I’ve noticed a lot of n00bs like myself come looking for their first step. Having, so recently taken mine, I suspect I’m in a place where I can offer a little guidance.
I’m making a couple of assumptions:
1) You’re after knowledge, not just pieces of paper to get you past the clueless lady in HR.
2) You’re willing to put in a little extra time to make sure you truly grok the information.
So, here goes.
Everyone has their own way of preparing for certifications, but for those who’ve never really had to test before I offer some of my own general techniques.
#1 Use multiple sources.
If you approach it critically, it breaks you out of the eyes glazed over rote memorization trap. Espcially when studying for Security+ I came across contradictions in the details “Bluejacking is more serious than bluesnarfing” vs. “Bluesnarfing is more serious than bluejacking.” This leads to general bit of advice #2.
#2 Learn the facts and best practices, but recognize you assign value based on your own inclination and experience.
Seeing the disagreements between the professionals in the small stuff gave me the foothold I needed to start forming my own opinions. I’m a lot better at maintaining facts that support my own opinions – this helps. The study guides are not sacred texts. Part of the benefit of using multiple sources is seeing where disagreement happens within the field.
#3 Find ways to play with the information.
If you ever start to see the text of a book as “Blah blah blah blah blah,” then you need take a break. If it still looks like that, after you get back, you’ve built some kind of wall. The trick to getting past walls is to find creative ways to trick yourself into wanting to get to the other side.
Example: Sure you want to be the pentester of l33t d00m, but your inner-self is tired of reading about disaster recovery planning. Grab your SO or a friend and tell them you’d like to play a game, and they get to be God. See! They’ve already been tricked into helping you. Now you tell them that you have a company, and you’d like them to smite it, one disaster at a time. As they come up with new and interesting ways to destroy the business, you figure out ways to keep things going, or get them back up and running.
Now, I’m sure anyone actually trying to use this is going to want to know the boring stuff, like what books/training I used to pass the tests. And I’ll throw up a few reviews covering that later.