I am only a part-time contract instructor but work in network infrastructure full-time. The company I regularly teach for does not conduct the CompTIA certification boot camps but focuses on employee development. They also tailor each technical course to the customer's requirements, which usually includes getting a CompTIA certification. Early this year, I developed a curriculum based on Security+ for one of their customers. The course was for their full-time IT employees, spanned four months, used the CompTIA Security+ book, and required them to take the certification exam at the end. Because the course was four months, it was in-depth and covered security knowledge, skills, and tools. I covered virtualization and taught them Oracle VirtualBox, including installing it on Windows and Linux, using the various network settings to create a secure environment, and installing the guest additions. After that, they installed and configured a Windows 2019 Server VM, Ubuntu VM, Kali VM, and Windows 10 VM. This also allowed them to learn all the network configurations in Oracle VirtualBox. After the VMs were set up, they installed a pfSense firewall VM, Suricata on the Ubuntu VM, and Snort on a VM of their choice. Then, they built a network with the Windows 2019 servers providing DHCP and DNS and serving as the Domain controller. The pfSense firewall VM was also configured as the network gateway. They also installed and learned NMAP, netdiscover, OWASP ZAP, Wireshark, OS vulnerability scanning, port scanning, OS hardening techniques, OpenVAS, SET, Clam AV, smishing tools, and several others. In addition, the course had various labs, including using the OSINT Framework and SET to build a phishing attack, TOR browsers to navigate the dark web, how to navigate the MITRE Framework, using the Exploit database, and using John the Ripper.
