Passed Security+ exam

Pseudonymous

Just got home from taking the test. This was my first attempt at taking it. I was nervous as hell because I failed the Network+ twice (barely passed it the 3rd time) and I really couldn't afford to take the Security+ certification training more than once. I've been studying off and on for about 6 months. I probably could've taken it earlier, but I was nervous about failing so I kept putting it off.

As usual, most of the questions were pretty long. There was 1 simulation that I just didn't understand AT ALL (I can't talk about the details of it because of the NDA). When I say "AT ALL" I mean that I didn't understand what it was asking me to do lol. Luckily though, I was able to pass. Not only pass, but pass which a much higher score than I thought I got.


Resources I used:

• Darril Gibson - I used his book, audio files, flash cards, questions... everything I could get my hands on because he's so highly recommended here. He defininitley helped a lot. I'm not a book reader, but it was able to read through most of without daydreaming or staring off.
• Professor Messer - I used him for the 70-680, A+, N+, & S+. Although I feel like sometimes he doesn't go into as much detail as he should, it's free and extremely helpful since he follows the objectives in order.
• Mike Chappel - I watched his video from Lynda.com. If you have Lynda, I'd recommend using him.
• Mike Meyers - I got SUPER lucky and someone pointed out that his video course was $10 on Udemy so yesterday I bought it and spent ALL day watching his videos. With only one day before the exam, I didn't know if he would help, but he did help fill in some of the gaps of things I didn't fully understand.
• CertMaster - This is the 3rd time I've bought CertMaster. Honestly... it didn't help for Security+ (or Network+, but it helped a lot for the A+).

My ultimate goal is Penetration Testing and Ethical Hacking, but I'm still working a helpdesk position with little to no actual Security experience so I think I'm going to wait on the CEH and eJPT. I also still can't afford to go to school yet, but I do plan on eventually attending WGU so I think I'm going to start studying for the Linux Essentials certification next since it's on the list of certifications for the Bachelor of Science: Network Operations and Security degree.

NavyMooseCCNA

Congrats!!

mikey88

Congrats on the pass!!! I still think Network+ was the hardest exam I took to date.

ola007

Congratulation. I took the exam a month ago and I failed.. Presently studying for it again.

nisti2

Congratulations on the pass!! Thanks for sharing! And welcome to the club!

CharlestonGuy2020

Congrats on knocking another cert out of the way! For reference, while the CEH definitely holds value, you'll gain more applicable skills, higher job prospects and better validation for your efforts by getting GIAC certifications or the OSCP. While I personally like the SANS training and GIAC certifications they're not all created equal in regards to difficulty or respect. Additionally SANS training and GIAC exams are pretty expensive, so if my company wasn't covering the bill I probably wouldn't have any of those. Here's a breakdown for the GCIH, GPEN, GWAPT pricing for each from last year.


SANS training + books + associated GIAC exam + 2 sample exams (around $6537)
SANS training alone (around $5620)
GIAC exam alone (around $1200)


Instead if your goal really is to work as a red team operator / pen tester then instead I would skip any course that don't align with future coursework at WGU and instead focus on taking a diving deep into using Linux. If you're going to take the quick and easy approach, stick with a Debian distro of Linux and use the OS from a user perspective. If you do can't run a VM on your hardware or don't have a second machine, simply download a "live cd" and run the OS from that. Once you've got the hang of it, switch to using it from an admin perspective where you're working primarily without the GUI and almost entirely from the command line interface.


Once you feel that you've got those down I would aim for more hands on pen testing using open source tools. While you don't "have" to use Kali Linux, doing so keeps you from having to go hunt for everything on the web. The following two sites are a great place to start with for doing research on actual pen testing tools.


SecurityTube.net (free)
Cybrary.it (free)


Afterwards you should have no problem crushing a pen testing exam like the OSCP that's extremely well respected in the red team / pen testing community and is by no means an easy exam to pass. Also GitHub is a treasure trove of goodies. If you don't already have an account you should get one and "star" any project that you think would be useful for your future efforts. Kali and most other Linux distro's have built in SVN tools to allow you to quickly pull in these projects without having to use sketch 3rd party sites.


In a nutshell, a degree is NOT going to give you experience in pen testing without YOU actually taking extra steps to learn the material yourself. My advice, go to school so you can get the check in the box. Meanwhile on a personal level you should aim for a well-respected cert that actually allows you to prove your skill and worth to a future company.


Good luck on everything!

Paulieb81

Lots of good information on studying and career path! Good job on the exam, Congrats!