Kilala.nl - Personal website of Tess Sluijter

Unimportant background
Login
  RSS feed

About me

Blog archives

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

> Weblog

> Sysadmin articles

> Maths teaching

<< 9 / 2021

Renewing CompTIA certification

2021-10-12 13:08:00

A question that comes up pretty frequently on Discord, is about CompTIA's renewal process. Like ISC2, ECC and SANS/GIAC, CompTIA also have a program that works with CPE/CEU (study credits). However, they're actually a bit more flexible than the others.

Here's a nice comparison of the "easiest" ways to renew.

TLDR, you either:

 

Me, I've always gone for the last option, which is silly because getting PT+, CYSA+ and CASP+ would have renewed all my certs for free. 😐 Wasted money


kilala.nl tags: , ,

View or add comments (curr. 0)

Linux+ practice resources

2021-10-10 17:23:00

Here's a list of practice resources I suggest to my Linux+ students, for Bash and Linux in general.

Early on, for beginners:

Advanced:


kilala.nl tags: , , ,

View or add comments (curr. 0)

Where to go after Security+

2021-10-10 11:32:00

There's a question which commonly comes up on Discord. I thought I'd just make a blogpost out of my most common response.

"I need you to suggest me onto path after security+. I want to develop my pen-testing and web security skills."

Here's a great overview of all kinds of security certification tracks -> https://pauljerimy.com/security-certification-roadmap/

If you're a rookie pen-tester and need a start with the basics, then eLearnSec's eJPT was always a decent start.

Pentest+ is CompTIA's cert that tests for 1-2 years of professional experience (or bruteforce book-learning). In Paul's overview it's lower ("easier") than eJPT, which I disagree with.

For a little more experienced people, eWPT and eCPPT from eLearnSec were also decent. Or, if you want to pack a bit more oomph, go for PWK (pentesting with Kali) from Offensive Security. The capstone to PWK is the now famous OSCP practical hacking exam.

OSCP combines research skills, time management and documentation with technical challenges which are not "too hard" (their difficulty lies mostly in the huge variety offered).

There are many cool sites that offer free or affordable education through labs, like TryHackMe and HackTheBox. Personally I've been a fan of PentesterAcademy, who put out good quality content and whose courses can go really in-depth.

If you have an employer who's not afraid to spend some money on you and you still have budget left, consider the SANS trainings + GIAC exams. They're expensive, but have a good reputation and the trainings are awesome.

GSEC can be considered their next step after Security+. GCIH and GPEN are the GIAC "better-than" certs compared to CySA+ and Pentest+... Their training courses SEC504 and SEC560 are awesome... and ?

Finally I'd like to plug Antisyphon trainings

They offer very good value for money, via online trainings. Some of these are pay-what-you-can, letting you pay somewhere between $25 and $495. Others are fixed price, but well worth it.

Case in point -> Modern webapp pentesting with B.B. King.

That's $495 for 16 hours (4*4h) of online training with a group of fun students and the excellent B.B. King. It goes into a whole bunch of very important tactics and testing methods for modern web applications. Recommended!


kilala.nl tags: , , ,

View or add comments (curr. 0)

Another season of classes done, which has left me a bit empty

2021-10-09 17:57:00

Halfway through May I started teaching Linux+ to the cyber-security "Group 41" at ITVitae. It's been 16 classes since then, nearly a hundred contact hours with a marvelous group of students.

And now, like I've had before after finishing a big project, I'm feeling a bit empty. In 2017, not a day after finishing my OSCP exam, I quickly felt empty and lost. And now that I'm officially done with "my" kids, I'm also at a loss. It feels odd, not teaching them anymore.

So. Best look to the future! Hopefully I'll teach a new group in a few months and until then I'd like to shoot for the DCA and CKA Docker/K8S exams.


kilala.nl tags: , ,

View or add comments (curr. 0)

<< 9 / 2021