO-501 Security+ exam. Professor Messer also has course notes of his videos that you can purchase, a digital .pdf version for $20, or you can purchase a high quality book of the notes for $40, and that also includes the .pdf.
Darril Gibson has probably THE study guide book on SYO-501, Get Certified, Get ahead, that costs around $35. There's also a Darril Gibson app for $8, on iPhone which includes flash cards and practice questions and practice tests. I'm not sure if it's on Android.
You can check out Mike Meyer on UDEMY. He has some great videos, though a lot of the stuff is what is required for the 501 exam, but he'll also go a little more in depth so you have a better chance at understanding the subject matter. His course is on sale now for $9.99.
Are you referring to this book?
https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/
This is the Gibson book he is talking about, very good and popular for the sec+ exam
It's a good book, it's also setup around the 10 domains, pre 2015 test. You should also get something newer Cybex book
http://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119042712
Also, check out the free training course at cybrary.it, it's very good.
The CISSP is the gold standard for cyber security certifications. To qualify for the full cert, you need 5 years of experience in at least two distinct areas of the field. Otherwise, passing the test grants you "associate" certification.
The guys that I work with (who have 10 years in the field) took a two week bootcamp and then studied nonstop for a month before they took the test- they took a week off of work at the end to do nothing but study. They said it's the most challenging certification they have had to take. in the field.
It is NOT something that you can take a 5 day bootcamp and breeze through with no experience at all. The study guide is more than 1000 pages long.
There are a wealth of places you can get started. But if you're starting out with the goal of passing the CISSP right away with no prior experience, you're going to be drinking out of a firehose of information. Be ready for that.
congrats and good luck on security plus. I recently passed security + and I think the best study guide I used was the Darril Gibson book (http://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-401/dp/1939136024) wish I would have thought of your flashcards before I think it would have helped quite a bit -- thanks for that.
I don't think my test had any ip config whatsoever. Maybe one question about hosts on a network, but that's about it.
You can't study one specific topic for Sec+. Although it's one of the "easier" certs, it's still pretty rough. But then again, I only studied for about a month before I took it, and I only got an 800.
For studying material I would highly recommend Gibson's book.
That's the only book I used.
Edit: I also used a lot of online quizzes. I'm pretty sure Gibson has quizzes on his website that you have to pay for. The biggest mistake people make with online quizzes is memorizing the answers. You have to actually know and understand the shit that you're being tested on.
Start here: Create a homelab. This will help with testing out multiple paths.
System Admin: Create a domain controller and VMs using Docker or virtualbox and start looking at Active Directory and Powershell.(Windows Server 2016 Trial)
Azure Cloud: Here you can test out learning Azure Cloud(for free). You can use your Homelab to test free alternatives like Proxmox or KVM(Linux Bare Metal Hypervisor)
Security+: Secure your cloud or local homelab. Also, look into getting a Security+. Even if you don't go into security, I believe a SEC+ is required for government IT jobs(This is what I've been told).
​
Most of those are free to try and only cost your time. Start there and see what calls out to you.
If you're going to take the Security+ I was told this book was the holy grail of Security +, and it was: https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059
I passed my Security+ today and that book was a large reason why! I purchased the Kindle version for 10 dollars and just read it wherever I could. Professor's videos were extremely helpful too. I also used the examcompass.com Security+ exams! Hope this helps and good luck!
Lynda (also called LinkedIn Learning) has relevant courses, and many public libraries' websites have a link to access Lynda (included with your use of a library card)
-------------------
To memorize port numbers, see these rhyming lines by bestdonut and/or my non-rhyming mnemonics. Each CompTIA exam has a different set of port numbers to know; see the exam objectives for which port numbers are needed for your particular exam.
----------------------
Those studying for Network+ might find helpful my post to teach the basics of subnetting or my method to memorize 568B/568A wiring.
-------------------
For Security+ (SY0-501), many redditors liked the Darril Gibson "Get Certified Get Ahead" book
I also suggest using flashcards on Quizlet; search there for flashcard decks for "SY0-501" and/or "Darril Gibson".
-------------------
From my previous exam experiences: It's wise to skip the simulation questions near the beginning, go through all the multiple-choice questions at a good speed (marking those you're unsure about), and then go back to do the simulation questions, and then (as time allows) review any questions that you had marked.
This avoids you using up too much time doing the simulation questions, which would not leave enough time for doing the multiple-choice questions. Also, the multiple-choice questions and their answers might remind you of some things which will help you solve the simulation questions.
---------------
At the PearsonVue testing center where I've taken some CompTIA exams, I was given a dry-erase board (about 8 inches x 10 inches) and a marker and an eraser. It occurred to me once that if I wanted to quickly write some key things on it at the start, I could do so after the testing coordinator left the room and while I was going through an initial screen where I was shown the CompTIA confidentiality agreement, and should read it, and must agree to it. That is a period of time before the exam clock starts. However, different testing centers might have different rules which you might need to agree to before entering the room - writing on that board before your exam clock starts might be prohibited.
If you haven't read this already then please do - 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them.
The book covers a wide range of coding errors such as SQL Injection, Web Servers & Clients, URL's, Cookies, Buffer overruns, etc. I'm currently pairing this with the WAHH2 and it is an amazing resource at understanding the underlying code that causes such vulnerabilities.
At the same time OWASP provides great resources for developers. And the Google Gruyere app allows you to actually exploit some HTML and HTTP Vulnerabilities and go through the code, with steps on how to mitigate it.
Hope that helps. Cheers!
Secure Link Established.... Accessing Library... SCP initated....
Darril Gibsons Security +
Mike Meyers' Security +
GTS Learning Security +
....Deconstrucing Tunnel...Link Terminated.
VPN constructed... UDP Session Initialized...Buffering...
Professer Messer Security+ Free
Mike Chapple Security+ Free
..Session Terminated...Warning:VPN Deconstructed
*Hydra initialized...SSH Cracked.. SCP exams.docx /all
[Professor Messer's Pop Quizes Free](http://www.professormesser.com/popquiz/)
[Crucial Exams Free](https://crucialexams.com/exams/comptia/security+/)
[ExamCompass Free](http://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests)
[GoCertify Free](http://www.gocertify.com/table/comptia/security-quizzes/)
[Darril Gibson's Exam/Study App Paid](http://learnzapp.com/partners/darrilgibson/)
Warning IPS Activated.......Sub7 payload deployed....Ending Session
Simulations Initialized......
[Darril Gibson's Sims Paid](http://blogs.getcertifiedgetahead.com/security-blog-links/#Performance)
[Testout Paid](http://www.testout.com/home/it-certification-training/labsim-certification-training/security-pro)
[GTS Learning Paid](https://www.gtslearning.com/comptia-securityplus-ebook-plus-labs-pm/#1468334556896-4996a61c-f05d)
Lab Broken.... Rebuilding....
Native applications loaded...
SoundAGiraffeMakes Pass Post
Tennyson24 Pass Post
Deathrus Pass Post
Thank you for The Community Post..*
I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.*
Your plan looks solid. Here is Security +. Working on N+!
Secure Link Established.... Accessing Library... SCP initated....
Darril Gibsons Security +
Mike Meyers' Security +
GTS Learning Security +
....Deconstrucing Tunnel...Link Terminated.
VPN constructed... UDP Session Initialized...Buffering...
Professer Messer Security+ *Free
Mike Chapple Security+ Free
..Session Terminated...Warning:VPN Deconstructed
*Hydra initialized...SSH Cracked.. SCP exams.docx /all
[Professor Messer's Pop Quizes Free](http://www.professormesser.com/popquiz/)
[Crucial Exams Free](https://crucialexams.com/exams/comptia/security+/)
[ExamCompass Free](http://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests)
[GoCertify Free](http://www.gocertify.com/table/comptia/security-quizzes/)
[Darril Gibson's Exam/Study App Paid](http://learnzapp.com/partners/darrilgibson/)
Warning IPS Activated.......Sub7 payload deployed....Ending Session
Simulations Initialized......
[Darril Gibson's Sims Paid](http://blogs.getcertifiedgetahead.com/security-blog-links/#Performance)
[Testout Paid](http://www.testout.com/home/it-certification-training/labsim-certification-training/security-pro)
[GTS Learning Paid](https://www.gtslearning.com/comptia-securityplus-ebook-plus-labs-pm/#1468334556896-4996a61c-f05d)
Lab Broken.... Rebuilding....
Native applications loaded...
SoundAGiraffeMakes Pass Post
Tennyson24 Pass Post
Deathrus Pass Post
Thank you for The Community Post..**
glad to hear it.
btw, here:
clicky A+
clicky Net+
clicky Sec+ <--careful, this test is being updated soon, the next version should be coming out in late 2017, with exam guides dropping early 2018. This specific book will be outdated, though still a fantastic resource. Might want to hold off if you're serious about taking the Sec+ exam until the next version, this one comes out.
grab a hardcover copy and start learning!
Shon Harris's new book, updated by Fernando Maymi is an excellent study and certification prep. We use this book when delivering training to our DoD clients.
https://www.amazon.com/CISSP-All-One-Guide-Seventh/dp/0071849270/ref=sr_1_1?ie=UTF8&amp;qid=1484067461&amp;sr=8-1&amp;keywords=cissp+shon+harris
I would highly suggest getting an exam prep book such as this or this
Pay attention to concepts, not just memorization but ask yourself in what situations would these concepts apply. For example...when they discuss Business Continuity, understand why one plan would be better used in certain situations than another.
Pay attention to ports and protocols, incident response techniques, attack types. Don't get caught up in the nitty gritty, but have a baseline understanding of the differences between certain items in the same category (phishing techniques, malicious codes, different attack/defense types) and why someone might use one item vs another.
Some of it will be straight memorization, but a lot more of it will be concepts. Concepts Concepts Concepts!
Good luck, I felt completely underpreped when I took my test, a lot of my test prep kicked my ass. Even as I was taking the test there were times when I sat back, stared at my screen and wondered what the hell I was doing with my life. Ended up with a score in the high 800's...so this test is beatable...just make sure you put in the book time beforehand.
Edit: Also, look around here and on some other forums, the info on how to do well is out there, just go find it!
Let me start by telling you that InfoSec jobs are in-demand now more than ever and that's not likely to change as more and more of the world are starting to use computers, computers continue advancing, etc. So, barring any sort of impending dark ages and assuming you're putting enough effort into your education and continuing education, you should be able to work your way up without too much trouble. Focus on getting your foot in the door and be professional.
&nbsp;
Now then, I'm currently an Information Security Analyst in the US, so this information may be completely irrelevant to you out there in NZ. I initially only graduated with an Associate's (2-year) in Information Security & Computer Forensics. I managed to get my job before I had even graduated as I worked hard in school (a stressful amount, really) and knew how to conduct myself in a professional manner. They actually paid for my certifications, and a lot of companies out there will as well. Here's the tiered structure we followed - all InfoSec related certifications:
&nbsp;
Within the first 6 months, we are sent to training to obtain our CompTIA Security+ certification. This is roughly a 1-hour, multiple choice test and you need at least an 80% to pass. I would recommend any of these three books to study from:
This is the book that my company had provided me to study from
This is the book my friend had given me. Both her and I studied from this and passed successfully
This is the book we are currently learning from in my Bachelor's program
Take your pick, they'll all achieve the same essentials, mostly. I am awful at studying and mainly just crammed the few topics I wasn't sure about in the night/morning before my test and passed with an 86%.
&nbsp;
Next, we're sent to get our GSEC, which is the GIAC Security Essentials Certification. The Security+ focuses on several main topics and gets in-depth with the information, whereas GSEC covers a wide span of topics but doesn't get very in-depth. This test takes about 5 hours to complete also, compared to the 45 minutes that it took to take the Security+. It's important to note that the GSEC, while 5 hours long, is open-book. My company sent me to a training class that provided 6 different books to cover any topic on the GSEC, however you also need an index. The books themselves don't have a table-of-contents, so you need to make an index yourself that covers just about every topic on every page. In my case, a coworker sent me his that he had used, and it turns out it was out of date so not a single page was correct. Much to my own surprise, I passed with an 82% (the minimum passing score is 74%) so while the index/books are important - they're not completely necessary as long as you paid attention in your classes. It should also be noted that I did not actually study for this. Most of it was just common-sense stuff like "Which of the following does an Intrusion Prevention Device do?" and knowledge that I had obtained from school/work.
&nbsp;
After GSEC is the GCIH, or, GIAC Certified Incident Handler. I haven't taken this yet, nor the next one, so I can't speak to their difficulty or process, but I've been told by other analysts it's roughly the same as GSEC, just different information and more hands-on like capture the flag runs.
&nbsp;
Finally, after GCIH, we are sent to get our GCIA, or, GIAC Certified Intrusion Analyst. Same with GCIH, I have not been sent to obtain this cert just yet, but I can only imagine it's somewhat similar to the last 2 as they follow GIAC's tiered structure.
&nbsp;
So TLDR - as a current InfoSec Analyst - the recommended certs are Security+, GSEC, GCIH, and GCIA. There are many more certs out there, though, these are just the ones my company values currently.
&nbsp;
Good luck!
I just took the exam this morning and had two sims. I say don't worry about it too much, as it was pretty basic actually. Make sure you do them last as they require a considerable amount of time.
My main book was Sybex Security+ Study Guide by Dulaney and Easttom. I read it cover to cover. The content was comprehensive, but in my opinion, it lacks the exam preparation. It has chapter tests, and downloadable files that consist of flashcard and two sample exams, but no sims.
Going back to my sims: In the first one, I had to configure ACLs; and the other one, I had to setup multifactor authentication. If you memorize the ports, at least the commonly used ones (eg. FTP, TFTP, SSH, SCP, LDAP, etc.) and know how to read IP addresses, you'll be fine.
I haven't read Gibson's book, but I read its preparation format is close to actual exam. I wish I had that material; my guess is I would have scored higher than what I got this morning.
Good luck!
I used this book and the CompTia Certmaster. I got the certmaster because I think I bought a second shot for exam retakes. I read the book and then did the certmaster for a month until I took the exam.
https://www.amazon.com/gp/product/1118875079/ref=oh_aui_detailpage_o05_s00?ie=UTF8&amp;psc=1
From /u/jpeek
Passed CCNA-Wireless 200-355
Good afternoon, I just passed the CCNA Wireless exam. Just wanted to give a few sources on what I used to pass.
My background - I've managed large deployments of autonomous access points and I've done a few WLC deployments.
For books I used the CWNA and the CCNA-Wireless Study Guide
If you have access to CCO downloads make sure you get a chance to play with Prime and setting up and using the virtual controller.
Here are some links I've used to help fill in the gaps based on the exam topics where I felt the books were lacking.
&gt;Decibal Watt Calculator
&gt;dBi and dBd explanations
&gt;Antennas Patterns
&gt;Point to Point Quick Reference
&gt;Flash - Cool site that explains how signals propagate
&gt;RRM Management
&gt;Converged Access White Paper
&gt;IPv6 WLC Deployment Guide
&gt;
&gt;5508 Configuration Guide
&gt;Compare Wireless Products
&gt;Web Authentication Configuration Examples
&gt;Guest Access Deployment Guide
&gt;Configuring Mobility Groups
&gt;Site Survey Guidelines
Keep in mind this won't guarantee a pass. This is totally up to your background. For instance, if you aren't familiar with access points in autonomous mode, it might be a good idea to do some research and maybe even set one up. I was quite familiar with them and knew that would be a strong point for me. So that section in section 4.0 I didn't do any research, thus no links. If you aren't familiar with a technology dive into it more!
Let me know if you have any questions!
https://www.reddit.com/r/ccna/comments/4caz7w/passed_ccnawireless_200355/
Grab a copy of the official study guide.
https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119042712/
Which one did you think was better?
1000 online practice exam questions that come with the Official Study Guide 7th Edition - http://sybextestbanks.wiley.com/course/start/id/102
vs. CISSP Official (ISC)2 Practice Tests - Chapple, Seidl Amazon
The Sybex study guide will be available on April 24th. I plan on buying that, studying for a month, then taking a shot at the exam in late May.
Sure. Get it from here. https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119475937/ref=sr_1_4?crid=2N0VRVPHLM0X&keywords=sybex+cissp&qid=1574951835&sprefix=Sybex+cissp%2Caps%2C219&sr=8-4
I used 3 books in my readings:
https://www.amazon.com/Meyers-CompTIA-Security-Certification-SY0-501/dp/126002637X/ref=sr_1_9?keywords=security%2B&amp;qid=1564790977&amp;s=gateway&amp;sr=8-9
https://www.amazon.com/CompTIA-Security-SY0-501-Exam-Cram/dp/0789759004/ref=sr_1_8?keywords=sy0-501&amp;qid=1564791002&amp;s=gateway&amp;sr=8-8
https://www.amazon.com/CompTIA-Security-SY0-501-Guide-Certification/dp/0789758997/ref=sr_1_16?keywords=sy0-501&amp;qid=1564791002&amp;s=gateway&amp;sr=8-16
I have an ACM membership so I was able to access them all from their learning library. Was able to read all three books in 27 days. Did the practice tests online (mostly got between 96% - 98%). No one author is able to cover all the material. But since this is something that I really need to learn, I try to source out materials from different sources.
I usually go with the For Dummies version first to break it into my brain in a form that's understandable before I cover it using the actual text. Yes, it takes time, and not really allow you to accelerate but it helps me to actually understand what I'm supposed to learn and not just pass the test.
Like with PowerShell right now, I'm on chapter 8 of Windows PowerShell Programming for the Absolute Beginner, 3rd which approaches PowerShell programming by building games. Almost have half of it done then I'd go for Learn PowerShell Scripting in a Month of Lunches. Again, I'm not saying this approach is best, but it works for me to understand things better. Plus work does reimbursement for stuff I buy for the class which really helps if I need a book (an actual printed book).
This is probably your best bet All In One Book.
> Security+
This is a good starting point and it only costs ~$300.
> CEH
This is a waste of time. Fuck this cert.
If you want to do Netsec you want CCNA/P:S, and then the roads vary from there depending on what aspect of netsec you want to do. OSCP always fits in well, various GIAC/SANS, ISC2, etc.
Follow up edit:
All you need to pass the S+ is this $30 book and 2-4 weeks of study time. You will 100% not get anything security related, even entry-level, without several certs and more relevant professional work experience. The Security+ is your starting point so hop on it.
Just passed Sec+ last week. I’m military so it doesn’t do me much good in a civilian sector (at the moment,) but I know people that get it and are able to get well-paying jobs right off the bat. It’s definitely difficult, but easily passable. If you’re interested, I recommend the Darril Gibson book. Took a nine day course studying that, and passed with almost no professional IT experience.
Best of luck to you and I highly recommend getting more certs!
Copying and pasting a guide I made for my friend:
Security +
How I got it:
First, get the objectives. They describe the test, and everything on it. Print this out and have it with you at all times when you’re studying: https://certification.comptia.org/docs/default-source/exam-objectives/comptia-security-sy0-401.pdf
Darrel Gibson’s Sec+ book (like $10 on kindle): https://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-401/dp/1939136024/ref=sr_1_sc_1?ie=UTF8&amp;qid=1471899256&amp;sr=8-1-spell&amp;keywords=darrel+gibsoin+security%2B
Another book that was good: http://proquest.safaribooksonline.com.libproxy.lib.csusb.edu/book/certification/securityplus/9781118922903/chapter-1-network-security/9781118922903c01_xhtml
Lots of books through school library
Before each chapter, read the objectives covered in it. For each objective, watch the appropriate videos from this playlist. If the chapter talks about section 4.3 in the Security+ objectives, then make sure you atch those videos. It’s a guy named Professor Messer who will basically give you a primer on each topic. There are a lot of topics though, so there are two playlists you will have to look through. They are all labelled though, so it shouldn’t be hard to find.
Playlist 1: https://www.youtube.com/watch?v=dv7I0SkF6P8&amp;list=PLG49S3nxzAnkcKd71N4OjSv4cUXNhoPlQ
Playlist 2: https://www.youtube.com/playlist?list=PLG49S3nxzAnlhMM1KV5ST1qi3kI87hMpY
After watching a video, mark off that section from your copy of the Sec+ objectives. Then read the chapter. By the time you’re done with the book, all of the objectives should all be marked off.
After you read the book, take the practice tests in the book. The actual Sec+ requires about 83%, so shoot for 90% to give yourself a good cushion.
After that, just start quizzing yourself as much as possible
http://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests
http://www.getcertify4less.com/_images/products/downloads/comptia/CompTIA%20Security+%20SY0-401%20Practice%20Test.pdf
http://www.gocertify.com/table/quizzes/comptia/page-5
http://www.certiology.com/comptia-certification/comptia-securityplus/free-security-plus-practice-tests.html
http://www.proprofs.com/mwiki/index.php/Comptia_Security%2B_Certification_Exam
https://crucialexams.com/exams/comptia/security+/sy0-401/
Quizlet. Quizlet is your friend. Just type in Security+ in it.
Really just look for anything related to the Sec+
For CompTIA Security+:
Training: self-study this. Kindle version is $10.
Exam: Try seeing if the school you got your degree from is an academy partner. You might be able to get a discount. If not, it'll be a few hundred bucks to save for :\
CISSP isn't realistic for your situation i think. Way more training and exam $$$. + other things.
I'd say that Darril Gibson's GCGA (Get Certified Get Ahead) book is a common favorite around here. I'll leave a link here for you if you'd like to check it out.
If you'd like some online study resources that will put you ahead of the game as well (by a long shot), I'll also link you to my Evernote list of everything I used for the Sec+. Study right and you'll pass with flying colors 😊
For a book: https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/ref=sr_1_3?ie=UTF8&amp;qid=1540341090&amp;sr=8-3&amp;keywords=sy0-501
Online resource: https://www.professormesser.com/security-plus/sy0-501/sy0-501-training-course/
I have CCNA and Sec+ at this time. Just passed Sec+ a few weeks ago.
My work forced me to take the Sec+ 501 last minute without studying. I bombed it with a 538. I took it just a little over a month later and passed with a 810. So I agree that it would probably be possible if you bust your ass and study.
I had no IT experience (other than a 6 month military school) prior to Sec+ and used the book below after hearing everyone on here talk about it. In addition to the book I went through a week and half course my job provided so I think that helped also.
https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/ref=mp_s_a_1_1?ie=UTF8&amp;qid=1542473247&amp;sr=8-1&amp;pi=AC_SX236_SY340_QL65&amp;keywords=get+certified+get+ahead+sy0-501&amp;dpPl=1&amp;dpID=51MZNH9iP7L&amp;ref=plSrch
I don't have course suggestions, but all you really need is Darrell Gibson's textbook on Security+. You can run all the labs on your own hardware (you need the experience setting that stuff up anyway). His textbook is comprehensive, and his well-maintained blog fills in any gaps.
I went in with very little security knowledge and was able to blast the Security+ exam out of the water. It's not an easy exam, but his material hits all the necessary check-marks.
Edit: He also has an Android app with test questions, flash cards, and other crap. Worth it.
My first attempt btw was 597
Links:
http://www.gtslearning-courses.net/
https://www.cbtnuggets.com/learn
Book I read by Dariil Gibson
https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/ref=sr_1_3?crid=3OQ0RW0P5085E&amp;keywords=security+plus+sy0-501&amp;qid=1551138675&amp;s=gateway&amp;sprefix=security+plus+%2Caps%2C157&amp;sr=8-3
Security+CE. It will be the easiest of the exams listed. Here's my recommendation on a study guide:
https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/ref=sr_1_3?keywords=security%2B&qid=1573946942&sr=8-3
Studying is MOSTLY FREE. Cannot provide cheating test sites here. Go to the CompTIA website to get the actual test exam outline - print that out please, and supplement with these videos from Professor Messer $FREE and you will need to jot down notes as you go. This is not enough to pass the test(s). You'll also need to get an official study guide book $20 as reading material to go into the details. Coupled with taking notes during the videos and fleshing out the outline from CompTIA you should hit all the possible ways to study. CompTIA offers this $free trial through one of their partners. I also like Mike Meyer's writing style $31 as an alternative.
I mostly used TestOut-Labsim for a majority of it and even then mostly the practice tests. I have a very hard time paying attention when it comes to instructional videos and I have an easier time with studying texts. The text I read through was Exam Cram - CompTIA Security+ by KirkHausman (http://smile.amazon.com/CompTIA-Security-SY0-301-Authorized-Edition/dp/0789748290/). I used Microsoft OneNote for taking notes (this is my favorite application ever) and Cram.com for flash cards on my phone. I memorized 25 different protocols and their corresponding ports using the cards. About half (maybe more) I had already memorized for Net+, but those are just further concrete in my mind.
The problem with Security+ is there is a lot of studying and memorizing facts, where Net+ and A+ has a lot of "hands on" situations, like configuring devices. I think this is because a lot of the security principles have been around long before computers. Cryptography has been found in Egypt dating back to like 1900 BC!
I took Security+ a long time ago, and it was pretty tough then, but you should be fine with some studying. I highly recommend this one:
http://www.amazon.com/CompTIA-Security-SY0-301-Exam-Edition/dp/0789748290
The first edition was pretty solid, at any rate. Good luck!
Well for starters, the CASP was just updated. Prior to that it hasn't been updated since it released in 2011. So it became increasingly out of date. On top of that, there have been other more recognized certs out there that seemed to be in more demand. This isn't to say that will change.
Also keep in mind, most people are only aware of the CompTIA trifecta. Even Linux+ until recently was considered a joke as well. It wasn't until they teamed with LPI that it started to gain momentum.
As for studying for the CASP here are some resources you may look at.
It was this book. I have A+, Sec+, and FOI besides CASP. I used to work helpdesk for 2 years and moved up to a JR sysadmin position recently (3-6 months).
1.) 874/900
2.) CAS-002 cert guide by Robin Abernathy and Troy McMillan
3.) Currently I'm a contractor for the army. I'm apart of a security assessment team and plan on staying on this path for now. As for the future I'd love to move into an IAO role.
http://www.amazon.com/gp/aw/d/0789754010/ref=pd_aw_sim_14_2?ie=UTF8&amp;dpID=51ueq5geAvL&amp;dpSrc=sims&amp;preST=_AC_UL100_SR100%2C100_&amp;refRID=19QR78KRB5Y0Y3HBCC48
I have CompTIA Network +, Security +, and Apple OSx Certified Support Professional.
Best way to get them is just to study by purchasing the books.
[Network +] (https://www.amazon.com/CompTIA-Network-Study-Guide-Authorized/dp/1119021243/ref=sr_1_2?s=books&amp;ie=UTF8&amp;qid=1473465885&amp;sr=1-2&amp;keywords=network+%2B)
Security +
ACSP
You can schedule the CompTIA certifications here
You can schedule the Apple certifications [here] (http://training.apple.com/)
You only really need Security + to get a DoD job, however, the most certs you have, the better you look in the eyes of potential employers. Most people I've worked with have never touched a Mac, but support clientele that work on Macs, so having a Mac cert is a big plus, but not at all required.
If you get a Sec+, and have a decent understanding of computers and troubleshooting, you'll find a nice entry level job normally working Helpdesk.
You could pick up the study guide for the CWNA.
The CWNA is vendor agnostic and gives you a decent grasp of the concepts and things like site surveys.
Udemy course
CWNA
802.11ac
802.11n
802.11 SG
I personally met GT at a Ruckus conference and the dude is sharp. Don't pay the full price (retailmenot) if you enroll. Lots of good info there. You could prob skip the AC guide since that's a little to new for it to be relevant just yet. But def look at the 802.11n literature. This will put you eons ahead of most people.
>"I am more interesting in learning wireless than meraki specifically, but if there is a good meraki class that covers both I think that would be best."
Reading this line I'd suggest you take a look at the CWNA book here: https://smile.amazon.com/CWNA-Certified-Wireless-Administrator-Official/dp/1118893700/ref=sr_1_1?ie=UTF8&amp;qid=1481736604&amp;sr=8-1&amp;keywords=CWNA It should be able to teach you the fundamentals of wireless and is not vendor specific.
IMHO it's better to know the fundamentals of Wireless which CWNA will teach from a vendor neutral perspective where CCNA-Wireless will have a focus on Cisco brand you can guarantee that. I personally am looking over the CWNA book and have thought about sitting for that exam in the future, as my company is using Ruckus APs. If your company is going to foot the bill for the class and cert you're either option should get you the knowledge you will need to start out and get off the ground.
> https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119042712
That's the official study guide for the exam. The CBK is the Common Body of Knowledge which is intended to teach you the concepts.
I'm studying and both are dreadfully boring. I'd start with something like the CBT Nuggets videos, which will introduce you to the topics in a fun and engaging manner - then hit the dry book work hard when you feel you're ready.
If you start with the official CBK or study guide, it might turn you off. It's a lot of dry reading.
i am also using the udemy videos plus this book https://www.amazon.com/CompTIA-CySA-Study-Guide-CS0-001/dp/1119348978/ref=pd_lpo_sbs_14_t_1?_encoding=UTF8&amp;psc=1&amp;refRID=Q1HMEANW19CTDCH8E366
I used a local class, as the in person instruction helped me out a lot. With that, I also recommend Kelly Handerhan's Cybrary course, which is free online.
&#x200B;
Also, if you can get the Official Practice Tests, https://www.amazon.com/CISSP-Official-ISC-Practice-Tests/dp/1119475929/ref=dp_rm_title_1 and Study Guide, https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119475937/ref=dp_rm_title_0
&#x200B;
Those also help out a lot.
to be honest CISSP was a marathon. huge amount of topics, 250Q/6H exam (CAT Testing is only for English version)but the exam was fair. But CISSP is older (30 years?), so of course there are much study materials. As for the CISSP I prepared over 3 months, with a 2 hours of daily study and practicing
But at the end, a big part of the CISSP, like CCSP, is common sense.
I did the CISSP and then the CCSP after. topics are overlapping.
Since you have 7 years of experience in risk and control management, you should be fine for the CISSP.
For the materials, I recommend this:
Sybex Preparation Guid CISSP
https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119475937
Conrad 11th Edition (as brushup, very short book, very good right before the exam)
https://www.amazon.com/Eleventh-Hour-CISSP%C2%AE-Study-Guide/dp/0128112484/ref=sr_1_fkmrnull_1?keywords=conrad+11th+hour&amp;qid=1554770186&amp;s=books&amp;sr=1-1-fkmrnull
And these video:
https://www.cybrary.it/course/cissp/
Of course, if you feel unfamiliar with some wording or topic in above materials, I recommend to do your own research. Google is the best study book :)
Hope it helps
https://www.amazon.com/gp/product/1337288780/ref=ppx_yo_dt_b_asin_title_o05_s00?ie=UTF8&amp;psc=1
This was the book I used. I originally rented it for a class, but had to change my schedule up so I just decided to keep it and start studying. I would definitely read another though. Or watch Professor Messers videos if I were to study again. I feel like the book I used was really good, but I definitely would have been more prepared had I used another dedicated study material. Had I rented a second book, I would have rented this one
https://www.amazon.com/CompTIA-Security-Guide-Fifth-SY0-501/dp/1260019322/ref=sr_1_5?crid=14IBV4EVTTAYM&amp;keywords=comptia+security%2B&amp;qid=1562432800&amp;s=books&amp;sprefix=comptia%2Cstripbooks%2C171&amp;sr=1-5
I used their COMPTIA IT Essentials book and I thought it was very good. Those would be my personal recommendations for books, because they are what I am familiar with. I think if you can, you should absolutely watch Messer's videos though. They are really amazing.
Your most important starting step is to make sure that you have the foundational knowledge, at least at a conceptual level. I'm a big fan of books, so I would recommend a few to you.
Pick ONE of these. Exam is not necessary, but recommended:
Mike Meyers CompTIA Network+ All-in-One Exam Guide
Todd Lammle's CCENT Study Guide - ICND1
Pick ONE of these. Pay attention to business terminology as well. Again, exam is not necessary, but recommended:
Mike Meyers CompTIA Security+ Certification - SY0-501
CompTIA Security+ All-in-One Exam Guide
Darril Gibson SSCP All-in-One Exam Guide
100% read this. It's the Bible of Python scripting. Second edition is brand spanking new too:
Automate the Boring Stuff with Python
This is a good all-around Penetration Testing book that teaches Linux too. You don't *have* to use Kali, Ubuntu is probably less intimidating to those new to Linux, but you will have to install your own software/packages. This is the only book on this list I haven't read, but I often see it recommended:
Penetration Testing: A Hands-on Introduction to Hacking
While you read these books, you should install some kind of Linux distro on a home computer and use it for practice. I would also recommend doing HackTheBox(first challenge is to hack the login page) and starting with the easy boxes. Do as much as you can on your own first, but if you get stuck, watch IppSec's YouTube walk-through for the box you are on. Might be a bit overwhelming until you get through most of the books on that list though.
You should also start looking towards either the eJPT/eCPPT, the OSCP, or GPEN at this point, as those are the best value certifications in this field and will hold a lot of weight at an interview. There's some stigma with certifications in IT/CS, but the ones I listed are all baseline knowledge and/or high value for those in this field. At the very least the knowledge will go far. But definitely avoid anything from EC-Council like the plague.
"About the Author
Michael Meyers (Houston, TX), CompTIA A+, CompTIA Network+,CompTIA Security+, CompTIA CySA+, is the industry’s leading authority on CompTIA Security+ certification. He is the president and founder of Total Seminars, LLC."
https://www.amazon.com/gp/aw/d/126002637X/ref=mp_s_a_1_3?ie=UTF8&amp;qid=1520011531&amp;sr=8-3&amp;pi=AC_SX236_SY340_FMwebp_QL65&amp;keywords=mike+meyers&amp;dpPl=1&amp;dpID=51xXWB%2BujrL&amp;ref=plSrch#productDescription_secondary_view_div_1520011622143
I used this one:
http://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-301/dp/1463762364/ref=la_B001IOH64U_1_9?s=books&amp;ie=UTF8&amp;qid=1407252539&amp;sr=1-9
Its important to note that they have a newer version of the test out (SY0-401). Right now you can take either version, but after December you won't be able to take the test that this study guide was written for (SY0-301). Darril Gibson hasn't released a book for the new version of the test, but he probably will soon.
When I was studying for the Security+ test, I kept going over all of the practice questions in the book until I could get at least 98% of them right. Overall, it took about 2 months of studying. I ended up getting an 851 (94%) on the test.
Sec+ scheduled for Jan 15. Currently reading a book and using CertMaster. Get this book, and if you have funding for it, get CompTIA CertMaster Security+. I used it when studying for the Network+ (along with Mike Meyers' Net+ book) and it was invaluable. Info actually sticks in your head, and the way the questions are worded is startlingly similar to the exam.
Don't get me wrong- BackTrack, Kali, Pentoo, etc. are all amazing tools but to recommend this to someone coming from a helpdesk role might be a bit much to grasp.
Learning how to work with the distros and the wide range of tools is great but you have to learn about the theories behind analyzing protecting the infrastructure and software.
OP, you might start with some books (these have helped me a lot in my career in security)-
CompTIA Security+ Study Guide (not a bad book and the cert is easy, provides the basics of IT security)
The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice (an easy read)
Gray Hat Hacking The Ethical Hackers Handbook (is an intro to the security world and a lot of info, more in-depth)
IT Security is an awesome field and like most IT is has many separate areas within it to learn.
Check out the links below for more info on training (there are others available these are just ones I've used and SANS has a lot of additional resoures)-
SANS Institute
InfoSec Institute
https://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-401/dp/1939136024
Go for the Security+. You will get much more out of that then the A+ cert, specially if you are a DoD contractor. That's what I did. I used this book and CBT nugget videos.
https://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-401/dp/1939136024/ref=sr_1_1?ie=UTF8&amp;qid=1483416496&amp;sr=8-1&amp;keywords=Security+%2B
I took the Net+ and then Sec+ 4 weeks later. There was some overlap from Net+ on the Sec+ exam, so that helped me some. I don't come from a security background and scored an 860 on the exam with heavy studying during that 4 weeks between exams. Get your hands on Darril Gibson's most recent Sec+ book, it was the best money I spent for any exam book. His practice questions are worded similarly to what you'll see on the exam.
Gibson's Book
https://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-401/dp/1939136024?ie=UTF8&amp;*Version*=1&amp;*entries*=0
No problem asking for study material. I personally used the Darril Gibson ebook
no, this one here ya filthy irishman!!
**EDIT
actually you are correct, the one you reference is the updated version of the one I linked..
aka 501 v/s 401
so we are both correct you dandy englishman!!
I know this is a couple days old now but I've worked for a couple companies as a security analyst, and I feel like a lot of the answers so far are geared toward pen testing, which isn't what the interns at either organization do/did.
There's no question that knowing all the stuff others have suggested will come as a help, but most of our interns needed information more along the lines of the Security+ cert. The Security+ won't make anyone an expert but it contains a whole lot of information that will be used on the day to day. Things like tcp vs udp, common ports, terminology like IDS and IPS. Discussion about host based vs network based protection. I'm not really saying "go get this cert" so much as, "understand the general domains of this cert".
If you want to look into it, this is a pretty decent book, $10 on kindle (more in print) or you can probably find it at a library for free.
http://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-401/dp/1939136024/ref=sr_1_1?ie=UTF8&amp;qid=1425426900&amp;sr=8-1&amp;keywords=security%2B+book
A tool that I've used every single day at both places is wireshark. You don't need to be a Jedi to use it, but knowing some simple stuff with it really will help.
Like others said, a background in Linux will help. Wget/curl are convenient for analysis.
Hello,
I have a few questions if you don't mind:
http://gcgapremium.com/pass-the-security-sy0-401-exam-the-first-time-you-take-it/
https://www.amazon.com/gp/product/1939136024/ref=as_li_ss_tl?ie=UTF8&amp;linkCode=sl1&amp;tag=mc00-20&amp;linkId=f26dbc813be02e9a94f686c8ae0ff973
I would highly recommend Gibson's book, it's very solid and covers the exam incredibly well in my experience. Here's the Amazon link to the book so you can check it out (they also have a Kindle version for $10):
https://www.amazon.com/gp/aw/d/1939136024/ref=tmm_pap_title_0?ie=UTF8&amp;qid=&amp;sr=
For videos I'm a fan of CBT Nuggets. It's a bit pricey but you can get your first week free and cancel renewal before the week ends if that works best for you. Here's the link to their Sec+ course:
www.cbtnuggets.com/it-training/comptia-security-plus-sy0-401
https://www.amazon.com/gp/aw/d/1939136024/ref=mp_s_a_1_4?ie=UTF8&amp;qid=1526108431&amp;sr=8-4&amp;pi=AC_SX236_SY340_QL65&amp;keywords=comptia+security%2B&amp;dpPl=1&amp;dpID=51g-tyqmEPL&amp;ref=plSrch#
401 is still being offered till end of july, i also used boson for test exams, i used boson for my ccna and security+, will use when im ready for ccna security.
I’ve been in the industry for a while and don’t have any cert’s. I’m currently studying for my Security+. I’m 90% sure I could pass the test even without studying but I don’t want to have a chance of wasting the money. I’ve got this book and I think it gives a good overview of the industry.
CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide https://www.amazon.com/dp/1939136059/ref=cm_sw_r_cp_api_i_wkayDbJYN4DMW
I'm taking the test in a month and using this book: https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/ref=pd_lpo_sbs_14_img_0?_encoding=UTF8&amp;psc=1&amp;refRID=5H0WSYWQ700X3F7F19FM
Flashcards
The Certmaster
And Professor Messer's videos
Watch the videos here:
https://www.professormesser.com/security-plus/sy0-501/sy0-501-training-course/
Buy and read this book:
CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide https://www.amazon.com/dp/1939136059/
With sufficient study you should be able to pass the exam within a month.
Good luck!
Get Certified Get Ahead. Pretty much known as the gold standard in terms of reading material for the Security+ test.
99.9% will tell you to get Darril Gibson's Get Certified Get Ahead book. It is definitely worth the buy. linky
This book really helped me:
https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059
Also mainly just take practice exams and beef up the areas that are lacking. No need to over study things you already know. Stay calm during the exam, sleep well the night before, eat something before you go.
You will get it, you definitely seem dedicated and willing to work for it.
People have recommended some good things, but as a student myself i will tell you this: Before moving into advanced things, PLEASE - learn the basics. Learn how operating systems work and how to use them in an administrative capacity (Yes, that means Windows AND Linux. I notice a lot of my peers are uninterested in Windows administration but from what I've gathered most organizations are windows shops). Learn basic to intermediate networking, this is a MUST. Programming is not a requirement to going into security but i'll tell you this; it'll really help you gain a better understanding of how computers work, as well as give you that extra set of skills to pull out of your pocket when trying to solve a problem. If anything I recommend learning something like Python, or C.
&#x200B;
Also, a personal opinion of mine is: Only learning what college teaches you is not enough for security, regardless of if you want to go blue team or red team, or do malware analysis/reverse engineering. You should be self learning outside of school as well. Set up a home lab (/r/homelab) to familiarize yourself with different systems, and to get hands on experience with different technologies. It will teach you so much, and when you go for that first entry position your interviewers will be impressed with everything you know. Mine certainly were, and not to sound cocky but I'm still in school to graduate next year and I got an internship, got hired on part time during the school year because they were impressed with my performance during the internship, which is to be converted to a full time employee should I wish to continue working there when I graduate.
Put in the work and you'll be rewarded. So many people skip the basics because it's not as "fun" or interesting, but especially in security- you can't keep building on top of something that doesn't have a good foundation or you'll end up with a mess. If you know the basics you'll be able to work on basic things, and then the more advanced things as well once the ground is solid.
&#x200B;
Also, don't listen to everything they teach you in school. Depending on your school a lot of the information security curriculum may be very outdated (10-15 years old). Learning older things is useful, but you really need to learn newer stuff as well because new things pop up every single day. You can try getting your CompTIA A+, Network+, and Security+ to cover some of the basics. That will really help you - it's pretty much first year curriculum.
&#x200B;
Edit: NoStarch books are some of my favorite security(and programming) books
and CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide by Darril Gibson is one of the best books for the Security+ test. Professor Messer's free videos are absolutely amazing.
This is the academic store that you can buy discounted exam vouchers from at the cheapest price. Requires a .edu email and you can only buy one voucher per test. You cannot buy retake vouchers at the discounted price.
https://academic-store.comptia.org/certification-vouchers/c/11332
The academic store will give you a coupon code that you will use to redeem your exam when registering for the day you will take it.
https://home.pearsonvue.com/comptia
It is suggested to schedule your exam date few weeks out and to arrive a half hour early before your scheduled exam time. Make sure to bring all forms of ID required for the test.
https://www.weber.edu/TestingCenter/lindquist.html
Students should prepare for the exam by going over the course objectives and making sure they adequately understand each subject on these sheets.
Official Sec+
https://certification.comptia.org/docs/default-source/exam-objectives/comptia-security-sy0-501-exam-objectives.pdf
Unofficial Sec+
https://www.certblaster.com/wp-content/uploads/2017/10/CompTIA-Security-SY0-501-Exam-Objectives.pdf
Official Network+
https://certification.comptia.org/docs/default-source/exam-objectives/comptia-network-n10-007-v-3-0-exam-objectives.pdf
I would suggest you do not purchase the official study guides and labs offered by the CompTIA store because many people have had mixed opinions on their cost and effectiveness and find them to be useless.
I would suggest using free sources such as Professor Messer and other books with practice exams such as the "CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide" . Professor Messer has monthly online study groups to personally ask questions from for free, he also has free videos that take you through every aspect of the test.
Security+
https://www.amazon.com/dp/1939136059/ref=cm_sw_r_cp_apa_i_BADzCbXJR8TGC
https://www.professormesser.com/security-plus/sy0-501/sy0-501-training-course/
Networking+
https://www.amazon.com/dp/1260122387/ref=cm_sw_r_cp_apa_i_HCDzCbXY08434
https://www.professormesser.com/network-plus/n10-007/n10-007-training-course/
Each certification test is comprised of a maximum of 90 questions on a 90 minute test that requires a passing score of 720 out of 900. The test will include common networking or security tools, Linux and Windows command line commands and theoretical and implementation questions. The test may also include common port numbers used by everyday services so knowing a large amount of them will help during the test.
The test will also include performance based questions such as dragging and dropping, matching, etc.
https://www.examcompass.com/comptia/network-plus-certification/free-network-plus-practice-tests#
https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#
https://crucialexams.com/exams/comptia/security+/sy0-501/
The CompTIA tests are designed to be rigorous and intense, during the exam, you may feel like you are performing terrible and are about to fail, but you may be doing just fine. The test is designed to make you doubt yourself and sweat.
You only need the minimum to pass. A 721 score is the same as a 870 score.
If you study hard and know everything on the CompTIA lists and their intracacies, you will pass
This ought to be fine:
https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead-ebook/dp/B07652KDXM/
24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them is good
Unfortunately, most of the university programs lag significantly behind industry. I've interviewed candidates with graduate degrees in cybersecurity that were not aware of most modern techniques used to find persistent adversaries. The good things those programs provide is a broad coverage of information security as a whole.
I saw you mention "finding the vulnerabilities before the bad guys do". Unfortunately, in the real world the code is either unpublished and you're a software security consultant, analyst, or tester, or it is published and you're fixing a hole that the adversary has already discovered. If your interest is in the software security side, I would recommend two books above all others.
The 24 Deadly Sins of Software Security: https://www.amazon.com/Deadly-Sins-Software-Security-Programming/dp/0071626751?_encoding=UTF8&amp;%2AVersion%2A=1&amp;%2Aentries%2A=0
Writing Secure Code: https://www.amazon.com/Writing-Secure-Code-Strategies-Applications/dp/0735617228/ref=sr_1_1?s=books&amp;ie=UTF8&amp;qid=1499038741&amp;sr=1-1&amp;keywords=writing+secure+code
That said, there is also a lot of work in the systems engineering side of the house - along the lines of credential theft and secure enterprise design. If you think this might be interesting to you, I would recommend reading papers such as these:
Microsoft Pass the Hash Whitepaper: https://www.microsoft.com/en-us/download/details.aspx?id=36036
Think Like a Hacker (shameless plug for my book): https://www.amazon.com/Think-Like-Hacker-Sysadmins-Cybersecurity/dp/0692865217/ref=sr_1_sc_1?ie=UTF8&amp;qid=1499038880&amp;sr=8-1-spell
Cybersecurity is typically broken into various subfields, such as reverse engineering, forensics, threat intelligence, and the like - each with its own set of tools and skills. Ultimately, I would recommend attending a decent hacking conference such as DEFCON, DerbyCon, ShmooCon, or the like to get familiar with the field.
Not sure what everyone uses, but http://www.amazon.com/Deadly-Sins-Software-Security-Programming/dp/0071626751 is a good place to start. Not all internet stuff, but the base ideas of how hacking works.
TL;DR:http://i.imgur.com/zHYn6Zd.jpg
For Sec+ I went to the class at Keesler and bought the old version of this book. After reading it and highlighting important stuff I studied a chapter a night for about two weeks and also did some study questions on quizlet. Passed with no real issues.
CISSP as there are more training resources available. Do your own research though.
&#x200B;
Take a look at these resources:
CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide
https://www.amazon.com/gp/product/1119042712/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=1119042712&linkCode=as2&tag=mc00-20&linkId=C7HNX553XYF3YBVA
&#x200B;
CISSP All-in-One Exam Guide, Seventh Edition 7th Edition
https://www.amazon.com/CISSP-All-One-Guide-Seventh/dp/0071849270/ref=sr_1_1?s=books&ie=UTF8&qid=1541218380&sr=1-1&keywords=shon+harris+cissp
&#x200B;
Pluralsight:
https://app.pluralsight.com/paths/certificate/cisspr-certified-information-systems-security-professional
&#x200B;
CBT Nuggets:
https://www.cbtnuggets.com/it-training/isc2-cissp-2015
This was my textbook for my cybersecurity class and never before have I ever learned so much from a class or textbook. It's technical yet extremely understandable. The best cybersecurity methods are the simplest ones, the ones that make sense. ITGCs are covered, though they don't call them that. If you read this book thoroughly and studied you could pass the CISSP cert and be in fantastic shape. That's my plan. I have this eBook too if you want to PM me your email, as the book is rather expensive. This is known as the "Bible" for the CISSP exam.
Edit: CISSP All-in-One Exam Guide, Seventh Edition https://www.amazon.com/dp/0071849270/ref=cm_sw_r_cp_api_MljtzbZ9CJ7ZV
These two subjects are very well explained by the CISSP All in One (created by Shon Harris)
https://www.amazon.com/CISSP-All-One-Guide-Seventh/dp/0071849270/ref=pd_sbs_14_t_0?_encoding=UTF8&amp;psc=1&amp;refRID=4D3GRA6EEWEVVRQ0F39J
Hi Roboman,
If your current position falls within the realm of the Security+ Cert, go after it. If you are hungry to gain knowledge in this field, I recommend https://www.amazon.com/CISSP-All-One-Guide-Seventh/dp/0071849270. You will crush the Security+ exam and the CISSP exam if you engulf this material. If you want a good career in IT Sec, this will help you tremendously. Happy Holidays!
If you're getting 94% on your practice exam you're probably ready to go. Get a few more practice exams (you can buy books of practice exams on Amazon pretty cheaply) if you continue to get mid 90s you should be good to go.
Make sure you have your standard ports memorized. They came up a lot for me.
To pass my Security+ I watched the CBT Nuggets and read
this and [this] (http://www.amazon.com/Security-Certification-Official-published-McGraw-Hill/dp/B00E6TOT2Q/ref=sr_1_8?s=books&amp;ie=UTF8&amp;qid=1394728491&amp;sr=1-8&amp;keywords=security%2B+clarke) but I really had to learn a lot, I don't do much security work in my day to day. In the end I was way overprepared. I think I only missed one question.
It looks like the site cram.com (which isn't a porn site, oddly enough) lets you create your own flashcards. I've used the ExamCram books and there are others that have electronic flash cards or other fun things. If you sail any high seas, you can find them there too I'm sure.
If you're already thinking about looking for other jobs and are looking to get your Bachelor's, look at local colleges. A lot of places will offer tuition reimbursement or will cover your courses completely, which is fantastic if you can find it. Smaller shops also let you get your hands into a lot of different tools that you might not otherwise get to play with, which gives you experience and lets you refine what your career goals are.
For networking, I'm terrible at that too. I've found local user groups in my area (or within a couple hours from my city) that I go to frequently. There's a quarterly tech ed group, a quarterly System Center group, a powershell group, and even a generic sysadmin group. I had no idea they were out there until I started looking. Most of the time the "small talk" is about what's on our plates at work, how we're having trouble filling some position, how we got killed by xyz vulnerability/some Microsoft patch boned us, or how our kids are keeping us up and we're so tired. Each of the groups has a LinkedIn page too, but most of the meat is in the face-to-face interactions.
People inherently like to talk about themselves--if you strike up a conversation with someone and say "I overheard you guys talking about the ShellShock vulnerability, here's how we handled it." they'll just say "Oh, cool." and turn away. But if you were to say "I wasn't listening in, but I overheard you guys talking about Shellshock... It killed us...I mean, I should probably still be at work right now. How'd you guys handle it?" and then they'll launch into Puppet or Zabbix or Nagios or some tech that they use and you can ask them about that, too. It sounds exhausting, because it kind of is, but the connections actually come in really useful.
Here is the desktop version of your link
The cert guide is good and covers pretty much everything. There is an iOS app from LearnZapp that covers CAS-002 which is based on the cert guide. That being said, nothing really covers the PBQ's which in my case I had 10 of them. CAS-002 is being deprecated and replaced by CAS-003. So I am not sure what all of those changes will encompass.
&#x200B;
https://www.amazon.com/CompTIA-Advanced-Security-Practitioner-CAS-002/dp/0789754010
&#x200B;
I used this and this. Both together are more than you'd need. If you have Sec+ and have even a small amount of industry/best practice/common sense experience, you'll be fine.
Not advocating them, but I'm sure there's braindumps for it, as it is entirely multiple choice, other than a few simulations at the beginning.
Sure thing, the Comptia certs do cost some money, I know some high schools/community colleges have reimbursement programs for them so that may be looking into in your local area. As far as study material I used these: A+, Security+, Linux+. PDF's of these books can be found online from various sources as well.
For exam practice I used a VCE exam player application and whichever vce file had the best rating per exam from examcollection. Hope that helps!
https://www.amazon.com/CompTIA-Security-Study-Guide-SY0-401/dp/1118875079
Before the test I'd suggest picking up a copy of CompTIA Security+ Study Guide: SY0-401, to see what you aren't familiar with. To pass the 401, I read the book in it's entirety once, then went over every test question in this book, CompTIA Security+ Certification Practice Exams, Second Edition (Exam SY0-401) (Certification Press) Kindle Edition.
I flew through the multiple choice section of the 401 with no problems. The labs were a pain, but that's due to how they were designed, not due to lack of knowledge or studying. In my opinion, they were presented poorly, the instructions were hard to follow and never followed the same structure from one to the next. However, since the practice exam book prepped me for the multiple choice, I had plenty of time to go back and decipher the labs (my lab questions were in the beginning, I think I had 5 or 6 of them).
Links to the books from above:
http://www.amazon.com/CompTIA-Security-Study-Guide-SY0-401/dp/1118875079/ref=cm_cr_pr_product_top?ie=UTF8
http://www.amazon.com/CompTIA-Security-Certification-Practice-Edition-ebook/dp/B00IZX3XYY/ref=cm_cr_pr_product_top?ie=UTF8
How long did it take you to study? and what materials did you use?
I currently have the exam cram security+ book, and just recently ordered the symbex book alongside it. I learned from people that took the CCNA that multiple sources are a good thing but don't go overboard, a cert only lasts for a few years and you'll need to take it again with more up to date literature. Congratulations.
A study guide should be more than enough.
https://www.amazon.co.uk/gp/product/1118875079/ref=pd_sbs_14_t_1?ie=UTF8&amp;psc=1&amp;refRID=FJ778RBW4HCTJN0TG0Y8
For what it's worth, if you are actually interested in fast tracking your knowledge of Wireless fundamentals then the CWNA certification program and its associated references are really great. I recommend this book
https://www.amazon.com/CWNA-Certified-Wireless-Administrator-Official/dp/1118893700/ref=sr_1_1?ie=UTF8&amp;qid=1481070486&amp;sr=8-1&amp;keywords=cwna
Sybex actually has a newer CISSP book that covers the new domain format. http://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119042712/ref=sr_1_1?ie=UTF8&amp;qid=1458704710&amp;sr=8-1&amp;keywords=sybex+cissp . I found the Shon Harris All-in_one book very difficult to read cover to cover. I used it for reference.
Certified Information Systems Security Professional Official Study Guide
There's also this https://www.amazon.com/CISSP-Official-ISC-Practice-Tests/dp/1119252288/ref=dp_rm_title_0
Hi, Thanks for sharing in details.
are these two items same,
Sybex practice test bank 4x250 question exams And Sybex Practice text book? https://www.amazon.com/CISSP-Official-ISC-Practice-Tests/dp/1119252288.
if not, how can I get the 4x250 questions?
Thanks
thats this guy right?
https://www.amazon.com/CISSP-Official-ISC-Practice-Tests/dp/1119252288/ref=sr_1_1?ie=UTF8&amp;qid=1498778594&amp;sr=8-1&amp;keywords=cissp+official+test+book
the testing app on my phone is pulled from this book i believe
No, its a different book.
https://www.amazon.com/CISSP-Official-ISC-Practice-Tests/dp/1119252288/ref=sr_1_2?ie=UTF8&amp;qid=1500562635&amp;sr=8-2&amp;keywords=isc2+cissp
cccure.org is considered by most to be the defacto question bank and the best way to prepare. I have found that the Sybex Official Practice tests online are just as good if not better and will save you a few bucks if that's a problem. The one thing I WILL say bad about it is at times it lags very bad.
https://www.amazon.com/CISSP-Official-ISC-Practice-Tests/dp/1119252288/ref=sr_1_2?ie=UTF8&amp;qid=1481206384&amp;sr=8-2&amp;keywords=sybex+cissp
I would imagine that this is the book. https://www.amazon.com/CompTIA-CySA-Study-Guide-CS0-001/dp/1119348978/ref=sr_1_1?ie=UTF8&amp;qid=1518465950&amp;sr=8-1&amp;keywords=sybex+csa
It seems to be often recommended.
I agree. I would look into virtual labs too.
I personally liked these:
https://www.cybrary.it/catalog/practice_labs/comptia-cybersecurity-analyst-csa
And the Sybex book and practice questions:
https://www.amazon.com/CompTIA-CySA-Study-Guide-CS0-001/dp/1119348978/
https://www.amazon.com/CompTIA-CySA-Practice-Tests-CS0-001/dp/1119433207/
Edit: CompTIA renamed Cybersecurity Analyst from CSA to CySA. So you will see a mix for a while.
Congrats!!!
What do you mean by ' the Official isc2 practice test book '? Is it the Sybex one? https://www.amazon.com/CISSP-Official-ISC-Practice-Tests/dp/1119475929
&#x200B;
Thank you
Congratulations!.
&#x200B;
Well done and thanks for sharing.
&#x200B;
Just a quick question, you have said '- I bought the ISC2 test questions book' do you mean this book?
&#x200B;
Thanks.
Nope
This one
CISSP Official (ISC)2 Practice Tests https://www.amazon.com/dp/1119475929/ref=cm_sw_r_cp_api_i_N4mSDbGQPV37R
Wow interesting they still have Shon's name on those books since she died in 2014.
You need the sybex Cissp 8th edition book.
https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119475937
That book and Kelly Handerhand's Cybrary videos will get you there. /r/Cissp has pages of everything you need which is less than 10 items.
Just passed mine last month.
Good luck on your journey!
I bought this one along with the associated question book, is this the Sybex book you talk about?
https://www.amazon.com/CISSP-Certified-Information-Security-Professional/dp/1119475937/ref=dp_ob_title_bk
Also got the 11th Hour, which is a great summary.
And of course Kelly's video's :)
PS. i'm a light weight, a double shot of coffee is enough to get me going ;)
Yeah he's great!
https://www.google.com/url?sa=t&amp;source=web&amp;rct=j&amp;url=https://www.amazon.com/CompTIA-Cybersecurity-Analyst-Certification-CS0-001/dp/126001181X&amp;ved=2ahUKEwiezIummY7lAhVzIqYKHesCCKkQFjAAegQIBRAB&amp;usg=AOvVaw1aUg1VXkH1whQQvROIqE8W
Honestly, I just took the assessment blind after beginning the class and passed it. I have experience in the field, but I recently did this Professor Messer course to get my Sec+ and the majority of the knowledge was in that YouTube course.
You can watch the Professer Messer material in a weekend if you watch it at 1.25 speed, again just take notes on things that don't immediately click for you and pay special attention to those in other training material.
This series of books is good in general for CompTIA exams: On Amazon , they always have end of chapter quizzes that map pretty well onto exams.
How are you doing on the practice exams? Any special areas that aren't clicking for you?
I've used Cybrary's practice exams in the past and found them pretty okay:https://www.cybrary.it/catalog/transcender_tests/comptia-cysa-practice-exam/
https://www.amazon.com/gp/aw/d/126001181X/ref=mp_s_a_1_2?ie=UTF8&amp;qid=1520706009&amp;sr=8-2&amp;pi=AC_SX236_SY340_FMwebp_QL65&amp;keywords=csa%2B&amp;dpPl=1&amp;dpID=515Z0goTp7L&amp;ref=plSrch
I have the same question. I'm partial to this one:
https://www.amazon.com/CompTIA-Security-Guide-Fifth-SY0-501/dp/1260019322/ref=sr_1_3?ie=UTF8&amp;qid=1518405572&amp;sr=8-3&amp;keywords=security%2B
But it only comes in CD-ROM or Kindle format. I managed to find the hard cover edition on McGraw Hill's site and CompTia's own online shop but the cost of having it shipped to Canada is too high for my taste. Anyone know of a place I can pick this up in Canada?
https://www.amazon.com/CompTIA-Security-Guide-Fifth-SY0-501/dp/1260019322/ref=mp_s_a_1_4?ie=UTF8&amp;qid=1540824481&amp;sr=8-4&amp;pi=AC_SX236_SY340_FMwebp_QL65&amp;keywords=security%2B+sy0-501
Can you pass a drug test and do you have a clean record? If so, get your Comptia Security+ 501 certificate. It is required for any government IT job which is probably one of he biggest employers here in the Springs. Every video instruction you need is free on youtube. The books are $35 on amazon. You can get discounted test certificates here. Sec+501 took me maybe a month of studying to pass, and getting it will open up more doors for you in the IT field in this town than any other certificate, so long as you meet the requirements in my first sentence. The clearance may or may not be a necessity depending on where you go. On base might be difficult, but there are more jobs than you think out there for government contracting. DOD, DHS, and numerous other agencies all have contracting jobs readily available in this town. But you need Sec+.
For the Total Tester 6.2, that comes with the this book. I did not buy the book, but a colleague of mine bought it, and he lend me the disc. I'm thinking, "great more test practice questions to try", and it came with a PDF of the book, so I can look at different explanation. There has been another one regarding threat actors that did not make any sense as well. Since the book, as far as I know, is the only one with definitions for structured threats, but there is no matrix on regarding what threat actors are unstructured, structured and high structured, unless you go into the part in the book to explain that.
I have watch the PluralSight videos, not Prof. Messer, and there was no matrix I can find on the different structures of threats. I am thinking to myself, am I that bad at these tests.
It's certainly worth a go. I'd read through a guide, such as this:
https://www.amazon.com/Certified-Ethical-Hacker-Guide-Fourth/dp/126045455X/ref=dp_ob_title_bk
Then email EC-Council and explain that you have been working in IT security for 3 years (ok, so you might need to exaggerate a bit here), and that you'd simply like to take the exam, as you feel you already know the information contained in their syllabus.
You might get a few back and forths, but if they are playing hardball, say that your manager has only given you enough in the training budget for one cert this year, and you've chosen the CEH exam, but can't get the funds for the whole course. I expect they'd rather you pend the money on taking their exam, than went elsewhere.
To be honest though, you're probably better off buying the book to study anyway, then taking the OSCP cert from OffSec
This is exactly why the professionals in IT very rarely talk security with people who arent in the industry. TV and movies have really made people think things will happen that never will, or are near impossible.
The type of effort you are talking would be like if some terrorist encrypted their manifesto on a thumb drive and the government had to crack it right away to avoid another attack. Dont you remember how complicated it was just to get into the San Bernadino people's iphones? The resources and time required once you pass a certain level are insane.
I hope no one here is that type of person. If you want to find out how complicated it really is, this is where you start down the rabbit hole.
https://www.amazon.com/Certified-Ethical-Hacker-Guide-Fourth/dp/126045455X/ref=sr_1_3?keywords=ethical+hacking&amp;qid=1570333559&amp;sr=8-3
and this
https://www.kali.org/
I suggest using Virtual Machines on a separate drive to boot your system with the network NIC drivers removed if you install and start messing with how that all works.
Also, here is a tool to tell you the amount of possible passwords. Even with ONLY letters uppercase and lower, the amount you get at 20 characters is like the amount of stars in the galaxy or something insane you could compare it to. Grains of sand in the outer banks maybe? Just at 26 letters you have 52 characters to make combinations from when you consider upper and lowercase. Think of how many possible combinations there are when you shuffle a deck of cards. You shuffle a deck, I shuffle a deck, what are the odds I shuffle them and the cards end up in the same order as yours? Even using a computer to try and match your pile, its gonna take a really really really long time. Then mix in numbers and characters. Each single possibility added to make is 53, 54, 55 etc, turns it into a HUGE unfathomable number when you are at 20 characters. You cant brute force it, and without a REALLY educated guess, thats your only option. Unless you are the gubment and have a key for the algorithm.
http://www.csgnetwork.com/optionspossiblecalc.html
It's called out pretty clearly in the description, but it should be version 4. The Boson questions are definitely closer to the exam, and the practice questions at the end of each chapter of the AIO are good as well.
https://www.amazon.com/dp/126045455X/ref=cm_sw_r_sms_apa_i_nsJTDb0J7S9G1
Passed the Comptia Security+ with the help of Darill Gibson's two books:http://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-301/dp/1463762364/ref=sr_1_1?ie=UTF8&amp;qid=1331748339&amp;sr=8-1 and http://www.amazon.com/Security-Practice-Questions-Certified-ebook/dp/B006ZD6WV2/ref=sr_1_fkmr0_2?ie=UTF8&amp;qid=1331748339&amp;sr=8-2-fkmr0
This book? http://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-301/dp/1463762364
Security+ is a pretty easy certification, I'd go after that one first. I used [this] (http://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-301/dp/1463762364/ref=sr_1_1?s=books&amp;ie=UTF8&amp;qid=1372795599&amp;sr=1-1) book to study for it, took about a week to prepare.
http://www.amazon.com/gp/product/1463762364/ref=od_img_link_refresh_T1
I was recommended this book and I've only had a quick skim through it as I am trying to get more employibility through other avenues and then start studying for it. But it seems well laid out and easy to read. It also has a lot of great reviews
Close, this is the study guide, you've linked the practice question book. I bought the Kindle versions of both of them for $20 total.
SY0-401 has only been around for a little over two years. It'll be another couple before it's replaced.
Buy this, this, and this.
If you can, try to build your own box from scratch.
Sign up for an account with Professor Messer, and watch every video.
Download, install and become familiar with VirtualBox...then install a Linux distro and become familiar with it. Everyone and their grandmother will instantly pounce on you to try to shove their personal Linux distro preference down your throat. Ignore most of them. Try Ubuntu, Fedora or openSUSE. Better, try all of them. They're all based on different flavors of Linux. Find one you like? Does it feel comfortable? Good. Use that one.
Ignore most "free" online practice tests (they're mostly shit), make flash cards, use VirtualBox to get as much hands on as you can, keep your head down and study.
Sorry, here it is CompTIA Security+ Book
>I don't believe I'd be able to survive on enlisted pay.
Plenty of people do. The military will pay you a subsistence based on where you live and your rank (BAH).
>I'd be willing to move anywhere if it meant I could get hands on experience with cyber security
Do you have any certs now? You should study for the Sec+ like yesterday. Buy This. Its okay to get certified before you graduate, hell I encourage it. Look into learning networking as well. When you graduate, hit me up if you remember.
Congrats on passing! The Sec+ is my next step. I just passed Net+ this Monday. What exactly are you referring to when you say premium content? Maybe post a link for us? :D I just bought Darryl Gibson's SY0-401 book. Is that the same on you used? Here is a link
https://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-401/dp/1939136024/ref=sr_1_1?ie=UTF8&amp;qid=1500559370&amp;sr=8-1&amp;keywords=darryl+gibson+security+plus
Also, would you say the Sec+ is easier or harder than the Net+?
Is this the one you are referring to? You linked the practice test book. https://www.amazon.com/dp/1939136024/ref=cm_sw_r_other_apa_dO44ybCQ3D6WY
Also, does he have any videos?
Book
CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide
This one helped me to pass!
https://www.amazon.com/dp/1939136024/ref=cm_sw_r_cp_awdb_t1_SyWPAbPRK4E3F
I used this book and would recommend it.
https://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-401/dp/1939136024/ref=pd_lpo_sbs_14_t_0?_encoding=UTF8&amp;psc=1&amp;refRID=SCTGP0Y33FZNTKV344Z8
Weird, the book is called CompTIA Security+ Get Ahead Get Certified SY0-401 Study Guide, if you just Google that
Lol I'm a dumbass again and used a link from my orders. https://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-401/dp/1939136024
Cybrary has solid training - I definitely would recommend them. I don't know that it alone will be enough to pass the exam but it certainly is a good start. The Darryl Gibson book seems to have pretty positive feedback so you may want to pick that one up as well. Here is an Amazon link for it: https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/ref=pd_sim_14_3?_encoding=UTF8&amp;pd_rd_i=1939136059&amp;pd_rd_r=W762ZND5VVXXV57WFX7R&amp;pd_rd_w=mXr4x&amp;pd_rd_wg=90N8D&amp;psc=1&amp;refRID=W762ZND5VVXXV57WFX7R
A solid foundation would be CCNA (or at least CCENT or Net+) and Security+. The CCNA will give you an excellent understanding of networking, as well as some good hands-on using Packet Tracer. Security+ will introduce you to every domain of Infosec (Malware, Cryptography, Tools for Blue/Red Team, etc). The information is a mile-long, and an inch deep.
CCNA Study Materials:
Security+ Study Materials:
This is the book you're talking about right? https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059
Darril Gibson is your friend. You can either buy his book and/or visit his website and you should pass.
Great question and this was on the exam. You will need to know the difference between the different SSO and which one is used with which. If you have Darril Gibson book he break it down for you clearly. https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059
Security+ book is pretty legit.
Well I bought this book first: https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/ref=sr_1_4?keywords=security+%2B&qid=1573832314&sr=8-4
I recommend it. He does an awesome job explaining everything. I read this from front to back.
Then switched to Professor Messor videos: https://www.youtube.com/playlist?list=PLG49S3nxzAnnVhoAaL4B6aMFDQ8_gdxAy
Watched all of them beginning to end. Good way to solidify your foundation of what you learned from the book.
Then do some practice tests to find out what you need to work on. I found some practice tests from Cisco on youtube. It was like 600 questions but worth it.
Anyways, I hope this helps. Good luck I'm sure you will do great!
Get the Darril Gibson book:
https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/ref=sr_1_3?ie=UTF8&amp;qid=1527111564&amp;sr=8-3&amp;keywords=security%2B
I bought 3 books when I got my sec+. Gibson, the official CompTIA book, and a study guide book. The Gibson book was the only one I needed, I barely even looked at the other two. When I got my CISSP I used CBTNuggets videos and they were great as well. They have a Security+ course there, and I think they still offer a 30-day free trial. I just used the 30 day trial and it was long enough to get my cert.
None of the extras CompTIA sells are worth it, unless you really have money to burn.
Here you go: https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead-ebook/dp/B07652KDXM/ref=tmm_kin_swatch_0?_encoding=UTF8&amp;qid=&amp;sr=
I think you will gain a lot of helpful info and concepts from the networking parts of the semester. I help you prepare, I'd suggest looking into studying for the Security+ exam. Below is a great book you can use to study and it has many extras like audio files, flash cards, etc that you need to pay for but very affordable.
https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead-ebook/dp/B07652KDXM/ref=sr_1_3?ie=UTF8&amp;qid=1539612596&amp;sr=8-3&amp;keywords=security%2B
https://www.amazon.com/CompTIA-Security-Guide-Fifth-SY0-501/dp/1260019322
Basically I got a call from a recruiter on Wednesday night saying that if I passed the test by the end of Friday I would have a guaranteed job. Thursday morning I popped an addy, read messers study guide, did the chapter quizzes in the book, and the rest of the day I worked on the chapters I was deficient in. Friday morning I took the exam and passed.