There are many certifications and many certifying bodies in information security. They’re a great way to show that you have the foundational knowledge in the field or specialized area. You have the entry level certifications like CompTIA’s Security+ and then higher level certifications like (ISC)2 ‘s CISSP. No matter what certifications you pursue, remember that they are looked as “enhancements” to your experience, not an alternative. Certifications are a way of saying that you have the knowledge of how something is done (and some certifications show you can actually do something. For example, Offensive Security’s OSCP). Experience shows that you’ve done something. It’s a lot more difficult to judge experience, though. Certifications are an easier metric because you can just see if a person has them or not.
But let’s move on to talk about some study material that I’ve found that I would definitely recommend. I’m not sponsored nor do I guarantee a passing score, but I found these resources useful in accomplishing my goals.
Before I actually list my study material, I should note that I have worked in information security for 2 years, have a BAAS in Information Assurance and Security, have a AAS in Network Security Administration, and have participated in a number of security competitions. Hopefully it makes it easier to decide whether you want to take my advice. I might be around the same experience level, have more or have less than you, the reader.
Alright, now to the resources I’ve used. Note that most links are referral links. I’m just letting you know ahead of time. It helps me out 🙂
First off, I’d like to talk about Cybrary.it This is a free and open source learning website for Cyber Security, Information Technology and more! I love it and I use it to study for certifications and get my CPEs. So far, the most useful course I’ve taken from Cybrary has been the ISC2 CISSP course that is taught by Kelly Handerhan. It is a 13 hour course that covers the 8 domains of the CISSP, is marked as “Advanced” difficulty and upon completion is worth 15 hours of CPE. If you’re looking to take the ISC2 exam, I would definitely recommend this resource. I mean…it’s FREE! You can find my Cybrary profile here.
The next resource is Eleventh (11th) Hour CISSP, Third Edition: Study Guide by Eric Conrad, Seth Misenar, and Joshua Feldman. This resource is probably the most straight forward resource you’re going to get. It’s meant to be that last minute topping to your studying. I would say it was definitely useful and would highly recommend it. It’s approximately 200 pages and can be completed in a day to a couple of days.
The next resource is the CompTIA Security+ All-In-One, Fourth Edition by Wm. Arthur Conklin, Greg White, Dwayne Williams, Chuck Cothren and Roger L Davis. This resource is great for this entry level certification. I think with experience you could probably just go into the Security+ exam and pass it. That’s what I did, but I did read this resource after the fact and found it to be a nice little resource to have in my library. Other colleagues have found it useful so I wanted to include it in the list.
Another resource I’ve used that I’d recommend are the Sybex mobile apps CISSP Study and CISSP Tests. They are on the Apple App Store and the Google Play Store. The first is essentially the book along with some practice questions and the second is around 1200 questions that you can go through to test your knowledge. You can take practice tests of around 20-25 questions whenever you have time. Another reason to take 20 minutes in the restroom with your phone. 🙂
That’s it for today. I’ll include more resources that I’ve used soon in future posts. I would like to mention to also keep an eye out at humble bundle and look for their bundles on security eBooks.
As of 10/7/2017 there’s a Hacker’s Reloaded bundle (https://www.humblebundle.com/books/hacking-reloaded-books). Go check it out.
Tell me what your favorite resources are and if you decided to try out any of the ones I’ve mentioned.