+ Reply to Thread
Results 1 to 4 of 4
  1. Senior Member yoba222's Avatar
    Join Date
    Jun 2013

    LFCS, GCIH, eJPT, CCNA, CAPM, Trifecta

    Default CySA+ Study Chronicles

    So I embarked on a 14 week learning journey, with the CySA+ certification as the tangible end goal that started January 1, 2018. This post chronicles my choice of personal study resources and curriculum. It's an unproven curriculum as I haven't taken the exam yet. I do intend to score very highly on this exam though.

    I've been working in information security for a bit over 2 years and have another year or so of information security related tasks experience from a job prior to that. Of the exam domain objectives, I'd say 90% of them are highly relevant to my day to day activities. I'm really amazed at how well the exam domains align with what I do at work.

    As far as formal training, my degree is a generic information systems one and my formal information security training consists of the Security+ from a few years back, the eJPT, studying for the GCIH last year, and whatever I've picked up from various textbooks.

    I estimate that right now I know probably 50-75% of the existing domain objectives on the CySA+ well enough to teach them. If I went into a testing center today, I might squeeze by with a pass as-is.

    I don't want to squeeze by with a pass though. I have little need to obtain this cert for the piece of paper it represents from a career/resume perspective. The missing 25-50% in knowledge holes is what going after this cert is all about for me.

    Initial Learning resources:
    These might grow or shrink as I progress through my curriculum

    The Sybex CySA+ Study guide by Mike Chapple
    The material has been great so far. There are a few errors in the text and on the quiz questions. There is an errata page and I'd definitely suggest going through it with a pencil beforehand. Finding the Sybex/Wiley errata submission page is a complex adventure in patience. It's sort of here:

    CySA+ Certification Exam objectives
    This is my ?8th? cert. Reading and rereading and rereading and rereading the exam objectives is super important and I attribute much of that learning technique to why I was able to pass the GCIH when I took no index and no textbooks to the exam center last year. I'm only a couple of weeks in and I've probably read the exam objectives 20 times collectively so far. I printed the 13 pages out and it's within arm's reach at almost all times.

    NIST SP 800-115 Technical Guide to Information Security Testing and Assessment
    This is the NIST pentesting guide. I might wait to read this closer to when I prep for OSCP or perhaps in CISSP preparation.

    NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations
    There are a few other relevant NIST publications, but this one is probably the most relevant to the CySA+. I'm still not sure if I'm going to read this 400+ page guide now, or closer to next year in CISSP preparation.

    Video Courses:

    Udemy: CySA+ Complete Course and Practice Exam by Jason Dion
    This course so far seems to take an acadamia structured approach, with some sysadmin/network admin insight perspectives thrown in here and there. It's very high quality and I recommend it based on what I've seen so far.

    Udemy: Complete CySA+ - The Total Course by Brent Chapman
    This course also seems to take an acadamia approach, with some DoD insight perspectives thrown in here and there. This is the All-in-One Mike Meyers endorsed video course. It's also high quality so far and I give it another recommend.

    Safari Books Online: CySA+ Complete Video Course by Aamir Lakhani and Joseph Muniz
    This is free with a Safari Books subscription. It feels less formal than the Dion/Chapman courses, but then it feels more personal at the same time. The material has some experienced security analyst/pentester insight perspectives thrown in here and there. I recognized Muniz/Lakhani's names from some Packt Publishing pen testing textbooks.

    CompTIA CySA+ Virtual Lab.
    The lab is implemented through practice-labs.com, though I purchased it from cybrary.it and I log in through the cybrary portal. It consists of around 25 multi-part labs on live (virtualized I'm sure) equipment.

    The material feels well though out and as if someone put a great deal of time into making it into a good quality product. On the down side, it can be a bit laggy. I'm probably several thousand miles away from the lab servers and latency can be an issue from my home. Plugging my laptop directly into my home router helps a bit.

    I suspect that the lab guides were written by someone in which English is not his or her first language. Things like using a semicolon perfectly, but then blatantly misusing a comma are present. This is a very minor criticism though, since on the tech side the labs seem to be designed very well.

    While many of the lab scenarios could be duplicated in a virtual home lab, some would be more of a challenge. For example, there are labs on a Cisco ASA firewall and an Alienvault SIEM appliance. I Look forward to these.

    Study Routine:
    I made a spreadsheet that mixes all the activities into a 6-day per week routine. Usually the activities are 45-90 minutes long per day, which has so far worked out to being a very reasonable 7-8 hours per week. I'll end up putting around 100-120 hours into this at the end.

    I'll update this thread on occasion as I progress and or course the exam results for when I book in April this year.
    2018: CySA+ | PenTest+ | OSCP | CISA
    2019: CCNA Cyber Ops | CISSP
    Reply With Quote Quote  

  2. SS -->
  3. Junior Member
    Join Date
    Aug 2016
    Good luck, and please do keep on updating the thread!
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Feb 2015
    The Interwebs

    Quote Originally Posted by yoba222 View Post
    NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations
    There are a few other relevant NIST publications, but this one is probably the most relevant to the CySA+. I'm still not sure if I'm going to read this 400+ page guide now, or closer to next year in CISSP preparation.
    Don't read this for exam prep. Focus on the other great materials you've already mentioned. If you're doing ISC2 CAP, FISMA, Assessment & Authorization (A&A) work then read this otherwise skip it.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Oct 2016

    CCNP R&S, CCNA(Security/Data Center), PCNSE 7, MCITP: Exchange 2010
    Thanks for the post. I'm considering this exam myself. I purchased Brent's Udemy course and added Muniz one to my safari subscription.

    I'll definitely try the virtual lab,
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks