Best CyberSecurity Courses & Certifications - Black Hat Hacking

Black Hat Hacking

All About Black Hat Hacking Tutorials...

Friday, 27 December 2019

Best CyberSecurity Courses & Certifications

Best CyberSecurity Courses & Certifications.




There are numerous certifications related to best cybersecurity courses out there that you can choose from. Quality, prices, opportunities, conditions can vary, but in general, all of them are more or less tied to the same goal, cybersecurity. We most likely didn’t cover many of them, but we tried to get the most recognizable/popular/known ones here. We’ll try to update the list as time goes by.
Becoming a cyber ninja is a hard, lonely and difficult path, trying to improve yourself to perfection, hating your weaknesses, dominating your opponents and competition, dedicating your entire self to a single goal…
…okay, maybe we overstated, but it’s definitely not an easy thing to do.
We’re not counting the ones that are considering themselves cybersecurity masters simply by getting a CEH cert. Some of the gathered information below might not be up-to-date, so do check the formal links of course/certification providers. Some certs below might have more info than others, but in general we tried to gather at least some basic info on the subject.

Cybersecurity Courses and Cybersecurity Certifications

OSCP : Offensive Security Certified Professional

Probably the most recognized and respected certification for info security professionals. In general, lab is out to simulate a real-world situations, but based on some reviews, it’s still doesn’t mimic the real-world corporate environment (Man-in-the-middle, etc.).
You’ll need to demonstrate ability to research the network, identify vulnerabilities and execute attacks. Goal, exploit things and acquire administrative access. As a result, you’ll need to submit “penetration test report” with the notes, screenshots and any details you have related to your findings. Points are awarded on per host/server basis (depending on the difficulty). The main focus should be on the labs. Some Programming Skills
  • Reading/Understanding the flow of public exploits
  • Hacker/Out of the box way of thinking
  • Never give up attitude, Patience,…
It’s difficult, no doubt. You’ll receive access to a virtual network containing targets (55 machines, different difficulty levels) you’ll attack, training, video materials & lab conectivity. The links (pdf & video) expires after some time (2 days), so back it up right away. Go through both of them, additional points for submitting exercise documentation. There are 4 networks (Public, IT, Development, Admin). Initially you’ll receive access to Public network, you need to unlock the others by exploiting things, connecting to them via port forwarding/proxy chaining. Exploiting a machine is a bullet point process:
  • Find open ports/services
  • Enumerate
  • Exploit
  • Post exploitation enumeration
  • Privilege escalation
There will be situation in which results/info you gathered on one machine can be used to solve another. You might get admin/root access to a machine by default, ultimately using that (gathered info) to get access to another one. Beware of the decoy vulnerabilities pushing you into the wrong direction. Difficult machines: painsufferancehumble and gh0st.
Notes:

  • Modify exploits if needed
  • Machines might not be responsive (due to other studends), try again
  • Always upgrade your shell
  • Look for misconfigurations & credentials (try them wherever possible)
  • There’s no need to “break” all the machines (at least 25 including 2 difficult ones)
Reviews/Links: 0xdarkvortexsystemoverlordscund00r
Course detailsSyllabus
Price: $800

OSCP Exam

Duration: 24 hrs
Points needed: 70 / 100
Examination: crack 5 machines
Limits: Metasploit usage is forbidden (only once)
Pre-condition: Completed Penetration Testing with Kali Linux training course
Other: Report template will be provided in the reporting guide (or use custom one), take SS and POCs immediately after each exploitation step, submit the flags (local.txt, proof.txt) in the exam panel immediately once you retrieve them
Help: Offensive Security Student ForumSupportNetSecFocus (OSCP Channel), Random advices (e.g. Niiconsulting)
1 Machine: metasploit usage
1 Machine: Buffer Overflow (SEH Based buffer overflow is not required for OSCP)

CEH : Certified Ethical Hacker

It’s a basic course, no doubt. It teaches you about the tools and vocabulary, but that’s all. Usually followed via courseware (couple of books, materials) including lab practices (videos, manual).
It includes:
  • Ethical hacking basis
  • Footprinting and reconnaissance
  • Network scanning
  • Enumeration
  • System hacking
  • Trojans and backdoors
  • Viruses and worms
  • Sniffers
  • Social engineering attacks
  • Denial of servic attacks
  • Session hijacking
  • Web Apllication Hacking
  • Hacking wireless networks
  • Evading IDSs, Firewalls and honeypots
  • Buffer overflow
  • Cryptography
  • Penetration testing
Price: $500-$600

CEH Exam

Duration: 4 hrs
Examination: 125 multiple-choice questions
Points need: 70%

OSWP : Offensive Security Wireless Professional

Introduction to skills needed to audit and secure wireless devices. Some examples:
  • WiFi Internals, Packets, Hardware/Drivers
  • PCAP Exampels
  • Aircrack-NG
  • Sniffing Traffic, Packet injection, cracking the keys, finding hidden SSIDs, buypassing MAC filtering
  • Attacks on WEP networks (open auth, shared key auth, no clients), interactive packet replay attacks, fragmentation attacks, KoreK ChopChop, etc.
  • Password attacks: Dictionary/Rainbow table attacks, Cowpatty, Pyrit, Wordlists
Course is considered a bit outdated by some (materials not up-to-date, WEP focus, easy exam) but I think it’s ok, especially as a starting point/general introduction. Some theory segments might bore you and setting up lab can cause headaches (wifi card drivers issues). You’ll need:
  • a solid understanding of TCP/IP and OSI Model
  • Linux skills
Uppon enrolling, you’ll receive materials (Guides, Videos). For a practical segment you’ll need:
  • BackTrack / Kali Instance
  • Wireless card (capable of packet injection, e.g. AWUS036NHA)
  • Access Point
  • Victim’s device
The things that might help: Aircrack-ng-wiki , SecurityTubenickjvturner,
Price: $450

OSWP Exam

Based on some experiences/review, not much challenging. Compromise a number of targets (3) and get the secret key. Graded in two parts:
  • Successful recovery of the requested network keys / PSKs
  • “Show your work” part, a report containing the keys and commands used to acquire them (template is provided)
Duration: 3 hours 45 minutes
Points needed: Complete all tasks to pass

OSCE : Offensive Security Certified Expert

Here, you’ll demonstrate an ability to research the network (info gathering), identify vulnerabilities nad execute attacks with the goal of compromising the systems to gain admin access. Points are awarded for each compromised host (based on difficulty and level of access). As usual, you’ll receive course details and materials:
  • CTP manual
  • Lab connectivity guide
  • Lab Connectivity Pack,
  • Videos
  • Username/Password for the lab (VPN) / control panel
They’ll be available for 2-3 days. Download them. The Labs there differ from the PWK (OSCP), they’re there to help you duplicate PDF walkthroughs. Mentioned Topics:
  • Web App (XSS, LFI,..)
  • Backdoors ( PE File Modifications, Antivirus Bypass,..)
  • Advanced Exploitation (ASLR and DEP Bypass, Egg Hunters In-Depth,..)
  • Zero-Day (Vulnerabilities, fuzzing,..)
  • Networking (GRE Tunneling, ..)
Advices: Recommended usage of 32 bit Kali. Don’t get stuck on one method of problem solving, improvise. Pay attention to details while developing an exploit. Always restart a program after a round of fuzzing.
Reviews/Links: netsecvesiluomaaminbohiorootkitsg0tmi1ksecuritysifttekwizz
Course detailsSyllabus
Price: $1200

OSCE Exam

Duration: 48 hrs
Points needed: 75 / 90

OSEE : Offensive Security Exploitation Expert

OSEE or AWE (Advanced Windows Exploitation) is relatively popular, only offered in person and getting booked quickly, so it’s somewhat hard to get a spot. As always with OffSec, it’s a “Try harder” type of course/cert.
Course lasts for 4 days, with classes spanning 0800 to 1700 and you’ll of course get course materials (book, USB carved Kali, etc.).
You’ll show an ability to research and develop exploits for the given targets through reverse engineering, assembly/disassembly, relying on their exploit experience while thinking laterally. It’s expected of you to provide a comprehensive report (notes, SS), basically all the details on your exploit approach. Mentioned topics:
  • Egghunters
  • Bypassing NX
  • Custom Shellcode
  • Venetian Shellcode
  • Kernel Driver Exploitation
  • 64-bit Kernel Driver Exploitation
  • Heap Spraying
You’ll need to know your way around:
Windbg, Immunity debugger, IDA, Assembly, x86&x64, Scripting (python/JS), Programming (C/C++)
Module 1:
  • Case study: CVE-2015-3104
  • Bypass the DEP/ASLR via Flash Heap Overflow through FireFox in Windows 10 32-bit in module 1
  • Returned Oriented Programming (ROP) Exploitation technique to bypass the DEP (ROP chains)
  • Bypass ASLR with DEP (leaking a pointer to NPSWF dll)
  • Deep Heap Spray technique to place our ROP Gadgets and shellcode (spray ByteArray objects, nullifying the ByteArray’s)
  • Destore the execution flow from our exploitation
  • Sandbox Escape from Flash Sandbox to w00t the target machine
  • Defeat the Windows Defender Exploit Guard (WDEG), Disarm or Bypass
Module 2:
  • Case study: CVE-2017-8601
  • CFG/ACG Bypass and Sandbox Escape via Microsoft Edge Type (64-bit arch)
  • Defeat or bypass more WDEG features such as Control Flow Guard (CFG) and Arbitrary Code Guard
  • AppContainer Sandbox and Code Integrity Guard (CIG)
Module 3:
  • Case study: CVE-2015-5736
  • 64-bit Kernel Driver Exploitation, fundamental theory on structures and drivers
  • Token Stealing Payload to escalate privileges in Windows systems
  • Trigger the vulnerable code in the IOCTL, Memory Paging and Structures, calculate the PML4 Self-reference Entry, get the PTE address from a given virtual address
  • Exploit the vulnerability with ROP based attack
  • How to bypass SMEP protection
Notes/Help:
Reviews/Links: animal0dayjscybersecinfosecflashtheevilbit
Course detailsSyllabus
Price: $5000 (BlackHat)

OSEE Exam

Two challenges. Couple of ways of doing it, different difficulty (different points value).

Duration: 72 hrs
Points needed: Both challenges

OSWE : Offensive Security Web Expert

This is relatively new course on offensive security. With OSWE you’ll demonstrate the art of exploiting front-facing web apps. Pre-requisite course is “Advanced Web Attacks and Exploitation (AWAE). So, everything related to web app security and pentesting should be covered. Practicle understanding of vulnerability assessment and hacking process.
You’ll need:
  • some faimiliarity with Linux
  • familiarity with web application attack vectors, theory and practice
  • ability to write simple python/Persl/PHP/Bash scripts, powershell
  • web proxies, Burp suite, etc.
Course detailsSyllabus
Price: $1400

OSWE Exam

Duration: 48 hrs
Points needed: 

CISSP : Certified Information Systems Security Professional (BANK)

For security practitioners, managers and executives. With it, you should be able to define the architecture, design and a management of the security of your organization (Access Control Systems, Security, etc).
  • Domain 1: Security and Risk Management (15%)
  • Domain 2: Asset Security (10%)
  • Domain 3: Security Architecture and Engineering (13%)
  • Domain 4: Communication and Network Security (14%)
  • Domain 5: Identity and Access Management (13%)
  • Domain 6: Security Assessment and Testing (12%)
  • Domain 7: Security Operations (13%)
  • Domain 8: Software Development Security (10%)
Price: $700

CISSP Exam

CAT (Computer Adaptive) Test with between 100-150 questions.

Duration: 3 hrs
Points needed: 700/1000
Note: we found a source stating that the exam took 250 questions and 6 hrs, but we couldn’t confirm it.

CISM: Certified Information Security Manager

Offered by ISACA association, intended for information security managers or IT consultans. To qualify for the exam, you have to have 5 years of verified experience in the infosec field (within 10 years period). It covers:
  • Information security management
  • Information risk management and compliance
  • Information security program development and management
  • Information security incident management
ISACA recommends the following steps:
Rough cost estimate:
  • $ 10.00 – ISACA membership (online to save $20 – membership saves $$ on the review materials)
  • $500.00 – Exam registration fee ($450 if registering early)
  • $ 45.00 Annual Maint Fee (also must accrue 120 CPEs within 3 years)
  • $185.00 – CISM Review Questions Answers & Explanations Database 12 month Subscription (non members $225)
  • $105.00 – CISM Review Manual 15th Edition ($135 for non-members)
Total, it’s about $845.00 to do a self-study program. There’s mention of $995 if you want to take the class or $795 if you want to take the online review course. You should also add $45 for the CISM Review Questions, Answers & Explanations Database – 6 Month Extension
Price: ~$850

CISM Exam

Number of questions: 150-200.

Duration: 4 hrs
Points needed: – questions

CompTIA Security+

There are no prerequisites, but there’s a recommendation to acquire CompTIA Network+ and have at least couple of years of IT administration (with a security focus). It establishes the core knowledge required of any cybersecurity role, incorporating practices in hands-on troubleshooting to ensure security professionals have practical security problem-solving skills. It covers network security concepts, threats and vulnerabilities, access control, identity management, cryptography, etc. Relation:
  • Network Security (21%)
  • Compliance and operational security (18%)
  • Threats and vulnerabilities (21%)
  • Application, Data, and Host Security (16%)
  • Access control and identity management (13%)
  • Cryptography (11%)
As for the price, I guess it depends on where you take it.
Price: $340 (exam) – $1000 (deluxe bundle)

CompTIA Exam

There’s 100 performance-based questions, focused on your ability to solve problems in a simulated environment, scored on a scale of 100 to 900.

Duration: 1.5 hrs
Points needed: 750/900

GSEC: GIAC Security Essentials

For the security professionals that want to demonstrate that they’re qualified for IT systems hands-on roles. It’s a “good foundation cert”.
  • Access control & Password management
  • Active Defense
  • Contingency plans
  • Critical controls
  • Cryptography
  • Cryptography algorithms & Deployment
  • Cryptography application
  • Defense in Depth
  • Defensible network
  • Endpoint security
  • Enforcing Windows security policy
  • Incident Handling & response
  • IT Risk management
  • Linux Security: STructure, Permissions and access
  • Linux Services: Hardening and securing
  • Linux: Monitoring and Attack detection
  • Linux: Security Utilities
  • Log Management & SIEM
  • Malicious Code & Exploit Mitigation
  • Network Device Security
  • Networking & Protocols
  • Securing Windows Network Services
  • Security Policy
  • Virtualization dn Cloud Security
  • Vulnerability Scanning and Penetration Testing
  • Web Communication security
  • Windows Access Controls
  • Windows as a Service
  • Windows Automation, Auditing and Forensics
  • Windows Security Infrastructure
  • Wireless Network Security
S***, this is going to make you into jedi. Joking aside, most of these points are introductory, candidates learning fundamental theory, understanding the overall idea, functionalities, concepts.
Price: $2000 ($80 for a test re-take) , Source

GSEC Exam

After purchasing test, you have 4 months to schedule a test. If you fail 3 times, you must wait an year before you can take the test again. Students must retake exam every 4 years (~$400). Around 180 multiple choise questions.

Duration: 5 hrs
Points needed: 73%

CRISC: Certified in Risk and Information Systems Control

Also ISACA, intended for business and information security professionals who specialize in the end to end risk managament process (risk identification, assessment, evaluation and remediation). Domains:
  • Domain 1 – Risk Identification, Assessment & Evaluation – 31%
  • Domain 2 – Risk Response – 17%
  • Domain 3 – Risk Monitoring – 17%
  • Domain 4 – Information Systems Control Design & Implementation (17%)
  • Domain 5 – IS Control Monitoring & Maintenance (18%)
The requirements are identical to that of the CISA which is 120 CPE (Continuing Professional Education) hrs every three year cycle with an annual minimum of 20.
Price: $725 ($595 for members)

CRISC Exam

A 150 question test, between 200 and 800 points.

Duration: 4 hrs
Points needed: 450 points

CIPP – Certified Information Privacy Professional

You’ll get some mix of Privacy fundamentals + Legal system + Laws + Data protection. This is not our cup of tea, but we can understand the appeal and why would one like to get it. Non proffit organization (IAAP) is accredited by the ANSI, the formality, probably ideal for corporate environments.
  • CIPP/US (United States)
    • Introduction to the U.S. Privacy Environment
    • Limits on Private-sector Collection and Use of Data
    • Government and Court Access to Private-sector Information
    • Workplace Privacy
    • State Privacy Laws
  • CIPP/C (Canada)
    • Canadian Privacy Fundamentals
    • The Canadian Government and Legal System
    • Enforcement Agencies and Powers
    • Canadian Privacy Laws and Practices in the Private Sector
    • Canadian Privacy Laws and Practices in the Public Sector
  • CIPP/E (Europe)
    • Introduction to European Data Protection
    • European Regulatory Institutions
    • Legislative Framework
    • Compliance with European Data Protection Law and Regulation
    • International Data Transfers
  • CIPP/A (Asia)
    • Fundamental Privacy Principles
    • Singapore Privacy Laws and Practices
    • Hong Kong Privacy Laws and Practices
    • India Privacy Law and Practices
    • Common Themes Among Principle Frameworks
  • CIPP/G (US Government) – Terminated
You can find some formal advices on their website that should help you prepare and study.
Course detailsHandbook
Price: $550 (Re-take: $375, 30 days need to pass after a failed test)

CIPP Exam

A 90 question test.

Duration: 2.5 hrs
Points needed: 75 questions

CISA – Certified Information Systems Auditor

Provides a basic knowledge of core IT auditing and governance.
  • Domain 1— Process of Auditing Information Systems
  • Domain 2— Governance and Management of IT
  • Domain 3— Information Systems Acquisition, Development and Implementation
  • Domain 4— Information Systems Operations, Maintenance and Service Management
  • Domain 5— Protection of Information Assets
Apparently there’s no prerequisites to taking an exam, but there is one when submitting a CISA application for Certification. A minimum of 5 years of professional information systems auditing, control or security work experience is required. Subsitution of such experience (to a maximum of 3 years) can be obtained:
  • A maximum of 1 year of information systems experience OR 1 year of non-IS auditing experience can be substituted for 1 year of experience.
  • 60 to 120 completed university semester credit hours (the equivalent of an 2-year or 4-year degree) not limited by the 10-year preceding restriction, can be substituted for 1 or 2 years, respectively, of experience.
  • A bachelor’s or master’s degree from a university that enforces the ISACA-sponsored Model Curricula can be substituted for 1 year of experience. To view a list of these schools, please visit www.isaca.org/modeluniversities. This option cannot be used if 3 years of experience substitution and educational waiver have already been claimed.
  • A master’s degree in information security or information technology from an accredited university can be substituted for 1 year of experience.
Maintenance fees and a minimum of 20 contact hours of CPE are required annually. In addition, a minimum of 120 contact hours is required during a fixed 3-year period.
You must do complete it within 10 years of applying for the certification or within 5 years of successfully passing the CISA exam.
Price: $415 – 545, $760 (depending on the source) + $50 application fee + $45-85 per year (Certification maintenance fee)

CISA Exam

A 150 multiple-choice questions test. The exam scores between 200 and 800.

Duration: 4 hrs
Points needed: 450 points

CCSP – Certified Cloud Security Professional

One of “most advanced” security certs available today. Awarded to studens which have attained technical and knowledge to design, manage and secure data, applications and infrastructure in the cloud.
Similar to CISA, candidates must have a minimum of 5 years cumulative paid work experience in IT (35hrs/week), of which 3 years must be in information security and 1 year in one of the 6 domains (of the CCSP CBK):
  • Domain 1. Cloud Concepts, Architecture and Design
  • Domain 2. Cloud Data Security
  • Domain 3. Cloud Platform & Infrastructure Security
  • Domain 4. Cloud Application Security
  • Domain 5. Cloud Security Operations
  • Domain 6. Legal, Risk and Compliance
1040 hours of part-time = 6 months of full time experience
2080 hours of part-time = 12 months of full time experience
Preparation time for the exam varies but rough estimate is 300 hours. One of the “funny” / “amuzing” things is a background check ISC conducts. In order to reach highest ethical and professional heights, candidates must satisfy:
  • You have never been convicted of a felony or a crime based on dishonesty. This does not, however, include traffic offenses that are prosecuted in juvenile court.
  • You have never been involved in or publicly identified with criminal hackers or hacking
  • You have never been disciplined by a certification body or had your certification revoked
  • You have never been known by any other names, aliases or pseudonyms. This does not include name changes due to marriage or adoption
Price: $599

CCSP Exam

A 200 multiple-choice questions test. Up to 1000 points.

Duration: 4 hrs
Points needed: 700 points

CGEIT – Certified in the Governance of Enterprise IT

Another ISACA Certificate validating the candidate’s experience, knowledge and credibility. Intended for professionals serving in management, advisory or assurance roles. Domains:
  • Domain 1 – Framework for the Governance of Enterprise IT
  • Domain 2 – Strategic Management
  • Domain 3 – Benefits Realization
  • Domain 4 – Risk Optimization
  • Domain 5 – Resource Optimization
Price: $420 – 725 (depending if you’re ISACA member or not, and if you’re taking online early registration or final registration sent by mail)

CGEIT Exam

A 150 multiple-choice questions test. Scores between 200 and 800 points.

Duration: 4 hrs
Points needed: 450 points

CHFI – Computer Hacking Forensic Investigator

Interesting cert, related to detecting hacking attacks and extracting evidence for crime reports, doing audits to prevent future attacks. It validates candidate’s skill to identify intruder’s footprints, gathering the necessary evidence to prosecute the perpetrator.
  • Forensic Science
  • Regulations, Policies and Ethics
  • Digital Evidence
  • Procedures and Methodology
  • Digital Forensics
  • Tools/Systems/Programs
  • Computer forensics in today’s world
  • Computer Forensics Investigation Process
  • Understanding hard disks and file systems
  • Data acquisition and duplication
  • Defeating anti-forensics techniques
  • Operating system forensics
  • Network forensics
  • Investigating web attacks
  • Database forensics
  • Cloud forensic
  • Malware forensics
  • Investigating email crimes
  • Mobile forensic
  • Forensics report writing and presentation
Course detailsHandbookExam Blueprint
Price: $500

CHFI Exam

A 150 multiple-choice questions test, different forms (questions banks).

Duration: 4 hrs
Points needed: 60-85% (depending on which exam form is challenged)

CCNA – CISCO Certified Network Associate

As mentioned on the CISCO’s website, CCNA should prepare you for associate-level job roles in IT technologies. No prerequisites, but it would be great if you have one or more year of experience implementing/administering CISCO solutions, knowledge of basic IP addressing and good understanding of network fundamentals.
  • Network fundamentals
  • Network access
  • IP connectivity
  • IP services
  • Security fundamentals
  • Automation and programmability
Price: $325 – 600

CCNA Exam

A 60 multiple-choice questions, drag and drop, simulations test, different forms (questions banks).

Duration: 1.5 hrs
Points needed: 82-85%

CCNP – CISCO Certified Network Professional

Network/Support/Systems engineer or technician, this routing and switching cert validates the ability to plan, implement, verify and troubleshooot local and wide-area enterprise networks, including security, voice, wireless and video solutions.
Not sure we get it but there are a number of certs within CCNP:
  • CCNP Routing and Switching
  • CCNP Collaboration
  • CCNP Wireless
  • CCNP Data Center
  • CCNP Service Provider
  • CCNP Security
  • CCNP Cloud
  • CCDP
  • CCNP Enterprise
  • Cisco Certified DevNet Professional
Prerequisites: CCNA or any CCIE
Price: $900 – 1200

CCNP Exam

Up to 60 multiple-choice questions, drag and drop, simulations test, different forms (questions banks). Scale 300-1000 points. You have to wait 5 days before taking another exam in case you fail.

Duration: 1.5 hrs
Points needed: 850 points

CAP – Security Assessment and Authorization

Another ISC2 cert, showing anyone that you have technical skills and knolwedge to authorize and maintain information systems. Inteded for anyone using RMF (Risk Management Framework) like Governments, Military, Civilian roles, private sector organizaitons, etc.
  • Domain 1. Information Security Risk Management Program
  • Domain 2. Categorization of Information Systems (IS)
  • Domain 3. Selection of Security Controls
  • Domain 4. Implementation of Security Controls
  • Domain 5. Assessment of Security Controls
  • Domain 6. Authorization of Information Systems (IS)
  • Domain 7. Continuous Monitoring
Candidates must have a minimum of 2 years of cumulative work experience in 1 or more of 7 domains (CAP CBK). Don’t forget the ISC background check.
Course detailsOutline
Price: ~$600 (+/- 100)

CAP Exam

A 125 multiple-choice questions, Up to 1000 points.

Duration: 4 hrs
Points needed: 700 points

CSSLP – Secure Software Development

Another cert from ISC, ideal for software developers and security professionals responsible for applying best practices in software design/implementation/deployment (Soft. Architect/Engineer/Developer, Quality assurance tester, penetration tester, project manager, etc).
  • Domain 1. Secure Software Concepts
  • Domain 2. Secure Software Requirements
  • Domain 3. Secure Software Design
  • Domain 4. Secure Software Implementation/Programming
  • Domain 5. Secure Software Testing
  • Domain 6. Secure Lifecycle Management
  • Domain 7. Software Deployment, Operations, and Maintenance
  • Domain 8. Supply Chain and Software Acquisition
Course detailsOutline
Price: ~$600 (+/- 500)

CSSLP Exam

A 175 multiple-choice questions, Up to 1000 points.

Duration: 4 hrs
Points needed: 700 points

HCISPP – Healthcare Security & Privacy

Straightforward, ideal for information security professional in charged with guarding protected health information (Compliance officer, Medical Supervisor, Health Information manager, etc).
  • Domain 1. Healthcare Industry
  • Domain 2. Information Governance in Healthcare
  • Domain 3. Information Technologies in Healthcare
  • Domain 4. Regulatory and Standards Environment
  • Domain 5. Privacy and Security in Healthcare
  • Domain 6. Risk Management and Risk Assessment
  • Domain 7. Third-Party Risk Management
Course detailsOutline
Price: $599 (+/- 50)

HCISPP Exam

A 125 multiple-choice questions, Up to 1000 points.

Duration: 3 hrs
Points needed: 700 points

SSCP – IT/ICT Security Administration

For IT administrators, manager, directors for hands-on operational security. System admin, security analyst, system engineer, DB admin, etc.
  • Domain 1. Access Controls
  • Domain 2. Security Operations and Administration
  • Domain 3. Risk Identification, Monitoring and Analysis
  • Domain 4. Incident Response and Recovery
  • Domain 5. Cryptography
  • Domain 6. Network and Communications Security
  • Domain 7. Systems and Application Security
Course details: Outline
Price: $599 (+/- 50)

SSCP Exam

A 125 multiple-choice questions, Up to 1000 points.

Duration: 3 hrs
Points needed: 700 points

Cybersecurity certification – Useful tools and sources

The Wargames , PentesterAcademyVulnHubFuzzySecurityDVWA, Mutillidae, Web Goat, check some tutorials (web, youtube) for some general info on ssh, enumeration, reconnaisence, port-scanning, web app testing, cracking/reverse engineering, etc. mix it up a bit. Get to know metasploit (post-exploitation modules), check free courses: SecurityTube and Metasploit-unleashed.
Books: Metasploit unleashed, Penetration Testing, Freebooks Source1.
It will most certainly come useful at some point.
* while doing tests, use “screen” if possible (in case connection drops)

Conclusion

They all have their advantages and disadvantages. Some of them have focused on a practical knowledge (labs, simulations, etc) while others offer/force theoretical approach. What to choose for yourself depends on your direction, desires, capabilities.. If you want to be “considered” as a hard-core elite get something with practical approach, heavy s*** where you have to think outside of the box, challenging things, etc.
If you just want to get some job in the IT/Cybersecurity industry, you can get some “Theoretical” certification, learning the questions, just enough so you can prove to your employers that you know what you’re talking about. There’s no right or wrong here, follow your heart…
# Scrum, COBIT, ITIL, TOGAF, PMP (Project Management Professional)

No comments:

Post a Comment

Note: only a member of this blog may post a comment.