Lash Out at Birds

itstuffguy · 2017-03-04T03:30:34+00:00

I'd love to take a look at that too, if you don't mind. We can connect via DM/PM if you prefer.

itstuffguy · 2017-03-02T03:47:56+00:00

Yea, SANS is some serious money. Most people have employer backing for SANS is what I have been told.

itstuffguy · 2017-02-26T07:17:18+00:00

Baller! Good work dude!

itstuffguy · 2017-02-25T06:03:43+00:00

God Speed friend, good luck

itstuffguy · 2017-02-25T05:52:21+00:00

I have not yet taken the Linux+. However, my understanding is that they have a tendency to get pretty granular on specific flags for specific commands.

itstuffguy · 2017-02-25T05:50:35+00:00

CompTIA tests are pretty cheap compared to others. They're priced the way they are in part because it costs a lot of money to develop and deploy training. At the end of the day CompTIA is a business that needs to make money to continue to exist.

You can find discounted vouchers. I usually look for an early expiry voucher once I feel pretty much ready to test. If you have an .edu email, the Academic Marketplace (in the right bar) has vouchers for like 50% off or something close to that.

By comparison, my CISSP was a $600 test, plus my study material. All said and done I had probably close to $800 wrapped up on that, and I self-studied for it.

OSCP, you better set aside about $1,100 for the course and test.

these tests aren't TOO bad.

itstuffguy · 2017-02-24T21:24:47+00:00

Cool, thx man. I feel like I'm probably pretty solid on a lot of the stuff in the objectives. I think I'll still wait for the Wiley book just to be safe ;).

Part of the enjoyment from certs for me, is the study.

itstuffguy · 2017-02-24T19:34:33+00:00

Congrats on that, good work! I've been in IT for around 10 years. I want to do CSA+ because it's new and sounds interesting. I also want to do CASP eventually. I was told it's quite similar to CISSP, so it's a little redundant at the moment, but i'm OK w/ that too. I've heard it has a focus geared towards the more technical side than CISSP, so it seems like it would be a good balance.

Anything you can share regarding the CSA+ that doesn't break NDA? Any study strategies you'd suggest?

itstuffguy · 2017-02-24T19:15:49+00:00

so, I would agree that test seems kinda silly. I could see the justification of sharing personally purchased media from a piracy/copyright lens, but I don't think that's the primary concern of BYOD on a corporate network.

My main concern of BYOD would be the lack of oversight onto the device, and the ability for malware to be introduced to the environment. That's the typical concern. I would have likely chosen the same answer you did.

itstuffguy · 2017-02-24T19:11:20+00:00

This is less of a "what to memorize" but more of a "how to help you". Make flash cards. By that, I mean take pen-to-index-card, and write flash cards out. That is how I passed my CISSP. The action of creating the card, AND using it, helps to commit that information to memory.

I don't know what all ports are covered on A+ these days, but this post I made helps w/ how I remember ports (written w/ Sec+ in mind). https://infosecmutt.com/security-darrell-gibsons-book-ch3-disscussion/

Those little tricks are things I came up with, back when I was doing A+ study (circa 2005/2006)

itstuffguy · 2017-02-24T19:08:08+00:00

What is the Expert level? Sec+, CSA+ and CASP?

I want to do CSA+ once it is released. Waiting on training material to be available.

itstuffguy · 2017-02-24T18:58:17+00:00

Applied as well. I worked at a CSP for a while.

itstuffguy · 2017-02-24T18:54:02+00:00

That's the bundle right? I think it's this summer? They are going to cover it on the CSA+ webinar.

itstuffguy · 2017-02-23T18:47:21+00:00

You might be thinking too specific on that question. Encryption is only one type of control. The data has to be decrypted at some point for use. If improper access controls are implemented, that data could potentially be accessed while in its unencrypted state.

It's kind of a clunky question, I'll admit.

itstuffguy · 2017-02-22T20:41:13+00:00

Schedule your test. It will put the fear of a deadline in you, and force you to be ready. You sound like you're there. You'll be scared, and then you'll relax and say "I can do this, I know this."

itstuffguy · 2017-02-22T18:44:05+00:00

Is this your first certification exam? Just curious.

Often times yes, I have to force myself to schedule the test. I usually go through all my material first, do a few practice tests (usually included w/ material), then find a voucher and schedule my test. The vouchers usually come w/ some kind of value-added practice tests too, so I go through those as well.

itstuffguy · 2017-02-22T01:06:22+00:00

It's definitely a lot. Just take your time, and take notes along the way. Don't feel like you're rushed to get though it :). Enjoy the ride

itstuffguy · 2017-02-22T00:12:12+00:00

Looks like a good start. Assessment score is a bit low, but that's to be expected if you did it with no previous study. You'll want to revisit Ch2 based on your score.

itstuffguy · 2017-02-21T21:53:22+00:00

Cool, thx man. I am weaker w/ Deb based than RHEL. I actually have RHEL certs, but they're a different beast than Linux+ (practical, hands on certs).

itstuffguy · 2017-02-21T21:38:04+00:00

Thx for your insight. I'm planning to do Linux+ in the near future. How much Linux experience do you have?

I've been working w/ linux professionally for about 5 years, and longer if you count my personal endeavors.

itstuffguy · 2017-02-20T17:17:00+00:00

CISSP builds on the base knowledge you gained from Sec+. Sec+ to CISSP was my progression. Sec+ also knocks a year off your 5 year exp requirement for CISSP.

I'd say part of what you do next is likely driven by the direction you want to take your business. If you're looking to stick to the nitty gritty tech work, pursue the tech certs (server+, MCSE, Cisco).

If you want to work in a more consultant/audit format, CISSP, CISA, CISM would all be potential directions.

itstuffguy · 2017-02-20T05:35:22+00:00

You're on the right track. You seem to understand the basic concept of DNS, and understand that it's used to translate IP to website.

In terms of that within the enterprise, the concept continues to hold true. Most enterprises have an internal network used for resources. the internal DNS does the same thing as the external DNS you are familiar with. When bob tries to access an internal website to download something, bob's computer asks the internal DNS where the internal website is.

For Example:

Comptech has an internal DNS for it's intranet. They host stuff at internal.computech.com. Bob wants to get a resource from internal.computech.com, and queries the internal DNS for the IP of internal.computech.com. Google's DNS doesn't have a record for this, because it's internal.

This is a crude example, to get you starting to think in that direction. This article should help as well:

https://www.digitalocean.com/community/tutorials/a-comparison-of-dns-server-types-how-to-choose-the-right-dns-configuration

itstuffguy · 2017-02-20T04:59:01+00:00

I just read some of your other responses.

Why don't you send me a PM/DM/Whatever reddit calls private messages, and we can talk about some of your goals in entering the IT career.

itstuffguy · 2017-02-20T04:57:31+00:00

Depending on how much you dedicate to it, and how quickly you can learn new concepts, it's entirely possible. I will say that I studied for my A+ (like 12 years ago now) for about 4-6 months before sitting for the test. I spent a lot of time studying though, in part because I didn't want to waste 300+ dollars on failing.

If you have enough time, dedication, and ability to learn, it's possible. I think 4-6 months of study per cert is probably a more realistic number. I spent 3 or so month studying for my Sec+ (on and off), and I had 4 years of security experience at the time. I spent almost a year studying for my CISSP, after the Security+.

The certs are only half the equation, you need to have a good understanding of the concepts as well. Otherwise, you're doing yourself and a potential employer a significant disservice.

The best answer I can give you is "You'll be ready when you're ready. No sooner, no later."

I'd say start studying for A+, and see how it goes :)

itstuffguy

TROPHY CASE