My first Cybersecurity Certification

By


After learning about CompTIA security+ through LinkedIn and after doing some initial research about the content, book, and objectives of the exam I got an understanding that this certification touches on every part of the fundamental cybersecurity domain in great detail.

In this blog, I will discuss what I learned from the certification, the key materials to study and how to learn it so that it can be beneficial to apply these concepts while dealing with real-life situations or in a home-lab environment.


How the certification helps?

As we know CompTIA security+ is a global certification it validates and helps us have the baseline knowledge to perform core cybersecurity operations. It helps an individual to identify and address potential threats, risk management techniques, and also intrusion detection and prevention systems among others.

As the exam covers 6 important domains within cybersecurity some of the key topics I learned and think were very essential in building up my knowledge were:

1.0 Threats, Attacks, and Vulnerabilities:

  • Analyzing different types of malware on the basis of the IOCs ranging from ransomware to logic bombs.
  • Defending against key attacks like Social Engineering attacks, service attacks (DDOS, cross-site scripting, cross-site forgery), and wireless and cryptographic attacks.
  • Recognizing different types of attack vectors inside and outside the organization.
  • Penetration and Vulnerability scanning concepts.

2.0 Technologies and Tools:

  • This section covers some of the very important technologies and tools which helped me learn to install and configure these technologies.
  • Technologies like firewalls, IDS/IPS, proxy servers, load balancers, SIEM, and network access controls.
  • Some key software tools which are used to check the security posture of the organization like Wireshark, command-line tools, and wireless and network scanners.
  • Also learning about securing protocols such as HTTPS, SFTP, DNSSEC, and SSL/TLS.
3.0 Architecture and Design:
  • This domain helps in learning different regulatory and non-regulatory frameworks used in cybersecurity, and the importance of defense in depth layered security.
  • Importance of physical security controls and automation strategies like RAID.
4.0 Identity and Access Management
  • In this domain, I learned about the different types of multifactor authentications, federated identification, and single sign-on.
  • Implementation of Identity and Access management controls like role and rule bases controls and biometric security.
  • Important account management policies like maintaining the least privilege, permission, and usage auditing along with account policy rules.
5.0 Risk Management
  • This domain covers the risk management concepts, business impact analysis, and different policies set in the company like personnel management which helps in avoiding risks.
  • It also covers the three types of control administrative, physical and technical in an organization.
  • Incident response procedures along with computer forensics methodologies.
6.0 Cryptography
  • This domain covers the core cryptography concepts and different algorithms present.
  • It also covers how certificates are obtained on our systems.

PS: You can find the whole syllabus over here 


Books, videos and techniques I used to prepare for the exam:

The book I used to prepare for the exam is Darill Gibson Get Certified Get Ahead - This book covers every topic in depth with ease to understand and recollect every topic.



One method I used was to write small notes like this to get a firm grip over the topics and be easy to revise.



Along with the book I used Prof Messer's videos to clear my concepts. I recommend using both to have a clear understanding because the exam is designed to confuse you and will demand a depth understanding of the topic.

Prof Messer Security+ playlist


Thank you!

- Sanket More

Comments

Post a Comment

Popular posts from this blog

SIEM(Splunk) dashboard creation - Firewall

By
Image
Summary: In this blog we are going to create a Firewall Dashboard in SIEM tool Splunk which helps an organization to visualize its security in real-time. Dashboards : Dashboard consists of one or more panels displaying data visually, presenting it in a useful way in form of events, tables or charts which can be used to measure, monitor & analyze revelant key areas. Now, we will go forward and create a firewall dashboard which will help us in better analyzing our data. (P.s We have already uploaded firewall logs on splunk. Please check this blog -  https://bit.ly/3UQWoBP) First, we will install this "Infosec" app from -  https://splunkbase.splunk.com/app/4240 which adresses most common security issues and we will create the same dashboard. Dashboard Panels : Panels that our dashboard will have are: 1-  Blocked connections : (   We are using Palo Alto traffic logs to find out all the blocked connections) index=botsv2 sourcetype="pan:traffic" action=blocke...
Read more

Uploading demo logs and analyzing Firewall logs

By
Image
Summary: In this blog, we are going to download demo logs from GitHub and upload, understand and analyze FortiGate and Palo alto raw logs. Uploading logs to Splunk : We will start by downloading the dataset from  https://github.com/splunk/botsv1  this site. Here in the below pic, you can see two different datasets ( One containing normal and attack logs and the other one containing only attack logs). I am downloading the attack logs. This dataset contains different types of logs as shown below. As the botsv1 dataset contains only FortiGate firewall logs for Palo Alto logs we will download the botsv2 dataset from this site https://github.com/splunk/botsv2 Uploading logs to Splunk: After downloading both the datasets, extract and copy both the folders and paste them to  InstallationPath/Splunk/etc/apps    After this step, we will allow Splunk to parse the logs for a few seconds and then check as shown below. Here, we can see that both the datasets have been uploa...
Read more