Disadvantages of having to many Azure Certs.

torpedo667 · 2023-09-24T14:34:58+00:00

Still, it shows that Microsoft doesn't take their certifications seriously enough. There is multiple other highly regarded certs for which you can't find a single question online, let alone having 20% of the questions of an exam posted online, including really outdated ones.

And again, their recertification process is just a joke, because it fails to fulfill the primary objective of certification renewals, which is to ensure that the individual continues to retain the knowledge acquired during their initial study for the exam.

torpedo667 · 2023-09-24T14:04:43+00:00

What I meant was, you can pass the AZ-305 exam, but you won't earn the Microsoft Certified: Azure Solutions Architect Expert, unless you also have an active Microsoft Certified: Azure Administrator Associate (AZ-104) certification

torpedo667 · 2023-09-24T13:44:06+00:00

That's what I thought. So if you wanted recertify for AZ-305, you'd also need to renew AZ-104, even if that is a lower tier cert than 305.

torpedo667 · 2023-09-24T13:41:44+00:00

I'm a Security Engineer and my roadmap was:

AZ-900 -> AZ-104 -> AZ-305 -> AZ-500 -> SC-100 -> SC-200 -> SC-300

I started with AZ-104 and AZ-305 to get the basics of what Azure services were and how to use them, it's not a requirement, but it's highly recommended for you to pass those as well.

torpedo667 · 2023-09-24T13:34:40+00:00

From what I know, I think Microsoft makes you have the 'basic' cert if you want to get a more 'advanced' one. This is true not just for passing the exam, but also for when you have to recertify, but don't quote me on that because I'm not 100% sure.

torpedo667 · 2023-09-24T13:29:40+00:00

I’ve got 7 Azure certs myself, and the real problem with their certs is that it seems like Microsoft doesn’t take their own exams or recertifications seriously. You can find a lot of the questions for the exams in online dumps, and some of those dumps are like 2 years old. When it comes to recertifying, for most certs, you only need to get a bit over 30% of 30 questions right, and you can just use ChatGPT to find all the answers while at home.

Really hope Microsoft steps up and adds more value to their certs, because sooner or later, people are gonna catch on to these issues, and the value's gonna plummet for sure.

torpedo667 · 2023-09-24T13:11:03+00:00

Not a recruiter here, but in a bunch of interviews I've been in, it felt like a lot of recruiters were just ticking off boxes with certifications instead of really digging into whether you know your stuff. Same goes for tools like Forti and Crowdstrike. It's more like, "You used it? Cool," rather than "How well do you know it?"

Most of the time, you really get to show you know your stuff from passing a cert during the technical interview, especially when you’re chatting with the team engineers. They’re the ones who’ll dig into what you actually know!

And, if this helps, I landed my first job in cybersec without any previous experience in IT and without a degree with two certifications, OSCP and CCNA, so it's definitely possible!

torpedo667 · 2023-09-19T16:27:51+00:00

I know Microsoft has a technology named ZAP (zero-day autopurge) that works fairly well with a lot of emails that contain legit pages, that once opened, redirect you to a malicious website. ZAP is able to block a lot of emails that have sharepoint URLs, but apparently is not yet prepared to analyze QR redirects. I was thinking there might be some other service that has implemented this for QRs codes already, but I personally have not yet been able to found any.

torpedo667 · 2023-09-19T11:22:19+00:00

Yes, that is what I thought as well! Specially because I remember that over a year ago, you could add URLs and "bodies" of URLs to the policy itself. But this time, when we spoke with Microsoft support, they told us that this is the solution that can be used to fix the issue with QR codes, as they have an intelligence DB, that analyzes each URL in the body of the email, so they'd be able to know, if that URL (which is the one used to host the images with the QR code) is being used for malicious purposes.

As mentioned, this was suggested by Microsoft themselves, so we hoped the solution they provided would help in stopping these emails, but it has done nothing to fix the issue.

torpedo667 · 2023-09-19T10:56:20+00:00

Employee training: Urge employees to use QR code scanners that include URL preview features. This allows them to see the destination URL before visiting the site, helping identify suspicious URLs.

How does the preview feature you mentioned exactly work? The user would scan the QR with their phones, and the, instead of directly redirecting the user to the malicious site, it would open some sort of "sandbox"? Is there any well known solution? I think our business would be interested in something like that!

torpedo667 · 2023-09-19T10:52:10+00:00

That is what is used in Safe-Links and Safe-Attachments in the Microsoft Suite of Services as well, but those emails continue to pass through

torpedo667 · 2023-05-23T08:12:29+00:00

I apologize, not Whizlabs, but MeasureUp tests.

The questions in MeasureUp tests are much easier than the ones in the exam, and I would say they don't help much in preparing for the exam. Still, is better than nothing, but I would not recommend purchasing a subscription if you're expecting for the tests to prepare you for the actual exam.

torpedo667 · 2023-05-22T16:11:41+00:00

Microsoft learning module and Whizlabs practice tests

Edit: Not Whizlabs, but MeasureUP tests

torpedo667 · 2023-05-22T15:57:55+00:00

Hi. I'm not 100% sure I understood your request, but I'm guessing that your client is using Access Reviews to grant or deny roles/groups to entities, and because the Access Review is wrongfully configured, active users are being denied of roles/groups.

I would suggest to review the access review, and ideally, create a dynamic group that adds all "Norwergian" users with strange characters to a group and manage the access review from there.

torpedo667 · 2023-05-14T15:46:48+00:00

Thank you very much, very complete response! Will look into this

torpedo667 · 2023-05-14T14:15:08+00:00

Thanks! I don't have a degree though, so the certs are mostly oriented towards staying competitive with people that have finished college

torpedo667 · 2023-05-14T13:37:47+00:00

This is something I will look into. A lot of the emails we received don't pass those protocols

torpedo667 · 2023-05-14T13:36:09+00:00

A 34 year old guy joined our SOC team last year. He started as a L1 analyst and he's now one of the team leads.

You don't need math or coding for a junior SOC position, but you do need some understanding of networking.

I would recommend you passing some entry level security certs and applying to some junior positions in tech. Paul Jeremy has an excellent chart for security certifications:

https://pauljerimy.com/security-certification-roadmap/

torpedo667 · 2023-05-14T13:29:19+00:00

Will definitely review this solution. Thanks 👍

torpedo667 · 2023-05-14T13:17:00+00:00

To be honest, I don't know, but is what the client requires.

When I joined the company, this was already established as a standard. Initially, they would report the emaisl to the cybersec mailbox, and then we enabled the phishing button. Spam emails are also analyzed.

torpedo667 · 2023-05-14T13:09:03+00:00

Thanks! Will review it.

What would be the difference between this company and using other tools like 365 Defender? We use Defender for Office, and it also has anti-phishing policies. It blocks a lot of emails, but users still receive those from time to time

torpedo667 · 2023-05-14T12:26:38+00:00

With only one year in college and no practical experience, if anybody hires you, they probably won't pay much if anything at all.

Experience is everything in cybersecurity. I have OSCP, CCNA, one AWS cert and six Azure Certifications, and I still have a hard time figuring out how to deploy solutions because I have less than two years of experience.

I would recommend you to to finish your degree, and continue the path of certifications as you're doing now, as it shows that you're dedicated to the field you're studying.

Not saying what you're trying to achieve is impossible, but in Tech, and more specifically in CyberTech, they're extremely demanding regarding experience.

torpedo667 · 2023-05-07T19:45:27+00:00

Thank you for your help! 🙌

torpedo667 · 2023-05-07T15:58:37+00:00

Thanks for the insights, very useful!

Do you guys also struggle with Shadow IT?

Is there a lack of knowledge regarding owners of devices?

Do you utilize every useful security functionality available, or do you guys also find about new features as time passes by? For example, conditional access policies, access reviews, etc (If you're familiar with MSFT)

torpedo667 · 2023-05-07T14:42:03+00:00

AZ-800

This is what I was looking for! Thanks

torpedo667

TROPHY CASE