VickyRotex:


I have validated the certificate/your information and also obtained the voucher. Emailed you the voucher details and screenshots of my communication with ICSI for transparency.

Please confirm receipt on this thread so we can close the loop for now and circle back in September.

All the best!

Voucher received.

Thanks so much.

Lionhearted:


Voucher received.

Thanks so much.

My pleasure.

Hello folks,

For anyone interested in some free web and network security related training and labs, PortSwigger (Burp Suite) is offering some of these training. Feel free to check them out in below link.

Lab work is interactive, details common web vulnerabilities, and how to exploit them.

https://portswigger.net/web-security

There are sub-links I'd have posted/recommended but I dont want the anti-spam bot banning me, so feel free to explore the above link yourself.

Requirement: Account creation (free)
Expiration: Not applicable. Continuously free. (please don't hold me accountable if this changes )
Level: Applicable for all levels. (Beginners, Intermediate, Experienced)

Cheers!

https://www.udemy.com/course/the-beginners-guide-to-cyber-security-2019/?couponCode=SUMMERTRAINING2020

Time: 2.5hrs

Expiration: Free enrollment expires in 2 days.

Lifetime access after enrollment.

Course is intended primarily for students who have little to no prior background or knowledge about the field of cyber security. And can serve as a refresher for Intermediates or experts.

VickyRotex:


Apologies, I interpreted "advice me on next steps to take" to also mean the ICSI exam.

I'm already in the field. Learning and growing like you all. The question about advice is a bit generic for me, but I'll try to answer. Feel free to let me know if you have any further questions.

It all depends on your prospects. what area of cyber you want to venture in or specialize in etc. I advice people (especially people starting without a tech background) to try to learn or touch on the major domains before specializing, that way it's much easier to connect the dots.
However if you have an IT background, you may already know where exactly you want to specialize in cybersec, but I still encourage being a generalist across some domains and specializing in what you're comfortable with or prefer.

Then, take as much courses as you can. Thanks to alot of free resources online. You dont need to write exams for all, because at the end of the day the knowledge is what matters and cannot be taken away from you. For sure certifications will open some doors for you (which I encourage), but do not feel restricted or discouraged about enrolling for a course because you can't take the exam. Learn as much as you can. Thanks to the op and other members on this thread, there are lots of resources that you can access on this thread for free.

Attend job fairs and connect with people in the field. I cant outstretch the latter. Irrespective of your knowledge, "people you know" will sometimes (and maybe most times) play a vital role in how you get through the door, and how you move up the ladder.

Lastly, most people like to think that Cybersecurity is 100% tech related, but its not and anyone can feel free to correct me.
It entails management as well, especially if you want to grow in the career, so as you work on your tech knowledge, also add in some managerial skills/knowledge to balance it.

I'll stop here for now and take any questions, before this becomes a diary. lol

We can't chat on WhatsApp, but feel free to email me if you have any questions. Cheers!

Hello Vicky, nice to e-meet you. I also recently developed interest in this field and working towards a career change. Please what are the major domains you talked about that one should start with?

ashiwajew:


Hello Vicky, nice to e-meet you. I also recently developed interest in this field and working towards a career change. Please what are the major domains you talked about that one should start with?

Hi Ashiwajew, nice to e-meet you too.

Cool! If you dont have any IT background then I encourage you begin by learning and understanding system and network configuration. Comptia A+ and Network+ is really good for this. That way you can gain practical experience in fields like system and network admin, security admin, network engineering etc.

Major domains to familiarize with are not limited to this: security analysis, security design and engineering, Network secops, vulnerability management, threat and risk assessment, risk management etc.

Note that in each of these domains there are more granular specialization for example someone could specialize in mobile security under security design, while others are web/application, some infrastructure and some cloud computing etc. So when applying for jobs they may say they're seeking a "security architect" that will be specific to an area.
That's why understanding the key concept across these domains are very important to help specialize eventually.

Before specializing there are couple of certifications that can also help as a baseline (i.e., applicable to most areas of Security) such as SSCP, CEH, TOGAF. GISF is also another good one.

Most people (especially fresh off from school) will often begin their cyber journey with Operations security (i.e., SOC - Security Operations center which involves incidence response, monitoring, threat hunting) I'm sure you've heard term "blue, red, and purple team" alot, these are mostly on the operations side of things.
Having some of these baseline knowledge will not only open you up to several opportunities, but also help you to decide on what part of cyber you enjoy or find interesting.

PS: this thread is a very good place to start. There are lots of materials/Google folders with well documented information for these domains as well as several certifications you can write while climbing up the ladder.

I hope this helps. Let me know if you have any questions.

Cheers!

VickyRotex:


Hi Ashiwajew, nice to e-meet you too.

Cool! If you dont have any IT background then I encourage you begin by learning and understanding system and network configuration. Comptia A+ and Network+ is really good for this. That way you can gain practical experience in fields like system and network admin, security admin, network engineering etc.

Major domains to familiarize with are not limited to this: security analysis, security design and engineering, Network secops, vulnerability management, threat and risk assessment, risk management etc.

Note that in each of these domains there are more granular specialization for example someone could specialize in mobile security under security design, while others are web/application, some infrastructure and some cloud computing etc. So when applying for jobs they may say they're seeking a "security architect" that will be specific to an area.
That's why understanding the key concept across these domains are very important to help specialize eventually.

Before specializing there are couple of certifications that can also help as a baseline (i.e., applicable to most areas of Security) such as SSCP, CEH, TOGAF. GISF is also another good one.

Most people (especially fresh off from school) will often begin their cyber journey with Operations security (i.e., SOC - Security Operations center which involves incidence response, monitoring, threat hunting) I'm sure you've heard term "blue, red, and purple team" alot, these are mostly on the operations side of things.
Having some of these baseline knowledge will not only open you up to several opportunities, but also help you to decide on what part of cyber you enjoy or find interesting.

PS: this thread is a very good place to start. There are lots of materials/Google folders with well documented information for these domains as well as several certifications you can write while climbing up the ladder.

I hope this helps. Let me know if you have any questions.

Cheers!

Many thanks for this. You have actually said a lot.
Then I should start with Comptia A+ Please could you recommend site to learn these courses

ashiwajew:


Many thanks for this. You have actually said a lot.
Then I should start with Comptia A+ Please could you recommend site to learn these courses

My pleasure!

1. Udemy has some good courses for Comptia. Some are free and others aren't. Here's one for A+ that has a very good review and currently discounted https://www.udemy.com/course/comptia-220-1001-exam/

You can also purchase A+ study guide from Amazon.
I'll encourage you to go through the resource links on this thread before purchasing a guide, just incase its there. I did a quick scan through but didnt find A+ guide but you can double check.


Some cybersec resources to learn from on the side while building your IT knowledge:

2. Alison courses is also another website for free courses. (currently they have a full Security+ training that will offer you a certificate of course completion) https://alison.com/courses/comptia-security-exam-syo-501/content

3. Also you can enroll for this free edx basic security fundamentals course https://www.edx.org/course/cyber-security-basics-a-hands-on-approach

4. Since you're just starting and not to rush through the process, you can subsequently take the training offered by ICSI for Network Security Specialist. I'm only bringing it to your attention because it's free at this time due to Covid, all you need to do is enroll for the course before end of June, and you can take the course later. https://www.icsi.co.uk/courses/icsi-cnss-certified-network-security-specialist-covid-19

5. Finally, reposting a link that the op posted earlier. Very resourcesful github space that you can go through much later.
https://github.com/wtsxDev/Penetration-Testing/blob/master/README.md?utm_source=share&utm_medium=ios_app#books

Oh and you can also request directly from Comptia some of their free practice tests for most of their certifications like A+, Network+ . https://www.comptia.org/training/resources/practice-tests

I know I said alot again, might seem like information overload (that's not intended) but I hope you and anyone seeking similar guidance find the information/resources useful. Take it one step at a time.

Cheers!

VickyRotex:


My pleasure!

1. Udemy has some good courses for Comptia. Some are free and others aren't. Here's one for A+ that has a very good review and currently discounted https://www.udemy.com/course/comptia-220-1001-exam/

You can also purchase A+ study guide from Amazon.
I'll encourage you to go through the resource links on this thread before purchasing a guide, just incase its there. I did a quick scan through but didnt find A+ guide but you can double check.


Some cybersec resources to learn from on the side while building your IT knowledge:

2. Alison courses is also another website for free courses. (currently they have a full Security+ training that will offer you a certificate of course completion) https://alison.com/courses/comptia-security-exam-syo-501/content

3. Also you can enroll for this free edx basic security fundamentals course https://www.edx.org/course/cyber-security-basics-a-hands-on-approach

4. Since you're just starting and not to rush through the process, you can subsequently take the training offered by ICSI for Network Security Specialist. I'm only bringing it to your attention because it's free at this time due to Covid, all you need to do is enroll for the course before end of June, and you can take the course later. https://www.icsi.co.uk/courses/icsi-cnss-certified-network-security-specialist-covid-19

5. Finally, reposting a link that the op posted earlier. Very resourcesful github space that you can go through much later.
https://github.com/wtsxDev/Penetration-Testing/blob/master/README.md?utm_source=share&utm_medium=ios_app#books

Oh and you can also request directly from Comptia some of their free practice tests for most of their certifications like A+, Network+ . https://www.comptia.org/training/resources/practice-tests

I know I said alot again, might seem like information overload (that's not intended) but I hope you and anyone seeking similar guidance find the information/resources useful. Take it one step at a time.

Cheers!

Thanks, thanks & thanks � I must commend you for always being detailed. I have actually started the Comptia Security + on LinkedIn Learning. My organization purchased that for us to learn any course on it. I think I am enjoying it and getting all the concepts so far. Please I would want to always keep you posted as I move on.

ashiwajew:


Thanks, thanks & thanks � I must commend you for always being detailed. I have actually started the Comptia Security + on LinkedIn Learning. My organization purchased that for us to learn any course on it. I think I am enjoying it and getting all the concepts so far. Please I would want to always keep you posted as I move on.

It's my pleasure! Thanks.

That's great! All the best with the learning. I'm sure you'll like the field.

And sure, please feel free to reach out.

Cheers!

As data breaches and cyber-crimes keep on increasing in return and complexity, organizations understand that traditional techniques of system security are no more going to ensure security. Moreover, these organizations also understand the tactical importance of business data.

As a result, they are keen to spend as much as possible for IT security professionals who possess the most advanced, globally acknowledged certifications in cybersecurity.

Here is a write-up on some of the best cybersecurity certifications for your cv / resume:

https://medium.com/@alexascotts01/the-best-cybersecurity-certifications-for-your-resume-b611573f7ab1

What do u think?

Do you know anyone studying for CompTIA Network+, Linux+ or Security+?

Please dm me directly for a limited offer ...

Jintata:
Do you know anyone studying for CompTIA Network+, Linux+ or Security+?

Please dm me directly for a limited offer ...

Please, I've sent you a DM request.

Jintata:
Do you know anyone studying for CompTIA Network+, Linux+ or Security+?

Please dm me directly for a limited offer ...

Nice!

cc: Carokan, Lionhearted, Ashiwajew > in case you're interested in the offer.

Anon000:


Please, I've sent you a DM request.

I replied.

Thanks

Jintata:
Do you know anyone studying for CompTIA Network+, Linux+ or Security+?

Please dm me directly for a limited offer ...

DM sent

https://enroll.isc2.org/product?catalog=ISC2-CISSP-RVW-PUB

Free Cissp Review from Cissp

Course Description
The Certified Information Systems Security Professional (CISSP) Self-Paced Review Course offered by (ISC)2 is intended to help you determine whether you are ready to pursue the CISSP certification. Before you begin your credentialing journey, you may want to establish exactly what the CISSP entails, in terms of the concepts and depth of understanding you’ll be expected to demonstrate. This course can help you start that aspect of your process.

The course itself will introduce you to the many areas of study you’ll be expected to know and understand as a CISSP candidate. While this course does not constitute training (it will not explain, in detail, what you need to know to pass the exam), it will convey the concepts and ideas that comprise the Exam Outline for the CISSP. It will introduce you to which subjects may be covered in the actual preparatory courseware and the exam.

After taking this course, you’ll have a better understanding of the truly vast scope of material the CISSP is expected to know, and you may be in a better position to determine if you’re ready for the exam, or if you will best your serve your own study purposes by taking a preparatory course. Good luck on your path toward certification!

Please note that this course is not intended to teach you these topics and shouldn’t be perceived as a means to acquire the knowledge and experience required for certification; rather, this course is intended to highlight the breadth and extent of the various subjects you’ll be expected to understand when taking the CISSP examination.

FREE CYBER INCIDENT ANALYSIS & RESPONSE COURSE FROM TEXAS Engineering ,USA �� �
Note : All cyber security ONLINE courses free (ONLY ONLINE COURSES )
https://teex.org/program/cybersecurity/

Course code : Aw178 secure software
(9 Hours)

VickyRotex:


Nice!

cc: Carokan, Lionhearted, Ashiwajew > in case you're interested in the offer.

Thanks a lot

Jintata:
Do you know anyone studying for CompTIA Network+, Linux+ or Security+?

Please dm me directly for a limited offer ...

I’m interested please. The email for my account is not active. That’s why I’m quoting you

carokan:


I’m interested please. The email for my account is not active. That’s why I’m quoting you

This offer was free exam vouchers for a limited time only. Offer now over.

Please watch this space for future offers.

Thanks

Wow! I never knew this thread existed before today. Its a good one from the thread creator. Best of luck to those prepping for one exam or the other. From experience, self-study and practice, practice, practise is the way to go in this field. The market is expanding rapidly and the demand for Cybersecurity Pros is on the rise both home and abroad.

Its a life long journey because a security practitioners job is a never ending rat race. #LearningNeverStops.

Meanwhile, anyone prepping for AWS Certified Security - Specialty? Let's connect.

We welcome you to access this web book on CRISC (Certified Risk & Information System Control) by ISACA.

Features of this web book are as follow:

This web book is designed on the basis of official resources of ISACA.

Web book is designed specifically for candidates from non-technical background.

Topics are arranged segment wise and aligned with latest CRISC Review Manual.

500 + Exam oriented practice questions.

https://criscexamstudy..com/2020/05/welcome-to-first-ever-web-book-on-crisc.html?m=1

Free Crisc ebook by Hemang Doshi with ~500 questions.

zellfoxx:
Wow! I never knew this thread existed before today...

Its a life long journey because a security practitioners job is a never ending rat race. #LearningNeverStops.

Meanwhile, anyone prepping for AWS Certified Security - Specialty? Let's connect.

Interested. Let’s connect ...

Do I need a degree in Computer Science or Cyber Security to pursue a career in Cybersecurity?

Presently, I'm an Agricultural Engineering student of the University of Ibadan. I have full interest in Cybersecurity and I've spent almost all my time during this lockdown to develop Cybersecurity skills and acquire some certificates.

I'm planning to take the ComptiaSecurity+ exam next year.

Thank you.

How the CCSK Helps Enterprises | Interview with Symantec - YouTube


https://www.youtube.com/watch?v=Sh1pg7L0NFY&feature=youtu.be

Dipsaint:
Do I need a degree in Computer Science or Cyber Security to pursue a career in Cybersecurity?

Presently, I'm an Agricultural Engineering student of the University of Ibadan. I have full interest in Cybersecurity and I've spent almost all my time during this lockdown to develop Cybersecurity skills and acquire some certificates.

I'm planning to take the ComptiaSecurity+ exam next year.

Thank you.

My response is probably going to be controversial; but here goes ...

1. You don’t need a degree in Comp Sci. or Cybersecurity to pursue a career in Cybersecurity.

2. CompTIA Sec+ is a good place to start. CompTIA Sec+ assumes you have some of the knowledge contained in the CompTIA A+ & N+ exams.

3. Other starter (ish) Cybersecurity certs to consider included CEH, Cisco CCNA, Isc2 SSCP etc...

Special mention ought to be made for the Isaca’s CSX-P - Cybersecurity Practitioner Certification. It is probably one of the most hands-on certs out there. Any serious starter ought to give this a close look.

4. The cissp is the Cert that makes the most sense in Cybersecurity today. An old saying goes, “if you’re going to eat a toad, eat a fat & juicy one.”

A lot depends on you but IMHO if u start studying for the cissp today and it takes u 1, 2 or 3 years to pass, then you’re closer to your dream than any other route I can think of.

Passing the cissp exam would make you an associate of the isc2, until u can prove 4 to 5 years active Cybersecurity experience to be a full certified cissp. Even with the associate designation you will be miles ahead of the “also rans”.

The cissp is nice to have. The path & knowledge you go through to be a cissp would also probably give you an idea of which area of Cybersecurity u might want to eventually specialize in.

Do note that cissp is a risk exam.

Another growth area is cloud. The certs to look at here include AWS & CCSP & CCSK ...

A special shout out to OSCP, data analytics, SIEMs, python programming, SOCs, etc ... These are other paths to consider.

Please put your comments below or you can send me a dm or email if u have futher questions ...

Jintata:


My response is probably going to be controversial; but here goes ...

1. You don’t need a degree in Comp Sci. or Cybersecurity to pursue a career in Cybersecurity.

2. CompTIA Sec+ is a good place to start. CompTIA Sec+ assumes you have some of the knowledge contained in the CompTIA A+ & N+ exams.

3. Other starter (ish) Cybersecurity certs to consider included CEH, Cisco CCNA, Isc2 SSCP etc...

Special mention ought to be made for the Isaca’s CSX-P - Cybersecurity Practitioner Certification. It is probably one of the most hands-on certs out there. Any serious starter ought to give this a close look.

4. The cissp is the Cert that makes the most sense in Cybersecurity today. An old saying goes, “if you’re going to eat a toad, eat a fat & juicy one.”

A lot depends on you but IMHO if u start studying for the cissp today and it takes u 1, 2 or 3 years to pass, then you’re closer to your dream than any other route I can think of.

Passing the cissp exam would make you an associate of the isc2, until u can prove 4 to 5 years active Cybersecurity experience to be a full certified cissp. Even with the associate designation you will be miles ahead of the “also rans”.

The cissp is nice to have. The path & knowledge you go through to be a cissp would also probably give you an idea of which area of Cybersecurity u might want to eventually specialize in.

Do note that cissp is a risk exam.

Another growth area is cloud. The certs to look at here include AWS & CCSP & CCSK ...

A special shout out to OSCP, data analytics, SIEMs, python programming, SOCs, etc ... These are other paths to consider.

Please put your comments below or you can send me a dm or email if u have futher questions ...

Thank you very much for your response.
I'll start preparing for the ComptiaSec+ exam.
I have basic C++ and Python programming knowledge and I'm taking my time to master Python programming for Ethical Hacking.

Jintata:


My response is probably going to be controversial; but here goes ...

1. You don’t need a degree in Comp Sci. or Cybersecurity to pursue a career in Cybersecurity.

2. CompTIA Sec+ is a good place to start. CompTIA Sec+ assumes you have some of the knowledge contained in the CompTIA A+ & N+ exams.

3. Other starter (ish) Cybersecurity certs to consider included CEH, Cisco CCNA, Isc2 SSCP etc...

Special mention ought to be made for the Isaca’s CSX-P - Cybersecurity Practitioner Certification. It is probably one of the most hands-on certs out there. Any serious starter ought to give this a close look.

4. The cissp is the Cert that makes the most sense in Cybersecurity today. An old saying goes, “if you’re going to eat a toad, eat a fat & juicy one.”

A lot depends on you but IMHO if u start studying for the cissp today and it takes u 1, 2 or 3 years to pass, then you’re closer to your dream than any other route I can think of.

Passing the cissp exam would make you an associate of the isc2, until u can prove 4 to 5 years active Cybersecurity experience to be a full certified cissp. Even with the associate designation you will be miles ahead of the “also rans”.

The cissp is nice to have. The path & knowledge you go through to be a cissp would also probably give you an idea of which area of Cybersecurity u might want to eventually specialize in.

Do note that cissp is a risk exam.

Another growth area is cloud. The certs to look at here include AWS & CCSP & CCSK ...

A special shout out to OSCP, data analytics, SIEMs, python programming, SOCs, etc ... These are other paths to consider.

Please put your comments below or you can send me a dm or email if u have futher questions ...

I'll send you an email if I need further assistance.
Thank you.


Ayodeji Oladapo
ayodejioladapo15@gmail.com

Jintata:



Interested. Let’s connect ...

A

Understanding Attack Methods

– Eavesdropping: traditional method of spying with the intent to gather information

– Passive Attacks are characterized by techniques of observation

– Host Traffic Analysis: used to identify systems of particular interest

– Network Analysis: the computer traffic across the network can be analyzed to create a map of the hosts and routers

– Phising: a social engineering technique utilizes fake emails sent to unsuspecting victims, which contain a link to the criminal’s counterfeit website.

– Spear Phising: this attack targets a specific server, user, database, or network device.

– Dumpster Diving: attackers will frequently resort to rummaging through the trash for discarded information

– Malware: malicious software which exploits a known vulnerability or creates its own.

– Trojan Horse: malicious programs frequently use the Trojan horse concept to deliver viruses, worms, logic bombs, and other root kits through downloaded files.

– Root Kit: attackers embed a root kit into downloadable software. This malicious software subverts security settings by linking itself directly into the kernel process, system memory, address registers, and swap space.

– Maintenace Accounts: may be part of the default settings or created for system support

– Robot Networks: Malware programs such as Trojan horses can built bot-net composed of computers owned by unsuspecting users.

– SQL Injection: the entire computing world depends on information kept in a database. Input validation is required to prevent unauthorized access to databases.

– Cross-Site Scripting (XSS): a programming technique that enables one website, such as a shopping cart, to drive another website.

– Zero-Day Attack: refers to any attack that has not been seen before

– War Dialing: uses an automated modern-dialing utility to launch a brute force attack against a list of phone numbers.

– Source Routing: designed to ignore the configuration of the network routers and follow the instructions designated by the sender.

– Packet Replay: Packets are retransmitted (replayed) within a short time window to trick a computer system into believing that the sender is a legitimate user.