Kilala.nl - Personal website of Tess Sluijter

Unimportant background
Login
  RSS feed

About me

Blog archives

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

> Weblog

> Sysadmin articles

> Maths teaching

Finding study goals

2019-12-27 13:52:00

2020's right around the corner and I've been poking colleagues, urging them to set study-goals for the upcoming year. In Dutch, we have saying equating a lack of progress to deterioration: "Stilstand is de dood" ("Stagnation is death"). I believe that this proverb applies very heavily to work in IT: if you're not keeping up with the times, you're going to get out-dated real quickly. 

A colleague asked for suggestions on how to set goals for yourself, to which I replied:

I'd suggest taking into account things like A) where do you want to be in 2-3 years? B) is your team or company lacking particular knowledge or experience? C) do you, or your team, have requirements that you need to fulfill through training? D) do you see any chances that will allow you to quickly up your perceived value?

Basically: train for the job you want, fill any gaps that your team has and make sure you're not dropping any balls.

For me, EX407 fills categories B and C (my current team has little Ansible experience and it will renew my RHCE which will lapse in 1.5 years). The Python for pen-testing course will help me with A (I want to move towards red-teaming and my current coding skills are almost nill).

This year's CySA+ was for category D (it was heavily discounted and I'm pretty sure I could pass it, thus adding a well-regarded cert to my name). Ditto for trying the SANS Work/Study programme, which gets me a heavy discount on a very big-name training and cert.

Finally: just keep a list of things that you want to investigate or work on. Maintain it throughout the year, add new things, remove unwanted things, change priorities. That way you're always set for A) next year's study plans and B) that all-time favorite interview question "Where do you see yourself in two years? What are your short-term development plans?"


kilala.nl tags: , ,

View or add comments (curr. 0)

CompTIA CySA+ beta experience (CS1-002)

2019-12-09 12:53:00

Another day taken off from work for fun stuff! This time around I went in for yet another CompTIA beta exam, the new CS1-002 CySA+. Like before I sat the exam at my favorite testing center: IT Vitae in Amersfoort. The old Onze Lieve Vrouwe monastery and green surroundings make for a relaxing atmosphere! What was new this time, is that I sat the exam in tandem with my colleague D. She's great company, darn clever and she was looking to get back into the certification-game.

First up, let me point you at a great review of the CS1-002 beta exam, by u/blackvapt on Reddit. And here's the official thread on Reddit, inviting people to take part in the beta.

I will echo everything /u/blackvapt said. The new CySA+ exam is in fact good! The questions are in-depth and technical, without overly focusing on commandline options and flags. In that regard it matches my experience with the PenTest+ exam in 2018: the exam tests for insight and experience in the field of incident response. It's not something you can simply cram books for, you'll need to have experienced many of the situations discussed on the test. The thing is: it's nigh impossible to learn every log format and every OS out there, but if you can intuit the meaning of logs and commands based on your experience, you'll go a long way!

The PBQs (performance based questions) were great! I enjoyed most of them and thought them to be actually fun and a nice multi-layered puzzle. So much better than my experience with the Linux+ exam which only managed to frustrate me with its strict and limited PBQs. 

Preparation-wise I'll admit that I took it easy. I was relying mostly on A) my experience from the past 5-10 years, B) the Jason Dion practice exams for CS1-001 on Udemy and C) the Chapple & Seidl book from Sybase. I spent about twenty hours reviewing and researching, over a month's time.

I didn't spend more than $25 on the preparations, as the practice exams were on discount down to $10 and I got the C&S book through Humble Bundle in a large stack of awesome Sybex books. One note about Humble Bundle: I cannot recommend the Packt books or bundles! Skip those. But snag anything you can get from Sybex, NoStarch or O'Reilly!

Regarding the Dion practice tests: I was not passing any of these while preparing as I mentioned earlier this week. It was odd because I felt good on most of the answers I gave to Jason's questions, but I kept missing the passing grade by a fair margin. During the beta exam I felt great about ~85% of the questions, so it's really a crap-shoot on whether I passed the beta or not. :)

If I didn't pass, I wouldn't mind at all! This was a great exam, with solid challenging questions. If I don't make it, I will definitely take the exam again (at full price), now know what to expect.


kilala.nl tags: , ,

View or add comments (curr. 0)

Almost time for another Beta exam: CompTIA CySA+

2019-12-05 09:31:00

I've got my exam planned for Monday and I'm looking forward to it. I'll mostly treat it as a recon mission, doing it part for fun and part to see if I'd like to take the exam "for real" should I not pass.

I've got a sneaking suspicion I won't pass this time around though (unlike the Linux+, Pentest+ and CFR-310 betas) because my experience keeps tripping me up. Sounds like a #HumbleBrag, I know, sorry :D What I mean is that CompTIA mostly seems targeted at US-based SMB, while my experience comes from EU-based international enterprises. I've been doing a few of Jason Dion's test-exams for the previous version, to get into the right mindset, but I fail a lot of questions because of the aforementioned factors.

Well, let's see how it turns out. For now, I'll just go and have fun with it :)


kilala.nl tags: , ,

View or add comments (curr. 0)

In many cases, just cramming for an exam won't work

2019-11-18 20:44:00

Today, someone on Reddit posted the following question

"I have the [...] practice exams, I typed the entire [...] video course from YouTube and I just brought the exam cram book but no matter how much I study I don’t retain anything. Do you guys have tips?"

OP ran into the wall that is learning styles: cramming simply doesn't work for everybody! I'm no expert by any means, but I did explain the following:

It is entirely possible that your current method simply does not suit your personal learning style! If you start poking around the web a little bit, researching learning styles, you will find very quickly that there are many different methods!

You can try and keep brute-forcing your learning the way you have right now, but maybe that will simply not get the results you want. Why not have a think about your days in primary, middle and high school? What did the classes you did best in have in common?

Perhaps you're someone who simply needs something else than quiet self-study, taking notes while listening to a teacher.

Personally I have found that I put great importance on putting new information into context. I don't want to learn floating, individual topics, I want to put them into a context that I'm already familiar with, or build a context around them. This helps me better understand the new material's place. One thing that could help you with this is making mind maps.

Or perhaps you're someone who better learns by doing then by hearing. I understand that playing around with new tools and concepts in a lab can take a lot of time, but there's a reason why many books include lab exercises for the reader. It is often said that people learn <20% by hearing and >50% by doing.

Finally, it is also often said that one way to solidify and test your understanding of a subject, is to explain the topic to somebody else. If you can explain X or Y to a friend, your partner or a rubber ducky, then you can be sure that you've come to a proper understanding. Or perhaps you will find a few gaps in your knowledge that you need to fill out. Either way, it's a win-win.

 


kilala.nl tags: ,

View or add comments (curr. 0)

Network segmentation in the homelab

2019-03-01 22:36:00

My network layout

Continuing where I left off a few weeks ago, I've redone the network design for my homelab. When we last looked at the network, it was all flat with all VMs tucked in a single subnet behind a pfSense router. Because I want to work towards implementing the CSC in my lab, I've moved everything about quite a lot.


kilala.nl tags: , ,

View or add comments (curr. 0)

GIAC GCCC index and studying

2019-02-18 20:29:00

a stack of books

Ooofff!! I've spent the past three weeks building my personal index for the SANS SEC566 course books. It was quite a slog because the books are monotonous (twenty chapters with the exact same layout and structure), but I've made it through! 29 pages with 2030 keywords.

The index was built using the tried and true method made famous by Hacks4Pancakes and other InfoSec veterans.

Right after finishing the index I took my first practice exam and scored a 90%. That's a good start!


kilala.nl tags: , ,

View or add comments (curr. 2)

Older blog posts