↓R↑LYB
I trained Sheng Long and Shonuff
Just copped that Security+
Now the next round of job applications begin
You passed the exam? Good shyt breh. Soon as you're eligible go for the CISSP. Instant 6 figures
IT Certifications and Careers (Official Discussion Thread)
- Thread starter fendi_mane
- Start date
You passed the exam? Good shyt breh. Soon as you're eligible go for the CISSP. Instant 6 figures
D1renegade
All Star
You passed the exam? Good shyt breh. Soon as you're eligible go for the CISSP. Instant 6 figures
Yeah I passed with a score of 841. I'm surprised I scored that well because I was not feeling good about the test l as I was answering the questions. And yeah the CISSP is definitely on my road map for the future. I'll start preparing for that after I conquer the CCNA sometime next year.
↓R↑LYB
I trained Sheng Long and Shonuff
Next year
You bout to do a 9 month bid or something? Why you ain't studying for it now
Scott Larock
Its hard leaving thecoli but I gotta find a way...
I'm trying to set up a virtual network in vmware, I have server 12 and two windows 10 os.
The server ip is set up with ad, dhcp and dns
The ip addess is
192.168.1.200
255.255.255.0
192.168.1.254
dns is 127.0.0.1
alternate is blank
I'm pinging the ip address and nothing comes, I'm using the client windows 10.
I set the scope from 192.168.1.190 to 200
I'm fukking up somewhere I dont understand ip addresses at all.
what's a simple range I can use?
The server ip is set up with ad, dhcp and dns
The ip addess is
192.168.1.200
255.255.255.0
192.168.1.254
dns is 127.0.0.1
alternate is blank
I'm pinging the ip address and nothing comes, I'm using the client windows 10.
I set the scope from 192.168.1.190 to 200
I'm fukking up somewhere I dont understand ip addresses at all.
what's a simple range I can use?
Scott Larock
Its hard leaving thecoli but I gotta find a way...
dont know what you talking about, I'm following this guy right here.
Scott Larock
Its hard leaving thecoli but I gotta find a way...
If I use the NAT from my actual pc, do I have to give the vmware server my actual ip from the computer that's physically connected to the internet? Should I use a Private IP that way I can create a little virtual network?
↓R↑LYB
I trained Sheng Long and Shonuff
I have a consulting company where we do security assessments and hardware refreshes for small businesses. There's money there, but it's not super easy to get into. A lot of it is word of mouth so you're gonna have to find your niche and market to that group. That's been my biggest struggle.
I got started doing hardware assessments for EHR software rollouts. I found a few vendors, signed up under their software implementation program, and started marketing to businesses who wanted to upgrade to the new version.
If you want to get into it, figure out your niche then start building your website/marketing strategy around attracting clients in that space. My first job I billed out at $100/hr, paid my contractor $15-20/hr, and walked around with 2 racks and didn't do shyt but send a few emails
↓R↑LYB
I trained Sheng Long and Shonuff
Since there's a bunch of cats going down the security path, here are some skills that has been extremely valuable in helping me get high paying contracts:
Information Security
Active Directory Administration and Security - AD is the main LDAP provider for most organizations so you're going to have learn how to administer AD and secure it.
Security Standards - security standards and governance are what gives security teams the legal backing and provides industry best practices in securing environments
Network Security
Firewalls/VPNs- Firewalls segment and analyze network traffic and allow data in and out the network based on rules and policies. VPN's provide security communication over a public network (the internet for example)
IPS/IDS - these devices monitor network traffic for network based attacks. There's a bunch of different vendors that create IPS/IDS software. Find one that has a free trial/software and start familiarizing yourself with it.
DLP - these appliances monitors network traffic to ensure that confidential data isn't setup on the network (social security numbers, company secrets, HIPAA data, credit card data, etc). There's a bunch of DLP vendors (I'm most familiar with Symantec).
Vulnerabilities and Exploits - vulnerabilities are weaknesses in software/configuration.
Certifications
Security+ - Cert offerred by CompTIA. Good if you have less than 5 years of experience
CISSP - One of the most request info sec certs. Requires 5 years of experience to be eligible. This is the cert you MUST have.
OSCP - All about pen testing. One of the best courses I've taken.
CEH - Highly requested cert for anyone wanting to be involved with pen testing
CISA/CISM - highly requested certis from ISACA. Mostly for folks in the auditing/management side.
If I get some time this weekend, I'll post some links on how to setup a lab to do some pen testing at home. IMO it's easier to understand security concepts and principles once you've successfully compromised a system.
Information Security
Active Directory Administration and Security - AD is the main LDAP provider for most organizations so you're going to have learn how to administer AD and secure it.
- Understand AD group scope and how they're used
- Understand the Active Directory schema and how to modify it
- Understand AD CS and how to configure and troubles LDAPS
- Know how to create/manage AD objects
- A strong understanding of group policy
- Understanding the various types of encryption algorithms
- Understanding Certificate Authorities, their role, and how they work
- Understanding key management
- Understanding Certificate Templates and how they're used (Active Directory)
- Know how to deploy certificates to users/computers
- Understand auto-enrollment, certificate renewals and expiration
Security Standards - security standards and governance are what gives security teams the legal backing and provides industry best practices in securing environments
- NIST 800-53 - the most common info sec standard. Familiarize yourself with it.
- ISO27001 - another security standard
- PCI DSS - the industry standard for companies that accept credit card transactions (Visa, MC, Discover, AMEX)
- HIPAA - the government privacy standard for the healthcare industry. There are HIPAA security rules the provide guidance for securing ePHI.
- FISMA - standard mandated by the federal government. A lot of federal jobs have a requirement for having the CISSP which is the standard.
Network Security
Firewalls/VPNs- Firewalls segment and analyze network traffic and allow data in and out the network based on rules and policies. VPN's provide security communication over a public network (the internet for example)
- Cisco ASA - firewall/VPN appliance by Cisco. The CCNA Security, CCNP Security, and CCIE Security exams covers configuring, installing and troubleshooting these devices
- Checkpoint - firewall/VPN appliance manufacturer. The CCSA and CCSE exams cover checkpoint appliances
IPS/IDS - these devices monitor network traffic for network based attacks. There's a bunch of different vendors that create IPS/IDS software. Find one that has a free trial/software and start familiarizing yourself with it.
DLP - these appliances monitors network traffic to ensure that confidential data isn't setup on the network (social security numbers, company secrets, HIPAA data, credit card data, etc). There's a bunch of DLP vendors (I'm most familiar with Symantec).
Vulnerabilities and Exploits - vulnerabilities are weaknesses in software/configuration.
- WSUS - main tool used to patch Windows devices in a corporate environment
- SCCM - Microsoft product for pushing out patches and configuration changes
- Exploit-DB - site with known exploits
- CVE Search - site that lists known vulnerabilities
- Kali Linux - Linux distro created for the PEN testing community. It has a ton of pre installed network intrusion tools
- Metasploit - Exploit framework used to find and exploit known vulnerabilities
- Nessus - Vulnerability scanner used to find vulnerabilities on hosts/subnets
Certifications
Security+ - Cert offerred by CompTIA. Good if you have less than 5 years of experience
CISSP - One of the most request info sec certs. Requires 5 years of experience to be eligible. This is the cert you MUST have.
OSCP - All about pen testing. One of the best courses I've taken.
CEH - Highly requested cert for anyone wanting to be involved with pen testing
CISA/CISM - highly requested certis from ISACA. Mostly for folks in the auditing/management side.
If I get some time this weekend, I'll post some links on how to setup a lab to do some pen testing at home. IMO it's easier to understand security concepts and principles once you've successfully compromised a system.
Last edited:
↓R↑LYB
I trained Sheng Long and Shonuff
Check and make sure the Windows Firewall is disabled on the host you're pinging to make sure that's not blocking traffic. Once you determine it's working correctly, you can configure the firewall to allow ICMP to the server.
↓R↑LYB
I trained Sheng Long and Shonuff
There is not enough daps or reps i can give breh
That skillset will get you 100k minimum in multiple areas of security. I'm getting out the cert game so I'm gonna need one of y'all nikkas to hold it down for me
I hit 200k in 8 years, y'all better do it in 4
