Reddit mentions: The best security certification books

People have recommended some good things, but as a student myself i will tell you this: Before moving into advanced things, PLEASE - learn the basics. Learn how operating systems work and how to use them in an administrative capacity (Yes, that means Windows AND Linux. I notice a lot of my peers are uninterested in Windows administration but from what I've gathered most organizations are windows shops). Learn basic to intermediate networking, this is a MUST. Programming is not a requirement to going into security but i'll tell you this; it'll really help you gain a better understanding of how computers work, as well as give you that extra set of skills to pull out of your pocket when trying to solve a problem. If anything I recommend learning something like Python, or C.

​

Also, a personal opinion of mine is: Only learning what college teaches you is not enough for security, regardless of if you want to go blue team or red team, or do malware analysis/reverse engineering. You should be self learning outside of school as well. Set up a home lab (/r/homelab) to familiarize yourself with different systems, and to get hands on experience with different technologies. It will teach you so much, and when you go for that first entry position your interviewers will be impressed with everything you know. Mine certainly were, and not to sound cocky but I'm still in school to graduate next year and I got an internship, got hired on part time during the school year because they were impressed with my performance during the internship, which is to be converted to a full time employee should I wish to continue working there when I graduate.

Put in the work and you'll be rewarded. So many people skip the basics because it's not as "fun" or interesting, but especially in security- you can't keep building on top of something that doesn't have a good foundation or you'll end up with a mess. If you know the basics you'll be able to work on basic things, and then the more advanced things as well once the ground is solid.

​

Also, don't listen to everything they teach you in school. Depending on your school a lot of the information security curriculum may be very outdated (10-15 years old). Learning older things is useful, but you really need to learn newer stuff as well because new things pop up every single day. You can try getting your CompTIA A+, Network+, and Security+ to cover some of the basics. That will really help you - it's pretty much first year curriculum.

​

Edit: NoStarch books are some of my favorite security(and programming) books

and CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide by Darril Gibson is one of the best books for the Security+ test. Professor Messer's free videos are absolutely amazing.

Don't get me wrong- BackTrack, Kali, Pentoo, etc. are all amazing tools but to recommend this to someone coming from a helpdesk role might be a bit much to grasp.
Learning how to work with the distros and the wide range of tools is great but you have to learn about the theories behind analyzing protecting the infrastructure and software.

OP, you might start with some books (these have helped me a lot in my career in security)-

CompTIA Security+ Study Guide (not a bad book and the cert is easy, provides the basics of IT security)

The Basics of Information Security: Understanding the Fundamentals of InfoSec in Theory and Practice (an easy read)

Gray Hat Hacking The Ethical Hackers Handbook (is an intro to the security world and a lot of info, more in-depth)

IT Security is an awesome field and like most IT is has many separate areas within it to learn.
Check out the links below for more info on training (there are others available these are just ones I've used and SANS has a lot of additional resoures)-

SANS Institute

InfoSec Institute

Hey OP, I love the enthusiasm, it's what people in this career need! I'd like to provide some advice before the class begins.

I'm in cyber security, participate in pentesting for clients, and visit local security meetups between Miami, Tampa, and Orlando.

Take my advice with a grain of salt as I'm just a person on the internet:

I have the CEH, took it v9. It did nothing for my career. The CEH is basically a memorization exam that doesn't teach practical skills. Some topics include, what tool would you use for this? Or for that?

The CEH's only merit is it complies with the DoD's requirements 8570.01-M requirements. That being said, paying for the bootcamp and the exam will cost a lot of money for little gain. Reason? Many companies hiring for pentesters/red teams overlook the CEH.

CompTIA's Security+ is $339 (you can get it cheaper with a student email/voucher) and once completed, you fulfill the same DoD requirements and you're able to jump into the Cyber Security field. There are free resources on YouTube and a great book on Amazon costs $30.

>But what if I want to get into PenTesting and Exploit Hunting?

Take the OSCP. That certification hold a lot more value as it's a 24 hour exam based on your performance hacking boxes.

The EJPT is also one that hold more weight than the CEH.

And if you can afford it or, preferably, your employer will pay for it, a SANS is highly regarded.

Swing by r/SecurityCareerAdvice - It's a great community willing to help you get that career you want.

Try this...

I started with the CISSP Study Guide, Second Edition: Eric Conrad, once I was done with that within 2 weeks, I read 11th hour by the same author. 11th hour was just a review/summary of the study guide so it was just to refresh what was read in CISSP Study Guide, Second Edition: Eric Conrad.
Any time I would get some free time in between while reading the two above mentioned books, if I go for a walk, drive to work or go for a run I would listen to Audio files from Shon Harris (I probably went twice through the entire Audio sessions (you can download here: http://www.mhprofessional.com/sites/CISSPExams/exam.php?id=AccessControl (see MP3 download under each domain) (I downloaded these and stored them on my phone so it was convenient for me to just hit play whenever I had some free time).
I also downloaded a CISSP App on google play that lets you take quizzes and study cards across all the domains (free app, so if you have an android device look for CISSP Flashcards by BH Inc.). I did these when I had some free time here and there.
I decided to get signed up with CCCure (https://www.freepracticetests.org/quiz/index.php?page=register ) for $50 you can take as many quizzes as you want for 6 months. This was well worth the money. I started taking practice exams about 50 questions per day. I selected (Study Mode, Hard, Closely related). I would do the 50 questions then the ones that I got wrong I would review within the engine as it had explanations.
I also the started reading Shon Harris All-in-One 6th edition (http://www.amazon.com/CISSP-All-One-Guide-Edition/dp/0071781749). Once I read that book (took me few weeks to finish it) (Boring book, but goo material, sometimes to deep, but good amount of information to prepare you for the exam), I installed the testing engine that came with the book called TotalTester, and started doing about 50 questions a day over all domains.
Throughout the day I would do 50 questions from TotalTester, and review the ones that I got wrong, and I would do 50 questions from CCCure, (but now I changed CCCure to Study Mode, PRO, closely related) and sometimes I would select un-attempted questions only, and then I would review the ones that I got wrong. For me was my goal to have 80%+ on the practice exams of 50 questions.
Now it was getting closer to the exam so I picked up AGAIN the CISSP Study guide from Erik Conrad the second edition, and would read a domain for a day or two, then read the summary ONLY from Shon Harris book for that domain (to refresh my memory even more), then take the total tester 50 questions just for that domain and review the questions that I got wrong, I would also do 50 questions on CCCure on that same domain and do the same review the wrong ones. If I was scoring 80-90% then I would move to the next domain and do the same.
Then the weekend before my test I reviewed again the 11th hour from Erik Conrad, and on Saturday I covered 5 domains, on Sunday I covered the next 5 domains to refresh my memory.
I personally though it was very important for me to keep taking practice exams every day so I felt like that every chance I got I would do exams of 50 questions between the two testing engines, sometimes resulting in covering 200+ questions a day. Some started being the same questions but that is I how I learn, by repetition and I would retain a lot that way.
Maybe I over did it and over prepared, but I just wanted to pass the exam…
The day before the exam I still felt unprepared, even thou I was scoring well on the practice exams and after all the material that I have covered. I guess its common human nature. So I tried my best to relax the day before my exam and tried to do something that would get my mind off the exam, go for walk, visit friends, go for coffee, watch a movie, and it is very important to STAY CALM the day before and while taking the exam.
When you get to the testing center, and start the exam, DO NOT RUSH… take your time and review each question carefully. Read all the answer choices for every question, you have 6 hours there…For questions that you are not sure of the answer mark them for review, and review them later once you reach 250th question.
For me the worse feeling was after I finished the exam and when it said to go and get my printout that would say if I passed or not. I felt horrible as I thought I did badly on the exam. The questions were tough and sometimes while you could rule out two answers as a definite NO, there would be two choices that are so close of being right. However, receiving the piece of paper, when I looked at it, it said Congratulations, …you have passed…I was happy to see that.
So remember when answering questions and making your decision on an answer, Human life is always #1. Standards, policies, and regulations always precede everything else. Think as a CEO and not a Sec Admin when it comes to $$$$. Read the question carefully as they will tell you, a System Admin, A security officer, a senior manager, make sure that when you see those in the question you try to think as that person and what would be the best for the company.
Know the formulas for ALE and SLE and study hard the BCP, BIA and DR. I also thought that I needed to know the most in Crypto so I spend a large amount of time covering cryptography as it was one of my weakest domains. I also watched this 90 minute video that kind a helped a bit as well: http://resources.infosecinstitute.com/mini-course/cryptography-cissp-training/

Since you've dipped your toes in the M$ stream, I would suggest working towards the 2012 MCSA. It's 3 exams and is the go to 'asked for' cert on sys admin jobs. Each exam is $150 and it will require you to lab on your own, among other things.

You mentioned Linux...the CompTIA Linux+ is comprised of two exams but you end up getting 4 or 5 certs altogether (but only 2 [L+ and LPIC-1] are worth a shit). If you've never worked with *nix before this one will be a challenge. Interesting fact: this cert never expires.

And then...the easiest of the beginner certs--CompTIA's Security+. This is also a standard for many junior security positions and is required for many federal government contracting gigs. Just buy Darril Gibson's book and watch Professor Messer's videos and you'll be good to go. This is only one exam.

The CCENT is the entry-level Cisco networking exam. I recommend Todd Lamle's book for that. Some might suggest getting CompTIA's Network+ first but I would recommend going straight for the CCENT, then CCNA if you like the material and want to get deeper into networking.

For all of these...yes, you will have to study. The MCSA 2012 will take the longest and the Security+ should be the shortest. Use your downtime wisely.

Edit: unless you're in a dire financial situation, certs are by far the easiest and most economical form of resume boosting...invest in yourself.

Here is messer's sec+ video list. Here is ExamCompass, it's a link to the first test, notice below are 23 more free tests and 9 drill down topic tests. Here is, Darril Gibson's certification book, the best book on the subject.

I scored a 795 just last week on Sec+. I recommend Darril Gibson's book totally and completely. It currently costs 23 bucks on amazon prime but comes with a 10% discount for your test voucher so it literally pays for itself.

ExamCompass is great to figure out what sections you are week on, the topic tests will give you the best idea of where you need help or you can refer to your post-test printout.

Messer's videos are great to watch at 1.25 - 1.5 speed to better understand areas of weakness.

I used Mike's practice tests on udemy but didn't use any of his videos or his book for Sec+. He tends to spend too much time outside the test materials for me. I totally get why he does that and it's great to understand how these technologies came about and some of the depth as to why they are and do what they do but.... fuck man I'm just trying to get a cert, ya' know? I'm currently using his book for Net+ and I can't for the life of me get through it.

I know this is a couple days old now but I've worked for a couple companies as a security analyst, and I feel like a lot of the answers so far are geared toward pen testing, which isn't what the interns at either organization do/did.

There's no question that knowing all the stuff others have suggested will come as a help, but most of our interns needed information more along the lines of the Security+ cert. The Security+ won't make anyone an expert but it contains a whole lot of information that will be used on the day to day. Things like tcp vs udp, common ports, terminology like IDS and IPS. Discussion about host based vs network based protection. I'm not really saying "go get this cert" so much as, "understand the general domains of this cert".

If you want to look into it, this is a pretty decent book, $10 on kindle (more in print) or you can probably find it at a library for free.
http://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-401/dp/1939136024/ref=sr_1_1?ie=UTF8&qid=1425426900&sr=8-1&keywords=security%2B+book

A tool that I've used every single day at both places is wireshark. You don't need to be a Jedi to use it, but knowing some simple stuff with it really will help.

Like others said, a background in Linux will help. Wget/curl are convenient for analysis.

to be honest CISSP was a marathon. huge amount of topics, 250Q/6H exam (CAT Testing is only for English version)but the exam was fair. But CISSP is older (30 years?), so of course there are much study materials. As for the CISSP I prepared over 3 months, with a 2 hours of daily study and practicing
But at the end, a big part of the CISSP, like CCSP, is common sense.
I did the CISSP and then the CCSP after. topics are overlapping.
Since you have 7 years of experience in risk and control management, you should be fine for the CISSP.
For the materials, I recommend this:

Sybex Preparation Guid CISSP
https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119475937

Conrad 11th Edition (as brushup, very short book, very good right before the exam)
https://www.amazon.com/Eleventh-Hour-CISSP%C2%AE-Study-Guide/dp/0128112484/ref=sr_1_fkmrnull_1?keywords=conrad+11th+hour&qid=1554770186&s=books&sr=1-1-fkmrnull

And these video:

https://www.cybrary.it/course/cissp/

Of course, if you feel unfamiliar with some wording or topic in above materials, I recommend to do your own research. Google is the best study book :)
Hope it helps

Well I bought this book first: https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/ref=sr_1_4?keywords=security+%2B&qid=1573832314&sr=8-4

I recommend it. He does an awesome job explaining everything. I read this from front to back.

Then switched to Professor Messor videos: https://www.youtube.com/playlist?list=PLG49S3nxzAnnVhoAaL4B6aMFDQ8_gdxAy

Watched all of them beginning to end. Good way to solidify your foundation of what you learned from the book.

Then do some practice tests to find out what you need to work on. I found some practice tests from Cisco on youtube. It was like 600 questions but worth it.

Anyways, I hope this helps. Good luck I'm sure you will do great!

Let me start by telling you that InfoSec jobs are in-demand now more than ever and that's not likely to change as more and more of the world are starting to use computers, computers continue advancing, etc. So, barring any sort of impending dark ages and assuming you're putting enough effort into your education and continuing education, you should be able to work your way up without too much trouble. Focus on getting your foot in the door and be professional.

 

Now then, I'm currently an Information Security Analyst in the US, so this information may be completely irrelevant to you out there in NZ. I initially only graduated with an Associate's (2-year) in Information Security & Computer Forensics. I managed to get my job before I had even graduated as I worked hard in school (a stressful amount, really) and knew how to conduct myself in a professional manner. They actually paid for my certifications, and a lot of companies out there will as well. Here's the tiered structure we followed - all InfoSec related certifications:

 

Within the first 6 months, we are sent to training to obtain our CompTIA Security+ certification. This is roughly a 1-hour, multiple choice test and you need at least an 80% to pass. I would recommend any of these three books to study from:

This is the book that my company had provided me to study from

This is the book my friend had given me. Both her and I studied from this and passed successfully

This is the book we are currently learning from in my Bachelor's program

Take your pick, they'll all achieve the same essentials, mostly. I am awful at studying and mainly just crammed the few topics I wasn't sure about in the night/morning before my test and passed with an 86%.

 

Next, we're sent to get our GSEC, which is the GIAC Security Essentials Certification. The Security+ focuses on several main topics and gets in-depth with the information, whereas GSEC covers a wide span of topics but doesn't get very in-depth. This test takes about 5 hours to complete also, compared to the 45 minutes that it took to take the Security+. It's important to note that the GSEC, while 5 hours long, is open-book. My company sent me to a training class that provided 6 different books to cover any topic on the GSEC, however you also need an index. The books themselves don't have a table-of-contents, so you need to make an index yourself that covers just about every topic on every page. In my case, a coworker sent me his that he had used, and it turns out it was out of date so not a single page was correct. Much to my own surprise, I passed with an 82% (the minimum passing score is 74%) so while the index/books are important - they're not completely necessary as long as you paid attention in your classes. It should also be noted that I did not actually study for this. Most of it was just common-sense stuff like "Which of the following does an Intrusion Prevention Device do?" and knowledge that I had obtained from school/work.

 

After GSEC is the GCIH, or, GIAC Certified Incident Handler. I haven't taken this yet, nor the next one, so I can't speak to their difficulty or process, but I've been told by other analysts it's roughly the same as GSEC, just different information and more hands-on like capture the flag runs.

 

Finally, after GCIH, we are sent to get our GCIA, or, GIAC Certified Intrusion Analyst. Same with GCIH, I have not been sent to obtain this cert just yet, but I can only imagine it's somewhat similar to the last 2 as they follow GIAC's tiered structure.

 

So TLDR - as a current InfoSec Analyst - the recommended certs are Security+, GSEC, GCIH, and GCIA. There are many more certs out there, though, these are just the ones my company values currently.

 

Good luck!

Your most important starting step is to make sure that you have the foundational knowledge, at least at a conceptual level. I'm a big fan of books, so I would recommend a few to you.

Pick ONE of these. Exam is not necessary, but recommended:
Mike Meyers CompTIA Network+ All-in-One Exam Guide
Todd Lammle's CCENT Study Guide - ICND1

Pick ONE of these. Pay attention to business terminology as well. Again, exam is not necessary, but recommended:
Mike Meyers CompTIA Security+ Certification - SY0-501
CompTIA Security+ All-in-One Exam Guide
Darril Gibson SSCP All-in-One Exam Guide

100% read this. It's the Bible of Python scripting. Second edition is brand spanking new too:
Automate the Boring Stuff with Python

This is a good all-around Penetration Testing book that teaches Linux too. You don't *have* to use Kali, Ubuntu is probably less intimidating to those new to Linux, but you will have to install your own software/packages. This is the only book on this list I haven't read, but I often see it recommended:
Penetration Testing: A Hands-on Introduction to Hacking

While you read these books, you should install some kind of Linux distro on a home computer and use it for practice. I would also recommend doing HackTheBox(first challenge is to hack the login page) and starting with the easy boxes. Do as much as you can on your own first, but if you get stuck, watch IppSec's YouTube walk-through for the box you are on. Might be a bit overwhelming until you get through most of the books on that list though.

You should also start looking towards either the eJPT/eCPPT, the OSCP, or GPEN at this point, as those are the best value certifications in this field and will hold a lot of weight at an interview. There's some stigma with certifications in IT/CS, but the ones I listed are all baseline knowledge and/or high value for those in this field. At the very least the knowledge will go far. But definitely avoid anything from EC-Council like the plague.

Just passed Sec+ last week. I’m military so it doesn’t do me much good in a civilian sector (at the moment,) but I know people that get it and are able to get well-paying jobs right off the bat. It’s definitely difficult, but easily passable. If you’re interested, I recommend the Darril Gibson book. Took a nine day course studying that, and passed with almost no professional IT experience.


Best of luck to you and I highly recommend getting more certs!

Cybrary has solid training - I definitely would recommend them. I don't know that it alone will be enough to pass the exam but it certainly is a good start. The Darryl Gibson book seems to have pretty positive feedback so you may want to pick that one up as well. Here is an Amazon link for it: https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/ref=pd_sim_14_3?_encoding=UTF8&pd_rd_i=1939136059&pd_rd_r=W762ZND5VVXXV57WFX7R&pd_rd_w=mXr4x&pd_rd_wg=90N8D&psc=1&refRID=W762ZND5VVXXV57WFX7R

congrats and good luck on security plus. I recently passed security + and I think the best study guide I used was the Darril Gibson book (http://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-401/dp/1939136024) wish I would have thought of your flashcards before I think it would have helped quite a bit -- thanks for that.

I would like to post another review of a certification for CEH version 10. I would like to say I am not a fan of dumps as it does not teach you anything and devalues the certification. I try to put in the time to really understand the information and be technically capable of doing the job.
I started off my process of doing my studying by taking an online based class of 40 hours that was lecture and labs. It was through the Army on something called Skill Port. It was fairly average and I would say that it was not that great a training aid. On a scale of 1-10 it was about a 5.
So I purchased the Sybex book for CEH (https://www.amazon.com/Certified-Ethical-Hacker-Study-Guide/dp/1119533198/ref=dp_ob_title_bk ) . I find that the Sybex book are very easy to read, convey the concept well and don’t drown people in a lot of fluff but they need a spell checker some times. I read through the book and took the practice tests. Anything that I felt weak on I would reread and do a little googling so I could make better sense out of it. Then I retook the practice tests again with a much better outcome.
The material is not super deep and from a hacking perspective it was not what I was expecting. Some areas I would concentrate on were basic ports and protocols, know how to look at a packet capture, ping vs ping sweep, scans, nmap commands and be able to know what it going on to be able to answer the question.
I got a lot of attack type question from cross site scripting attack to Buffer overflow and anything in-between. Some come in the form of questions and some were screen shots. I like the screen captures as I am much better at these because all the pertinent information is there as opposed to questions that a specific to a vendor and can be subjective if you don’t do a lot with EC-Council.
One thing I like to do is ensure I read the answers first and then I read the question. This way I am processing what is possible in the question verse total crap. Usually there are 4 answers and 2 are way out there and one is possible but usually has something that will not comply with the question. One thing I was able to do because I have a good base was even if I did not know the answer I was able to use some critical thinking and get the right answer.
I took about 87 minutes to do the test (they give you 240 mins) and I feel that the test really feels like an entry level exam for people getting into hacking (pen testing). I did well and I put in about 60 to 70 hours total of study time but again I have a good base to work from.
Use this as an nmap command reference. https://blogs.sans.org/pen-testing/files/2013/10/NmapCheatSheetv1.1.pdf
This site has some good reference material also: https://www.danielowen.com/2017/01/01/sans-cheat-sheets/
Know some snort, ids and firewall rules\commands: be able to look at the command and tell what it does.

I work in healthcare and have had trouble trying to get department managers completely on board but I have gotten to take over a handful of things IT used to do. The way I explained it to my CEO is that data owners are responsible for the who has access to the data and how they access it. Data custodians (IT) are the ones that make sure the data is available and that it gets backed up.

IT used to be both data owners and custodians. I explained to my CEO that IT doesn't know Sally needs (or doesn't need) access to the billing department's file share. It is up to management within that department to make that determination. If it is left to IT a lot of people could end up having access to data they don't need access to. I never really came up with an analogy.

This is covered in the "Information Security Governance and Risk Management" of the CISSP exam. Shon Harris's all-in-one exam book covers it pretty well. Eric Conrad also has a study guide. It does a very good job of explaining the CISSP concepts.

I'm not sure if that is exactly what you're looking for but there it is.

Personal recommendation, don't shoot for certifications with only Messer's videos and quick notes/questions. You might be able to pass the exam like that but more than likely you're going to be under prepared. Especially important for Network+ and Security+, as if something goes wrong it can cost a lot of money to the company. The in depth books are boring and will take a while, but it will teach you a lot more than studying the questions will.


Personally, when i study I use the 2-2-2 method. 2 Books, 2 Supplemental sources (Videos, tutorials, labs), and 2 Practice tests. Two books to make sure that if one author didn't cover a subject in detail well enough, or if I don't understand them, the other one mostly likely will cover it well enough. The other 2 would be other sources to learn from. I would watch videos on Wardriving, networking centers, data centers, etc. to get an idea of how everything looks in a real world deployment. Network+ won't teach you what to really expect to see in a MDF/IDF. CBTNuggets gets recommended a lot, but I usually use pluralsight. And 2 Practice exams, which I have to constantly get over 80% on them.


Todd Lammle's Network+ book is amazing, highly recommended


Mike Meyer's Book is also a good read.


As far as Security+ goes...


Favorite Security+ Material I've read. Super in depth and organizes topics very well.


Better than nothing for Sec+. After reading this book I did not review it again until right before the exam. Barely touches on a lot of subjects and missed quite a bit compared to the other book.

I used 3 books in my readings:

https://www.amazon.com/Meyers-CompTIA-Security-Certification-SY0-501/dp/126002637X/ref=sr_1_9?keywords=security%2B&qid=1564790977&s=gateway&sr=8-9

https://www.amazon.com/CompTIA-Security-SY0-501-Exam-Cram/dp/0789759004/ref=sr_1_8?keywords=sy0-501&qid=1564791002&s=gateway&sr=8-8

https://www.amazon.com/CompTIA-Security-SY0-501-Guide-Certification/dp/0789758997/ref=sr_1_16?keywords=sy0-501&qid=1564791002&s=gateway&sr=8-16

I have an ACM membership so I was able to access them all from their learning library. Was able to read all three books in 27 days. Did the practice tests online (mostly got between 96% - 98%). No one author is able to cover all the material. But since this is something that I really need to learn, I try to source out materials from different sources.

I usually go with the For Dummies version first to break it into my brain in a form that's understandable before I cover it using the actual text. Yes, it takes time, and not really allow you to accelerate but it helps me to actually understand what I'm supposed to learn and not just pass the test.

Like with PowerShell right now, I'm on chapter 8 of Windows PowerShell Programming for the Absolute Beginner, 3rd which approaches PowerShell programming by building games. Almost have half of it done then I'd go for Learn PowerShell Scripting in a Month of Lunches. Again, I'm not saying this approach is best, but it works for me to understand things better. Plus work does reimbursement for stuff I buy for the class which really helps if I need a book (an actual printed book).

I took Security+ a long time ago, and it was pretty tough then, but you should be fine with some studying. I highly recommend this one:

http://www.amazon.com/CompTIA-Security-SY0-301-Exam-Edition/dp/0789748290

The first edition was pretty solid, at any rate. Good luck!

Lynda (also called LinkedIn Learning) has relevant courses, and many public libraries' websites have a link to access Lynda (included with your use of a library card)

-------------------

To memorize port numbers, see these rhyming lines by bestdonut and/or my non-rhyming mnemonics. Each CompTIA exam has a different set of port numbers to know; see the exam objectives for which port numbers are needed for your particular exam.

----------------------

Those studying for Network+ might find helpful my post to teach the basics of subnetting or my method to memorize 568B/568A wiring.

-------------------

For Security+ (SY0-501), many redditors liked the Darril Gibson "Get Certified Get Ahead" book

I also suggest using flashcards on Quizlet; search there for flashcard decks for "SY0-501" and/or "Darril Gibson".


-------------------

From my previous exam experiences: It's wise to skip the simulation questions near the beginning, go through all the multiple-choice questions at a good speed (marking those you're unsure about), and then go back to do the simulation questions, and then (as time allows) review any questions that you had marked.

This avoids you using up too much time doing the simulation questions, which would not leave enough time for doing the multiple-choice questions. Also, the multiple-choice questions and their answers might remind you of some things which will help you solve the simulation questions.

---------------

At the PearsonVue testing center where I've taken some CompTIA exams, I was given a dry-erase board (about 8 inches x 10 inches) and a marker and an eraser. It occurred to me once that if I wanted to quickly write some key things on it at the start, I could do so after the testing coordinator left the room and while I was going through an initial screen where I was shown the CompTIA confidentiality agreement, and should read it, and must agree to it. That is a period of time before the exam clock starts. However, different testing centers might have different rules which you might need to agree to before entering the room - writing on that board before your exam clock starts might be prohibited.

I'm the manager of application security and research at a mid-level software vendor with over 400 developers and testers and I want to recommend you ignore all of the more generic advice currently in this thread. As someone with coding experience and interest, you have a unique path to infosec that so many companies want, but find it extremely difficult to hire for.

Any company that ships software has to consider the security of their application - full stop. Most rely on scanners or annual third-party vulnerability assessments for this, but obviously that falls short. They need people who can build security in from an architectural standpoint. Someone who can actually implement the fixes suggested by the above methods, and ideally, someone who can help implement security as an integral part of the SDLC instead of as a bolt-on premise.

My recommendation is to make your way through 24 Deadly Sins of Software Security and The Web Application Hacker's Handbook. If you can understand the bulk of concepts in these two books, you'll be leagues ahead of almost any developer you find yourself up against in a hiring scenario. For the coup de gras, learn about threat modeling. It's a great way to teach other developers and testers security and to build security into any system during design instead of post-release. Check out this book which is actually probably a little too comprehensive, use this card game from Microsoft (it seems silly, but I promise you it works), and watch this talk one of the guys on my team gave at BSides Cincinnati.

If you have any questions, PM me.

From /u/jpeek

Passed CCNA-Wireless 200-355

Good afternoon, I just passed the CCNA Wireless exam. Just wanted to give a few sources on what I used to pass.

My background - I've managed large deployments of autonomous access points and I've done a few WLC deployments.

For books I used the CWNA and the CCNA-Wireless Study Guide


If you have access to CCO downloads make sure you get a chance to play with Prime and setting up and using the virtual controller.

Here are some links I've used to help fill in the gaps based on the exam topics where I felt the books were lacking.

• 1.0 RF Fundamentals
  
  >Decibal Watt Calculator
  
  >dBi and dBd explanations
  
  >Antennas Patterns
  
  >Point to Point Quick Reference
  
  >Flash - Cool site that explains how signals propagate
  
  
• 2.0 802.11 Technology Fundamentals
  
  >RRM Management
  
  
• 3.0 Implementing a Wireless Network
  
  >Converged Access White Paper
  
  >IPv6 WLC Deployment Guide
  
  >
  
  
• 4.0 Operating a Wireless Network
  
  >5508 Configuration Guide
  
  >Compare Wireless Products
  
  
  
• 5.0 Configuration of Client Connectivity
  
  >Web Authentication Configuration Examples
  
  >Guest Access Deployment Guide
  
  >Configuring Mobility Groups
  
  
• 6.0 Performing Client Connectivity Troubleshooting
  
  
• 7.0 Site Survey Process
  
  >Site Survey Guidelines
  
  
  Keep in mind this won't guarantee a pass. This is totally up to your background. For instance, if you aren't familiar with access points in autonomous mode, it might be a good idea to do some research and maybe even set one up. I was quite familiar with them and knew that would be a strong point for me. So that section in section 4.0 I didn't do any research, thus no links. If you aren't familiar with a technology dive into it more!
  
  Let me know if you have any questions!
  
  
  https://www.reddit.com/r/ccna/comments/4caz7w/passed_ccnawireless_200355/

I don't think my test had any ip config whatsoever. Maybe one question about hosts on a network, but that's about it.

You can't study one specific topic for Sec+. Although it's one of the "easier" certs, it's still pretty rough. But then again, I only studied for about a month before I took it, and I only got an 800.

For studying material I would highly recommend Gibson's book.

That's the only book I used.

Edit: I also used a lot of online quizzes. I'm pretty sure Gibson has quizzes on his website that you have to pay for. The biggest mistake people make with online quizzes is memorizing the answers. You have to actually know and understand the shit that you're being tested on.

Sybex edited a great book which is going to be updated to V10 this month, even they postposing the release date the V9 from the course is a great book and I can speculate the updated version of the book would be great. Matt AIO is a great book but for a study guide I prefer something more structured like Sybex edition, this book is more adaptable to be used as a study guide. I own both editions Sybex and McGraw-Hill and I really enjoyed both.

Start here: Create a homelab. This will help with testing out multiple paths.

System Admin: Create a domain controller and VMs using Docker or virtualbox and start looking at Active Directory and Powershell.(Windows Server 2016 Trial)

Azure Cloud: Here you can test out learning Azure Cloud(for free). You can use your Homelab to test free alternatives like Proxmox or KVM(Linux Bare Metal Hypervisor)

Security+: Secure your cloud or local homelab. Also, look into getting a Security+. Even if you don't go into security, I believe a SEC+ is required for government IT jobs(This is what I've been told).

​

Most of those are free to try and only cost your time. Start there and see what calls out to you.

I have CompTIA Network +, Security +, and Apple OSx Certified Support Professional.

Best way to get them is just to study by purchasing the books.

[Network +] (https://www.amazon.com/CompTIA-Network-Study-Guide-Authorized/dp/1119021243/ref=sr_1_2?s=books&ie=UTF8&qid=1473465885&sr=1-2&keywords=network+%2B)

Security +

ACSP

You can schedule the CompTIA certifications here

You can schedule the Apple certifications [here] (http://training.apple.com/)

You only really need Security + to get a DoD job, however, the most certs you have, the better you look in the eyes of potential employers. Most people I've worked with have never touched a Mac, but support clientele that work on Macs, so having a Mac cert is a big plus, but not at all required.

If you get a Sec+, and have a decent understanding of computers and troubleshooting, you'll find a nice entry level job normally working Helpdesk.

Copying and pasting a guide I made for my friend:

Security +

How I got it:

First, get the objectives. They describe the test, and everything on it. Print this out and have it with you at all times when you’re studying: https://certification.comptia.org/docs/default-source/exam-objectives/comptia-security-sy0-401.pdf

Darrel Gibson’s Sec+ book (like $10 on kindle): https://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-401/dp/1939136024/ref=sr_1_sc_1?ie=UTF8&qid=1471899256&sr=8-1-spell&keywords=darrel+gibsoin+security%2B

Another book that was good: http://proquest.safaribooksonline.com.libproxy.lib.csusb.edu/book/certification/securityplus/9781118922903/chapter-1-network-security/9781118922903c01_xhtml

Lots of books through school library

Before each chapter, read the objectives covered in it. For each objective, watch the appropriate videos from this playlist. If the chapter talks about section 4.3 in the Security+ objectives, then make sure you atch those videos. It’s a guy named Professor Messer who will basically give you a primer on each topic. There are a lot of topics though, so there are two playlists you will have to look through. They are all labelled though, so it shouldn’t be hard to find.

Playlist 1: https://www.youtube.com/watch?v=dv7I0SkF6P8&list=PLG49S3nxzAnkcKd71N4OjSv4cUXNhoPlQ

Playlist 2: https://www.youtube.com/playlist?list=PLG49S3nxzAnlhMM1KV5ST1qi3kI87hMpY

After watching a video, mark off that section from your copy of the Sec+ objectives. Then read the chapter. By the time you’re done with the book, all of the objectives should all be marked off.

After you read the book, take the practice tests in the book. The actual Sec+ requires about 83%, so shoot for 90% to give yourself a good cushion.

After that, just start quizzing yourself as much as possible

http://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests

http://www.getcertify4less.com/_images/products/downloads/comptia/CompTIA%20Security+%20SY0-401%20Practice%20Test.pdf

http://www.gocertify.com/table/quizzes/comptia/page-5

http://www.certiology.com/comptia-certification/comptia-securityplus/free-security-plus-practice-tests.html

http://www.proprofs.com/mwiki/index.php/Comptia_Security%2B_Certification_Exam

https://crucialexams.com/exams/comptia/security+/sy0-401/

Quizlet. Quizlet is your friend. Just type in Security+ in it.

Really just look for anything related to the Sec+

I think the main issue with the C|EH (I have it) is that the exam format is based around remember / regurgitate multiple choice answers, and doesn't really encourage the student to learn the practical side of things. With a couple of weeks and a decent book, it's fairly easy to pass. You'll have the cert but no further on in knowing how to actually conduct a pen test.

IMHO, if there was more of a focus on doing things, such as actually running and interpreting an nmap scan, with perhaps 10 or so simulations on the exam, I think it would improve it's standing and be of more benefit to the student.

EDIT Save yourself the $870 and buy these two books

https://www.amazon.com/Certified-Ethical-Hacker-Guide-Third/dp/125983655X/ref=sr_1_1?ie=UTF8&qid=1481303255&sr=8-1&keywords=certified+ethical+hacker+exam+guide

https://www.amazon.com/Certified-Ethical-Hacker-Practice-Exams/dp/1259836606/ref=pd_sim_14_3?_encoding=UTF8&pd_rd_i=1259836606&pd_rd_r=D0PT9NP2JQPKJFZBCRYK&pd_rd_w=nnz94&pd_rd_wg=3DMrQ&psc=1&refRID=D0PT9NP2JQPKJFZBCRYK

You then need to jump through a few hoops and convince the EC Council that you don't need their training package, and just want to take the exam for $500

Unfortunately, most of the university programs lag significantly behind industry. I've interviewed candidates with graduate degrees in cybersecurity that were not aware of most modern techniques used to find persistent adversaries. The good things those programs provide is a broad coverage of information security as a whole.

I saw you mention "finding the vulnerabilities before the bad guys do". Unfortunately, in the real world the code is either unpublished and you're a software security consultant, analyst, or tester, or it is published and you're fixing a hole that the adversary has already discovered. If your interest is in the software security side, I would recommend two books above all others.

The 24 Deadly Sins of Software Security: https://www.amazon.com/Deadly-Sins-Software-Security-Programming/dp/0071626751?_encoding=UTF8&%2AVersion%2A=1&%2Aentries%2A=0

Writing Secure Code: https://www.amazon.com/Writing-Secure-Code-Strategies-Applications/dp/0735617228/ref=sr_1_1?s=books&ie=UTF8&qid=1499038741&sr=1-1&keywords=writing+secure+code

That said, there is also a lot of work in the systems engineering side of the house - along the lines of credential theft and secure enterprise design. If you think this might be interesting to you, I would recommend reading papers such as these:

Microsoft Pass the Hash Whitepaper: https://www.microsoft.com/en-us/download/details.aspx?id=36036

Think Like a Hacker (shameless plug for my book): https://www.amazon.com/Think-Like-Hacker-Sysadmins-Cybersecurity/dp/0692865217/ref=sr_1_sc_1?ie=UTF8&qid=1499038880&sr=8-1-spell

Cybersecurity is typically broken into various subfields, such as reverse engineering, forensics, threat intelligence, and the like - each with its own set of tools and skills. Ultimately, I would recommend attending a decent hacking conference such as DEFCON, DerbyCon, ShmooCon, or the like to get familiar with the field.

If you're going to take the Security+ I was told this book was the holy grail of Security +, and it was: https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059

I passed my Security+ today and that book was a large reason why! I purchased the Kindle version for 10 dollars and just read it wherever I could. Professor's videos were extremely helpful too. I also used the examcompass.com Security+ exams! Hope this helps and good luck!

I'd say that Darril Gibson's GCGA (Get Certified Get Ahead) book is a common favorite around here. I'll leave a link here for you if you'd like to check it out.

If you'd like some online study resources that will put you ahead of the game as well (by a long shot), I'll also link you to my Evernote list of everything I used for the Sec+. Study right and you'll pass with flying colors 😊

I would highly recommend Gibson's book, it's very solid and covers the exam incredibly well in my experience. Here's the Amazon link to the book so you can check it out (they also have a Kindle version for $10):

https://www.amazon.com/gp/aw/d/1939136024/ref=tmm_pap_title_0?ie=UTF8&qid=&sr=



For videos I'm a fan of CBT Nuggets. It's a bit pricey but you can get your first week free and cancel renewal before the week ends if that works best for you. Here's the link to their Sec+ course:

www.cbtnuggets.com/it-training/comptia-security-plus-sy0-401

If you haven't read this already then please do - 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them.

The book covers a wide range of coding errors such as SQL Injection, Web Servers & Clients, URL's, Cookies, Buffer overruns, etc. I'm currently pairing this with the WAHH2 and it is an amazing resource at understanding the underlying code that causes such vulnerabilities.

At the same time OWASP provides great resources for developers. And the Google Gruyere app allows you to actually exploit some HTML and HTTP Vulnerabilities and go through the code, with steps on how to mitigate it.

Hope that helps. Cheers!

Sure thing, the Comptia certs do cost some money, I know some high schools/community colleges have reimbursement programs for them so that may be looking into in your local area. As far as study material I used these: A+, Security+, Linux+. PDF's of these books can be found online from various sources as well.

For exam practice I used a VCE exam player application and whichever vce file had the best rating per exam from examcollection. Hope that helps!

I took a three week course through the Army studied this book https://www.amazon.com/CompTIA-Advanced-Security-Practitioner-Study/dp/1118930843 and used a dump to do some practice questions. It is mainly IT security management, but is still very technical in nature. Look up the test objectives that CompTIA has for the exam and make sure you understand then. STUDY STUDY STUDY. I prepared for two weeks before the three week course and still did not feel comfortable going through the exam. Not trying to scare you I'm just relaying my own personal experience. Good luck to you!

Hi Roboman,

If your current position falls within the realm of the Security+ Cert, go after it. If you are hungry to gain knowledge in this field, I recommend https://www.amazon.com/CISSP-All-One-Guide-Seventh/dp/0071849270. You will crush the Security+ exam and the CISSP exam if you engulf this material. If you want a good career in IT Sec, this will help you tremendously. Happy Holidays!

What is your background? Are you in IT?

If you are intimidated because the topic sounds too technical for you, I recommend watching Mike Meyers Security+ training course on Udemy.com. He teaches it in laymen's terms, and explains it very well. It's discounted right now for $10.


Prof. Messer is highly regarded here and he also has free training on youtube, but I was a bit turned off due to the amount of videos (more than 175?) in his course, so I just used Meyers.


I'd also suggest you study and understand Cryptography section, and certificates (PKI), wireless security, and network access control, as my exam was heavy on those topics. Know your business standards (Disaster Recovery, Business Continuity, etc) and Risk Management (computation of ALE), and memorize your ports.


I would stay away from dumps. I saw a couple of dumps and they contain around 1000 questions each. Are you going to memorize all of them? Some of the questions are even badly written with wrong answers. You have plenty of time, and it's just not worth spending it on dumps. Instead, use your time understanding the materials.


If you decide to purchase Mike Meyers Security+ video on udemy, let me know, and I can share you my notes. I made it during the soft launch of his course, so any videos he added are not included there. However, there are free and more complete Sec+ notes created and shared by redditors on this sub. You can read the original post HERE.


If you prefer reading a book, check out Darril Gibson's Security+ Get Certified Get Ahead Study Guide. I've heard nothing but good comments about that book.


Then, spend at least a couple of days taking free online tests on Crucialexams.com and Examcompass.com.

Good luck!

>"I am more interesting in learning wireless than meraki specifically, but if there is a good meraki class that covers both I think that would be best."

Reading this line I'd suggest you take a look at the CWNA book here: https://smile.amazon.com/CWNA-Certified-Wireless-Administrator-Official/dp/1118893700/ref=sr_1_1?ie=UTF8&qid=1481736604&sr=8-1&keywords=CWNA It should be able to teach you the fundamentals of wireless and is not vendor specific.

IMHO it's better to know the fundamentals of Wireless which CWNA will teach from a vendor neutral perspective where CCNA-Wireless will have a focus on Cisco brand you can guarantee that. I personally am looking over the CWNA book and have thought about sitting for that exam in the future, as my company is using Ruckus APs. If your company is going to foot the bill for the class and cert you're either option should get you the knowledge you will need to start out and get off the ground.

Darill Gibson's books are usually always cream of the crop for a primary Sec+ resource - https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059

Supplemental videos are also a good thing to have for both review + the fact that when you learn similar material through a different presentation -- you'll usually find that you understand it better. https://www.professormesser.com/security-plus/sy0-501/sy0-501-training-course/

Definitely recommend also signing up for his monthly study group. https://www.professormesser.com/security-plus-study-group-registration/

From there, go absolutely nuts on the practice tests. Here's one resource I found. - https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests

Something I did when I was studying for the Sec+ a while ago, was print out the objectives and check off the concepts I felt that I could explain to someone -- who is completely unfamiliar with the topic.

As an aside, it also helps to have good note taking practices. I personally use Joplin (First iteration of note taking) + Anki (For transferring my more detailed notes to flash cards), while following this advice: https://www.youtube.com/watch?v=nqYmmZKY4sA

Alternative note taking software includes: Evernote, CherryTree, OneNote, etc. It's more of a matter of preference, but regardless I'd still recommend Anki no matter what.

Hope this helped you out.

When I started my Sec+ studying, I was recommended a book called,

"Security+ get Certified Get Ahead" by Darril Gibson

It's regarded as one of the best books and it has that littke CompTIA certified material thing or whatever. Great book that's straight to the point with a lot of examples and practice questions.

Check out Professor Messer on YouTube, he has some great study guides and also videos on the CompTIA SYO-501 Security+ exam. Professor Messer also has course notes of his videos that you can purchase, a digital .pdf version for $20, or you can purchase a high quality book of the notes for $40, and that also includes the .pdf.

Darril Gibson has probably THE study guide book on SYO-501, Get Certified, Get ahead, that costs around $35. There's also a Darril Gibson app for $8, on iPhone which includes flash cards and practice questions and practice tests. I'm not sure if it's on Android.

You can check out Mike Meyer on UDEMY. He has some great videos, though a lot of the stuff is what is required for the 501 exam, but he'll also go a little more in depth so you have a better chance at understanding the subject matter. His course is on sale now for $9.99.

For what it's worth, if you are actually interested in fast tracking your knowledge of Wireless fundamentals then the CWNA certification program and its associated references are really great. I recommend this book

https://www.amazon.com/CWNA-Certified-Wireless-Administrator-Official/dp/1118893700/ref=sr_1_1?ie=UTF8&qid=1481070486&sr=8-1&keywords=cwna

I am currently studying for the Sec+ myself. Through my job I have access to a few books. The resources I am using so far and have liked.

• CompTIA Security+ SY0-401 Authorized Cart Guide, Deluxe Edition
  
• CompTIA Security+ Study Guide: SY0-401
  
• Pearson IT Cert Video Course
  
  My goal is to take the test by the end of Oct. I am also creating/using Flash Cards (from an app) and plan to upload them when I finish so others can use them to help study as well.
  
  When I first sat down to study for the Sec+ I used the following:
  
  
• CBTNuggets
  
• Prof. Messer Cert Videos
  
• CompTIA Security+ Review Guide: SY0-301
  
  So those would be good to look at for the SY0-401 as well.

Get the Darril Gibson book:


https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/ref=sr_1_3?ie=UTF8&qid=1527111564&sr=8-3&keywords=security%2B



I bought 3 books when I got my sec+. Gibson, the official CompTIA book, and a study guide book. The Gibson book was the only one I needed, I barely even looked at the other two. When I got my CISSP I used CBTNuggets videos and they were great as well. They have a Security+ course there, and I think they still offer a 30-day free trial. I just used the 30 day trial and it was long enough to get my cert.



None of the extras CompTIA sells are worth it, unless you really have money to burn.

Congratulations!.

​

Well done and thanks for sharing.

​

Just a quick question, you have said '- I bought the ISC2 test questions book' do you mean this book?

​

Thanks.

SY0-501 / SY0-401 ?
http://resources.infosecinstitute.com/differences-security-plus-exam/#gref

SY0-501 Resources:

Free: Professor Messer: Security+ SY0-501: https://www.professormesser.com

Free: Security+ Practice Quiz SY0-501: http://www.gocertify.com/table/comptia/security-quizzes/

Free: CertBlaster: http://www.certblaster.com/comptia-security-plus-sy0-501-free-practice-test-exam-questions/

Paid:

ITPro: https://itpro.tv

Darril Gibson CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide: https://www.amazon.com/gp/aw/d/1939136059/ref=mp_s_a_1_1?ie=UTF8&qid=1510913844&sr=8-1&pi=AC_SX236_SY340_FMwebp_QL65&keywords=darril+gibson+security+sy0-501&dpPl=1&dpID=517oTVMV6GL&ref=plSrch

David Prowse Security+ SY0-501 CertGuide Premium Edition and Practice Tests: http://www.pearsonitcertification.com/store/comptia-security-plus-sy0-501-cert-guide-9780789758996

GTSLearning: CompTIA Security+ SY0-501: https://www.gtslearning.com/comptia-security-sy0-401-sy0-501-courseware-online-learning-and-practice-labs/

Studying is MOSTLY FREE. Cannot provide cheating test sites here. Go to the CompTIA website to get the actual test exam outline - print that out please, and supplement with these videos from Professor Messer $FREE and you will need to jot down notes as you go. This is not enough to pass the test(s). You'll also need to get an official study guide book $20 as reading material to go into the details. Coupled with taking notes during the videos and fleshing out the outline from CompTIA you should hit all the possible ways to study. CompTIA offers this $free trial through one of their partners. I also like Mike Meyer's writing style $31 as an alternative.

http://www.amazon.com/gp/product/1463762364/ref=od_img_link_refresh_T1

I was recommended this book and I've only had a quick skim through it as I am trying to get more employibility through other avenues and then start studying for it. But it seems well laid out and easy to read. It also has a lot of great reviews

Your plan looks solid. Here is Security +. Working on N+!

Secure Link Established.... Accessing Library... SCP initated....


Darril Gibsons Security +


Mike Meyers' Security +


GTS Learning Security +


....Deconstrucing Tunnel...Link Terminated.



VPN constructed... UDP Session Initialized...Buffering...


Professer Messer Security+ *Free


Mike Chapple Security+ Free


..Session Terminated...Warning:VPN Deconstructed



*Hydra initialized...SSH Cracked.. SCP exams.docx /all

[Professor Messer's Pop Quizes Free](http://www.professormesser.com/popquiz/)


[Crucial Exams Free](https://crucialexams.com/exams/comptia/security+/)


[ExamCompass Free](http://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests)


[GoCertify Free](http://www.gocertify.com/table/comptia/security-quizzes/)


[Darril Gibson's Exam/Study App Paid](http://learnzapp.com/partners/darrilgibson/)


Warning IPS Activated.......Sub7 payload deployed....Ending Session



Simulations Initialized......


[Darril Gibson's Sims Paid](http://blogs.getcertifiedgetahead.com/security-blog-links/#Performance)


[Testout Paid](http://www.testout.com/home/it-certification-training/labsim-certification-training/security-pro)


[GTS Learning Paid](https://www.gtslearning.com/comptia-securityplus-ebook-plus-labs-pm/#1468334556896-4996a61c-f05d)



Lab Broken.... Rebuilding....



Native applications loaded...

SoundAGiraffeMakes Pass Post


Tennyson24 Pass Post

Deathrus Pass Post

Thank you for The Community Post..**

A solid foundation would be CCNA (or at least CCENT or Net+) and Security+. The CCNA will give you an excellent understanding of networking, as well as some good hands-on using Packet Tracer. Security+ will introduce you to every domain of Infosec (Malware, Cryptography, Tools for Blue/Red Team, etc). The information is a mile-long, and an inch deep.

CCNA Study Materials:

• Book - CCNA Routing and Switching Complete Study Guide by Todd Lammle
  
  
• Video - CCNA 2018 200-125 Video Boot Camp With Chris Bryant
  
  
  
  
  
  Security+ Study Materials:
  
  
• Book - CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide by Darril Gibson
  
  
• Video - Professor Messor Security+ 501 series

This was my textbook for my cybersecurity class and never before have I ever learned so much from a class or textbook. It's technical yet extremely understandable. The best cybersecurity methods are the simplest ones, the ones that make sense. ITGCs are covered, though they don't call them that. If you read this book thoroughly and studied you could pass the CISSP cert and be in fantastic shape. That's my plan. I have this eBook too if you want to PM me your email, as the book is rather expensive. This is known as the "Bible" for the CISSP exam.

Edit: CISSP All-in-One Exam Guide, Seventh Edition https://www.amazon.com/dp/0071849270/ref=cm_sw_r_cp_api_MljtzbZ9CJ7ZV

It's a good book, it's also setup around the 10 domains, pre 2015 test. You should also get something newer Cybex book
http://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119042712

Also, check out the free training course at cybrary.it, it's very good.

How long did it take you to study? and what materials did you use?

I currently have the exam cram security+ book, and just recently ordered the symbex book alongside it. I learned from people that took the CCNA that multiple sources are a good thing but don't go overboard, a cert only lasts for a few years and you'll need to take it again with more up to date literature. Congratulations.

Wow interesting they still have Shon's name on those books since she died in 2014.

You need the sybex Cissp 8th edition book.
https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119475937

That book and Kelly Handerhand's Cybrary videos will get you there. /r/Cissp has pages of everything you need which is less than 10 items.

Just passed mine last month.

Good luck on your journey!

Secure Link Established.... Accessing Library... SCP initated....


Darril Gibsons Security +


Mike Meyers' Security +


GTS Learning Security +


....Deconstrucing Tunnel...Link Terminated.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

I bought this one along with the associated question book, is this the Sybex book you talk about?

https://www.amazon.com/CISSP-Certified-Information-Security-Professional/dp/1119475937/ref=dp_ob_title_bk

Also got the 11th Hour, which is a great summary.

And of course Kelly's video's :)

PS. i'm a light weight, a double shot of coffee is enough to get me going ;)

I mostly used TestOut-Labsim for a majority of it and even then mostly the practice tests. I have a very hard time paying attention when it comes to instructional videos and I have an easier time with studying texts. The text I read through was Exam Cram - CompTIA Security+ by KirkHausman (http://smile.amazon.com/CompTIA-Security-SY0-301-Authorized-Edition/dp/0789748290/). I used Microsoft OneNote for taking notes (this is my favorite application ever) and Cram.com for flash cards on my phone. I memorized 25 different protocols and their corresponding ports using the cards. About half (maybe more) I had already memorized for Net+, but those are just further concrete in my mind.

The problem with Security+ is there is a lot of studying and memorizing facts, where Net+ and A+ has a lot of "hands on" situations, like configuring devices. I think this is because a lot of the security principles have been around long before computers. Cryptography has been found in Egypt dating back to like 1900 BC!

glad to hear it.

btw, here:

clicky A+
clicky Net+
clicky Sec+ <--careful, this test is being updated soon, the next version should be coming out in late 2017, with exam guides dropping early 2018. This specific book will be outdated, though still a fantastic resource. Might want to hold off if you're serious about taking the Sec+ exam until the next version, this one comes out.

grab a hardcover copy and start learning!

Which book did you get for your class? I did an Ethical Hacking class last term. The book they had us use was CEH Certified Ethical Hacker All-in-One Exam Guide, Third Edition from McGraw-Hill. It wasn't too bad although I wouldn't use it as my only source for the exam. I'm not planning to take the test until I'm done with school in Feburary.
https://www.amazon.com/Certified-Ethical-Hacker-Guide-Third/dp/125983655X/ref=sr_1_5?ie=UTF8&qid=1495033480&sr=8-5&keywords=ceh+v9+certified+ethical+hacker+version+9+study+guide

Buy this, this, and this.

If you can, try to build your own box from scratch.

Sign up for an account with Professor Messer, and watch every video.

Download, install and become familiar with VirtualBox...then install a Linux distro and become familiar with it. Everyone and their grandmother will instantly pounce on you to try to shove their personal Linux distro preference down your throat. Ignore most of them. Try Ubuntu, Fedora or openSUSE. Better, try all of them. They're all based on different flavors of Linux. Find one you like? Does it feel comfortable? Good. Use that one.

Ignore most "free" online practice tests (they're mostly shit), make flash cards, use VirtualBox to get as much hands on as you can, keep your head down and study.

I used a local class, as the in person instruction helped me out a lot. With that, I also recommend Kelly Handerhan's Cybrary course, which is free online.

​

Also, if you can get the Official Practice Tests, https://www.amazon.com/CISSP-Official-ISC-Practice-Tests/dp/1119475929/ref=dp_rm_title_1 and Study Guide, https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119475937/ref=dp_rm_title_

​

Those also help out a lot.

Congrats on passing! The Sec+ is my next step. I just passed Net+ this Monday. What exactly are you referring to when you say premium content? Maybe post a link for us? :D I just bought Darryl Gibson's SY0-401 book. Is that the same on you used? Here is a link

https://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-401/dp/1939136024/ref=sr_1_1?ie=UTF8&qid=1500559370&sr=8-1&keywords=darryl+gibson+security+plus

Also, would you say the Sec+ is easier or harder than the Net+?

Congrats!!!

What do you mean by ' the Official isc2 practice test book '? Is it the Sybex one? https://www.amazon.com/CISSP-Official-ISC-Practice-Tests/dp/1119475929

​

Thank you

I think you will gain a lot of helpful info and concepts from the networking parts of the semester. I help you prepare, I'd suggest looking into studying for the Security+ exam. Below is a great book you can use to study and it has many extras like audio files, flash cards, etc that you need to pay for but very affordable.

https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead-ebook/dp/B07652KDXM/ref=sr_1_3?ie=UTF8&qid=1539612596&sr=8-3&keywords=security%2B

This book really helped me:

https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059

Also mainly just take practice exams and beef up the areas that are lacking. No need to over study things you already know. Stay calm during the exam, sleep well the night before, eat something before you go.

You will get it, you definitely seem dedicated and willing to work for it.

Great question and this was on the exam. You will need to know the difference between the different SSO and which one is used with which. If you have Darril Gibson book he break it down for you clearly. https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059

I would highly suggest getting an exam prep book such as this or this

Pay attention to concepts, not just memorization but ask yourself in what situations would these concepts apply. For example...when they discuss Business Continuity, understand why one plan would be better used in certain situations than another.

Pay attention to ports and protocols, incident response techniques, attack types. Don't get caught up in the nitty gritty, but have a baseline understanding of the differences between certain items in the same category (phishing techniques, malicious codes, different attack/defense types) and why someone might use one item vs another.

Some of it will be straight memorization, but a lot more of it will be concepts. Concepts Concepts Concepts!

Good luck, I felt completely underpreped when I took my test, a lot of my test prep kicked my ass. Even as I was taking the test there were times when I sat back, stared at my screen and wondered what the hell I was doing with my life. Ended up with a score in the high 800's...so this test is beatable...just make sure you put in the book time beforehand.

Edit: Also, look around here and on some other forums, the info on how to do well is out there, just go find it!

1.) 874/900

2.) CAS-002 cert guide by Robin Abernathy and Troy McMillan

3.) Currently I'm a contractor for the army. I'm apart of a security assessment team and plan on staying on this path for now. As for the future I'd love to move into an IAO role.

http://www.amazon.com/gp/aw/d/0789754010/ref=pd_aw_sim_14_2?ie=UTF8&dpID=51ueq5geAvL&dpSrc=sims&preST=_AC_UL100_SR100%2C100_&refRID=19QR78KRB5Y0Y3HBCC48

The CISSP is the gold standard for cyber security certifications. To qualify for the full cert, you need 5 years of experience in at least two distinct areas of the field. Otherwise, passing the test grants you "associate" certification.

The guys that I work with (who have 10 years in the field) took a two week bootcamp and then studied nonstop for a month before they took the test- they took a week off of work at the end to do nothing but study. They said it's the most challenging certification they have had to take. in the field.

It is NOT something that you can take a 5 day bootcamp and breeze through with no experience at all. The study guide is more than 1000 pages long.

There are a wealth of places you can get started. But if you're starting out with the goal of passing the CISSP right away with no prior experience, you're going to be drinking out of a firehose of information. Be ready for that.

Udemy course
CWNA
802.11ac
802.11n
802.11 SG
I personally met GT at a Ruckus conference and the dude is sharp. Don't pay the full price (retailmenot) if you enroll. Lots of good info there. You could prob skip the AC guide since that's a little to new for it to be relevant just yet. But def look at the 802.11n literature. This will put you eons ahead of most people.

This is the Gibson book he is talking about, very good and popular for the sec+ exam

First things first. Learn to google. it will be invaluable to your security career.

Secondly, try these links:

• http://www.fromdev.com/2013/07/Hacking-Tutorials.html
  
• https://hackerone.com/
  
• https://www.cybrary.it/coursecatalog/
  
• https://krebsonsecurity.com/
  
• https://www.amazon.com/CISSP-All-One-Guide-Seventh/dp/0071849270
  
• https://www.owasp.org/index.php/Education/Free_Training
  
• http://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20OWASP%20testing%20guide%20v4.pdf
  
• https://www.udemy.com/courses/search/?q=ethical%20hacking%20and%20penetration%20testing&lang=en
  
• http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
  
• https://www.root-me.org/?page=news&lang=en
  
  And there are plenty more out there.
  IT security is about learning what the industry is doing. Staying fluid is key. keeping upto date it the most important part of it.

Like the All-In-One series CEH book. I only read that book and I passed with a perfect score. Even has example/practice tests in the back that were very close to the real test.

Check out this stickied post

Its a lot of good stuff posted there. If you're looking for just the basics and general information, not so much the what is happening now, check these things out:

• Security+ study guides - Get Certified Get Ahead by Darril Gibson
  
  
• Professor Messer's Security+ training - I have not used these to study, but heard really good things
  
  
• If you have access to a Lynda membership (usually comes with a Library card), look through the Cybersecurity skill paths

Watch the videos here:

https://www.professormesser.com/security-plus/sy0-501/sy0-501-training-course/

Buy and read this book:

CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide https://www.amazon.com/dp/1939136059/

With sufficient study you should be able to pass the exam within a month.

Good luck!

Security+ is a pretty easy certification, I'd go after that one first. I used [this] (http://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-301/dp/1463762364/ref=sr_1_1?s=books&ie=UTF8&qid=1372795599&sr=1-1) book to study for it, took about a week to prepare.

Professor Messer's content is not enough IMO, it very lightly touches upon a large number of subjects, and completely ignores others. I purchased Darril Gibson's Security + Get Certified Get Ahead: SY0-501 Study Guide and used it alongside Professor Messer's videos.

The study guide provides a great pool of test questions (per chapter) and the summaries are extremely helpful.

Referring to Security+ books. I like the Security+ ExamCram (https://www.amazon.com/CompTIA-Security-SYO-401-Exam-Cram/dp/0789753340/ref=sr_1_7?ie=UTF8&qid=1520956323&sr=8-7&keywords=security%2B+401) a lot better than All in One Comptia Security+ (https://www.amazon.com/CompTIA-Security-Guide-Fourth-SY0-401/dp/0071841245/ref=sr_1_4?ie=UTF8&qid=1520956323&sr=8-4&keywords=security%2B+401)

The cert guide is good and covers pretty much everything. There is an iOS app from LearnZapp that covers CAS-002 which is based on the cert guide. That being said, nothing really covers the PBQ's which in my case I had 10 of them. CAS-002 is being deprecated and replaced by CAS-003. So I am not sure what all of those changes will encompass.

​

https://www.amazon.com/CompTIA-Advanced-Security-Practitioner-CAS-002/dp/0789754010

​

Buy this and read it tomorrow. Take the quiz in the front first. You'll probably be surprised at how well you do.

https://www.amazon.com/CompTIA-Security-SYO-401-Exam-Cram/dp/0789753340

Other than security-specific stuff, make sure your bread-and-butter PM skills are up to date.

https://www.amazon.com/gp/aw/d/1939136024/ref=mp_s_a_1_4?ie=UTF8&qid=1526108431&sr=8-4&pi=AC_SX236_SY340_QL65&keywords=comptia+security%2B&dpPl=1&dpID=51g-tyqmEPL&ref=plSrch#

401 is still being offered till end of july, i also used boson for test exams, i used boson for my ccna and security+, will use when im ready for ccna security.

I’ve been in the industry for a while and don’t have any cert’s. I’m currently studying for my Security+. I’m 90% sure I could pass the test even without studying but I don’t want to have a chance of wasting the money. I’ve got this book and I think it gives a good overview of the industry.

CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide https://www.amazon.com/dp/1939136059/ref=cm_sw_r_cp_api_i_wkayDbJYN4DMW

This is the academic store that you can buy discounted exam vouchers from at the cheapest price. Requires a .edu email and you can only buy one voucher per test. You cannot buy retake vouchers at the discounted price. 


https://academic-store.comptia.org/certification-vouchers/c/11332


The academic store will give you a coupon code that you will use to redeem your exam when registering for the day you will take it. 


https://home.pearsonvue.com/comptia


It is suggested to schedule your exam date few weeks out and to arrive a half hour early before your scheduled exam time. Make sure to bring all forms of ID required for the test. 


https://www.weber.edu/TestingCenter/lindquist.html


Students should prepare for the exam by going over the course objectives and making sure they adequately understand each subject on these sheets. 


Official Sec+

https://certification.comptia.org/docs/default-source/exam-objectives/comptia-security-sy0-501-exam-objectives.pdf


Unofficial Sec+

https://www.certblaster.com/wp-content/uploads/2017/10/CompTIA-Security-SY0-501-Exam-Objectives.pdf


Official Network+

https://certification.comptia.org/docs/default-source/exam-objectives/comptia-network-n10-007-v-3-0-exam-objectives.pdf


I would suggest you do not purchase the official study guides and labs offered by the CompTIA store because many people have had mixed opinions on their cost and effectiveness and find them to be useless. 


I would suggest using free sources such as Professor Messer and other books with practice exams such as the "CompTIA Security+ Get Certified Get Ahead: SY0-501 Study Guide" . Professor Messer has monthly online study groups to personally ask questions from for free, he also has free videos that take you through every aspect of the test.


Security+


https://www.amazon.com/dp/1939136059/ref=cm_sw_r_cp_apa_i_BADzCbXJR8TGC


https://www.professormesser.com/security-plus/sy0-501/sy0-501-training-course/


Networking+


https://www.amazon.com/dp/1260122387/ref=cm_sw_r_cp_apa_i_HCDzCbXY08434


https://www.professormesser.com/network-plus/n10-007/n10-007-training-course/


Each certification test is comprised of a maximum of 90 questions on a 90 minute test that requires a passing score of 720 out of 900. The test will include common networking or security tools, Linux and Windows command line commands and theoretical and implementation questions. The test may also include common port numbers used by everyday services so knowing a large amount of them will help during the test. 


The test will also include performance based questions such as dragging and dropping, matching, etc. 


https://www.examcompass.com/comptia/network-plus-certification/free-network-plus-practice-tests#


https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests#


https://crucialexams.com/exams/comptia/security+/sy0-501/


The CompTIA tests are designed to be rigorous and intense, during the exam, you may feel like you are performing terrible and are about to fail, but you may be doing just fine. The test is designed to make you doubt yourself and sweat. 


You only need the minimum to pass. A 721 score is the same as a 870 score. 


If you study hard and know everything on the CompTIA lists and their intracacies, you will pass

>I don't believe I'd be able to survive on enlisted pay.

Plenty of people do. The military will pay you a subsistence based on where you live and your rank (BAH).

>I'd be willing to move anywhere if it meant I could get hands on experience with cyber security

Do you have any certs now? You should study for the Sec+ like yesterday. Buy This. Its okay to get certified before you graduate, hell I encourage it. Look into learning networking as well. When you graduate, hit me up if you remember.

I took the Net+ and then Sec+ 4 weeks later. There was some overlap from Net+ on the Sec+ exam, so that helped me some. I don't come from a security background and scored an 860 on the exam with heavy studying during that 4 weeks between exams. Get your hands on Darril Gibson's most recent Sec+ book, it was the best money I spent for any exam book. His practice questions are worded similarly to what you'll see on the exam.

Gibson's Book
https://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-401/dp/1939136024?ie=UTF8&*Version*=1&*entries*=0

Shon Harris's new book, updated by Fernando Maymi is an excellent study and certification prep. We use this book when delivering training to our DoD clients.

https://www.amazon.com/CISSP-All-One-Guide-Seventh/dp/0071849270/ref=sr_1_1?ie=UTF8&qid=1484067461&sr=8-1&keywords=cissp+shon+harris

Not sure what everyone uses, but http://www.amazon.com/Deadly-Sins-Software-Security-Programming/dp/0071626751 is a good place to start. Not all internet stuff, but the base ideas of how hacking works.

TL;DR:http://i.imgur.com/zHYn6Zd.jpg

99.9% will tell you to get Darril Gibson's Get Certified Get Ahead book. It is definitely worth the buy. linky

> CISSP

This one maybe? http://www.amazon.com/CISSP-All---One-Guide-Edition/dp/0071781749/

Also, Blizzard states having CISSP is a plus - so thank you very much for this suggestion!

EDIT: do you know anything more specific or any other good cert?

CISSP as there are more training resources available. Do your own research though.

​

Take a look at these resources:

CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide

https://www.amazon.com/gp/product/1119042712/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=1119042712&linkCode=as2&tag=mc00-20&linkId=C7HNX553XYF3YBVA

​

CISSP All-in-One Exam Guide, Seventh Edition 7th Edition

https://www.amazon.com/CISSP-All-One-Guide-Seventh/dp/0071849270/ref=sr_1_1?s=books&ie=UTF8&qid=1541218380&sr=1-1&keywords=shon+harris+cissp

​

Pluralsight:

https://app.pluralsight.com/paths/certificate/cisspr-certified-information-systems-security-professional

​

CBT Nuggets:

https://www.cbtnuggets.com/it-training/isc2-cissp-2015

I used this and this. Both together are more than you'd need. If you have Sec+ and have even a small amount of industry/best practice/common sense experience, you'll be fine.

Not advocating them, but I'm sure there's braindumps for it, as it is entirely multiple choice, other than a few simulations at the beginning.

$42 sybex book on amazon

and free cybrary account for review

this would be my choices on a budget

> https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119042712

That's the official study guide for the exam. The CBK is the Common Body of Knowledge which is intended to teach you the concepts.

I'm studying and both are dreadfully boring. I'd start with something like the CBT Nuggets videos, which will introduce you to the topics in a fun and engaging manner - then hit the dry book work hard when you feel you're ready.

If you start with the official CBK or study guide, it might turn you off. It's a lot of dry reading.

Current Mid-Level SysAdmin here, maybe pass by the A+ unless you absolutely know nothing of the field. The Network+ and/or Security+ will open more doors. The Security+ is required in a lot of government contract positions. On the security side you can branch out into certifications like the CISSP and the CASP. On the networking side you can look into specific vendor certs (Arista, Juniper, Cisco...) Just my 2 cents.

Edit: If you're going to pursue the Sec+, I'd recommend this book. It's all I used to study for the exam. I passed the 1st time. It's a steal at $10 on Kindle: https://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-401/dp/1939136024/ref=asap_bc?ie=UTF8

Get Certified Get Ahead. Pretty much known as the gold standard in terms of reading material for the Security+ test.

Darril Gibson is your friend. You can either buy his book and/or visit his website and you should pass.

Security+ book is pretty legit.

Security+CE. It will be the easiest of the exams listed. Here's my recommendation on a study guide:

https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/ref=sr_1_3?keywords=security%2B&qid=1573946942&sr=8-3

Passed the Comptia Security+ with the help of Darill Gibson's two books:http://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-301/dp/1463762364/ref=sr_1_1?ie=UTF8&qid=1331748339&sr=8-1 and http://www.amazon.com/Security-Practice-Questions-Certified-ebook/dp/B006ZD6WV2/ref=sr_1_fkmr0_2?ie=UTF8&qid=1331748339&sr=8-2-fkmr0

If you're getting 94% on your practice exam you're probably ready to go. Get a few more practice exams (you can buy books of practice exams on Amazon pretty cheaply) if you continue to get mid 90s you should be good to go.

Make sure you have your standard ports memorized. They came up a lot for me.

To pass my Security+ I watched the CBT Nuggets and read
this and [this] (http://www.amazon.com/Security-Certification-Official-published-McGraw-Hill/dp/B00E6TOT2Q/ref=sr_1_8?s=books&ie=UTF8&qid=1394728491&sr=1-8&keywords=security%2B+clarke) but I really had to learn a lot, I don't do much security work in my day to day. In the end I was way overprepared. I think I only missed one question.

I don't have course suggestions, but all you really need is Darrell Gibson's textbook on Security+. You can run all the labs on your own hardware (you need the experience setting that stuff up anyway). His textbook is comprehensive, and his well-maintained blog fills in any gaps.

I went in with very little security knowledge and was able to blast the Security+ exam out of the water. It's not an easy exam, but his material hits all the necessary check-marks.

Edit: He also has an Android app with test questions, flash cards, and other crap. Worth it.

Sure. Get it from here. https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119475937/ref=sr_1_4?crid=2N0VRVPHLM0X&keywords=sybex+cissp&qid=1574951835&sprefix=Sybex+cissp%2Caps%2C219&sr=8-4

You could pick up the study guide for the CWNA.

The CWNA is vendor agnostic and gives you a decent grasp of the concepts and things like site surveys.

I used this book and would recommend it.

https://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-401/dp/1939136024/ref=pd_lpo_sbs_14_t_0?_encoding=UTF8&psc=1&refRID=SCTGP0Y33FZNTKV344Z8

Certified Information Systems Security Professional Official Study Guide

These two subjects are very well explained by the CISSP All in One (created by Shon Harris)

https://www.amazon.com/CISSP-All-One-Guide-Seventh/dp/0071849270/ref=pd_sbs_14_t_0?_encoding=UTF8&psc=1&refRID=4D3GRA6EEWEVVRQ0F39J

24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them is good

Start with printing the Security+ objectives so you know exactly what you nee to study for. You've taken the A+, so the construct should be familiar to you.


Darril Gibson's Get Certified Get Ahead is the gold standard book for this exam. Read this cover to cover! In addition to the book, many people like the extra material on his GCGA website.

Keep in mind that it's suggested to have some networking knowledge when taking this exam, but not required. Many people will take the Network+ or CCNA before taking the Security+.

There's only one book you need to read. I read this book, used no other resources and passed with a 93% in 30 days:

https://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-401/dp/1939136024

Edit - corrected link! thanks /u/rNyhm

For CompTIA Security+:

Training: self-study this. Kindle version is $10.

Exam: Try seeing if the school you got your degree from is an academy partner. You might be able to get a discount. If not, it'll be a few hundred bucks to save for :\

CISSP isn't realistic for your situation i think. Way more training and exam $$$. + other things.

This ought to be fine:
https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead-ebook/dp/B07652KDXM/

I used this one:

http://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-301/dp/1463762364/ref=la_B001IOH64U_1_9?s=books&ie=UTF8&qid=1407252539&sr=1-9

Its important to note that they have a newer version of the test out (SY0-401). Right now you can take either version, but after December you won't be able to take the test that this study guide was written for (SY0-301). Darril Gibson hasn't released a book for the new version of the test, but he probably will soon.

When I was studying for the Security+ test, I kept going over all of the practice questions in the book until I could get at least 98% of them right. Overall, it took about 2 months of studying. I ended up getting an 851 (94%) on the test.

https://www.amazon.com/Deadly-Sins-Software-Security-Programming/dp/0071626751

https://www.amazon.com/Writing-Secure-Code-Strategies-Applications/dp/0735617228

http://www.amazon.com/CISSP-All---One-Guide-CDROM/dp/0071781749/ref=la_B001I9Q6M8_1_1?s=books&ie=UTF8&qid=1407553334&sr=1-1

This?

Here is the desktop version of your link

It was this book. I have A+, Sec+, and FOI besides CASP. I used to work helpdesk for 2 years and moved up to a JR sysadmin position recently (3-6 months).

https://www.amazon.com/CompTIA-Security-Study-Guide-SY0-401/dp/1118875079

A study guide should be more than enough.
https://www.amazon.co.uk/gp/product/1118875079/ref=pd_sbs_14_t_1?ie=UTF8&psc=1&refRID=FJ778RBW4HCTJN0TG0Y8

I used this book and the CompTia Certmaster. I got the certmaster because I think I bought a second shot for exam retakes. I read the book and then did the certmaster for a month until I took the exam.

https://www.amazon.com/gp/product/1118875079/ref=oh_aui_detailpage_o05_s00?ie=UTF8&psc=1

Grab a copy of the official study guide.


https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119042712/

One more point, we are now involved in the Sybex series of study guides (SSCP and CISSP right now). These are more akin to our standards.

CISSP Study Guide

SSCP Study Guide

Nope

This one

CISSP Official (ISC)2 Practice Tests https://www.amazon.com/dp/1119475929/ref=cm_sw_r_cp_api_i_N4mSDbGQPV37R

This is from "Mike Meyers' CompTIA Security+ Certification Guide, Second Edition (Exam SY0-501), 2nd Edition"

(Amazon link: https://www.amazon.com/Meyers-CompTIA-Security-Certification-SY0-501/dp/126002637X)

It's on page 459.

This book? http://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-301/dp/1463762364

https://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-401/dp/1939136024

Go for the Security+. You will get much more out of that then the A+ cert, specially if you are a DoD contractor. That's what I did. I used this book and CBT nugget videos.
https://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-401/dp/1939136024/ref=sr_1_1?ie=UTF8&qid=1483416496&sr=8-1&keywords=Security+%2B

Close, this is the study guide, you've linked the practice question book. I bought the Kindle versions of both of them for $20 total.

SY0-401 has only been around for a little over two years. It'll be another couple before it's replaced.

Is this the one you are referring to? You linked the practice test book. https://www.amazon.com/dp/1939136024/ref=cm_sw_r_other_apa_dO44ybCQ3D6WY

Also, does he have any videos?

Book

CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

This one helped me to pass!

https://www.amazon.com/dp/1939136024/ref=cm_sw_r_cp_awdb_t1_SyWPAbPRK4E3F

I'm taking the test in a month and using this book: https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/ref=pd_lpo_sbs_14_img_0?_encoding=UTF8&psc=1&refRID=5H0WSYWQ700X3F7F19FM

Flashcards
The Certmaster
And Professor Messer's videos

This is the book you're talking about right? https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059

For a book: https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/ref=sr_1_3?ie=UTF8&qid=1540341090&sr=8-3&keywords=sy0-501

Online resource: https://www.professormesser.com/security-plus/sy0-501/sy0-501-training-course/

My first attempt btw was 597
Links:
http://www.gtslearning-courses.net/
https://www.cbtnuggets.com/learn
Book I read by Dariil Gibson
https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/ref=sr_1_3?crid=3OQ0RW0P5085E&keywords=security+plus+sy0-501&qid=1551138675&s=gateway&sprefix=security+plus+%2Caps%2C157&sr=8-3

Just get the Darril Gibson book.

https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059

Are you referring to this book?
https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/

Here you go: https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead-ebook/dp/B07652KDXM/ref=tmm_kin_swatch_0?_encoding=UTF8&qid=&sr=

I'd highly recommend that all programmers read the book 24 Sins of Software Security. It goes over all of this stuff, but in more detail and with examples.

Sec+ scheduled for Jan 15. Currently reading a book and using CertMaster. Get this book, and if you have funding for it, get CompTIA CertMaster Security+. I used it when studying for the Network+ (along with Mike Meyers' Net+ book) and it was invaluable. Info actually sticks in your head, and the way the questions are worded is startlingly similar to the exam.

Sorry, here it is CompTIA Security+ Book

For Sec+ I went to the class at Keesler and bought the old version of this book. After reading it and highlighting important stuff I studied a chapter a night for about two weeks and also did some study questions on quizlet. Passed with no real issues.

https://www.amazon.com/CompTIA-Advanced-Security-Practitioner-Study/dp/1118930843/ref=sr_1_6?ie=UTF8&qid=1549995362&sr=8-6&keywords=CASP

https://www.amazon.com/CompTIA-Advanced-Security-Practitioner-CAS-002/dp/0789754010/ref=sr_1_7?ie=UTF8&qid=1549995362&sr=8-7&keywords=CASP

I used those two books, plus Kelly Handerhan's Cybrary videos and Plural Sight.

Thanks. I was stressing out big time going into CASP, and now I'm stressing out big time going into CISSP.. Testing in 45 days.

Weird, the book is called CompTIA Security+ Get Ahead Get Certified SY0-401 Study Guide, if you just Google that

Lol I'm a dumbass again and used a link from my orders. https://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-401/dp/1939136024