CompTIA CySA+ Cybersecurity Analyst (CS0-001) - Any good in SA?

MeNeZ

MeNeZ

Expert Member
Joined
Jul 28, 2006
Messages
1,850
Hi,

Does anyone have any experience or knowledge of this course? Is it enough to get into the security world or is better to rather stick with EC-Council CEH?

Thanks
 
MeNeZ

MeNeZ

Expert Member
Joined
Jul 28, 2006
Messages
1,850
Who does OSCP? Looking on the Comptia progression thing -> https://certification.comptia.org/certifications/pentest

It lists S+ then Pentest+ or CySA and then CASP.

EDIT: Googled it, wow this OSCP is no joke, you have a 24 hour period to do the final exam

Once you have completed the course and practiced your skills in our labs, you’re ready to take on the arduous 24-hour OSCP pen testing certification exam – a real-world, hands-on penetration test that takes place in our isolated VPN exam network.
Click to expand...
 
Last edited:
ActivateD

ActivateD

Expert Member
Joined
Jun 7, 2004
Messages
1,720
Do OSCP if you want to be a penetration tester and it is no joke the exam will break you. I have done OSCP and it was a lot of fun especially the exam.
 
PPLdude

PPLdude

Expert Member
Joined
Oct 3, 2011
Messages
1,618
MeNeZ said:
Comptia A+, N+ and a bunch of other small things. Plus 10+ years in support, 1st, 2nd 3rd line.

My goal is to get out of support and into security.
Click to expand...

Are you proficient with linux
 
ActivateD

ActivateD

Expert Member
Joined
Jun 7, 2004
Messages
1,720
Also what security? Security is a broad term you need to decide what you want to do in security.
 
MeNeZ

MeNeZ

Expert Member
Joined
Jul 28, 2006
Messages
1,850
Yeah, been using that for a few years as well. Just need the piece of paper to prove it. I was studying towards the LPIC1 and then my work HDD died and I lost all my summaries and courseware so need to start that again at some stage.
 
MeNeZ

MeNeZ

Expert Member
Joined
Jul 28, 2006
Messages
1,850
ActivateD said:
Also what security? Security is a broad term you need to decide what you want to do in security.
Click to expand...

Best case scenario is pen-testing. A dude I worked with overseas was a security analyst and that job role seems really interesting.

I see that the PenTest+ is offensive and CySA seems to be defensive and CASP is advanced, will need a few years XP before going for that.

I found a Udemy course for Comptia which teaches how to pass the CySA exam and they say it does a bit of everything. It would in essence bypass the S+ certification hence my original question if the CySA is enough to get into the security industry.

I assume it would be better to do S+ first. I dont know anyone here in the security industry so really appreciate everyones input here.
 
Last edited:
ActivateD

ActivateD

Expert Member
Joined
Jun 7, 2004
Messages
1,720
MeNeZ said:
Best case scenario is pen-testing. A dude I worked with overseas was a security analyst and that job role seems really interesting.

I see that the PenTest+ is offensive and CySA seems to be defensive and CASP is advanced, will need a few years XP before going for that.

I found a Udemy course for Comptia which teaches how to pass the CySA exam and they say it does a bit of everything. It would in essence bypass the S+ certification hence my original question if the CySA is enough to get into the security industry.

I assume it would be better to do S+ first. I dont know anyone here in the security industry so really appreciate everyones input here.
Click to expand...

I am pentester. Before you spending money I suggest that you play around in CTF stuff so that you can get your mind into the hacker mindset. Get a copy of Kali and then download some beginner vulnerable VMs that you can practice on https://www.vulnhub.com/ . I suggest that you start off with beginner VMs and work your way to the more advanced ones when you get experience. It is important to not cheat and read the walkthroughs as you just hurting yourself. You will need a virtual environment and I suggest that you get Oracle virtualbox.

I would also look at https://www.hackthebox.eu/ . There is a nice challenge to get the invite code so you can register. Hackthebox is very good and I highly recommend it. Once you become comfortable with getting root on vulnhub VMS and have "popped" a lot of the machines in Hackthebox I would say you are ready for OSCP. S+ will be nice to have but you want to get OSCP.
 
ActivateD

ActivateD

Expert Member
Joined
Jun 7, 2004
Messages
1,720
qDot said:
You've done OSCP ?
I am looking to write around end of June.

Could I bother you on tips .... after really trying hard :)
Click to expand...

Yes I have done OSCP. How is the studying going? Free tips for you is to enumerate, enumerate and enumerate some more lol. Do all the exercises and then get root and NT SYSTEM on all the hosts without using metasploit. If you can do that, I think you will be ready for the exam.
 
PPLdude

PPLdude

Expert Member
Joined
Oct 3, 2011
Messages
1,618
ActivateD said:
I am pentester. Before you spending money I suggest that you play around in CTF stuff so that you can get your mind into the hacker mindset. Get a copy of Kali and then download some beginner vulnerable VMs that you can practice on https://www.vulnhub.com/ . I suggest that you start off with beginner VMs and work your way to the more advanced ones when you get experience. It is important to not cheat and read the walkthroughs as you just hurting yourself. You will need a virtual environment and I suggest that you get Oracle virtualbox.

I would also look at https://www.hackthebox.eu/ . There is a nice challenge to get the invite code so you can register. Hackthebox is very good and I highly recommend it. Once you become comfortable with getting root on vulnhub VMS and have "popped" a lot of the machines in Hackthebox I would say you are ready for OSCP. S+ will be nice to have but you want to get OSCP.
Click to expand...

I've gotten as far as
Your IP address cannot use this invite code.
Click to expand...

Am I close? :D
 
You must log in or register to reply here.
Top