In March 2020, I took CompTIA’s CySA+ (Cybersecurity Analyst) exam. Along with PenTest+, this bridges the gap between Security+ and CASP. In simple terms, PenTest+ is about “red team” activities (attack) whereas CySA+ is about “blue team” activities (defence). This certification was launched in 2017 as CSA+, but it was rebranded in January 2018 because …
Category archives: Uncategorised
Palo Alto Networks Certified Cybersecurity Associate (PCCSA)
Palo Alto Networks make security products. In particular, they sell firewalls (physical and virtual), and their Panorama software will let you manage multiple firewalls centrally (e.g. for branch offices). Their certification program has 3 tiers: Entry level Administrator Engineer Palo Alto Networks offer free training for all of these, although you have to pay for …
Continue reading “Palo Alto Networks Certified Cybersecurity Associate (PCCSA)”
CCNA R&S
Cisco have offered the CCNA (Cisco Certified Network Associate) since 1998, but it’s been through a few variations over the years. They’ve changed the syllabus and the number of exams: Year Part 1 Part 2 Combined 1998 CCNA (640-407) 2000 CCNA (640-507) 2002 CCNA (640-607) 2003 INTRO (640-821) ICND (640-811) CCNA (640-801) 2007 ICND1 (640-822) …
Offensive Security Wireless Professional (OSWP)
In April 2019, I took the Offensive Security Wireless Attacks (WiFu) course and the OSWP exam. (Along with PenTest+ and Microsoft 365 Fundamentials, this was my third exam in a month!) In brief, I enjoyed this. I thought the content was interesting, and the exam was actually fun (similar to an escape room). However, the …
Continue reading “Offensive Security Wireless Professional (OSWP)”
Microsoft 365 Fundamentals (MS-900)
In April 2019, I took the Microsoft 365 Fundamentals (MS-900) exam. Microsoft offer free training; they say that this will take 4 hours 11 minutes, although you might find that you need to repeat some of the videos if you didn’t fully understand it the first time through (e.g. if you got distracted). It would …
PenTest+ (PT0-001)
In April 2019, I took CompTIA’s PenTest+ exam. Along with CySA+, this bridges the gap between Security+ and CASP. As the name suggests, it’s all about penetration testing. This is a relatively new exam, and it’s still on the first release (PT0-001). Because of that, it’s not very well known, so I haven’t seen any …
SSCP
In September 2018, I took the (ISC)2 SSCP exam (Systems Security Certified Practitioner). This was a bit different from any of the previous exams I’ve taken: normally I would sit the exam(s), then get a qualification if I passed. In this case, the exam is only one component: you also need to be endorsed by …
Security+ (SY0-401)
In November 2016, I took CompTIA’s Security+ exam. NB I did the SY0-401 syllabus; CompTIA replaced it with SY0-501 in October 2017, so some of the info in this blog post will now be a bit out of date. In brief, I think that this is a worthwhile certification. It emphasises breadth rather than depth, …
Sextortion
For the last couple of years (since July 2018), I’ve been receiving “sextortion” emails. There a few variations, but the basic gist is always the same: “I’ve hacked your webcam and filmed you masturbating, now pay me money or I’ll send the video to everyone you know.” They often include my password, in an attempt …
Active Directory lockouts
A lot of organisations set up security policies so that users will be locked out if they enter the wrong password too many times. The idea is to prevent brute force attacks, where an attacker could sit there all day running through the dictionary until they guess the correct password. The downside is that this …