Prologue

I landed in Brisbane, Australia on the 13th of July, 2014 (one day before O-Week) with no prior experience in IT Security and the constant voices in my head which could be labelled as ‘imposter syndrome’ and the overwhelming feelings of being in a new country ‘to fulfil my dreams’ after quitting my job and doubting my decisions. Two absolutely fantastic years later I graduated with a Masters in IT majoring in Security from QUT. I would also like to point out that I was the only student to do so for that term.

I would recommend everyone to remove any bias that you may have regarding your abilities and also any mental blocks which other people have put inside your head. Acquiring knowledge is your number one priority, passing the test is secondary (or at least for me).

 

My number one rule: Never skip a class!

So why take up this certification?

University courses [at QUT] were designed and delivered with an emphasis on getting the students the real-world experience and industry knowledge.  But as one of my professors had said, it’s quite challenging to fit everything into a semester (for that topic) and expect students to comprehend everything.  That was obvious. I know that it’s not easy for a university to always be offering the latest and greatest of the technological wisdom since there is always new stuff which comes up and let’s not forget the time and effort required to develop a course and study material(s). I was completely fine with whatever I was being taught and learned in class.

I bought my Security+ exam voucher the day I decided to get my CompTIA Security+ certification (SY0-501) and the exam voucher is valid for 12 months. This turned out to be a good and bad idea for me since I kept putting off studying because of several personal reasons and finally scheduled my exam on the date of expiry.

I love to learn but don’t like to sit down and study. For me to feel like studying, the stars must align, the temperature must be right and let’s not forget the feng shui of the surroundings!  Alright, maybe all of these self imposed blockers where to do with the fact that I’m/was a ‘recent graduate’ who had it with studying and wants to enjoy the finer things in life such as being able to pick up top-shelf products at Coles (I’m an ALDI person now) and not waiting for student nights to go out for a movie or whatever.

So I had my fun and now its 4 months till the due date. The biggest ‘distraction’ was getting sidetracked by new terminologies/methodologies which I wanted to know more about but not necessarily included for the test. I’ve uploaded the exam objectives here.

The majority of my time spent was on Darril Gibson’s Security+ study guide. I opted for this book because this was recommended on the Security+ course I was doing (never completed) on Lynda.com (LinkedIn Learning) and it cost me not more than A$10 from Amazon (e-book). This was handy because I could read during my commute as well.

A couple of weeks before the test week, I received my Pluralsight license (courtesy of Pluralsight and my current employer) which was just when I was planning my end game. The best part is that Pluralsight had practice exams available through Kaplan.com. The practice tests, performance tracker and the review options were all fantastic.

I’ve got a Masters in IT and majored in security but the amount of new things I learned from this course were phenomenal.

Well, OK! CompTIA Security+ is no OSCP or [INSERT PREFERRED CERTIFICATION NAME], but it’s something which builds upon your foundation and maybe a bit more. And what better way to re-start my hobby of blogging than with something I know will help someone who is stepping into the InfoSec world. I did find that having that operational experience in SecOps did make it easier to grasp and relate to certain concepts covered in the course. That said, sometimes I did find myself arguing with the book on why certain concepts will just be that and won’t work out in the real world but for the sake of the test, I just had to accept things as how they were. It’s a shame that the focus percentage given for the domain ‘Cryptography and PKI’ was the lowest amongst the 6 domains at 12% since it’s a topic I thoroughly enjoy and keen to learn more about.

So that’s my two cent on the cert, ‘its lightweight and packs a punch’ and I hope this was a good short read. I’m not entirely sure as to what my next certification should be but I’m interested in Pentest+. Since I’ve no solid foundation in Linux and exposure to CTF and its variants, it’s going to be a long but interesting journey.

I’ve already started working on my next blog which is due in a few weeks time. If you’re new to the Information Security space and would like to know something, let me know in the comments section below or contact me via Twitter (@Australiasecure) and I will do my best to answer you. I would also love to hear your thoughts about my blog so that I can be better next time. Please feel free to share the post but don’t feel you have to. I’m doing this as a hobby and not for commercial purposes 🙂

Cheers,

Shaine