Certification: Security+ & CEH

My goal for this post is to provide feedback on my experiences obtaining the CompTIA Security+ certifcation. Even though I passed the SYS-401 exam in October 2017, my past experience may help those preparing for the newer exam today.

I began my journey trying to determine how I wanted to learn the Security+ material. I limited my choices to a formal training (boot camp), self-study, and a college course. However, another deciding factor was how much money did I want to invest for this certification.

Based on my past experiences, I enjoy going to a formal training center and being immersed in a boot camp like atmosphere. I find that most instructors are knowledgeable about the topics they cover and this makes it easier for me to ask questions related to issues I have seen on the job.

However, in my situation, I was not involved with daily security functions at work and was afraid that I would not retain the knowledge being taught. Add the cost of the class and travel expenses, estimated to be over $5000, I could not justify this method of learning; even if my company was willing to pay for the class and the expenses.

After eliminating formal training, I started reviewing self-study material. During my research, I found many references to the Professor Messer video series. In addition, my company provided me with a Plural Sight subscription (~$500); which included Security+ videos and a testing engine. Both of these were very useful in my learning. However, I seemed to let life get in the way and started losing focus. Enter the college course.

While taking a basic HTML/CSS course at a local junior college I noticed that they had a degree program in Cyber Defense. Further investigation revealed that this college was an authorized CompTIA Academy and taught Security+.

After doing a little more research, the total cost of the class and books was less than $800. Based on the cost as well as having an avenue that would provide me the ability to retain the information being taught and being accountable for learning, I signed up for the next semester.

In combining the college class and the self-study material, I had finalized my strategy for learning the Security+ material. Once the material was learned, it was time to sit for the certification exam.

As to the exam itself, I found that it was challenging, but not as difficult as others that I have taken in the past. With that said, for those that have little to no IT or Security experience, this test could be very difficult.

For the most part, the questions on the test were covered by the topics in “CompTIA Security Guide to Network Security Fundamentals, Fifth Edition”. The exam questions felt as if the “kitchen sink” was being thrown at you based on the wide range of questions asked.

In addition to the CompTIA book, I found that the test bank of questions from Plural Sightwere helpful as well. If memory serves me correctly, their question bank provided a good simulation of topics on the Security+ test. However, one probably would not pass this exam studying only with the Plural Sighttesting engine.

In summary, I hope my experience is able to provide guidence and a learning strategy to those who are seeking the CompTIA Security+ certification.

In this post, my goal is to provide feedback on my experiences obtaining the EC-Council Certified Ethical Hacker v9 (C|EH) certification. Although I passed the C|EH exam in November of 2017, I am hoping to provide useful information for those who are interested in achieving this certification.

While studying for the CompTIA Security+ exam, my company graciously provided a Plural Sight subscription (~$500). Within Plural Sight’s library, I found several courses on Certified Ethical Hacker 312–50.

I began to watch this series and really enjoyed how the instructors delivered the content. They thoroughly discussed each topic, but also were able to breakup the monotony with witty jokes and stories. In addition, the first video of the series provided instruction of how to setup up your own virtual lab.

For me, the Plural Sight C|EH course was a great start. However, I wanted some formal or virtual classroom instruction. So, I found a company that was advertising a C|EH class on Eventbrite and purchased a seat.

Since I had about one month before the virtual classroom instruction began, I continued with the Plural Sight C|EH series in order to be more familiar with the instructor lead virtual training. As the time neared to take the virtual classroom instruction, the red flags started appearing.

Based on the training provider’s literature, the provider was supposed to email basic information regarding the instructor’s name as well as the ability to setup and test remote connectivity to their virtual classroom. However, that did not occur.

After multiple calls and emails to the training provider, all of which were unanswered, I turned to EC-Council for assistance. This is where I learned that EC-Council provides the instruction themselves and only authorizes a few third-party training partners.

So yes folks, I got took. Ironically enough, I got scammed trying to take a Certified Ethical Hacker class. To add insult-to-injury, EC-Council informed me that I was not eligible to sit for the C|EH 312–50 exam without first attending an authorized C|EH training class.

Luckily, I purchased the virtual training with an AMEX card. After reporting the event to AMEX, they immediately credited my account and advised me they would take care of reimbursement from the third-party and that I was not to worry about this event any longer. Thank you AMEX!!

Once the money was credited to my AMEX account, my next action was to purchase the C|EH class from EC-Council. The concept of a vendor providing the training was new to me based on my past experiences taking Cisco training; where it was all taught by third-parties and not Cisco. I will have to chalk this up to a lesson learned.

From EC-Council, I purchased the iLearn package. This included a one-year subscription of iLearn Online Training, a six-month subscription of iLabs, e-courseware, a VUE AVTC Voucher, and a six-month subscription to Transcender.

Once the purchase was complete, EC-Council followed up with several emails that included detailed instructions on how to get started as well as how to redeem the vouchers for the different packages purchased.

The iClass portal is where all of the virtual lecture content is stored for on-demand play back. I enjoyed the instructor’s ability to deliver the content as well as provide stories pertaining to his hacking experience. The portal also provides the ability to take notes and launch the E-Courseware.

With regards to the E-Courseware, this material was housed on Vitalsource.com within the Bookshelf portal. I thought the material was well put together. If one is not familiar with the Bookshelf portal, it may take some time to get used to it.

Also, within the iClass portal there is the ability to launch the Module Labs. I really enjoyed the labs a lot. The labs were configured to where the student had multiple systems to hack against and not disrupt other students. In addition, the student can walk through the chapter lab with step-by-step instructions or go completely rogue and test what seemed to be hundreds of different security applications.

After I completed the C|EH course, on iClass, I used the Transcender voucher to register for my six-month practice test. I took multiple practice tests each day and I continued testing until I consistently scored in the 95% range. At this point, I used my last voucher and registered to sit for the exam.

As to the C|EH v9 exam itself, I found that it was not as challenging as the CompTIA Security+ exam. I felt a little let down due to the fact that I thought there would have been some basic hacking simulations on the exam.

In talking with several veteran penetration testers, the lack of keyboard time seems to portray a negative light towards the C|EH within the security community. Although, I have read that the new C|EH v10 exam has a practical component and hopefully this will address some of the lukewarm acceptance of the C|EH certification among the security community.

In closing, I hope that sharing my experience helps provide useful information to those who are seeking the EC-Council C|EH certification. In addition, if you do not already have the CompTIA Security+, I would recommend completing this shortly before or after completing the C|EH exam.

Source https://medium.com/@bondo.mike

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s