CISSP was one hell of an exam! I must say it definitely lives up to the hype that I’ve read throughout my career. I’ll first start off by saying I did NOT pass the exam. Here’s my story, advice, and what I’ll do moving forward:

I didn’t plan on taking CISSP for another year or 2, however, when opportunity presents itself, you go for it right? Well that’s what I did. My command team had vouchers left over from the previous fiscal year’s purchase and decided to give me one. The only thing was that the voucher expired in a month. What made matters worse? The only available date was 1 week before it expired and I was also studying for CCNA (PASSED) which was also expiring.

So there’s my foundation. If you’ve read my other posts, you know I’m no stranger to exams and I have a pretty impressive resume. However, 3 weeks is not enough to prepare for this exam.

I’ll start by listing my study resources:

• Kelly Handerhan Cybrary CISSP video series
• CCCure Test Bank
• 11th Hour Study CISSP Study Guide
• Sunflower Guide
• Memory Palace CISSP Guide

These were all very helpful in providing information for all 8 domains. The Cybrary CISSP video series was excellent. I studied before work and after work for 3 weeks straight. I first watched the Cybrary videos. Any lesson I didn’t understand, I watched them over that very day. Kelly did an excellent job breaking down the domains. I’m not so fond of her Kerberos explanation that everyone loves, but I already understood it and it also didn’t show on my exam. She also includes a mindset video for individuals taking the exam. You can have all the knowledge in the world about this exam, but you must know how to take on the correct role. (RATING: 10/10)

I took the CCCure exams everyday also. The exams were all 150 questions on Pro (Hardest Level). The last week I took them in increments of 50 questions. These questions were excellent. I ended my studying testing at 80-85% consistently. They provided explanations of each wrong and right answer. This helped me understand the material and not just memorize the answer. I’d read every explanation whether I was wrong or right. Don’t try to find questions from any bank that matches CISSP. I wouldn’t say there are none, but it’s unlikely. (RATING: 10/10)

The 11th Hour CISSP Study Guide was AMAZING. I’d read this until I’d fall asleep every night. It provided simplistic explanations of the domains. The downside is that I didn’t start this until about 5 days before my exam. If I had known how good the guide was, I would’ve read it from the beginning. (RATING 10/10)

The two guides basically were the same. The Sunflower guide was a bit more professional, but I found it less useful than the memory palace guide (which seemed more like a college students notes). The memory palace was my best friend for the exam. It definitely helped me remember small details of the information learned. I’d give Sunflower (8/10) and Memory Palace (10/10).

All my resources were legit, but as I’ve stated, understanding your role on the exam is just as important.

So here’s my breakdown of my scoring:

• Security and Risk Management (Above Proficient)
• Asset Security (Proficient)
• Security Architecture and Engineering (Above Proficient)
• Communications and Network Security (Above Proficient)
• Identity and Access Management (Below Proficient)
• Security Assessment and Testing (Near Proficient)
• Security Operations (Below Proficient)
• Software Development Security (Below Proficient)

My strongest areas are the areas I’m experienced in. The others were the areas I had to learn the most during my CISSP studies, so the scoring made sense.

I went all the way to question 150. So I know that I had to be somewhat close. I’ve heard the stories of people failing at 100, so that means they weren’t doing too well. The exam was nothing less than what I was told. It wasn’t hard, but it wasn’t easy…it was just…CISSP. Lol

What would I consider my downfall? Not having a CISSP mindset. I come from a technical background, so I think Fix things, not manage things. My expertise stems from networking, risk management (hence the Cybersecurity Management/Policy degree), and network infrastructure security). Those also were my strong points on the exam. I should’ve had more of a manage mindset when taking this exam.

What will I do moving forward? Absolutely give myself more time. I took the exam under pressure because of the expiration date. The next go around, I’ll move at my own pace. I’ll give myself more time and be sure to change my mindset approaching the exam.

Happy Testing!

Cyber Security is a popular career choice that has begin to thrive as the more cyber attacks have increased and crippled organizations. With that happening, the IT certification organizations began scrambling to develop top notch certifications to meet the demands. Among these certifications, CompTIA created the CSA+, later named CySA+.

This certification stands for Cybersecurity Analyst. As described by CompTIA, “Cybersecurity Analyst (CySA+) is an IT workforce certification that applies behavioral analytics to networks and devices to prevent, detect and combat cybersecurity threats.” This certification is supposed to validate your skillset of being able to detect threats, perform data analysis, and interpret the results to find vulnerabilities within an organization’s infrastructure.

Being new to cyber a few years back, I decided I’d make this dive into it and become a Cybersecurity analyst. I figured that if I get this certification, it would be my best bet because from my own research, a SOC analyst position was the only one that I’d be able to get entry-level. This is far from the truth as I’ve gained not only more cyber knowledge, but also career knowledge.

So here’s my experience…

I got the certification about a year after the launch. There was barely any SOLID information on it, but I knew that it would be solid on my resume with the way things were going in the cyber industry.

My resources: Jason Dion’s Udemy course, Jason Dion’s Practice Test on Udemy, Youtube University, and Google. The first thing they teach IT Specialists in the Army is that Google is your best friend. This still stands true to this day.

This is the exam that birthed my exam study method.

I printed off the exam objectives and watched Jason’s video course. He pretty much covered every topic that was on the objectives. For any topic I was unsure of, I simply googled the topic and did some research. I also youtubed it for more exposure on the topic. Never rely solely off one source of information. But Jay that costs money! Well look at it as money invested into your career. Total… I spent about $20 bucks for study material. Anyways…

After studying for about 3 weeks, I took his practice exams. I literally took them over and over until I’d make 100% on them. But here’s the catch and I encourage everyone to do this, as you’re answering the questions, try to put an explanation behind every answer. This helps you understand the topic and not memorize it. Now trust me, I get it, some topics is pure memorization and that’s totally fine, but try to understand concepts more than anything. I CANT STRESS THIS ENOUGH.

Finally, I’m confident that I can handle this certification. Besides, I’d passed SEC+ in about a week and a half and I only tested for 30-45min MAX. I figured I’d go in and handle this exam. WRONG. This exam whooped my ass. I literally took almost all the time given. I probably finished with 20 min left on the timer. I had a headache and was sweating for some odd reason.

Now the part that everyone wants to know…what was on the exam. Well I cant give that to you, but I’m a solid individual, so I’ll tell you what you should study…

Yall… I cant stress this enough, understand how to read logs. I literally googled images of logs and read them. Understand various attacks such as MITM, DoS, SQL Injection, etc. Understand various tools that can be used to analyze a network and monitor a network..I mean..I shouldn’t have to say that, it is a Cybersecurity ANALYST cert. These tools consist of vuln. scanners, IDS/IPS, NMAP, etc. Have a basic understanding of networking. This is another thing I cannot stress enough. I’m not a networking guru by any means. I do have some experience and a certification, but I’m no @JBizzle703. Talk to him if you want NETWORK network knowledge. But, that goes to say if you have a basic understanding you’ll do just fine. Look at me, I passed on my first go. Understanding data correlation and data output is much needed. Understand responding and implementing various countermeasures against attacks. Basically google, network/host hardening techniques. In my opinion this certification is the bridge to CASP. So be sure to understand risks, security, and management to some extent. Trust me, I have CASP also and there is a difference from being the techie and being a manager. I didn’t understand it until I studied for it. Vulnerability management is a big thing in this certification. This is where the bridge to CASP begins because you’ll need to understand attack surfaces and assets. Reporting, various documents, etc. will be important to understand. Did I forget to mention logs… (hint hint, yeah dummy I know I said it already, but again HINT hint). Before taking the exam, I never knew analyst could branch into Incident Response, but as I’ve learned more, this is a quick path into that cyber concentration so study up on that process along with forensics stuff. Understand various policies, frameworks, and control measures. Once again, there’s that bridge back into the CASP area. Have a general knowledge of cybersecurity tools and technologies. Don’t get caught up in vendor specific things because the test isn’t vendor specific AT ALL. Be sure to understand how these topics link together as doing so will help with the practical simulations.

With all of that being said, there are some more things to the exam. However, I can’t speak on it as there is a nondisclosure agreement. But, those are my tidbits about the exam. It was challenging to say the least. It humbled me…then NET+ brought my ego back up finishing it in about 30min with over an 800 score, then CASP reminded me again, I’m no Tech superhero. (Still first time passes though *smirks*)…

Remember, the study process is the most important part. Have an organized study method. Mine may not work for everyone, but I’ve known people to switch up and use mine and find themselves much more confident and able to pass their exams the next go around. Don’t ever be discouraged about not passing an exam. Remember..I was the guy that failed A+, but now I hold high-level/reputable certs with first time passes. You got this.

Cheers to 2020.

Not to be confused with the Risk Management Framework, the NIST Cyber Security Framework is an implementation that organizations use to address cybersecurity challenges.

The functions and categories of CSF include: Identify, Protect, Detect, Respond, and Recover. (Provided by U.S. General Services Administration)

Identify – Develop the organizational understanding to manage cybersecurity risk to systems, assets, data, and capabilities.

Categories – Asset Management, Business Environment, Governance, Risk Assessment, Risk Management Strategy, Supply Chain Risk Management.

Protect – Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.

Categories – Identity Management, Authentication and Access Control, Awareness & Training, Data Security, Info Protection & Procedures, Maintenance, Protective Technology.

Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.

Categories – Anomalies & Events, Security Continuous Monitoring, Detection Process.

Respond – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.

Categories – Response Planning, Communications, Analysis, Mitigation, Improvements.

Recover – Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.

Categories – Response Planning, Improvements, Communications.

The framework consists of three main components: Core, Tiers, and Profiles. The framework core is a guide that helps organizations manage and reduce their cybersecurity risks while combining with the organizations current cybersecurity program and risk management process.

The tiers help determine how an organization views their risk and level of aggressiveness used against risks. Not all risks are treated the same because they are usually labeled low-, moderate-, or high- based on impact to information systems. The tiers allow the organization to get a holistic view of their risks, priorities, and budget.

No organization will combat cybersecurity challenges the same because no one organization is like another. To effectively increase the security posture of an organization, it must modify control measures to benefit them the most (Cookie cutter implementations do not work in cybersecurity). The framework profiles allow the organization to take advantage of the flexibility provided by the NIST CSF. The profiles align organization’s requirements and objectives to find identify opportunities to improve the cybersecurity state.

The framework was developed with the focus on industries vital to the infrastructure of the United States. These industries include energy, banking, etc. One area that is beginning to gain traction is SCADA environments. These industries are all quite different, but because of the characteristics of the NIST CSF, these industries can modify the framework to fit their current cybersecurity program.

There are many frameworks that can benefit an organization’s current security posture. The NIST CSF should be considered when trying to standardize the cybersecurity and risk management processes.

The traditional method of determining the security posture and control measures of an organization have been penetration testing, internal red teams, and vulnerability scanning. These are all effective in their own ways and have been proven to be useful in creating a more secure environment form organizations of all sizes.

Penetration testing is usually done quarterly or as defined by regulations that govern the organization. The assessments are typically performed by outside organizations that mimic the activities of malicious hackers. These tests are usually restricted to objectives the assessed organization sets. The production areas of a network are usually the sections that are off-limits during these assessments.

Red Teams are usually developed internally to perform penetration tests and simulate hackers exploiting vulnerabilities within their network infrastructure. These are mostly found in larger organizations because the costs of these red team engineers are usually expensive due to their scarce offensive security skill-sets. This is beneficial to the organization because they can conduct assessments on demand whenever any modifications are introduced to the organization.

Vulnerability scanning is a more passive approach to identifying vulnerabilities. The difference between this approach and the previous stated is that they do not actively exploit vulnerabilities, but bring awareness of these to the security professionals. These are excellent implementations, but they do not reflect the true security posture.

Breach and Attack Simulation technologies are fairly new technologies that simulate attacks from malicious outsiders. These are considered more time-effective and safe compared to other methods of discovering security risks. These tests are automated and easily deployed making them suitable for various sized organizations. This technology is centrally-managed and can be customized to to test across many different attack vectors. This provides a better view of organizational assets and potential vulnerable areas.

Some benefits of BAS technologies is that they allow organizations to increase the capabilities of security control measures already implemented, control testing, and staff testing. Now the interesting thing about this technology is that it is safe to be used against the production environment because malware is not used during the simulated attacks. The technology allows rollback of any modifications made against the environment. This provides immediate insight on potential risks and immediate remediation of the simulated attack. The more advanced tools provide security professionals with remediation suggestions and guidelines to securing the exploited vulnerability.

Organizations that are currently using these tools have found that they are more effective in product testing. The BAS technology exposes mis-configurations and underutilized security technologies. Some of the BAS technologies are focused on Red Team and some Blue Team. Which one chosen depends on the organizations needs. These tools have not become major in the industry yet, but as they gain more traction and become more advanced these will likely be used by many organizations looking to increase their security posture.

Provided below are some Breach and Attack Simulation Vendors:

1. AttackIQ
2. CyCognito
3. Cymulate
4. SafeBreach
5. Threatcare
6. XM Cyber
7. Cronos Cyber Technologies

Not sure whether to pursue a degree or IT certification? That’s a common issue when entering the tech field. Some will say to stick to the traditional method and others would say certifications are the best route. My opinion, do both.

Certifications provide more concentrated knowledge and cost less. These are also able to show your expertise in that subject and they take much less time to obtain. The downside is that you have to pay maintenance fees on them to keep them current. Degrees are more traditional and cost much more. They may take longer to obtain, but they make you more well-rounded intellectually.

IT/Cyber is a unique field when it comes to education. You can see this by noticing the current job descriptions. SOME require a degree, but if you have experience they’ll still take you on without the degree. However, when it comes to certifications, almost every one of them would like for you to have one, or obtain one within the first 6 months of getting the position.

The IT/Cyber field is flexible because they are more concerned with who has actual hands-on experience. Being able to do the job is much more important than having degrees and certifications. The addition of certifications and an IT/Cyber degree makes you more well-rounded as an IT/Cyber professional. (Also having these help get you past the horrible HR tools)

The safest way to go about this situation is to get both, but by both I mean whenever you have the resources for them. If you aren’t able to afford a degree at the moment, obtaining certifications and building a solid hands-on foundation will suffice. This is the flexibility that the tech industry gives us. As you move along in your career you should consider getting a degree, especially if your goal is to be in management.

What did I do? I got them both at the same time because I had the resources to do so. Becoming a more complete candidate for any position is my goal. The theories and foundation knowledge from my degree has helped me obtain multiple certifications. They can work together.

Bottom line. You can enter the industry with one, the other, or both, but try to make yourself standout because you’re also competing with people that have more and less than you. Be the predator, not the prey.

Anyone that is not a stranger to the IT/Cyber community understand that certifications are excellent tools to not only test your competency, but showcase your knowledge to future employers. But damn! Don’t they remind you of finals from when you were in college? Studying and although you may feel comfortable for a split second, as SOON as you get ready to take the exam. Boom. You’ve forgotten everything you learned.

I’ve been there before also. It was mainly because I studied everything at once. That was self destruction. Luckily for me I passed. The thing is though…wouldn’t it be better if you didn’t feel that way before the exam?

After taking multiple certifications, I came up with a strategy that definitely works. Now I’m not saying it’s going to work for everyone because not everyone learns the same. So if it doesn’t work adjust as necessary. You really have to find what works for you. But some people need a template of some sort to guide them to find what they need to do. So here we go, like I always say, I got you fam .

So first you obviously have to determine what exam you want to take. Make sure it aligns with your job and what you want to do. Worry about getting random certifications after you’ve mapped out the most important ones. Trust me. Certifications are like cars, you have to maintain them, and it isn’t cheap when you begin to rack them up.

So boom. You got your certification chosen. Now where is the best place to find out what is on the exam? From people who took the exam of course! No. Wrong. Use that after you’ve done what I’m about to tell you. Go to the vendors site and print off the objectives. Now you probably thinking… “damn I’m just trying to pass the exam, all of this can’t be on the exam”. Wrong again. Stop being wrong. Anything within these objectives can be on the exam you’re about to take. Exams are updated randomly and your experience may be different from another person.

Now you have the objectives. Find reputable resources to use to study. Don’t know any? What did I tell you? I got you. My favorite sources are UDEMY and I may or may not know some google hacks to tactically acquire study guides for free. Shhh. (simply type “google drive — *insert certification name or book*”. This google hack will search google drives that aren’t secured and you’ll be able to retrieve that study guide, book, etc. Technically not illegal because they don’t have their google drive set to private, so its publicly available.

So UDEMY and the certifications official study guide. These are my go-tos. You can mix it up. You may have other resources or better ones than me. Like I said, make it work for you. Now as you go through these resources, cross out the objectives you printed from the vendors objective list. This will leave you more organized than ever. Whenever you come across an objective you don’t understand, pull out YouTube. This definitely solves that issue quickly. And continue on until you go through all the objectives.

Now peep this. It’s been about 2-3 weeks. You’ve accomplished all the objectives. You still aren’t done. This is a game of chess not checkers. Read through the objectives. If you come across a single objective you can’t remember anything about, pull out YouTube again. You should atleast be able to put together some accurate thought when you read keywords within the objectives. There is going to come a time during the exam where you won’t know the exact answer, but having an ideal will help you with the process of elimination.

Now this is the time where you want to see how everyone else’s experience went. You’ll want to touch up on those topics. Make sure the experiences you’re reading are more recent. These will most likely be the most accurate reviews of the current exam out.

[Optional] I rarely take practice tests, but they can help. Take the practice tests and see how comfortable you feel with them. Read the question and look for context clues. Trust me, you won’t remember everything, but process of elimination will be your best friend. How do you feel? Hopefully you’re fairly comfortable. Let’s keep it pushin’.

It’s about week 4 or 5 now. Time to take the exam. You should be pretty prepared for it now. You’ve absolutely hit every objective provided by the vendor themselves. They will throw curveballs, but it doesn’t matter because you studied to understand and not memorize, right? Yes, yes you have. So go ahead and get that certification. Congratulations, on to the next one.

I literally apply this method to every certification I take and it has not let me down. Organization is key in this game.

The marathon continues…

• 

This is a common question asked by most people who are new to IT/Cyber. I know you’re pulled in different directions on what certification to obtain, but I’m here to clear it all up for you. Don’t worry I gotchu fam…

So what is the SEC+ exam?

Its simply a certification that assesses an individuals baseline knowledge of security within information technology. The test includes risk management, troubleshooting methods, networking, etc.

Well what if I’m brand new and have no knowledge of any computers and information systems, should I start with A+?

Eh…yes and no. I say this because practical knowledge is different from book knowledge. In my opinion, alot of the things discussed in A+ can be just studied and learned for long term. I try not to get certifications for the hell of it. I’ve worked helpdesk and alot of the information on the A+ exam is not applied at all. Maintaining the hands-on information and applying it beats having a piece of paper any day. Also you save yourself quite a bit of money. With SEC+ you can easily get an entry-level Helpdesk job. Here you’ll learn all of the things of A+ and if you’re proactive, you’ll also learn a bit of NET+ also.

Now why should you go for A+?

You’ll build a solid foundation in information technology. This will teach you the inter-workings of a computer, basic information on operating systems, tech support, etc. There’s alot that goes into pressing a button to turn it on and surf the web, log into your favorite social media site, or do online shopping.

How does the SEC+ cert help you?

The SEC+ certification is definitely in-demand for entry-level jobs. Alot of times, you simply have to get your foot in the door. Obtaining this certification opens many doors for your career. From obtaining the SEC+ certification, you can transition into a contracting job working for the DoD (Department of Defense). Companies such as Jacobs and TekSystems will easily accept a potential employee who demonstrates baseline knowledge and a desire to learn.

Now this is where you pay attention.

These companies give clearances because most likely they are supporting government customers. This means the employees must have a clearance to work on government systems. This is your pivot point into a career in cybersecurity or higher paying tech position. The clearance opens plenty of doors to take advantage of. People sometimes get a position solely based on holding a clearance because its easier to train someone on the job than pay for someone to get a clearance, wait for them to get the clearance before filling the position, then training them.

So Jay what would you do if you had to start over?

Easy. I’d obtain my SEC+. This would take possibly 3 to 5 weeks of consistent studying. Then I’d land an entry-level Junior IT position (Helpdesk most likely). From there I’d hone my A+ knowledge from hands-on job training. Then I’d cross train with the network specialists and system admins (If your job has a cyber section and that’s your interest, then learn from them too). I’d expand my skills on those while deciding which route I want to take and build upon (this can also be a combination)… Networking, Systems admin, etc. For me, I’d choose networking. I pick up on that easier (except subnetting, I hate that…but that’s another story for another day). So from this route I’d go for my CCNA. If I chose systems administration, I’d go for my MCSA.

What if I want to go straight into Cybersecurity?

Now I may receive backlash for this, but if you want to go cyber, then just take the CEH (Certified Ethical Hacker). This certification says ethical hacker, but I don’t agree with taking it to learn how to hack. You should do OSCP for that (ITS A BEAST). However, I do believe that the CEH exam builds a great foundation for cyber. It is quite expensive so BOOM there is your warning. Before you ask, no I do not have this certification…just wait I told you I got yall dont worry..check this out.

Well I don’t have the money to spend for CEH.

Two certifications that are gaining traction in the industry is the CySA+ and PenTest+. Think of them as Blue Team (CySA+) and Red Team (PenTest+). Combined, these cost less than CEH and also provide practical knowledge. However, you should still crack open that CEH book or study guide to learn basic things.

So there you have it… there are ways to maneuver into IT/Cyber, you just have to understand how to find the resources and utilize them to the best of your ability. Feel free to DM or contact me via Twitter and I’ll help as much as I can.

Should I retire?

Currently, I’m 5 years into the military. I have about 3 years left to go. As you already know, I have quite the credentials to get out and have no issue of getting a great job. Well…atleast that’s what I believe.

I’m being told “Stay in get, get your retirement” and “Why would you want to take that risk” or even “Most people fail when they get out early”. When I joined the military I had no desire to do 20 years, it was strictly to get the degree I didn’t get from college (Go Gamecocks!). I wasn’t supposed to reenlist also, but it happened, had to do what I needed to make sure I’m successful for my departure out. But now that the time is winding down, what do I do?

Well here is military option.., go warrant, choose 255S, which is a route that I honestly love. Its basically everything I want to do on the outside. Information Protection. The course would definitely give me the hands-on experience to become a great Cyber professional, but am I willing to stay in the military for it is the real question. Now don’t get me wrong, I’ve had quite the experience and not all times were bad, but they could be better. Anyways.. what comes with that, a ton of experience over the next 15 years, decent pay, highly demanded IT/Cyber certifications, and a nice retirement. But wait there’s more… I get to travel (this is only really true if you’re overseas in the Army, they don’t tell you that), bonuses, networking, benefits, job security. Eh not too shabby. In a perfect world, I’d be all for it. Let’s look at the other side. Politics, deployments, “Rank-Pullin” (For my civilians, this is when someone of higher rank thinks their shit doesn’t stink and just because they outrank you, you have to do what they say), less control of life, etc. (You get the point, I’m sure you all have heard stories, could literally go on and on with that).

Now to the civilian life…It’s a scary transition. I’ve held the normal teen/college jobs, but I’ve never experienced anything outside in the “big world”. I’ve done my due diligence of speaking to people (These are well established individuals in my opinion….alot of senior cybersecurity professionals) within the sector I want to get in and every time I tell them my credentials they say “You’re golden, you should have no problem getting a job” or “Wow you have more than me than when I first started”. This is a confidence booster and I feel like I’ll be just fine. Now the benefits for this would be that I’m getting paid a good amount of money and if you’re a cyber professional…you know what GOOD is, there’s more possibility of increasing my pay quicker than the military also (Its not uncommon for people to go from 65k to 120k in a couple years in this industry…and that’s starting off as entry level). I’m in charge of how slow or fast I progress, the military has somewhat hindered that from me. I get to choose more of what I want to learn. I’ll have less restrictions as to what I can and can’t do. Less stressful, less pointless tasks, etc. But! I’m trying to not to be bias and go based off of current emotions. So negatives, the first thing I think of is,.. the job security is not there. That can be scary, but with the unfilled jobs within the cyber industry, I believe there will always be SOMETHING. The structure will not be the same, PTO (Paid Time Off)..because I do love being on vacation and seeing the same amount being deposited..retirement (Retiring as a warrant would be NICE), etc.

Now this may seem like a lot to take in…and it is, especially for me. But we’ll see how things go as the time goes on. All I can do is continue to perfect my craft, learn more, and make myself more marketable for the possibility of me getting out of the service (which I’m leaning much more towards).

Jahcorey Howze, or Jay, another one of those cybersecurity enthusiast.

First and foremost, thank you for visiting my blog. You’re probably here because like me, you have an interest for cybersecurity…or maybe you accidentally clicked my link. In that case why are you still reading? But since you’ve made it this far, keep going, you may like what information I have to provide you. Or not *Kanye Shrug*

Why did I start?

• Accountability. Accountability. Accountability. Publicly posting my progress within this industry will keep me focused and accountable. I may even inspire some people on the way. That’s always a good thing right?
• Like myself, I’m ABSOLUTELY sure that others are trying to maneuver their way into the cybersecurity sector. Hopefully my journey can help someone determine their path.
• Sharing knowledge is powerful. I may know something you don’t know and vice-versa. Let’s network!

So…you’re probably wondering what knowledge I have and how can I prove it. You know you’re thinking it, I just beat you to it. Na…that makes sense, why take advice from some random internet blogger. I could have no knowledge at all or I may know it all. Hm. Who knows?

Background:

• Currently a 25B (Information Technology Specialist) in the military. (That’s Army for those of you who don’t know). I’m the S6 NCOIC. The civilian equivalent (SysAdmin/Helpdesk Manager).
• Credentials? Nothing too crazy. Net+, Sec+, CySA+, and Casp+ CERTIFIED.
• Degree? Eh by the time most of you read this I’ll be starting my masters, but I have 3 classes until I receive my Bachelor of Science in Cybersecurity Management and Policy
• Desired positions: SOC Analyst, ISSO, or Cybersecurity Engineer. Yes for the smart ones, I know these have their differences, but I like to keep my options open.
• Next certifications I have planned: CCNA R/S, CCNA Cyber Ops, SSCP, CAP, AWS trifecta.
• Experience: Systems administration, Networking, etc. You name it, I probably have some type of experience because I try to learn anything I can get my hands on.

Things about me outside of cyber…hm. I have an obsession for lemon pepper chicken wings. Especially with the fries and honey mustard. However, I barely get to eat them because I’m also obsessed with the gym. Stepped on stage once, maybe I’ll make my return to get my IFBB pro card. I love to travel and spend time with my lovely lady.

You’re not locked into any of this, you still have time to back out and miss one of the best Cyber blogs you will ever experience.

While you’re here you can check me out on twitter @_jayhowze !