Embark on a journey through the intricate world of cybersecurity certifications with me, Sean Gerber, and discover how to transition from tech enthusiast to CISSP-ready specialist. If you're looking to solidify your place in the cybersecurity realm, this episode is the map you need to navigate the terrain of essential certifications. We begin with the cornerstone certifications like CompTIA's A+ and Network+, examining their price tags, the time commitment for study, and the expansive knowledge they provide. Knowing these can craft a formidable foundation for your cybersecurity expertise.
As we forge ahead, the episode carves out the pathway to more advanced certifications, including CompTIA's Security Plus and the Certified Ethical Hacker (CEH). These are the milestones for anyone lacking the five-year experience but aiming for the CISSP pinnacle. Here, the discussion illuminates the significance of each certification, how they dovetail with CISSP prerequisites, and the practicality of options like the GIAC Security Essentials. My insights aim to steer you clear of costly detours and equip you with the knowledge to prioritize and select the certifications that will truly amplify your cybersecurity career.
Finally, we approach the summit: preparing for the CISSP exam. I lay out the CISSP cyber training blueprint from my website, a structured study guide to keep your preparation on track and your goal within reach. The blueprint is your accountability partner, ensuring your focus as you tackle each domain necessary for the exam. As our session wraps, I leave you with a wave of encouragement for the week ahead and the anticipation of diving into the first domain of the CISSP in our next gathering. Let's fortify your cybersecurity career, step by certified step.
Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!
Embark on a journey through the intricate world of cybersecurity certifications with me, Sean Gerber, and discover how to transition from tech enthusiast to CISSP-ready specialist. If you're looking to solidify your place in the cybersecurity realm, this episode is the map you need to navigate the terrain of essential certifications. We begin with the cornerstone certifications like CompTIA's A+ and Network+, examining their price tags, the time commitment for study, and the expansive knowledge they provide. Knowing these can craft a formidable foundation for your cybersecurity expertise.
As we forge ahead, the episode carves out the pathway to more advanced certifications, including CompTIA's Security Plus and the Certified Ethical Hacker (CEH). These are the milestones for anyone lacking the five-year experience but aiming for the CISSP pinnacle. Here, the discussion illuminates the significance of each certification, how they dovetail with CISSP prerequisites, and the practicality of options like the GIAC Security Essentials. My insights aim to steer you clear of costly detours and equip you with the knowledge to prioritize and select the certifications that will truly amplify your cybersecurity career.
Finally, we approach the summit: preparing for the CISSP exam. I lay out the CISSP cyber training blueprint from my website, a structured study guide to keep your preparation on track and your goal within reach. The blueprint is your accountability partner, ensuring your focus as you tackle each domain necessary for the exam. As our session wraps, I leave you with a wave of encouragement for the week ahead and the anticipation of diving into the first domain of the CISSP in our next gathering. Let's fortify your cybersecurity career, step by certified step.
Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!
Speaker 1:
Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. Alright, let's get started. Let's go. Cybersecurity knowledge. All right, let's get started. Hey, all it's Sean Gerber.
Speaker 1:
With CISSP Cyber Training and today's podcast, we're going to be getting into the various cybersecurity certifications and why are they important. I get a lot of questions from folks that I work with is what certification should I get? Why should I do it? I know obviously we're studying for the CISSP, but how do I go from zero to hero? Now, that may seem like what do you mean, but the point of it is is that we're trying to determine how do you get from a situation where you have no background to actually taking the CISSP. So we're going to walk through what I feel are some of the key certifications that are important for you to have Now. When I say certifications, that does not necessarily mean that you have to have the certification. It means you could just take the test or not take the test. You could actually study the material, have a good understanding of the material and then go from there. You don't necessarily have to take the test. Now, obviously, people like to get the certification because you know you go to all that work. You would like to have the ability to go. Aha, yes, I passed it, let's go. But we're just going to kind of walk through some of the areas that you need to be concerned about or you need to be aware of if you're going to be going into cybersecurity, and how you can what certifications would be valuable.
Speaker 1:
So, getting started, let's look at CompTIA's A+. Now, if you look at the, you'll be able to see this video. I've kind of got it on my OneNote. What are some key concepts around it? But bottom line is A plus is kind of the entry level and it's hardware based, and it's really bad to have about nine to 12 months of hands-on experience in the lab or field before taking the exam. Now, I took that exam. I would say it's definitely valuable to have a good understanding before you take it. Do you need nine to 12 months of hands-on experience? No, you don't. You can take it without having that. The chances are, though you may run into some problems, but the good thing is there's plenty of online resources with A-plus that you could actually utilize to help you pass the test right Now.
Speaker 1:
The cost of the test depends on what it's going to be right. There's some various versions of it, but at the end of the day, it's going to cost you around $200 US to take the test. Now it will depend upon the region you're taking the test and this again, these numbers might be a bit dated, but bottom line, just figure 250 bucks so you can find a lot of the training online, plus 250 bucks for the test. So for probably less than $500, you can take the CompTIA A-plus test. Now you want to sit for studying for this thing. You want to give yourself at least probably one to two months for the exam, and it's just important to depending on how much time you have to study for it. I mean, some people can go out and crank this thing out, just go take it and pass it, but if you're going to spend that kind of money, you may want to waste or spend at least one to two months getting ready for the exam. Now, it is a globally recognized certification and it does give you the baseline skills to perform the core security functions. And some of those areas of concentration are hardware, troubleshooting and maintenance. I'm done with that. Right, you have hardware systems that you've got to work through networking, troubleshooting and network connections, configuring operating systems including Windows, Mac, Linux okay, operational procedures and security, and then mobile devices and virtualization. So it's the basics. It's to get you in, get you started and get you a little bit of a background and understanding in the security flash computer space. Okay, so then we're going to roll into CompTIA's Networks Plus.
Speaker 1:
Now, if you've heard me talk about the CISSP from my podcasts and over the years, one of the things that I've come to recognize is that you need to have some sort of networking understanding. Now, teaching at Wichita State University, a four-year college here in Wichita, Kansas, I was teaching as an adjunct professor with many of my students, with many of my students, and as I'm talking to these students, you know these are folks that for the most part have come out of the high school environment, maybe a two-year college degree. But what I'm finding was with that group of people is they didn't truly understand networking and I'll just be blunt, I don't truly understand networking, at least not to the level that it probably should. But I do know enough to pass the Networks Plus test, and I do know enough that I can at least have adequate conversations with individuals when it comes to these various topics. And so what I do recommend is, if you are looking to get your CISSP, at least at a minimum you need to take the Networks Plus training that you can find on YouTube. I'm eventually going to be offering some of this training, maybe through affiliates or so forth, but realistically, you need to be able to understand networking, and the basics of networking would be very, very valuable, especially for the CISSP, because they're going to ask you questions that are not necessarily technical and from a Networks Plus standpoint, but you need to understand the concepts. You're gonna need to know what a TCP IP handshake is. You're gonna have to know what a SYN flood is, and those concepts are talked about in Networks Plus. If you don't have Networks Plus, then they may seem a bit foreign to you. So I would just recommend it Now, when it comes to the time, you should have at least the A-plus certification complete is what a recommendation is as well as nine to 12 months of networking experience.
Speaker 1:
Now, is that necessary? No, Can you get that by looking at YouTube? Probably. You probably can get everything you need by just watching enough YouTube videos, but having that hands-on skill is pretty valuable. Now the cost of the Networks Plus again, these are probably might be dated, but when realistically it's by about $300 to $350. And that so now you've got that plus your timing, You're probably looking at about a thousand bucks by the time you get your A-plus and your Networks Plus complete. Now it's very. One to three months is what it'll take to study for this and especially if you've had prior experience, it may be a little bit shorter. Depending on your study habits, it could be a little longer. I stink at studying. I'm not very good, but you guys might be much better at that. So just kind of keep that in mind. Now you want to have the ability to study this so that you can pass the test, but then you also want to be able to retain enough that you can go and work in this career field.
Speaker 1:
Now, when it comes to the overall foundation of Networks Plus, just to keep it put in perspective, Networks Plus is not something that's necessarily tied to cybersecurity and or the certifications that are tied to that. However, because we deal with so much in a networking world, it is a very important training. I would say it's probably more important than A-plus if you're going to be focused on the training aspects of it. Areas of concentration would be design, implementation, operations, troubleshooting, security principles the basics right, and then network theory and protocols. So that's a really good way to get started personally.
Speaker 1:
Next one is CompTIA's Security Plus. Now, the Security Plus. It is recommended for folks that are after you take the Networks Plus, you get the Security Plus understanding and they do recommend that you have two years experience in IT admin, obviously with a security focus. Now, is that necessary? No, it's not necessary. You can take Security Plus and some of the future training I have will be able to help you with that. But realistically, the CISSP things that you're learning here you don't need Security Plus. You really don't.
Speaker 1:
Now Networks Plus, I would say yeah, I would probably recommend that over Security Plus if you're already taking my CISSP training, Because if you're already taking my CISSP training, it's going to give you beyond what Security Plus can give you Now. If you're just getting started and you don't have the five years for the CISSP, then getting Security Plus might be beneficial to you, or at least, at a minimum, going out and getting the training from YouTube Again, all of these can be found on YouTube for little to no cost at all. Now, again, you're going to get the training you get and it may not be to the standard that you would like, but realistically it will definitely get you started. Now, some of the areas of concentration that you would like, but realistically it will definitely get you started. Now, some of the areas of concentration that you can expect to be with this is network security, compliance, operational security, threats, vulnerabilities, application and data security, hosts or host security, access controls, identity management and then cryptography. So, if you've heard those comments, we've talked about that with the CISSP routinely. So you guys all know that this really kind of falls in line with the CISSP, but I would consider it like CISSP lite would be my thought process around that Next one, and I'm putting these in order basically how you would be good to know, because what's going to happen is, once you get to number four with the ethical hacker piece, the rest of them are kind of me, maybe, maybe not, it depends and again, I'm focused at the goal of having the CISSP, Now the certified ethical hacker, the CEH.
Speaker 1:
This is, you need to have at least two years of information security related experience, but you can attend an official training. So what does that mean you? It's not like the CISSP, where you have to required to have training. They would like you to have the two years and the reason I think it's valuable is you can understand what is a shell, you can understand what was some scripting language. All of those things will fall into the CEH. Now, the CEH can cost up to twelve hundred dollars and that, Again, these prices may vary, but that's $1,200 just to sit for the test and that will help you decide on whether or not you want to actually take the test or not. Now it's going to take you between one and three months of self-study and basically their official training they have is about five days long. So the official training can cost you a couple thousand dollars, if not more, and you have to decide if you want to do that or not.
Speaker 1:
Now this is offered by EC Council and it's designed to give you knowledge around exploiting vulnerabilities and systems, Again using your powers for good, not for evil, from basically an ethical standpoint. So it's a good certification. It really is If you're interested in pen testing or even if you want to be a CISO. I would say having a background, as just at least taking some of the understanding of the CEH even if it is online and it's just taking an online course and not necessarily getting the certification could be very valuable, just because you kind of get a better perspective of what the hackers are looking for. Areas of concentration would include ethical hacking, network security, reconnaissance techniques, system hacking, social engineering and then web and wireless network security. Those are just some key areas that you would have to deal with as it relates to the certified ethical hacker. So you just have to decide. Is that something you want to do now? I would tell you that if you have no background, those four are really a good four to have before you go and take your CISSP. They just they do provide a lot of value. That blends well with the CISSP.
Speaker 1:
Now the next one is the GIAC security essentials. Now, this one is a. There's really no specific requirements for this cert, but again, they want you to have a basic understanding of security concepts. Is this security essentials important? I think it gives you a little bit more of understanding around security. It's about $1,900 to take the test. So unless you have a business that is willing to pay for it and fund it, it might be a little bit of a stretch. Does it give you what you need? Yeah, I mean it, it gives you. I think security plus, with this emphasis on studying for the CISSP, probably gives you just as much as the GSEC. But some people like the GSEC and they maybe like a little bit more of the technical aspects of it, and that is where the GSEC comes into play. Okay, but at least it takes about four months to study is what they recommend to get ready for this. And you're're talking network protocols, host-based vulnerability, password management, crypto network architecture and then contingency plans. So all of those are kind of wrapped up in the GIAC security essentials certification.
Speaker 1:
Next one is this CompTIA cybersecurity analyst. Now, this is a new, relatively new certification and there are no strict prerequisites as it relates to the CYSA. They do recommend that you have Networks Plus and Security Plus certifications, or at least the same knowledge, with around three to four years of hands-on experience. What I would say? That if you're dealing with a new SIM, which is your security incident event management system or I always get them screwed up. I've kind of had them backwards. Having that cybersecurity analyst certification could be valuable just in the fact that you understand what a SIM is looking for, and it can help you get the ground running a little bit faster than without it.
Speaker 1:
Now the cost of the CIY-SSA is around $370, just figure $400, and it will take you about two to three months to study for it. It is a step up from Security Plus, so I would agree it is definitely something that is beyond the Security Plus scope. But if you're going for your CISSP, I would say it's nice training to have and if you can get some free training to do it, go for it. I don't necessarily feel that it's worth spending that kind of. I mean, 370 bucks isn't a lot. It's just determines whether or not you want the certification and there are people that just want to have lots of certifications behind their names. Great, More power to you, that's awesome. You don't necessarily need it, but if that's what you want, that's a great step.
Speaker 1:
Now the CYSA they do threat management, vulnerability management, incident response architecture, tool sets and then data analytics and interpretation. So the CompTIA security analyst is a really good one if you don't know what your long-term plan is, or if you're not really sure about getting the CISSP. If you're just beginning to start in your career, it doesn't hurt. It's just you got another expense, so you just have to decide do you want to spend the money on it or not? Next one is the Certified Information Security Manager, CISM. The CISM is you got to have a minimum of five years of work experience in information security management. That is required and it must be gained within a 10-year period, again prior to the application date. Bottom line is they want someone that is like my myself, so that's a senior leader that's going to be able to help train them into how to properly deal with security issues. Now, the cost of the test is around $600 to potentially up to $800. For non-members that varies.
Speaker 1:
Right Now, having that degree or degree, having that certification, could be very valuable depending upon the company you go and work for. That certification could be very valuable depending upon the company you go and work for, but I would say it's probably one right below the CISSP. If you didn't get your CISSP, that would be one that you potentially could go for and I think you'd probably do better than you think on that, especially if you're prepared for the CISSP. Now, the preparation time can vary greatly, obviously, based on the background and depth of knowledge. But, like everything else, expect two to four months would be a good number to basically plant a flag on, and it's an advanced certification, but it's worth knowing that it's also it's often a goal of IT professionals interested in managerial side. So, like in the case of a CISO, a CISM would definitely be a certification that would help you get that role. Um, it wouldn't hurt and versus you know, but having the CISSP is probably the coup de grace on that. It's probably what you want to have. But if you are a CISM and you applied for a CISO job that's a lot of CISs then you probably would have a pretty good chance at it. That's just my estimate on that.
Speaker 1:
I've dealt with CISS systems as well and for especially roles that I've looked to hire for. Yeah, they know their stuff. They at least know enough that you can have a good conversation. And, like I mentioned before, you got a shark, you got a dolphin. They don't talk well, right, but if you can get one of them to learn shark or dolphin now, you can actually get something accomplished.
Speaker 1:
Before I get into that, obviously there are lots of certifications you can take. Some of them are better than others, Some of them are not necessary and I would say, out of all the certifications out there, personally the only ones that I see as a necessity to actually be certified would be the CISSP and potentially the CEH potentially. But the CISSP does open a lot of doors for you, I mean globally. So it's important. I think that you focus on that. Just my two cents. But you do what you need to do. But I think that having a good understanding of the CISSP and what that can provide for you would be very, very valuable. Obviously, they had eight domains of the CISSP and you need to have one year experience for the waiver to be granted if you have a four-year college degree or approved credential. But that doesn't waive the five-year requirement, it just allows you to take the test early. Cost of the test may range from $800. I've seen it up as high as $1,200, and that will change from region to region.
Speaker 1:
When it comes to studying for the CISSP, the number, the amount of time, is anywhere from three to six months is generally recommended for the CISSP. I would say, yeah, three months is probably. Depending on how much you're into it. It's probably pushing it just a little. Four months is probably the sweet spot. Six months gets to be a little bit old and a little bit challenging. It doesn't mean it can't be done. It just becomes just a little bit more challenging as well when you're dealing with the areas of concentration.
Speaker 1:
You've got your security and risk management, asset security, security, architecture and engineering, identity and access management lots of security stuff. There's like four or five security aspects, Actually six, seven. They're. All say security, except for identity and access management. That doesn't talk about security, but that's kind of inherent within the IAM world. Okay, so that is all I have for today.
Speaker 1:
Today is, again, we're going to start over next week with the domain one, and you'll be hearing more about that also.
Speaker 1:
Go to my website, check out the cissp cyber training blueprint and that will help you gain access to all of the stuff you need to pass the cissp exam. It's going to walk you through, step by step, what you need to do, how you need to do it, how much study you need to do, and then it'll keep you accountable. That's the ultimate goal for this to happen and for you to pass the test is you need to do it, how much study you need to do, and then it'll keep you accountable. That's the ultimate goal. For this to happen and for you to pass the test is you need to remain some level of accountability, which I know you all can take this thing and I know you all can pass it. You just need a little assistance. Okay, that is all I have for today. I hope you all have a wonderful day and you have a great week coming ahead of you, and we'll catch you on the flip side, See ya.
