October 30, 2010 at 1:04 am #5736lemming2012Participant
I’ve been lurking EH.net for a while; creepily peeking in the windows when the lights were out. Hoping to gain a bit more insight as I pursue my own path into infosec. The more I’ve seen, the more I’ve been impressed with the overall helpfulness of the community. Through the advice and experience you’ve all shared, I’ve established a workable plan.
I’ve noticed a lot of n00bs like myself come looking for their first step. Having, so recently taken mine, I suspect I’m in a place where I can offer a little guidance.
I’m making a couple of assumptions:
1) You’re after knowledge, not just pieces of paper to get you past the clueless lady in HR.
2) You’re willing to put in a little extra time to make sure you truly grok the information.
So, here goes.
Everyone has their own way of preparing for certifications, but for those who’ve never really had to test before I offer some of my own general techniques.
#1 Use multiple sources.
If you approach it critically, it breaks you out of the eyes glazed over rote memorization trap. Espcially when studying for Security+ I came across contradictions in the details “Bluejacking is more serious than bluesnarfing” vs. “Bluesnarfing is more serious than bluejacking.” This leads to general bit of advice #2.
#2 Learn the facts and best practices, but recognize you assign value based on your own inclination and experience.
Seeing the disagreements between the professionals in the small stuff gave me the foothold I needed to start forming my own opinions. I’m a lot better at maintaining facts that support my own opinions – this helps. The study guides are not sacred texts. Part of the benefit of using multiple sources is seeing where disagreement happens within the field.
#3 Find ways to play with the information.
If you ever start to see the text of a book as “Blah blah blah blah blah,” then you need take a break. If it still looks like that, after you get back, you’ve built some kind of wall. The trick to getting past walls is to find creative ways to trick yourself into wanting to get to the other side.
Example: Sure you want to be the pentester of l33t d00m, but your inner-self is tired of reading about disaster recovery planning. Grab your SO or a friend and tell them you’d like to play a game, and they get to be God. See! They’ve already been tricked into helping you. Now you tell them that you have a company, and you’d like them to smite it, one disaster at a time. As they come up with new and interesting ways to destroy the business, you figure out ways to keep things going, or get them back up and running.
Now, I’m sure anyone actually trying to use this is going to want to know the boring stuff, like what books/training I used to pass the tests. And I’ll throw up a few reviews covering that later.
October 30, 2010 at 5:30 am #36003Don DonzalKeymaster
Now that’s a great first post.
Welcome, thanks, and I’m sure other lurkers will find this very helpful.
October 30, 2010 at 1:12 pm #36004MaXeParticipant
Welcome to Ethical Hacker, lemming2012 🙂
My best advise in order to pass any certification, even the very hardcore OSCE (by Offensive Security) is to anticipate the unknown as much as possible, know your limitations but also where you can improve, so if you fail then you know exactly what you need to do so you’ll pass the next time.
If you know your own strong and weak points, then you also know what you could potentially fail on during a hardcore test (challenge or examination) going way beyond any book ever written, where you’ll have to improvise, use (perhaps) all your skills and can’t ask anyone for help in particular 😉
Fight for what you want to become, and you’ll eventually become it.
November 1, 2010 at 10:14 pm #36005lemming2012Participant
Thank you, and I hope so.
Excellent advice, and I will strive to heed it. How would you recommend someone who has never benefited from self-examination begin that process?
My experience with Net+
Mike Meyers’ CompTIA Network+ Certification Passport. Third Edition.
In my arrogance, I felt I had plenty of experience to take the Net+ test with little to no formal preparation. Fortunately, I was right. I’ve worked help desk and desk side support on-and-off for about 10 years. I never bothered to certify before because, to be honest, I never intended to stay in tech.
The Passport series was produced in order to create crammed little guides that had just the required information. All the fluff and extra explanation cut out, I don’t really see this being useful for someone who isn’t just using it as a refresher.
My experience with Security+
CompTIA Security+ All-in-One Exam Guide, Second Edition (Exam SY0-201)
CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide
TrainSignal CompTIA Security+ Training
My experience with Security was a bit more limited; so, I wasn’t quite as arrogant. And, I think perhaps I went a little overboard. I started with the All-in-One Guide and TrainSignal videos. Then, I felt I was almost ready, but wanted to make sure. So, I picked up the Get Certified Get Ahead book. In total, I crammed for a little over a month then took the test.
Out of those, if I could only choose one, it’d be the Get Ahead Get Certified guide. The TrainSignal can be pricy if you don’t have assistance from your employer, that and I find training videos tend to be too slow paced – and at best slightly more helpful than annoying. The All-in-One is absolute information overload. It breaks down the cryptography explaining the formulas behind each type… in my naivety, I panicked and started forcing myself to memorize the formulas. I’m sure that’ll pay off eventually, but right now, it’s overkill.
See, I told you that my feedback on how I certified would be boring. But don’t despair! I’ve prepared something to help out those who haven’t had the benefit of living through my mistakes.
A better way of going about Certifications, using Net+ as an example
Disclaimer: I am not an expert in pedagogy. This is not the best answer for all people, it’d just probably be the best for me, so I’m sharing it with you as a starting place.
Get to know the certification objectives
No, don’t just glance at them and say “uh huh,” read them.
Better, don’t just read them. Write them down, and answer them without reference.
1.7 Compare the characteristics of wireless communication standards.
Ummm, lets see there are a, b, g, and n… I’ve never really encountered a, so I’m not sure. B is 11Mb/s, G is 54mb/s, and I don’t know about n.
Great! You’ve left out a lot of information, but taken the first step.
But wait, I can hear you whine, “~but there are 35 objectives in Net+!”
True, but I didn’t say to do them all in one sitting. And you do want to get the most out of your expensive study guide(s) right? That’s why you explore the objectives before you even crack a book. Take a week or two doing a little each day.
“~but I’m a complete n00b! I have no idea what I’m doing!”
Ok, check out a study guide from the library, read it – don’t study too hard, just familiarize yourself with the terminology and ideas. Then take a look at the objectives. After that, get a different study guide, one you can write in.
November 17, 2010 at 9:26 pm #36006ValkyrjaParticipant
Welcome and I really enjoyed the posts but I think if I told my boyfriend that he was going to be God… I would never get him off the pedestal. 🙂
- You must be logged in to reply to this topic.