Several times we set our goal to pass one specific certification for different reasons like getting knowledge for a specific field, improve your skills or get a specific position. Doesn't matter what are our intentions we begin to buy books, videos and exam simulation and also we begin to read a lot of forums where some users explained how they passed the exam.

 

We are excited and eager to learn more and more, then the time passed and you lost motivation especially when you reach some subject that are a little boring or you did not expected.

 

How to go on?

 

This happen to me several times, I followed this steps and worked for me, maybe it works for you or create your own method.

 

1. Set in your mind why you are getting this certification.

 

If the certification is not clear in my mind then I will lose focus right away the first week. So put it in your mind or write it somewhere and put it in front of you on your desk area where you study.

 

2. Set small goals

 

Yes, I know you want the main goal pass the exam or get the knowledge, setting the small goals will help you to reach your main goal, for example:

 

Complete Chapter 1 - Jan 12

Complete Chapter 2 - Jan 15

Complete Chapter 3 - Jan 19

etc, etc.

 

How to accomplish it?. You can use any website (free or paid) to set this goals, I used in the past GoalsOnTrack (paid), the website will send you emails saying you have Chapter 1 due by Jan 12 and so on.

 

Now to remind you that you need to read several times during the week the books and exam simulations you can use Irunurun for IPhone, in this application you can set your actions and how many times you are planning to do it, they system will provide points for any activity, like grades you have at school, if you set the goal study 4 times a week and you did only three times you got 75. Get the idea? So your goal will be like any other exam, go over 80%. This will give you a picture if you are really studying, if you only did 50% means I am not putting enough effort.

 

3. Practice with exam simulation as soon as possible.

 

The reality is we need to pass to get the cert and at the same time get knowledge. So if you are studying a specific subject use the exam simulation only in that object, like drilling, DO NOT READ THE CORRECT ANSWER IN THE EXAM. Why because at the end you will memorize the answer and those answers will not be in the exam.

 

How will this help you? You will not know the answer, you will be lost but when you are reading the chapters in that subject and you read the answer or explanation of something you did not have any clue on the exam simulation then in that moment you will have the CLICK, it will stick in your mind and you increase the change to remember and the boring part will go away because you are more interested your brain assimilate more.

 

When you stick with small goals and a program you will advance to get your certification, will keep you a little focus and at the end you will get your main goal.

 

 

 

How to become a Security Analyst? That's the question everybody asked when they want to go to security and the answer is depend!

 

Depend of different factor like your experience and knowledge, also the requirements for that position. Lets begin with the basic:

 

Basic Knowledge and Experience

 

Lets be clear, you cannot protect something that you do not know how it works and how to configure it. So you need to have good knowledge and experience with Windows or Linux, network devices or any programming language. It doesn't require to be an expert on those feels.

For example, what happen if you are a Security Analyst in one company and got a ticket requiring you to give access to some shared folders to a user, what happen if you do not understand the differences between shared and NTFS permissions? Inherit permissions?, etc, etc. Can you imaging the mess that you could create on that shared folder. So again we need to understand the basic.

Now lets analyze different security analyst position.

 

Example 1: Security Analyst - Principal function grant/revoke access, manage RSA tokens, VPN, etc. -Windows shop

 

Now for this position you will need to know Active Directory, Windows Administration, SHARED and NTFS permissions, how two factor authentication works for RSA and networking knowledge to troubleshooting VPN.

Target certifications: Any Windows 2008/2012 Server certification and CCNA Security plus the gold one to make it sure CISSP.

 

Example 2: Security Analyst - Principal function vulnerability assessment, Source Fire  (Snort), Splunk or QRadar. - Practically monitoring

 

Now this position has the same title of the example 1, the requirements are higher than the other example 1. This position would require some basic knowledge for penetration testing, Operating system like Windows/Linux, network protocols and some exposure for Splunk or QRadar.

Target certification: Any Windows 2008/2012 Server certification, CCNA Security, Linux cert, GIAC cert plus the gold one to make it sure CISSP and OSCP.

 

Example 3: Security Analyst - Principal function vulnerability assessment, penetration testing.

 

Now this is the gold position that everybody dream, it is one of the most difficult, because you need to have good knowledge or everything and one or two specialist.

Target certification: All above plus CISSP, OSCP, any web cert or any advance certification and the most important is experience and logic.

 

How to reach my goal: Security Analyst?

 

Doesn't matter the position where you are, you need to become good in that position, get knowledge any experience possible and certification slowly, you need to be good in that position to move up.

There is not short cut, require effort and study and practice a lot. Most of the security analyst comes from System or Network admin/engineer. so if you already reach those positions then you are in good track.

Do you have your own virtual machines, your own lab where to practice any configuration, if you have one then you are putting yourself in shape to be a security analyst.

 

please give us your opinion in the forum: http://www.learn-security.net/forum/

 

 

 

 

 

 

 

I had the chance to watch all the videos for Certified Incident Handling Engineer Mile2 through Career Academy.

 

These videos where straight to the point where you can get  pretty good knowledge of the whole Incident Handling process.

 

This is the list of videos:

 

Course 01 - Course Introduction
Course 02 - Threats, Vulnerabilities and Exploits
Course 03 - IH Preparation
Course 04 - Request Tracker for Incident Handling
Course 05 - Preliminary Response
Course 06 - Identification and Initial Response
Course 07 - Sysinternals
Course 08 - Containment
Course 09 - Eradication
Course 10 - Follow-up
Course 11 - Recovery
Course 12 - Virtualization Security
Course 13 - Malware Incident Handling

In the first two chapters give you an introduction and a lot of information about the threats, vulnerabilities and incidents.

 

Then IH Preparation chapter talk about what kind of communication we have to have with Management in case something happen, notice this chapter is for preparation. Also mention what to do in some cases like Turn off the server or trying to obtain information of the incident with the server on.

 

Chapter 04 was new for me, Request Tracker for incidents and explained one software to track the incident

 

Chapter 06 Identification and Initial Response expressed what to see to identify the incident and some examples and report procedures.

 

Chapter 07 Sysinternals was very instructive, mention the different tools we can use for an incident.

 

Chapter 08 is very delighted, Containment. How to stop potential loss, further damage and also identify clearly what computers were engage with the incident. Also enphisy the criteria to determine the right stategy.

 

Chapter 11 Recovery list in details what to do to recovery a system and how to validate the system before put it in production.

 

During the training enphasice the lesson learn in the process.

 

These videos are good, I recommend to watch it, if I put my hands in the printer material I will do a review on it.

 

Mile2 contacted us and provided this discount code for 2016: BN16a 

 

Please give us your feedback in  http://www.learn-security.net/forum

This training Certified Penetration Testing Engineer Mile2 at Career Academy is good, the quality of the videos are great and the information is pretty good.

 

These videos will give you full idea of the basic knowledge you have to have to be a pentester, from here you have go deep in your expertise area.

 

Sure this training mention tools for Windows and Linux. Explain how Kali is the basic platform for a pentester and at the same time mention several tools in Windows, yes Windows OS that can be used to run attacks like Cain and Abel.

 

This is the list of videos:

 

  • Course 01 - Logistics of Pen Testing
  • Course 02 - Linux Fundamentals
  • Course 03 - Information Gathering
  • Course 04 - Detecting Live Systems
  • Course 05 - Enumeration
  • Course 06 - Vulnerability Assessments
  • Course 07 - Malware Goes Undercover
  • Course 08 - Windows Hacking
  • Course 09 - Hacking UNIX/Linux
  • Course 10 - Advanced Exploitation Techniques
  • Course 11 - Pen Testing Wireless Networks
  • Course 12 - Networks, Sniffing and IDS
  • Course 13 - Injecting the Database
  • Course 14 - Attacking Web Technologies
  • Course 15 - Project Documentation

 

The training begin with the basic, Logistic of the penetration testing, Linux fundamentals, the last one is very important because normally is the  basic knowledge for a pentester.

 

The more you know about your targets the better will be your success, that is the reason there are three videos for information gathering and enumeration, with details.

 

Something very interesting of these videos is that always mention the countermeasure, a lot of pentesters can explain you how they hacked the server or network, but they cannot explain how to fix it, really? These videos always will tell you how to protect it, I considered it like a bonus.

 

Windows and Linux hacking are good providing the surface attack for both platform.

 

Advanced exploitation techniques is great explaining how exploit works.

 

Wireless modules give you a lot of information about the technolgy and different attacks.

 

The theory in Chapter 12 Networks, Sniffing and IDS showed some very important tools and explain in theory how the IDS evasion works.

 

Lastly and not less important is the Project Documentation, what do we have to include and how not to make the IT or IT Security department you enemy, something very important if you really want to improve the security.

 

Conclusion: These videos are great but do not think you will be a pentester after you complete it, now you will need to practice and do the labs in the books in case you purchase them, in my case I did not have the change to put my hands on it.

 

Also remember, if you want to be a pentester practice, practice a little more and practice again, keep getting knowledge and go deep then you will be a good pentester.

 

Mile2 contacted us and provided this discount code for 2016: BN16a 

 

 Please give us you opinion at http://www.learn-security.net/forum/

 

 

 

Points to review for CISSP exam, I took some notes from the Eleventh Hours (Eric Conrad), please read that book, this is just some points to remember, no explanation:

 

Bell-LaPadula Model

 

Focus: Maintain confidentiality of objects.

 

Mean: Not allowing users at a lower security levels to access objects in a different level or superior level.

 

Facts:

 

  • Simple Security Property: no read up
  • Security Property: no write down
  • Strong Tranquility Property: security level will not change while the system is operating.
  • Weak Tranquility Property: security labels will not change in a  away that conflicts with define security properties

 

Lattice-based access controls

 

For every relationship between subjects and objects they set defined upper and lower access limit inside the system.

 

This depend of the need of the subjects, the label of the object and the role the subject has been assigned

 

Biba Model

 

 

The militaries focus in confidentiality for that reason Bell-LaPadula works fine, for business integrity is VERY important, Biba address this.

 

Facts:

 

  • Simple Integrity Axiom: no read down. This protects integrity by preventing bad information from moving up from lower integrity levels
  • * Integrity Axiom: no write up: This protect integrity by preventing bad information from moving up to higher levels.

 

Clark-Wilson

 

This is a real world integrity model that protects integrity by requiring subjects to access objects via programs.

 

Clark-Wilson use two primary concepts:

 

  1. Well formed transaction
  2. Separation of duties

This model implement Integrity-monitoring rules and integrity-preserving rules.

 

Also use the Access Tripe rule

Chinese Wall Model (Brewer-Nash)

 

This is designed to avoid conflicts of interest.

 

You can check the following books: