Cyber Security vs Computer Science Degree – Which is Right for You?

Cyber Security vs Computer Science Degree – Which is Right for You?

If you are looking to get into cyber security by the more formal “degree route”, you will be confronted with the decision between choosing whether you should get a computer science degree or a cyber security degree. This decision depends on a lot of personal factors, but in this article, we will be breaking down the pros and cons of each route and help you decide for yourself.

Computer science degree vs cyber security degree? Both computer science and cyber security degrees will get you a job in cyber security. Comp sci is more technical but is less specific to the field of cyber security while cyber security degrees are more specific but may lack important computer science theory and fundamentals.

How Do You Choose Which Degree Is Right for You?

Many colleges have recognized the difference between computer science and cyber security and offer separate programs. This presents prospective students with a serious dilemma.

It used to be that universities offered security-focused courses within their computer science programs. With the serious skills gap that the cyber security industry is experiencing colleges have identified the demand for cyber security-specific programs.

Cyber Security Degree

The concept of a cyber security degree is a relatively new concept. Many colleges are still developing them as you read this article, because of this the concepts and topics that the degrees cover are not very uniform.

This is not to discourage you from a cyber degree at all, it just means that you need to do your research to ensure the college your selecting is covering the areas of cyber security you want to learn.

What Do Cyber Security Degrees Cover?

  • Information Systems
  • Information Technology
  • Networking
  • Entry Level Programming
  • Digital Forensics
  • Cyber Security Ethics, Law & Policy
  • Risk Analysis
  • Offensive Security
  • Security Operations

As you can see, cyber security degrees cover a very wide range of topics. This is by design; the cyber security industry is very broad and these degree programs are designed to introduce you to many of the areas within the field.

How Hard is a Cyber Security Degree?

Cyber security degrees range in difficulty widely. Some cyber security degree programs can get very technical and difficult. I will use Penn State’s Cyber Security Analytics and Operations Major as an example. This degree program is at the cutting edge of cyber security and it very technical and difficult.

This degree program covers technical topics such as:

  • Incident Handling and Response
  • Malware Analytics
  • Cyber Analytics
  • Calculus
  • Advanced Programming Courses

I have included this information not to promote Penn State University, but to illustrate a more technical program that will really prepare you for a career in cyber security.

On the other hand, some schools provide a “cyber security degree” that is nothing more than an information technology degree with a class or two that focuses on security.

My final advice on cyber security degrees is to do your research and ensure you will be getting what you want from this 4-year investment.

More Support

In general, cyber security programs are focused on graduating as many qualified students as possible. This is due to the massive shortage of professionals cyber security is experiencing.

In my experience in taking both cyber security and computer science courses, cyber security professors and staff are much more supportive in ensuring that all students can succeed. Many other degree programs like engineering and comp sci have “weed-out courses” that are geared towards thinning out the heard because those job markets are more competitive.

In my personal experience, cyber security university staff will do whatever it takes to ensure that every student that is willing to do the work will be successful! Computer science feels more like an everyone for themselves type of mentality.

The Cyber Security Community

Cyber security degree programs also allow you to network with other security students and form clubs and organizations around specific interests. These connections go a long way and will really help you build hands-on experience that you can demonstrate to employers.

Cyber Security Degree Pros

  • Specific security topics that directly apply to jobs in cyber security
  • Tells companies you have foundational cyber security knowledge
  • Can be very advanced if you find a mature cyber security college program
  • More support
  • Joining the security community

Cyber Security Degree Cons

  • Cyber security degrees are not the same from school to school
  • Cyber security degrees are new and will have “growing pains”
  • Strong emphasis on concepts and theory (not every college)

Computer Science Degree

Computer science is the study of the theoretical foundations of information and computation and their implementation and application in computer systems.

Computer science degrees are very technical and can be very valuable for cyber security jobs. While comp sci degrees aren’t specific to the field of cyber security, they can really set you up with a strong foundation to build upon.

If you are very technical and are willing to learn security on your own time and get involved with the cyber security community, comp sci may be the best route for you.

The Computer Science Degree Route Is More Work

Let’s face it, computer science is a notoriously difficult degree. Most comp sci degree programs have many “weed out” courses where they try to cut out the students who cannot pass. This is not something we have to deal with in cyber security degree programs.

In addition to taking harder courses, if you choose to go the comp sci route you will have to learn security on your own time. There may be some courses that touch on security, but for the most part, it is on you to learn security and get involved with the community.

This degree program covers technical topics such as:

  • Mathematical foundations
  • Algorithms and data structures
  • Artificial intelligence
  • Computer architecture
  • Programming languages and compilers
  • Software engineering
  • Theory of computation

The Generalize Then Specialize Approach

The generalize then specialize approach is very applicable with the comp sci degree route into cyber security. Learning the fundamentals of computing before learning any security is my preferred approach and I wish that cyber security degree programs would adopt this mentality. This approach ensures that you have a very good understanding of the systems your securing.

Should You Get A Computer Science Degree for Cyber Security?

If you are willing to put in the extra work, a computer science degree will make you a very important member of a cyber security team. “Generalize then specialize” is a very valid concept and a great approach to cyber security. If you go this route you will have to make an extra effort to get involved with cyber security clubs and organizations, but if you do it right it will pay dividends!

Computer Science Degree Pros

  • Very strong foundation in math and computer theory
  • Generalize then specialize
  • Provides a great foundation for pen testers or very technical security engineers

Computer Science Degree Cons

  • Not specific to cyber security
  • Very difficult and math-based
  • Requires additional “extracurricular” cyber security research and practice
  • “Weed out” courses are very difficult
  • Less support

Final Thoughts

There is no perfect approach to going to college for cyber security. If you are fortunate enough to have access to a mature accredited cyber security program then you should consider it. If you chose this route, make sure you are not neglecting the computing theory even if you have to learn this information on your own time. Going the comp sci degree route can really set you up well for a technical role in cyber security as long as you are willing to put in the work and learn cyber security on your own time.

7 Best Cyber Security Certifications For Beginners

7 Best Cyber Security Certifications For Beginners

If you are new to the cyber security field, you have probably heard many people and job postings mention certifications. But there are so many IT and cyber security certifications out there. Let’s take a look at the best cyber security certifications for beginners.

With the serious demand for qualified cyber security professions, it may be time for you to get certified. Here are 7 beginner cyber security certifications that will help launch your career.

CompTIA Security+

Without a doubt, the Security+ is one of the most popular entry level cyber security certifications. We have covered just how important the Security+ is in numerous blog articles and these all can be seen under our Security+ blog category.

The Security+ provides the student with a great foundation of cyber security topics. The certification is “a mile wide and an inch deep” but when you’re just getting into the field, that’s exactly what you need! Having the Security+ on your resume will help it get noticed and will help land you that cyber security job!

If you are interested in taking the Security+, we have created the ultimate guide for you. Our guide covers strategies to pass the Security+ on your first attempt, the best security+ study material, common questions, and at the end we layout a success timeline to help you stay on track.

Security+ Prerequisites

The Security+ has no prerequisites. If you are brand new to IT and Security, we recommend that you take the Network+ or the A+ first depending on your level of comfort with the material.

CompTIA Network+

The Network+ is another foundational exam that is provided by CompTIA. If you are a beginner to IT and cyber security this is one of the first certifications we recommend.

While there are no prerequisites for the Security+, we recommend taking the Network+ first. Having a solid understanding of networking will make the Security+ a lot easier.

The Network+ covers basic computer networking concepts, such as routers, switches, and common protocols. The Network+ also touches some security concepts, such as cyber-attacks and systems hardening concepts.

If you can’t decide whether you should take the Network+ or the Security+, check out our comparison of these entry level CompTIA certifications.

Network+ Prerequisites

As with the Security+, the Network+ has no prerequisites. If you are brand new to IT and Security, we recommend that you take the CompTIA A+ first.

GIAC Security Essentials (GSEC)

GIAC is one of the most reputable and high-quality certification providers out there. I am currently pursuing the GDAT that is provided by them. SANS training is not cheap but it is absolutely worth the money with the information that you learn and the weight that these certifications hold.

The GSEC is a 400-level sans course (SEC401). Sans courses range from 300-level to 600-level in difficulty. You may ask, “should I take the 300 level sans course?” We recommend jumping into the GSEC certification instead of going for the lower level GIAC Information Security Fundamentals (GISF) because these certifications are not cheap and the GSEC will hold the best value for you.

GSEC Prerequisites

The SANS GSEC is an ideal entry-level certification and it does not have any prerequisites. The best way to prepare for this exam is to take the accompanying SANS 401 course.

ElearnSecurity Junior Penetration Tester (eJPT)

The eJPT may be a surprise on this list for many. ELearnSecurity is a certification/training company that is steadily gaining traction in the market. Whenever a new company or new certification hits the market, there is usually a large time gap until the recruiters understand and trust the company and the certifications they provide.

What is the eJPT? The eJPT is a 100% hands-on certification on penetration testing and information security essentials. Instead of answering multiple-choice on exams like the Pentest+ and the CEH, the eJPT is purely hands-on and aims to replicate a real-world scenario.

eJPT Knowledge Domains:

  • Good knowledge of TCP/IP
  • Good knowledge of IP routing
  • Good knowledge of LAN protocols and devices
  • Good knowledge of HTTP and web techologies
  • Essential penetration testing processes and methodologies
  • Basic Vulnerability Assessment of Networks
  • Basic Vulnerability Assessment of Web Applications
  • Exploitation with Metasploit
  • Simple Web application Manual exploitation
  • Basic Information Gathering and Reconnaissance
  • Simple Scanning and Profiling the target

What is the eJPT Exam Like?

The eJPT exam is hosted in Hera Lab, this lab environment mimics a real works network with realistic targets. Test takers will be provided VPN access and that’s all they need!

Who Should Take the eJPT?
If you are looking to transition into penetration testing and want a more practical exam than the Pentest+ or the CEH, then the eJPT is the right exam for you. The eJPT serves as a great introductory exam to the OSCP, or the other more advanced certifications that ELearnSecurity offers.

Does The eJPT Have Any Prerequisites?

Anyone can attempt the eJPT exam! We do recommend that you consider these skills that ELearnSecurity has announced are relevant to the exam.

  • Deep understanding of networking concepts
  • Simple manual web application security assessment and exploitation
  • Performing basic vulnerability assessment of networks
  • Using Metasploit for performing simple attacks
  • Web application Manual exploitation, by using common attack vectors
  • Ability to perform protocol analysis of a traffic capture
  • Understanding of information gathering techniques
  • Understanding of the penetration testing process


ISC2 Systems Security Certified Practitioner (SSCP)

The (ISC)2 Systems Security Certified Practitioner (SSCP) is an entry-level information security certification. It serves as the ideal precursor for the highly sought after Certified Information Systems Security Professional (CISSP).

According to ISC2 the SSCP certification demonstrates you have the advanced technical skills and knowledge to implement, monitor, and administer IT infrastructure using security best practices, policies, and procedures established by the cybersecurity experts at (ISC)².

SSCP Prerequisites

There are some experience requirements for the SSCP. Candidates must have a minimum of one-year cumulative paid work experience in one or more of the seven domains of the SSCP CBK. Work experience must fall within one of the following domains.

  • Domain 1. Access Controls
  • Domain 2. Security Operations and Administration
  • Domain 3. Risk identification, Monitoring, and Analysis
  • Domain 4. Incident Response and Recovery
  • Domain 5. Cryptography
  • Domain 6. Network and Communications Security
  • Domain 7. Systems and Application Security

Cisco Certified CyberOps Associate

According to Cisco, The Cisco Certified CyberOps Associate certification validates your skills and knowledge in security concepts, security monitoring, host-based analysis, network intrusion analysis, and security policies and procedures.

This is ideal for those who are looking to get into a Security Operations Center (SOC) position.

CCNA Certified CyberOps Associate Prerequisites

There are no prerequisites for the Cisco Certified CyberOps Associate but we do recommend that you review the exam blueprint before taking on this exam.

Certified Ethical Hacker

The Certified Ethical Hacker (CEH) is a popular entry-level penetration testing certification. The average salary of a Certified Ethical Hacker is $71,331. Having the CEH will help your resume get read, and will help you get your first job as a penetration tester.

We have an in-depth analysis of whether the CEH is worth it, but we will provide some of the main points here.

The CEH certification will open you up to many lucrative job positions. Below are some of the roles you can get into with a CEH and the corresponding salaries provided by Infosecinstitute.com

  • Information security analyst: $70,721
  • Penetration tester: $80,334
  • Information security manager: $108,352
  • Security engineer: $88,062
  • Cyber security analyst: $74,360
  • Information security engineer: $91,075

While the CEH is a great certification, we really only recommend taking it if the specific job you are applying for is looking for CEH certified candidates. While there are a lot of employers seeking certified ethical hackers, the certification itself isn’t the best bang for your buck considering the alternatives.

Related Questions

Do you need the A+, Network+, and Security+?

The A+, Network+, and Security+ are without a doubt the most popular, entry-level CompTIA exams. Many people ask whether they need all three or if they can get a smaller subset of these exams for a career in cyber security. Check out our article which will help you decide which exams are right for you given your unique situation.

Out of all 7 of these certifications, which is the best for beginners to start out with?

Out of all of the certifications that we cover in this article, we recommend that most beginners start with the Security+. If you want more Security+ content, we have an entire Security+ blog category on our site devoted to just that.

Final Thoughts

Hopefully, through reading this article, you have identified the perfect certification for you to pursue. We have covered many of these exams in separate, more in-depth blog posts.

If you want more, you can check our Certifications category, this is where we post all the most recent information and updates to our certification content. Best of luck in your certification journey!

 

6 Best Programming Languages to Learn for Cyber Security

6 Best Programming Languages to Learn for Cyber Security

Not all cyber security professionals need to know how to code. But if you do know how to code you will boost your productivity and make you an extremely valuable member of your cyber security team.

 

Here are 6 best programming languages to learn for Cyber Security.

Python

Python is a powerful interpreted, object-oriented, high-level programming language.

Ok, that’s a very descriptive sentence, lets break it down and go through why Python is a great language to learn for cyber security.

A high-level language is a programming language with strong abstraction from the details of the computer. What this breaks down to is that the language of python is programmer-friendly, easy to understand, portable, and simple to maintain.

Python is an interpreted language. This means that it does not need to be compiled, all we need is the python interpreter installed on our system.

Why Should You Learn Python for Cyber Security? We have a full article on this topic, but we will give a brief summary here.

Python is number one on our list today because of its popularity and ease of use. When we have to write a script in cyber security, the odds are that we will be pretty crunched for time.

The amount of cyber security and other useful libraries that the python community offers are almost unmatched. This means that we can quickly implement libraries, or adapt solutions that other cyber security professionals have made public.

PowerShell

Let’s face it, Windows is not the preferred operating system for most cyber security professionals. For this reason, many people often overlook PowerShell.

If you are a defender, most of the systems and workstations you will be defending will be windows based.

 

If you are an attacker, most of the systems and workstations you will be attacking will be windows based.

So, if our clients and our targets are going to be windows based, it is a very good idea to learn PowerShell.

PowerShell For Blue Team

Understanding the Attacks: As Blue-Teamers it is very important for us to understand PowerShell. We need to be able to at least read and understand PowerShell. To better understand the PowerShell attacks that are occurring in our environment we may also need to de-obfuscate it.

Writing Defensive Rules: Hopefully, we can stop the attacks before they successfully execute. Understanding PowerShell will help us create alerts and ensure we are upholding all of the PowerShell best practices.

PowerShell For Red Team

PowerShell has been used widely by attackers in the past and is now becoming increasingly harder and harder to get away with.

Blue teams have invested a lot of time into rule creation and because of this, red teamers are moving away from PowerShell. More and more attackers are moving to C#. Don’t worry, we will be telling you why later on in this article.

Why Is PowerShell So Useful for Attackers?

Living off The Land

Living off the land is a common attacker expression that basically just breaks down to using the tools and utilities that are available to you on the system you are attacking.

PowerShell is a very dangerous tool in the hands of a red teamer. PowerShell is built on the .NET Framework. In addition, PowerShell is a built-in command line tools on the systems that attackers are targeting.

PowerShell has access to the Windows API and .NET classes so it can be used to perform some very dangerous and powerful actions.

Blending in With the Noise

PowerShell is used very often in enterprise environments. System administrators commonly use PowerShell to perform administrative tasks. This makes the life of the blue teamer very difficult.

Defenders must be able to sort out the legitimate PowerShell activity with that of the attacker.

PowerShell Through WinRM

WinRM is a remote management utility, commonly used by system administrators. It is also commonly abused by attackers. Attackers can run PowerShell commands or scripts through WinRM in an attempt to avoid security controls.

Fun Fact: You actually can install PowerShell on Linux.

Bash

Many people debate whether Bash can actually be described as a programming language. It is a shell scripting language that is available in the Linux shell and can be installed in windows as the Windows Subsystem for Linux (WSL).

Regardless of whether you want to call this a programming language or not, understanding bash is vital for your cyber security career.

Bash for Blue Teams

Bash can be very useful for blue teamers; they can use is to create scripts of tasks they have to run frequently. This saves time and eliminates misconfigurations.

Blue teamers also need to protect Linux systems. They can utilize bash scripts to harden the systems and ensure that systems are up to date.

Bash For Reverse Engineering. Defenders can perform basic checks or write a script that can examine malicious files.

  • Strings (prints strings of printable characters)
  • Nm (list symbols for target program)
  • Strace (trace system calls made by a program)

All of these Linux commands can be put into a bash script that may run a series of checks when a suspicious file is identified.

Bash for Red Teams

Attackers have to be very adept at bash scripting. Most attackers will be using Kali Linux or a similar distribution to carry out their attacks.

The more experienced an attacker becomes the more bash scripts they will create to automate their processes.

Some example use cases that an attacker would create scripts for are infrastructure scripts, text processing, password spraying, emailing, port scanning, etc.

Let me make this clear, bash is rarely used to actually perform the attacks, it is more of a language to support the back-end efforts of the attacker on their Linux attack host.

With that being said, if the attacker is targeting a Linux host or a server running Linux they may employ some more fun bash scripts.

Some examples of offensive bash are, identifying privilege escalation opportunities, creating a simple reverse shell, searching the file system for interesting information, etc.

As you can see, bash is very useful for both attackers and defenders to be able to write and understand.

If you are interested in learning bash, check out this video and article where I cover the 25 most commonly used bash commands in cyber security.

C#

As we discussed while talking about PowerShell, C# is more commonly being used as a PowerShell replacement by attackers. This summary is about to get slightly technical.

Why Do Attackers Use C#?

The use of PowerShell by attackers hit its peak around 2015-2017. Defensive security teams caught on to this and there was a massive effort to secure PowerShell execution.

Skip ahead to 2020 and most organizations have at least enhanced PowerShell logging and have rules to pick up on malicious commands.

Enter C# which shares the same underlying technology (i.e. .NET runtime) with PowerShell but is lacking many of the security features that PowerShell has.

The bottom line is that C# still has access to the .Net libraries and underlying windows components but is not as heavily scrutinized by defensive toolsets.

Running A .NET Assembly in Memory

We previously mentioned that it is significant that C# utilizes the .NET framework. Let’s dig in to how attackers can abuse this.

C# is a compiled language. After we compile our code, we produce a .Net Assembly. Assemblies take the form of executable (.exe) or dynamic link library (. dll) files.

This becomes extremely useful when we have a tool like Cobalt Strike. Cobalt Strike is a popular command and control framework used by attackers and penetration testers.

Cobalt Strike’s “execute assembly” command will run a local .NET assembly in the memory of a process that is on the targeted host.

This means that your malicious binary (.exe file) will never touch the disk of the host you are targeting. This drastically decreases the risk of detection.

If you are looking to get into offensive security+, I strongly recommend you familiarize yourself with C#. It is a very powerful language.

JavaScript

If you are interested in testing or securing web applications you should invest the time to learn JavaScript.

JavaScript is a scripting or language that allows you to implement complex and reactive features on web pages. JavaScript is both a front end and back end language of the web.

If you want to work with cookies, manipulate event handlers, or perform cross-site scripting (XSS) JavaScript is the language for you.

Guess what was the most popular hacking technique (not a fan of that phrase) of 2019? The answer is XSS!

According to Fudzilla, Cyber-attacks have targeted nearly 75 percent of large companies across Europe and North America over the last 12 months. According to Precise Security’s research 40% of all cyber-attacks in 2019 were performed by using cross-site scripting, which is hackers’ favorite attack vector globally.

Fun Fact: 72.3% of all cyber-attacks were targeted towards websites, the 2019 data indicates this is the hackers’ favorite platform to perform attacks globally.

Assembly

Assembly (commonly abbreviated to ASM) is by far the most important tool for any reverse engineer. Assembly is the human readable version of machine code. Assembly is able to be understood by the CPU.

Languages like C, C++, Go, Pascal, and Haskell are all compiled to machine code, and as a result, the majority of malware can be read as Assembly code using a disassembler (software which translates machine code into its human readable version, Assembly).

If you are able to read Assembly well, you don’t need the original code for anything written in a language that compiles to machine code. As a Reverse engineer, it is not expected that you will have the fortune of getting to reverse engineer high-level languages.

Different CPUs accept different versions of assembly language. Luckily there are only 2 common instruction sets when it comes to traditional computers (i386 and x86_64).

If you are interested in becoming a reverse engineer, you should invest the time to learn assembly. It is a long journey, but you will be well equipped and a very strong cyber security defender.

Top 3 Languages for Blue Teamers

  1. Python
  2. Assembly
  3. PowerShell

Top 3 Languages for Red Teamers

  1. Python
  2. C#
  3. JavaScript

Which of These 7 Languages Is for You?

After you have heard about the 6 best languages for cyber security you probably have a lot of questions about which language is right for you. We will try to make this easy.

For The Newer Programmer

If you don’t know how to program yet, go with python. The python ecosystem will open you up to many projects and libraries that will get you going very quickly.

Need more convincing, I go into more detail here about why you should learn python.

For The Web App Tester

Learn JavaScript, having this tool in your bag will help you better learn and understand the attacks that are facing our web applications.

For The Seasoned Blue Teamer

You should invest the time to learn ASM if you want to be a valuable asset to the blue team. Reverse Engineers are few and far between. You will never be without a job!

For The Advanced Red Teamer

Learn C#. This will allow you to better mimic the threats that are out there and ensure your organization is protected.

Everybody!

Everyone should learn at least the basics of Bash scripting. This will save you a lot of time in the long run. I have a video and article here where I cover the 25 most commonly used Linux commands for cyber security professionals.

Everything You Need To Know About The CySA+ – Tips, Alternatives, and Study Materials

Everything You Need To Know About The CySA+ – Tips, Alternatives, and Study Materials

The CySA+ is quickly gaining recognition for being a great intermediate level cyber security certification, but there is still a lack of information out there. Before I took the certification, I had a lot of unanswered questions and didn’t know if taking the CySA+ would help my cyber security career.

Should I take the CySA+? The CySA+ is a great intermediate level cyber security certification to hold. If you are working in the cyber security field or looking to enter the field of cyber security as an analyst, the CySA+ is a great certification. The CySA+ will build your skills and get your resume read.

Is the CySA+ Right for You?

There are a lot of well-respected certifications out there, how do you know if the CySA+ is the right cert for your career path.  We are doing to take a deep dive into the certification and answer some common questions and concerns

Is the CySA+ Difficult?

The CySA+ is not an easy exam. The exam questions require an in-depth understanding of the cyber security analyst role. But, with the proper study strategy and materials, the student can develop an understanding of the required material and have success on this exam.  

Who is the CySA+ Intended For?

The CySA+ is specifically intended for professionals following the cyber security analyst path. The CySA+ covers the following objectives (domains).

  • Threat Management
  • Vulnerability Management
  • Cyber Incident Response
  • Security Architecture

If you are an experienced blue-teamer the CySA+ is the perfect exam for you. While this exam does cover some red team topics, if you are a red-teamer or are looking to getting into offensive security, the Pentest+ will be a better option for you.

According to CompTIA the CySA+ Covers the Following Job Roles:

  • Security operations center (SOC) analyst
  • Vulnerability analyst
  • Cybersecurity specialist
  • Threat intelligence analyst
  • Security engineer
  • Cybersecurity analyst

What is a cyber security analyst?

Security analysts are ultimately responsible for ensuring that the company’s systems and network are protected from unauthorized access. Security Analysts are at the front lines in defending their organization against cyber threats.

CySA+ Job Relevance

When I got the CySA+ and I was a SOC Analyst. This certification was very relevant to the work that I was doing and I used the skills that learned every day on the job.

If you are currently working as a cyber security analyst, a lot of the information on the exam will be familiar to you.

The best part of the CySA+ is its relevance to the job, unlike a lot of exams that are more based upon theory, the CySA+ asks hands-on tool based questions.

Hands-On Tool Based Questions

A lot of the exam consists of interesting the output of common tools and logs. This is where I see the most value In the certification. The CySA+ will not tell you everything you need to know about a specific tool, but it will help you become familiar with tools when you encounter them in the field.

For the CySA+, you will get exposure to tools like (just to name a few):

  • Tcpdump
  • Netstat
  • Nbtstat
  • Dig
  • iptables
  • Nmap
  • Nessus
  • Wireshark

Like I said before, you don’t have to become a master at these tools, but the CySA+ will introduce you to them and ultimately will help you when you encounter the tools on the job.

 

What Topics Do the CySA+ Questions Cover?

  • Identifying Threats
  • Network Security Measures
  • Understanding Response and Countermeasures
  • Threats, Vulnerabilities, and Risk
  • Foot printing and Recon
  • Threats to Confidentiality, Integrity, and Availability
  • Controls to secure networks and endpoints
  • Evaluation of Security Controls
  • Information Gathering (passive and active)

You can expect questions to cover a range of areas. The ones I have provided above cover most of what you can expect on the exam.

Remember, the best source of information for the content that is actually going to be on the exam are the official CompTIA exam objectives.

 

comptia career path

Do I Need the Security+ before the CySA+?

The CySA+ falls after the Security+ in CompTIA’s Certification Career Path. While this path is recommended by CompTIA, the Security+ is not a prerequisite for the CySA+. While, there are no requirements to take the CySA+, the Security+ material will help you pass the CySA+.

CySA+ Alternatives

With so many certifications out there is can be hard to choose which one is right for your career path. It is important to weigh all of the options so you can devote your time and money towards the best certification for you.

If you are looking to get into security administration, the ISC2 Systems Security Certified Practitioner (SSCP) may be a better option for you.

If you are either a red-teamer, or looking to become a penetration tester the CompTIA Pentest+ will better serve your needs.

If you have the budget, the GIAC Continuous Monitoring (GMON) is a great certification for your resume. I have personally taken a SANS course and while they are very expensive, they provide you the highest quality information. The GMON or the GCDA may be the right certification for you if your employer is picking up the tab.

The CySA+ is specifically intended for professionals following the cyber security analyst path. Before committing to this exam, make sure it aligns with your goals.

CySA+ Expected Salary

The CySA+ will help you get a position as a Cyber Security analyst. Depending on the area where you live and your experience, a cyber security analyst salary can range from between $64,000 – $120,000. This is a wide range but location and experience are key factors in determining an analyst’s salary.

Will the CySA+ Look Good on My Resume?

The CySA+ is a great resume booster. The certification is still relatively new, but it is quickly proving to be a certification that recruiters are looking for. Recruiters know that candidates who possess this certification have a solid foundation in cyber security and are ready to take on important roles at the company.

Companies are rapidly looking for qualified professionals to fill the cyber security skills gap. The CySA+ tells employers that the candidate possesses up to date knowledge and that they are ready for action.

How Can You Best Prepare Yourself for the CySA+?

Everyone is different when it comes to studying methods, but here at Cyber Career School we have really honed in on the approach of utilizing 3 main study methods.

  1. Reading the Book
  2. Watching the Video
  3. Taking Practice Questions

While it sounds simple, this proven approach is effective for visual learners, auditory learners, kinesthetic learners, and reading / writing learners.

What Is the Best CySA+ Study Material?

The best book on the market right now is the Sybex CySA+ study guide. I really appreciated the deapth of the information in this book and especially the practice questions. Sybex makes some of the most best practice questions out there for this exam.

If you are like me and you burn through practice questions, you should consider getting the Sybex Practice Exam book. I studied these practice exams and did them all multiple times and it really helped in my final preparation. I ended up with a final score of 823!

For the video component of our study method, I recommend Pluralsight. Pluralsight makes some of the best video courses out there. This course really helped emphasize the material that I learned through reading the book.

One other bonus about Pluralsight is the fact that it’s one flat membership to access all of their course content. This means that when you have passed the CySA+ you can watch any of their other cyber security courses or even use the platform for your next certification!

Does the CySA+ Need to Be Renewed?

Like most CompTIA certifications, the CySA+ needs to be renewed every three years. You can renew your certification by getting another one of CompTIA’s certifications (of a higher level) or you can complete 60 Continuing Education Units (CEUs). There is a $50 fee for submitting your CEU credits.

Related Questions

Should I take The CySA+ or The Security+ First?

We actually have a full article to help you decide whether the Security+ or the CySA+ should be your next certification. When choosing whether to take the CompTIA Security+ or the CySA+ you need to identify both your current knowledge and which path you are aiming for.

If you have previous experience in cyber security and are following the cyber security analyst path, then the CySA+ will be the better option for you. If you are new to the field and are looking for a good first certification, then you should start with the Security+.

Final Thoughts:

The CySA+ is a great exam to add to your resume. If you have experience as a security analyst, it will validate your current skills while filling in the gaps and areas that you are weaker on. If you are looking to become a security analyst, the CySA+ is perfect for you. This exam is catered specifically for the role and will tell recruiters that you are ready for action.

If you choose to pursue the CySA+, follow the study strategy presented in this article and you will set yourself up for success!

How I passed The CompTIA CySA+ With A Score of 823

Is the CEH Worth It? (Costs & Alternatives Explained)

Is the CEH Worth It? (Costs & Alternatives Explained)

Choosing a certification is a decision that must not be taken lightly. You are exchanging your and your money and want to ensure that you are making the best decision for your career development. The Certified Ethical Hacker (CEH) certification is a popular entry-level cert, but especially with the other options out there, is it worth it?

Is the CEH Worth It?

The Certified Ethical Hacker (CEH) is a popular entry-level penetration testing certification. The average salary of a Certified Ethical Hacker is $71,331. Having the CEH will help your resume get read, and will help you get your first job as a penetration tester.

While the CEH is a popular certification that looks good on your resume, we recommend that you consider your options and devote some time to really deciding whether this exam is worth your time and money.

Similar certifications to the CEH, like the OSCP, eLearnSecurity PTS, and the Pentest+ may be better for your unique situation. In this article, we lay out all the options so you can be best informed when making this decision.

What Is the Certified Ethical Hacker Certification?

The CEH is an entry-level penetration testing certification that is issued by EC Council. The CEH measures the candidate’s ability to perform reconnaissance, enumeration, gain access, maintain access (persistence), and cover their tracks.

What Is Ethical Hacking?

Ethical Hacking is the process of testing one’s own computers, network, or devices to determine if vulnerabilities exist and to develop preventive, corrective, and protective countermeasures before an actual compromise to the system takes place.

What is the Job Outlook for Ethical Hackers?

As with all jobs in cyber security, there is a lot of anticipated growth in the ethical hacking space. More and more organizations are understanding the importance of testing their systems. For this, orgs will either have internal penetration testing teams or they will hire consultants.

What Jobs Can You Get with the CEH?

The CEH certification will open you up to many lucrative job positions. Below are some of the roles you can get into with a CEH and the corresponding salaries provided by Infosecinstitute.com

  • Information security analyst: $70,721
  • Penetration tester: $80,334
  • Information security manager: $108,352
  • Security engineer: $88,062
  • Cyber security analyst: $74,360
  • Information security engineer: $91,075

What Are the Prerequisites for the CEH?

To attempt the CEH you have two options, you can either take the official training path provided by EC council, or you can attempt the self-taught method. Each of these approaches has its own benefits and downsides.

EC Council Approved Training

The EC Council approved training costs around $850 and will provide you everything you need to know to prep for the exam. This approach is pricey, but you can go into the exam confidently knowing that you have covered all of the exam material.

CEH Self Study Approach

You can also take the CEH exam without taking the EC Council approved training, but this approach has some requirements you must first meet.

  • You must have two or more years of documented information security experience
  • Pay a non-refundable $100 application fee.
  • Submit the EC-Council Eligibility Form
  • Purchase the CEH exam voucher and your study materials

How Much Does It Cost to Get CEH Certified?

The total cost that you will have to pay to obtain the CEH certification varies whether you are taking the EC-Council certified training or taking the self-taught route.

EC-Council Training Approach: For this approach, the total cost will be around $2049 depending on the specific training you take. This cost breaks down into the cost of the exam voucher ($1,199) and the training ($850)

Self-Study Costs: The Self Study approach will cost around a total of $1499. This cost breaks down into the cost of the exam voucher ($1,199), application fee ($100), and estimated cost of study materials ($200).

Do I Have to Renew The CEH?

The Certified Ethical Hacker is valid for three years from the date of your successful completion. After this period has passed you will need to earn 120 CEU’s (continuing education units). EC-Council refers to these CEU’s as ECEs (electrical and computer engineering credits).

In addition to the ECEs, you will need to pay an annual membership fee of $80. This is a massive downside of the exam and should be considered before you invest your time and money in studying for it. Other comparable certifications like the CompTIA Pentest+ do not have an annual fee.

CEH vs The OSCP and The Pentest+

While I do think that the CEH is a good certification, I think that your money and time would be better spent studying for either the OSCP or The CompTIA Pentest+. Even with the recent price increase of the OSCP, both the OSCP and Pentest+ are more affordable than the CEH. In addition to being more affordable, they encompass more real-world scenarios and all for all will provide you a better education than the CEH.

CEH Alternatives:

CEH – $1499-$2049

OSCP – $999-$1349

Pentest+ – $359(+ Study Materials)

eLearnSecurity PTS – $399-$499

After Weighing the Options, Is the CEH Worth It?

On paper, the CEH looks like a great certification, but when you do more research and analyze the alternatives it is not the best option unless you are specifically going for a job that requires the certification.

Our Recommendations:

If you have previous penetration testing experience, we recommend that you take the OSCP. The OSCP is the best way to show you hands-on skills. If you are newer to penetration testing you should go with the Pentest+ or the eLearnSecurity PTS.

Final Thoughts:

This article is not meant to speak down on the CEH, our goal here is to provide an honest review on whether the CEH is worth it while considering the other options that are available. Hopefully, after reading this you are able to choose which certification is right for your unique situation and goal career path.

 

 

 

Everything You Need To Pass The Security+ – Ultimate Guide

Everything You Need To Pass The Security+ – Ultimate Guide

Like most certifications in the tech and cyber security industries, the CompTIA Security+ is not easy to pass. The Security+ is difficult for good reason, it validates your knowledge in the field of cyber security and tells employers that you’re adequately prepared to defend their environments.

If you are studying for the Security+, you have come to the right place. This guide compiles years of knowledge and experience in the field and provides it to you in an easily digestible format. I have tried very hard to provide unique insights that aren’t currently available in any other guide, so buckle up for the ride.

This Guide Includes:

  • 12 Strategies to pass the Security+ on your first attempt
  • Best Security+ Study Material
  • Frequently Asked Questions About the Security+
  • Security+ Success Timeline (Infographic At Bottom)

 

12 Strategies to pass the Security+ on your first attempt

 

Strategy 1: Understand the Exam

When you are taking on any challenge, the first task is to size up the opponent. Before you dive into any study material, get an understanding of the scope of the exam. Locking down the scope of the exam is the first step in creating your study strategy.

CompTIA releases a set of objectives for every exam they create. Familiarize yourself with this information in the beginning. Whenever you are studying and come across new information, identify how this relates to the objectives.

Strategy 2: Identify the Exam Objectives

Each objective that CompTIA outlines skills and knowledge that the industry has deemed important for candidates to be successful on the job. Using the objectives, and sub-objectives while you are studying will help you stay on track and ensure your learning the right material.

Strategy 3: Become Familiar with The Number of Questions and Time Limit

The Security+ time limit is 90 minutes. The test taker will have 90 minutes to complete a maximum of 90 questions. The 90 questions consist of both multiple-choice questions, and hands-on performance-based simulations. To pass, a test taker must score 750 on a scale of 100-900.

Strategy 4: Develop A Multiple-Choice Plan

The multiple-choice questions on the Security+ will make up a majority of the exam. Understanding how they are structured will help you better prepare to pass the exam.

The multiple-choice questions on the security+ ask you to choose the “best” answer out of the options. This means that you need to really have a good understanding of what the question is asking.

The questions on the Security+ will have each have 4-5 answer choices. Usually, 2 of these choices will be obviously wrong and you can simply eliminate them. Then comes the hard part, the remaining choices will be relevant to the situation and could easily serve as the answer.

Of the remaining questions, you then need to identify what answer “fits best”. At this point, it is best to re-read the question and make sure that you are understanding it properly.

Most people select the wrong answer because they misunderstand the question that is being asked. After you fully understand the question, this is where you need to call on your preparation.

If you are still unsure that you have selected the correct answer, go with your gut. According to Psychology Today, going with your first instinct results in the best decision. Trust your instincts and your preparation.

 

Strategy 5: Develop A Study Strategy

Everyone is different when it comes to studying methods, but here at Cyber Career School, we have really honed in on the approach of utilizing 3 main study methods.

  1. Reading the Book
  2. Watching the Video
  3. Taking Practice Questions

While it sounds simple, this proven approach is effective for visual learners, auditory learners, kinesthetic learners, and reading/writing learners.

Strategy 6: Selecting the Correct Study Material is Crucial

Like we said previously, everybody learns differently. For the Security+ we recommend at least one aspect of each visual, auditory, and kinesthetic learning. The Security+ covers such a broad amount of information that simply reading the book or watching a course will not put you in a good position to pass.

Properly Choose Your Study Materials

Our Recommended Books: Through studying for the Security+ ourselves and advising other students, we have identified the two best study materials available. CompTIA Security+ Certification Kit: Exam SY0-501. The full certification kit provides both a study guide and a book of practice exams. This satisfies 2/3 of the requirements for the Cyber Career School study method. We have personally taken these practice exams and can attest to their value come exam day.

CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide Get Certified Get Ahead is arguably the most popular study guide on the market for the Security+. Darril Gibson organizes the content in a very digestible way and he also has a website with additional material. Getcertifiedgetahead.com really provides some great material on the CompTIA exams.

Our Recommended Courses: For a majority of our video courses, we recommend Pluralsight. Pluralsight has an excellent course on the Security+. One of the big benefits we see in Pluralsight is that there is a flat monthly membership price that gives you access to all of the awesome course they have available. When you’re ready to move on to another certification those courses will also be included in your membership. Check it out with a free trial and see if it is right for you!

Strategy 7: Hold Yourself Accountable.

Let’s face it, success in the Security+ depends on your long-term preparation. This requires holding yourself accountable. It is possible to pass this exam in a very short time-frame (depending on your background) but it is not a recommendation.

When I took the Security+ I passed it after three weeks of intense studying. I would certainly not recommend attempting to pass the Security+ in three weeks, but I can attest that setting a deadline for myself helped me pass.

Set Your Exam Date

I recommend scheduling the exam 30-45 days after you begin studying. I find this to be the sweet spot, any longer and you would procrastinate and any shorter and you would be too rushed to fully learn the important information.

So as soon as you crack open one of the Security+ books I mentioned above, you should plan out your exam date.

Develop Milestones

If scheduling the exam doesn’t motivate and hold you accountable enough, consider setting up some intermediary milestones. Some examples can be finishing the book in 3 weeks, finishing the video course in a week, taking 3 practice exams in a week, etc. Whatever works best for you, just make sure you develop a plan and stick to it.

Strategy 8: Take an Initial Assessment Before You Start Studying

The Get Certified Get Ahead book that I mentioned above includes an initial assessment. Set some time aside and treat this initial exam like the real thing. The most important advice in taking the initial assessment it to be honest with yourself. Set a timer and avoid using outside resources.

The initial assessment will serve as a benchmark and will help you focus in on the areas where you are week. After you have completed the initial assessment, it is time to see where you stand. Remember the passing score on the Security+ is 83%, if you score anywhere from 50%-70% you are in very good shape!

If you didn’t as well as you expected on the initial exam, don’t worry. A lot of people have a hard time getting used to “choose the best” multiple-choice questions.

After you have tallied up the score, note the questions where you struggled and read the explanations that are provided at the end of the book. Make sure you record this information somewhere so you can compare it to your final assessment that comes at the end of the book.

Bonus Tip: When I was taking the initial assessment and end of chapter quizzes, I treated every question where I did not definitively know the answer as wrong. This helped me avoid skipping topics where I may have had a lucky or educated guess. My reasoning behind this was that I did not want to have any question in my mind on test day.

Strategy 9: Focus on The End of Chapter Assessments

The end of chapter assessments are very important while studying. Each chapter will be followed by 15-20 questions on the material you just learned. As a general rule any end of chapter quiz where you get more than one or two questions wrong, you should note that this chapter needs review.

I took these quizzes very seriously and developed a list of chapters where I was weak. Closer to the exam date, I then took this list and re-read the chapters where I struggled.

The end of chapter questions is also another opportunity to get used to the way that CompTIA phrases their questions. No questions will completely prepare you for the exam questions, but those included in the recommended books and practice exams are very close!

Bonus Tip: Exam practice questions are very hard to come by. Even if you use all the practice exams in the Get Certified Get Ahead Book, and buy the practice exam book you will probably run out (Or at least I did).

One thing that I did that helped me a lot was to take every single available answer choice and define it and the reason why it wasn’t the “best” answer choice. If you don’t know why and the answer doesn’t fit but it just doesn’t seem right, google it!

This approach is time-consuming, but it is extremely beneficial for the exam. I even found myself doing it in my head during the actual exam.

Strategy 10: Prepare for the Performance Based Questions (PBQs)

What are the Security+ Performance Based Questions? In the Security+ exam, performance-based questions (PBQs) are tasked based questions that are meant to measure the test taker’s ability to perform hands-on simulations that test specific topic areas. PBQs are normally in the form of a drag and drop interface and simulate real-world scenarios like a firewall configuration for example.

The PBQs are difficult to prepare for. A solid understanding of the topics on the Security+ exam objectives will help a lot. Here are some example simulation topics that you should prepare for. We can’t say exactly what is on the exam but these will make sure you’re on the right track.

  • Firewall Configuration
  • Device Controls
  • Access Controls

Bonus Tip: It is highly recommended that you skip the PBQs. Taking on the PBQs, in the beginning, can really bog you down right off the bat. I recommend that you initially look at the PBQs and think about them but then move on to the multiple-choice questions. You will have the PBQs in the back of your mind and you will find that some of the multiple-choice questions may be helpful for the PBQs.

Strategy 11: Link Relevant Concepts

While the Security+ covers a massive amount of information, it never really dives into one topic in too much detail. This can be extremely challenging because you have to familiarize yourself with so many topics from different areas.

The best approach to this is to create links between the topics. These can be mental links or you can actually map it out.

Focus on Understanding and Not Memorizing

The most important thing that you need to understand is that memorizing the material on the security+ will get you nowhere. Sure, you may pass the exam by a narrow margin, but in a week all that information will be gone. Our goal is to understand the material on the exam so we can use it in our careers. Ok, you may need to memorize the ports.

If you take the time to understand the material and make logical connections between the topics you won’t have to memorize at all. You know what that means, there is no last-minute cramming!

There is a bigger picture here, focus on understanding it, and not just remembering isolated facts.

Strategy 12: Phase Out Exam Day Distractions

I’m not going to beat the dead horse here. Everybody has their own exam day preparation and strategies. One thing that I would like to emphasize is to keep your cool during the exam. This sounds obvious but there are going to be a lot of factors under your control.

Every time I have taken a certification it was at a community college or similar testing center. Depending on your area some of these centers do not have the best equipment. If something goes wrong, keep your cool and tell your proctor. Do not let this stress you out and hurt your exam performance.

If you are taking the certification at home, you are in luck to set up the environment the way that works best for you!

One last note about the exam, during every CompTIA exam I have taken there, was at least one issue with the exam itself (mostly in the simulations). Do not let this stress you out, keep your cool and move on. You can report this issue later on to CompTIA or the proctor. Don’t let this knock you off your game!

After you focus on incorporating the 12 strategies, you can go into the exam with confidence. But you may still have some lingering questions. Next, I will answer the most common questions students have while studying for the Security+.

Common Student Questions

How Hard is CompTIA Secuirty+?

The Security+ exam is difficult for beginners. The Difficulty of the exam is related to the wide breadth of information that is covered by this exam. The individual topics are not difficult, but due to the wide scope of the exam, it can be difficult for most students.

What is The Security+ Passing Rate?

CompTIA does not make the passing rate of their exams public information. A score of 750 (83%) out of 900 is required to pass the exam. Due to the difficulty of the material, it is very common for students to score from 700-800. In the event that you fail the exam first try, you will not be penalized. CompTIA does not require any waiting period between the first and the second attempt.

Is There A Student Discount for The Security+?

Yes, there is a discount for current students looking to take the Security+. Active students enrolled in a four-year degree program will get a discount of 40%.

Does the CompTIA Security+ require two years of experience?

CompTIA states that students should have two years of experience before taking the exam. This is not a hard prerequisite. Most students take this certification with very little or no experience. This should not be a factor that holds you back. 

Security+ Success Timeline

Security+ Timeline

Final Thoughts

These strategies and tips are also very helpful for the CompTIA A+, Network, and CySA+. I have guides on these specific exams too so check them out.

I really hope that this guide helps you out with the Security+. I put a lot of time into it and tried to provide novel approaches to common problems students face. If you are taking the Security+ soon, best of luck to you. You will do great!

Do You Need The CompTIA A+ For Cyber Security? – Pros and Cons

Do You Need The CompTIA A+ For Cyber Security? – Pros and Cons

The CompTIA A+ is one of the 3 foundational certs that we hear a lot about (A+, Network+, and Security+). CompTIA recommends that students take the A+ first, followed by the Network+, and then the Security+. Many people getting into cyber security skip the A+, how do you know if you should move on to the Network+ and Security+.

Should You Take the CompTIA A+?

A CompTIA A+ candidate possess the ability to troubleshoot and problem solve a wide variety of issues, ranging from networking and operating systems to mobile devices and security. If you are new to IT or cyber security, this is a great certification to hold.

Choosing whether to take the A+ or to skip it and move directly into the Network+ and then the Security+ is a very individual decision. It really comes down to your background and previous experience. To help with this tough decision, we have put together 5 reasons why you would want to skip the A+, and 4 reasons when taking the A+ would make sense.

5 Reasons You Should Skip the CompTIA A+

Reason #1: The A+ is not a prerequisite for either the Network+ or the Security+. While CompTIA recommends that you take the A+ before the Network+ and the Security+, this is not a hard requirement. The material covered by the A+ does have some overlap with the Network+ and the Security+, but skipping the A+ will not put you at much of a disadvantage if any when it comes time to take the other CompTIA certs.

Reason #2: Adding this exam to your certification path means more money out of your pocket. The CompTIA A+ certification voucher costs $220. If purchase a retake and exam material from CompTIA the price will jump to $349. If you are in-between careers or are a young student, this is a substantial amount of money to spend on a certification that is not required.

Reason #3: The CompTIA A+ is a Difficult Exam. A very common question from beginners is “Is the CompTIA A+ difficult”.  The CompTIA A+ can be difficult for someone who is brand new to the field of IT. The exam covers a wide range of topics which can be challenging for some test takers. The A+ consists of two exams that are up to 90 questions each. The exam requires a lot of studying whether you are a beginner or have more experience.

Reason #4: The A+ Is Better Suited for Careers in IT. Plain and simple, the CompTIA A+ is not a cyber security focused certification. While it does mention a focus on security, if you are looking for the best bang for your buck the A+ isn’t the best certification for you. The A+ is more geared to technical support roles. While technical support roles are important and a lot of people enter cyber security from technical support, it is not a direct path into the field.

CompTIA Recommends the A+ For the Following Job Roles:

  • IT Support Specialist
  • Service desk analyst
  • Technical support specialist
  • Field service technician
  • Associate network engineer
  • Data support technician
  • Desktop support administrator
  • End-user computing technician
  • Help desk technician
  • System support specialist

None of these roles are particularly related to cyber security. When you are choosing whether or not to take a certification, it good practice to look at the recommended job roles of the exam. This will help you determine if the job role aligns with your selected path.

Reason 5: The A+ Will Require A Lot of Study Time. Even though the A+ is a beginner level exam, it will take a lot of time to adequately prepare for. It covers a lot of material. Time is one of our most valuable assets and should be considered when choosing a certification. Seeing as to how the A+ is not focused on security, our limited time could be better spend studying information that is relevant to the industry like the Security+ or the Network+.

The A+ certification also requires two exams to become certified. That is a lot of work for a certification that is not directly beneficial to the field.

5 Reasons You Should Take The A+

There are a lot of situations where it would be in the student’s best interests to spend the time and money and pursue the A+. Don’t let the above reasons deter you from taking this exam. They are simple meant to help you measure up your current situation and determine for yourself whether the A+ is a worthwhile certification.

Reason #1: If you are brand new to the field and have little to no background in IT. If you are transitioning into the field from another industry or need to build more foundational knowledge, the A+ is worth taking. The A+ will provide you with foundational IT knowledge that you will call upon throughout your cyber security career.

Reason #2: You Don’t Have A Cyber Security Degree. Most cyber security degree programs will cover a majority of the information that is encompassed in the A+ certification. But if you are going the self-taught route, the A+ may be worth going for. Going the Self-taught route, you need more certifications and projects that will validate the knowledge and skills you have. In this case is may be a good idea to take the A+ exam to certify your IT fundamentals knowledge.

Reason #3: The A+ Looks Good on A Resume. The A+ is a well-known exam and it is regarded highly in the industry (especially with recruiters). Having this certification will get your resume read. There is an unfortunate reality but in the tech industry in general, there are a lot of “HR Bots” which simply approve or deny applicants base on a very narrow set of factors. We hope that you never have to deal with this because that is absolutely not a proper way to screen applicants. Having the A+ on your resume could be the checked-box you need to pass on to the interview.

Reason #4: Having the A+ opens you up to opportunities in the tech industry. If you are going the degreeless route it can be very hard to break into the cyber security industry depending on where you live and the job opportunities that are available. It is very common for someone to get an initial job in IT and then transition into cyber security after having built that work experience. Holding the A+ will really help you land this springboard job.

Hopefully the pros and cons we provided helped you decide whether or not the A+ is the right certification for you. Just to emphasize it again, this is not a yes or no answer and it really depends on your personal situation.

If you have decided that the A+ is right for you, we recommend following our proven study method and checking out our top A+ study materials.

How to Study for The CompTIA A+

Everyone is different when it comes to studying methods, but here at Cyber Career School we have really honed in on the approach of utilizing 3 main study methods.

  1. Reading the Book
  2. Watching the Video
  3. Taking Practice Questions

While it sounds simple, this proven approach is effective for visual learners, auditory learners, kinesthetic learners, and reading / writing learners.

CompTIA A+ Study Guide

We highly recommend The CompTIA A+ Certification All-in-One Exam Guide, Tenth Edition (Exams 220-1001 & 220-1002). This can be purchased on amazon and is our favorite book on the A+. Mike Meyers is a proven author and puts out some of the best CompTIA exam study guides out there.

Recommended Course

For a majority of our video courses, we recommend Pluralsight. Pluralsight has an excellent course on the A+ exams. One of the big benefits we see in Pluralsight is that there is a flat monthly membership price that gives you access to all of the awesome course they have available. When your ready to move on to the Network+ or the Security+ those courses will also be included in your membership. Check it out with a free trial and see if it is right for you!

Practice Questions

You can never have enough practice questions. After you are done the book and the Pluralsight course, its time to test your knowledge with as many practice questions as you can get you hands on. Sybex puts together an entire book of practice questions to prepare you for the exam. This is our first choice. Like we said before, you can never have enough practice exams. If you think you are going to blow through the first book of practice exams, check out the practice exams provided by Exam Cram.

Final Thoughts

Deciding whether to take the A+ or to skip it entirely is a tough decision. Evaluate where you are in your career progression and then identify where your goal path is. This is the best way to decide whether the A+ certification is for you.

 

 

6 Things You Should Know Before Starting Cyber Security

6 Things You Should Know Before Starting Cyber Security

I really wish I could go back in time and tell my younger self these 6 things I wish I knew before starting cyber security. I obviously can’t go back in time so I guess this post is the next best thing. I have learned a lot over the years in cyber security, not only about cyber security topics but also, I have improved how I learn, approach problems, and how I manage time.

 

Lesson 1: You Will Never Learn It All

 

Especially in the beginning, it is very easy to go overboard with trying to learn every single concept as quickly as humanly possible. This is just not a good long-term strategy. It’s great to have a desire to learn, but be sure to balance this out with other things. Think about this like a crash diet. You can really be in a good groove for days, weeks, or months but what is going to happen when you can’t keep it up?

 

Lesson 2 Learn How to Avoid Burnout in Cyber Security

 

If you go overboard, you’re going to get burned out. Plain and simple. We all have different tolerances to burnout, but if you study 24/7, work crazy hours, and devote your whole 24-hour day to cyber security it’s going to happen to you. The best way to combat burnout is to put it all into perspective, you will never learn it all in a month and at some point, your work phone needs to be turned off. Create a plan for your learning path and enjoy the ride. This is one of the number one things I tell people when they ask me how to learn cyber security.

 

65% of security professionals considered quitting their jobs due to burnout

 

The Ponemon Institute conducted a recent study that found that 65% of security professionals considered quitting their jobs due to burnout. This is mostly due to the culture and the environment of cyber security programs. There is really a “always on” environment and this is not healthy. Most cyber security professionals are always working and when they finish work, they are studying for their next cert.

 

Burnout: Workplace Stress That Has Not Been Successfully Managed

A 2019 study by The World Health Organization (WHO) classified burnout as an “occupational phenomenon”. WHO states “Burn-out is a syndrome conceptualized as resulting from chronic workplace stress that has not been successfully managed.” “Successfully managed” is the key phrase here. We need to identify the conditions for burnout early on and develop a strategy to successfully manage it.

 

 

Lesson 3: There Is No Secret Sauce or Silver Bullet to Teach You Everything

 

There really is no secret course or book that will teach you everything you need to know. Many people starting their cyber security journey think there is one course or one book that will teach them everything. Accept that this knowledge comes with time and practice.

 

The Secret is Persistence

 

If this is something that is stressing you out, don’t worry. Everybody is in the same boat here. We are all learning with the same materials that are available to us all. If you really want to know about the secret sauce, it is persistence. Persistence is key to learning cyber security and being successful in the field.

 

Lesson 4: Avoid Jumping Between Topics and Courses

 

Let me be honest with you, I get really excited at the thought of starting a new course or certification. Does that make me weird? Let me give you an example, when I first joined Cybrary and Pluralsight, I was really excited to dig in. I cannot tell you how many courses I started and then watched maybe the first hour before jumping into another course and doing the same thing.

 

It’s very easy to fall into this trap, the course sounds very appealing, the topic is new to you, the thumbnail is flashy and then you lose interest. You’re not learning anything by jumping around this much. Stick with a topic until you at least understand the basics before moving on.

 

Lesson 5: Learn Early on That Google is Your Best Friend

Google is your best friend in cyber security and every technical field. Early on, many people get stuck on a problem and wait far too long before consulting google for an answer. Using Google is not admitting defeat in any way. I Google things I’m working on constantly, even stuff I know how to do pretty well. Even if you think you know something google it. There is no harm in double-checking or confirming your thoughts.

 

If I could just google it, then why am I getting certifications, taking courses, or going to college?

 

If you understand the topic you are googling well, you will be able to craft a search, and be able to quickly discern which information is relevant to your problem. Google does not hold the answers to every single problem. But there is so much information out there that you can identify a similar problem that has been addressed and apply your knowledge and understanding in how to implement a solution.

 

Become an Expert Googler

Every time you google something, even if is something that you know pretty well, you will learn something. I’m going to tell you something now that is very important to understand, if you’re stuck on something don’t just waste time. Google it, and spend that time learning instead of bashing your head against the wall. Everyone in the industry will tell you they are master Googlers.

 

Lesson 6: Just start!

Queue the “Just Do It” meme. But in all seriousness, people get hung up on execution. If you really want a career in cyber security, or a specific certification just do it! Action will always beat inaction. Personally, I really wish I got more involved with the community and doing ctfs earlier on.

 

Cut the Excuses

 

Hopefully, I don’t sound like a motivational speaker yet. But all too often I hear people say ” well, I’ll start studying next year after BLANK” or “I’m too busy now I’ll start it later, I just need to find the right course”. Time is your friend, start now. This applies to everything.

If time is isn’t the issue and the problem is more motivation-based, you really need to evaluate if you want to get into cyber security or not. If you’re not motivated to get started, then how will you be motivated to go to work, or to get new certs if your employer requires them?

 

Final Thoughts

Hopefully, you can take some good information away from these six lessons. If even just one person reading this takes these lessons to heart, I think I have done my job here. The key takeaway here is to clearly define your goal and go after it. Good Luck!

 

 

ComTIA A+, Network+, and Security+ – Do You Need All Three?

ComTIA A+, Network+, and Security+ – Do You Need All Three?

Do you need to take the CompTIA A+, Network+ and Security+? Taking the CompTIA A+, Network+, and Security+ will establish a strong foundation in information technology, networking, and information security. Obtaining all three of these certifications will set you up very well for a career in cyber security. Investing the time early on in your career to stress the foundation will save you years of headache.

 

Security+, A+, Network+

Stress the Foundation

It is incredibly important to build a strong foundation if you are looking to excel in the field of cyber security. Let’s compare this to a house. We could jump go right to building the structure and start building the walls and the roof and it may be fine for the first year. As time goes on the walls begin to crack and they can’t support the roof anymore. We need to fix the foundation. The house is already built and it would very difficult to go back and build a proper foundation with the walls and roof in the way.

Let’s compare this to your cyber security education. It can be very easy to neglect to study foundational concepts. It is possible to start studying for the Offensive Security Certified Professional (OSCP) for example with no experience in cyber security or ethical hacking at all. The OSCP is a very difficult exam that is very hands-on and applied. You can learn buffer overflows, SQL injection, and Metasploit but if you fail to understand the basics of networking or even computers in general you are going to fail.

Build the foundation the right way

Your foundational knowledge is certainly not written in stone. At least we hope not. It is possible to go back and re-learn foundational concepts. But this is the hardest way to do it. It is much harder to go back and re-teach yourself beginner concepts. Take the time early on to learn the basics and it will save you time later on.

comptia A+ Network+ Security+ payscale

Do I need to take the CompTIA A+ before the Network+?

If you have a strong background in information technology and computer hardware, you do not need to take the CompTIA A+ before the Network+. The A+ teaches some great foundational material but it is more focused on IT Support. Your time will be better spent studying for the Network+ and Security+ instead.

If you are brand new to information technology and cyber security, we would recommend talking the A+ before the Network+ and the Security+. But, the A+ is the only one of the CompTIA exams that we would say is up to your discretion. Unlike the Security+ and the Network+ where 100% of the material is applicable to a career in cyber security, the A+ has a slightly different focus (IT and Help Desk). If you are brand new and have no experience with IT, we would still recommend the A+.

Do I need to take the network+ before security+?

Taking the CompTIA Network+ before the Security+ will help you build a strong foundation in networking and also will help you easily pass the networking questions on the Security+ exam. There is some overlap between these two certifications, but both of these exams have crucial foundational material for your career in cyber security.

Does the Security+ require a lot of networking knowledge?

Yes, the Security+ exam encompasses a lot of networking knowledge. Some of the networking questions can be very basic, like answering various network terminology while others will call upon both your networking and security knowledge. Being able to apply your networking knowledge to security scenarios is the most important skill for the security+ exam.

Can I take the Security+ without the Network+?

Yes, there are no prerequisites for the Security+ exam. Studying for the Security+ alone will give you all of the networking knowledge you need to pass the exam. If you have a very strong foundation in networking this is a good option.

Should I take the Security+ without the Network+?

While there are no prerequisites for the Security+, we recommend taking the Network+ first. Having a solid understanding of networking will make the Security+ a lot easier. If you already understand the networking concepts on the security+, this will allow you to devote more time to understanding how security is applied to these networking concepts.

Is the Network+ harder than the Security+?

The Security+ is more difficult than the Network+. In order to pass the Security+, you need to have a solid understanding of the information from the Network+ and you also need to be able to apply security concepts to the networking topics.

Which CompTIA certification should I get first?

If you are brand new to the field of information technology or cyber security, you should take the A+ first. After passing the A+ you should then move on to take the Network+ and then the Security+.

CompTIA provides a very in-depth Certification roadmap that shows not only the CompTIA exams you need for a certain path, but also certifications from other vendors.

 Can’t decide whether to take the Security+ 501 or the 601? Check out this post where I lay out the pros and the cons of each exam.

Conclusion

If it has not been evident so far, there is no set order or selection of the A+, Network+, and Security+ that you HAVE to take. All of these exams will provide you with valuable material that you can apply to your career in cyber security. Everyone has a different starting place, so their unique demands should be considered. The bottom line is that you need to evaluate your background and your current knowledge and choose which combination of exams are right for you. The most important thing is that you be honest with yourself and where your knowledge is at. Remember, do not neglect the foundation!

Linux For Cyber Security – Top 25 Beginner Commands

Linux For Cyber Security – Top 25 Beginner Commands

Why Should You Learn Linux For Cyber Security?

Learning Linux can be one of the best educational investments you can make to prepare yourself to excel in the field of cyber security. Linux is widely used in cyber security by both red and blue teams.

This course will provide you with 25 of the most commonly used Linux terminal commands. After completing his course, will be all set to get started in your Linux distribution of choice.

Beginner Linux Commands

Follow Along!

Follow Along:

1:40 – pwd

1:54 – ls

3:40 – man

4:35 – cd

7:18 – bash history

7:45 – su

8:08 – what is a root user in linux?

8:23 – whoami

8:52 – clear

8:58 – sudo

10:03 – useradd

10:08 – passwd

10:53 – echo part 2

11:52 – cp

13:25 – mv

14:10 – echo part 2

14:49 – cat

15:36 – touch

16:00 – mkdir

17:25 – rm

17:40 – rmdir

19:00 – less

20:05 – head

20:40 – tail

22:20 – grep

24:25 – nano

25:50 – vim

28:09 – writing your first bash script

30:30 – chmod

33:40 – zip

34:20 – how to make an encrypted zip

36:00 – creating file hashes with linux

36:30 – md5sum

37:00 – shasum

37:50 – wget

38:45 – curl

40:00 – ping