Follow:

Latest articles in ‘Career’

  1. ceh picture

    EC-Council CEH certification review

    Published: Wed 04 October 2017 in Opinions.
    Updated: Fri 06 October 2017 (Added a note about Metasploit)
    Facts, advices and personal impressions on the EC-Council CEH certification.

    The five Ws

    • What: The EC-Council Certified Ethical Hacker (CEH) is a technical certification on penetration testing.

      While being oriented toward technical people, the certification itself goes lightly on the practical side but insists instead on having a broad general culture. This certification covers definitions, concepts, tools, as well as a strong focus on ethic.

      This certification never go really deep in any subject, but instead attempts to cover the widest possible range of topics related to pentesting. Example of covered topics include cryptography, regulation and compliance, operating systems (client, server and mobile systems are all covered), networking (including wireless networking), procedures, code review, physical security, social engineering and, last but not least, ethic.

    • When: This certification has no prerequisite (a two years experience in IT security allows to avoid the training requirement, but subscribing to an approved training removes any experience prerequisite).

      It is suitable for anyone interested …

    Continue
  2. bsda picture

    BSDA certification review

    Published: Fri 22 September 2017 in Opinions.
    Updated: Tue 26 September 2017 (Add link to the BSDA Certification Study DVD)
    Facts, advices and personal impressions on the BSDA certification from the BSD Certification Group.

    The five Ws

    • What: The BSD Associate (BSDA) is a technical certification on BSD systems administration. It covers DragonFlyBSD, FreeBSD, NetBSD and OpenBSD.

      This certification covers general BSD systems administration (there is not much about system architecture itself), the specificities of each covered BAD flavors, common Unix services administration, and also a few non-technical points notably on the BSD license and its difference with other licensing types.

      I personally find the official naming misleading, as the requirement for this certification actually targets system administrators, not assistants.

    • When: The BSDA has no prerequisites, but is very technical and covers a wide range of domains so I would certainly not recommend it for the beginners.

      It can be seen as the BSD counter-part of the LPIC-2 Linux certification.

    • Why: BSD systems have a different approach than Linux ones on a lot of things, both technical and non-technical. Being Linux certified does …

    Continue
  3. LPIC-3_303 picture

    Linux LPIC certification review

    Published: Sun 03 September 2017 in Opinions.
    Facts, advices and personal impressions on the Linux LPIC certification (all levels).

    The five Ws

    • What: The Linux Professional Institute Certification (LPIC) is a technical certification on GNU/Linux systems administration. This certification is vendor-neutral and covers the major GNU/Linux distributions (Debian, SUSE, Red Hat) and their derivatives.

      With the Linux Essentials certification aside (it targets end-users, not administrators), the LPIC certification path has three main levels:

      • LPIC-1 “Linux Administrator”: This level studies the GNU/Linux system itself: how it works, how to administrate the local system with some knowledge on troubleshooting and main services.

      • LPIC-2 “Linux Engineer”: This level has two folds: on one side you study advanced administration and troubleshooting techniques, on the other you now envision the GNU/Linux system as part of the corporate ecosystem and study the administration of the most common network services (here again vendor neutral, so you should be comfortable with both Apache and Nginx HTTP servers for instance).

      • LPIC-3 …

    Continue
  4. cisco_ccna_security picture

    Cisco CCNA Security certification review

    Published: Fri 01 September 2017 in Opinions.
    Facts, advices and personal impressions on the Cisco CCNA Security certification.

    The five Ws

    • What: CCNA Security is a technical certification about general network security in a professional context. It describes the typical threats potentially affecting such networks then various Cisco technologies allowing to mitigate them. This covers the networking devices themselves, but also the data both in transit and at rest and end-user devices both corporate ones and personal one (BYOD).

    • When: Obtaining this certification requires to have at least the CCENT certification (I recommend having a CCNA Routing & Switching, though).

      Note

      While the CCENT or CCNA R&S is a prerequisite to be granted the CCNA Security certification, they are not technically required to take the exam.

      If for some reasons it suits you, Cisco allows you to take the CCNA Security exam before having obtained a CCENT or CCNA R&S. If you pass the exam, you will be granted the CCNA Security certification once you get your …

    Continue
  5. cisco_ccna_rs picture

    Cisco CCNA Routing & Switching certification review

    Published: Mon 21 August 2017 in Opinions.
    Facts, advices and personal impressions on the Cisco CCNA Routing & Switching certification.

    The five Ws

    • What: CCNA Routing & Switching is a technical certification about enterprise-grade IT networking from Cisco. It covers the involved devices, protocols and how to implement them using Cisco technologies.

    • When: This is an entry-level certification with no prerequisite.

    • Why: This certification demonstrate a good level of familiarity with enterprise networks and Cisco’s IOS-based devices.

      It is a de-facto standard in terms of IT networking certification, valuable even for employers using different technologies than Cisco, and is also a prerequisite for several other Cisco certifications.

      Note

      Note that Cisco certifications may not have the actual CCNA R&S certification as a prerequisite, but the CCENT instead which is half of the CCNA R&S.

      If you are interested in networking (and I expect you are when you intend to pass a Cisco exam) I warmly encourage you to pass the full CCNA R&S certification instead of …

    Continue
  6. cover picture

    Professional Penetration Testing (Thomas Wilhelm)

    Published: Sat 19 August 2017 in Library.
    Penetration testing not seen as a technical operation but as a business activity: what changes when a hobby becomes a real job?

    This book does not teach you penetration testing technically, it teaches you penetration testing professionally. Here, the pentest is not a technical exercise anymore, it becomes a paid service delivered to a customer to satisfy a business need. This requires more than throwing a bunch of tools and lines of code toward a target. This requires things like planning, methodology, quality and risks management, and communication. This is what this book is about.

    This book target mainly three kind of audiences:

    • People who are already familiar with the technical side of pentesting and are wondering if making it a career would be interesting for them (doing something as a hobby and as a job is not the same) and, if so, how to proceed and what to expect.

    • Pentesters already in the field but who would-like to have a broader view of their current job.

    • Project managers who are already …

    Continue
  7. 'Certification' topic logo

    Are certifications useful? A few words about career plans.

    Published: Thu 17 August 2017 in Opinions.
    Why the right certification may be beneficial for your employer, for the customers, but above all for yourself.

    I regularly encounter people claiming that certifications have no use, or at best only help to pass HR screening.

    I acknowledge that the importance and impact of certification is often over-emphasized by people selling certification-related books and services (which is to be expected: they are selling something, this is advertisement), and I also agree that a certification is not a proof of anything per see.

    However, I believe that a certification from a well-known and trusted organism benefits the whole IT security chain: it benefits both you, your employer and the final customer.

    Note

    I talk here of “certification from a well-known and trusted organism”. There is a tendency for a lot of websites hosting a few training material to deliver “certifications”, praising the value your resume will get with one of these.

    In case of doubts, check job offers: if there is no demand for this particular certification (and …

    Continue
  8. 'Video' topic logo

    Why I teach people how to hack (Ýmir Vigfússon)

    Published: Thu 17 August 2017 in Library.
    Why learning to hack is a good thing, explained to the grown-up, serious people :).

    In this short TEDx talk, Ýmir Vigfússon tells us what it means to be a hacker, from the curious teenage who does not really have a “moral compass” (yet!) to the senior professional sharing his knowledge.

    He tells us what leads people in this direction, but above us he tells us how all these people, from the teenage to professional, do all benefit to the society as a whole.

    For those who may not know this text, this video has a strong feeling of the Hacker’s Manifesto, but now explained by a well-respected professional and assistant professor instead of a 11 years old teenager.

    Watch on YouTube

    Continue
  9. 'Paper' topic logo

    Hacker’s Manifesto (The Mentor)

    Published: Sat 12 August 2017 in Library.
    A heart-moving foundational document on the hacker culture, written 1986 but still current.

    Teenagers interested in computer hacking in the broad sense of the term, where hacking focuses on the technical aspects of computer science and security is just a part of it, often face the same roadblock.

    As this practice is generally not understood and the subject of a lot fantasies and misconceptions, they are often facing the same criticisms: they spend all their time playing on their computer, are anti-social, do not respect authority. In a few words, they are ruining their life.

    However, the most difficult in such situations are not the criticisms by themselves, it is the sense of isolation that they produce. Forty years ago, one of such teenager raised up against this feeling and wrote, under the pen name The Mentor what now counts as one of the most heart-moving and inspirational text about the hacking culture: the Hacker’s Manifesto, also known as The Conscience of …

    Continue

Popular tags see all

Website

Author

Follow