In Oct 2023, I took the CCSA exam. In Dec 2024, I followed this up with the CCSE exam.
NB You have to pass the CCSA before the CCSE, but it doesn’t have to be active. I.e. it still qualifies after it’s expired, as long as it’s for a recent version. In my case, I did the R81.20 version of both exams.
(more…)Back in March, I did Palo Alto’s PCNSA exam. Since then I’ve been working with Check Point firewalls, so I decided to do their CCSA exam (for R81.20).
Normally, I would start by looking at the exam objectives. However, in this case I can’t, because they’re behind a paywall! The nearest thing that’s publicly available is the course overview. This is unusual: I haven’t seen any other exams that do this. It’s also notable that Palo Alto give out a free study guide (pdf), whereas Check Point ask you to pay $3250 for their course; I’m not sure whether that includes the exam itself ($250). However, you can book the exam without doing their course, and that’s what I did.
As with any certification, it’s worth asking a couple of questions:
In other words, what does this certification actually measure? What does it tell you about the person who has it? In brief, I’d say that a lot of the questions will be very easy if you have hands-on experience, and very difficult if you’ve just seen someone else do it in a video.
I can’t discuss specific exam questions because of the Non-Disclosure Agreement (NDA), so I’ll use London Underground (aka the Tube) as an analogy. If you’ve lived or worked in central London for a while, you’ll probably be familiar with the tube map, e.g. you’ll know that the Central line is red and the Circle line is yellow. That isn’t something you’d specifically sit down and memorise, but you’ll pick it up by repeated exposure. So, if I asked you which line is green on the map, that should be pretty easy.
On the other hand, suppose that I asked you what time the last train runs each night (from a station that you use regularly). Some people will know the answer by heart, because they often end up running for that train. Other people might be in bed by 10pm every night, so they’ve never needed to know.
Coming back to Check Point, there are some situations which will come up on a daily basis, and other situations which are less common. So, you might need to go out of your way to practice those scenarios, e.g. in a lab environment.
Now that I’ve got the CCSA, I’m going to start studying for the Check Point Certified Security Expert (CCSE). This includes some additional topics, such as High Availability (ClusterXL).
NB You need to be CCSA certified before you can get the CCSE. (Cisco used to have a similar policy, e.g. you needed CCNA before CCNP, but they’ve relaxed that now to just say that you need equivalent knowledge.) I think the CCSE will be more useful, but the CCSA is a necessary step along the way.
(more…)Yesterday, I passed the PCNSA exam.
I previously did the PCCSA/PCCET exam, which was more of a general overview about security concepts and the Palo Alto product range. By contrast, the PCNSA is more practical, so it’s aimed at people who do hands-on tasks with a Palo Alto firewall. In particular, it’s mostly focussed on PAN-OS, with a bit of Panorama; the other cloud-based services (e.g. Prisma) have separate certifications.
(more…)In March 2023, I passed the OSCP exam, to become an OffSec Certified Professional. Combined with the CPSA, this also made me a CREST Registered Penetration Tester (CRT).
The OSCP is sometimes described as an “entry level” pen testing certification, which can be a bit confusing. It’s certainly not aimed at beginners to IT! For context, I’ve passed 40 other IT exams on my first attempt; this is by far the hardest exam I’ve taken, and it took me 3 attempts to pass, after 6 months of full-time study.
However, the OSCP is entry level for pen testing, in the sense that it’s a de facto standard. There are lots of job adverts which list the OSCP or CRT as requirements. I’ve previously done the PenTest+, OSWP, and eJPT: those are all easier exams (i.e. more accessible to beginners) but none of them helped me to get any job interviews.
The OSCP is also entry level in the sense that there are more advanced certifications out there, e.g. the OSEP (OffSec Experienced Pentester). So, this certainly isn’t the end of my learning journey; it’s a new beginning.
Before I dig into details, just a general note. There have been various changes over the past few years, e.g. the exam format changed in Jan 2022, and the syllabus changed in Mar 2023. So, if you’re looking at blog posts, Reddit threads, YouTube videos, etc. then keep an eye on when they were published; the information might have been true at the time, but no longer relevant. (That also applies to this post.)
Also, at the risk of stating the obvious, I’m not going to share anything that would breach the non-disclosure agreement. In particular, I’m not going to reveal any details about my exam machines, so please don’t ask!
(more…)In Feb 2023, I took CompTIA’s CASP+ (Advanced Security Practioner) exam, and I passed first time.
I used Jason Dion’s Udemy course to prepare for this. That was the only specific training that I did for this exam, but I also spent the previous 6 months preparing for the OSCP, and I have prior knowledge/experience.
(more…)In July 2021, I took the Microsoft Security, Compliance, and Identity Fundamentals (SC-900) exam.
NB The exam content has changed since then, so some of the specifics in this blog post might be out of date.
According to the exam description:
“Candidates should be familiar with Microsoft Azure and Microsoft 365 and want to understand how Microsoft security, compliance, and identity solutions can span across these solution areas to provide a holistic and end-to-end solution.”
I’ve previously taken MS-900 (Microsoft 365 Fundamentals) and AZ-900 (Azure Fundamentals), and I’d recommend them as a starting point to address the prerequisites.
In November 2016, Cisco introduced “CCNA CyberOps”. This consisted of 2 exams:
At this point, there were 10 associate level certifications: 9 versions of CCNA (Cisco Certified Network Associate), and also CCDA (Cisco Certified Design Associate).
In February 2020, most of the associate exams were merged together into the new CCNA (200-301). The only exception was CCNA CyberOps, which got rebranded as Cisco Certified CyberOps Associate.
In May 2020, the 2 exams above were replaced with a single exam:
NB There was no overlap period between the old/new exams; the last date to take the old exams was 28th May, and the first date to take the new exam was 29th May.
I interleaved the CyberOps exams with the CCNA R&S:
The main reason I did it this way was to stop the CCENT from expiring before I was ready for ICND2.
For training material, I used the Cisco Press books and Matt Carey’s Udemy course.
Looking at the 2 books:
So, the combined length (830 pages) was equivalent to one of the CCNA textbooks (800-900 pages each). I’m glad to see that the CBROPS study guide is a single book, with 16 chapters (575 pages) plus appendixes.
The Udemy course has been updated for the CBROPS exam, so anyone who paid for the old course will automatically get access to the new material.
NB This blog post applies to the original 2 exams.
(more…)In April 2020, I took the eJPT exam from eLearnSecurity. As the “Junior” part of the name suggests, this is an entry level exam, and I think it acts as a good stepping stone towards the eCPPT or the OSCP.
All of eLearnSecurity’s certifications are good for life, as opposed to Cisco/CompTIA certifications which have to be renewed every 3 years; however, they update the syllabus every so often, so eJPTv2 has now replaced the original eJPT (which I did).
This was my third penetration testing exam, and it took an interesting approach. PenTest+ is a traditional theory based exam, where you answer multiple choice questions and then a computer instantly gives you the result when you finish. OSWP is a practical exam, where I had to submit a written report and wait for a human to review it. In the eJPT exam, you are given VPN access to a network, and then you have to answer multiple choice questions based on that network. For instance, they might ask you “How many Windows services are configured for automatic startup on SERVER1?” The only way to find out is to gain access to that server, i.e. you have to actually use the skills that you’ve learnt rather than regurgitating trivia points from memory. I think this approach gives the best of both worlds, i.e. a practical test with instant results, although reports are an important skill for real-life penetration tests.
(more…)I’m currently preparing for the OSCP exam. As part of that, I’ve spent a lot of time on OffSec’s Discord server, where I’ve helped other students and been made a “Community Companion”. I noticed that a lot of people got stuck on a particular exercise (section 11.2.8, question 3) so I made a video walkthrough:
NB OffSec have a blogging policy, which says:
“We encourage you to blog about your overall experience, however we must request that you do not publish any scripts or solutions for systems within our labs.”
In this case, my solution applies to a topic exercise rather than a lab VM. However, I emailed OffSec before I made the video, and they reviewed it before I made it public.
In March 2020, I took CompTIA’s CySA+ (Cybersecurity Analyst) exam. Along with PenTest+, this bridges the gap between Security+ and CASP. In simple terms, PenTest+ is about “red team” activities (attack) whereas CySA+ is about “blue team” activities (defence). This certification was launched in 2017 as CSA+, but it was rebranded in January 2018 because someone else had already registered “CSA” as a trademark. The exam (CS0-001) stayed the same, although this was retired in October 2020.
NB The CS0-002 exam was launched in April 2020, giving a 6 month overlap, but this blog post covers the older exam. I noticed a bit of overlap between CS0-001 and PT0-001 (possibly because CySA+ launched first), so I’m guessing that CS0-002 will make them more distinct, but I can’t confirm that.
Thinking about the target audience for this certification, it seems to cover a hybrid role. Some of the objectives cover hand-on skills, e.g. configuring a firewall or doing forensic analysis on a PC that’s infected with malware. Other objectives are on the management side, e.g. risk assessments and data classification.
(more…)