(ICS)2 Certified Cybersecurity

[jgoodrich]

I know that ICS2 and CompTIA are competitors in the certification space. However as a teacher in the high schools space I am always looking for low cost and free resources to help my students start in the field. I have come across the (ICS)2 One million certified in Cyber promotion they are doing.

I ran though there free training material in a few hours and am trying it out on some of my students to see what they think of it. It seems to be a base level of “very” basic knowledge of Cybersecurity. I wanted to know what other thoughts on it are if any.

I am still going to keep my main certifications with CompTIA and Cisco for my class but do people think if the material is easier to understand for the students would you use it with your classes (High school students).

One Million Certified in Cybersecurity – Free ISC2 Certification Exams

ISC2 pledges one million free entry-level certification courses and exams to individuals new to cybersecurity

www.isc2.org

This is something that I wish CompTIA would jump on, a basic Cybersecurity certification that is not geared to technical. That both non-IT professional and IT starters could take.

PS if anyone has any other material that they want to share would love to know of more. I am always looking for ways my students can do more.

 

[Gregory Childers]

I recently passed the (ISC)² examination. Since I already hold the CompTIA Security+, CySA+, PenTest+, and CASP+, I didn't bother to read the exam objectives or study for it. It was a free exam, so I thought "why not?" It also gave me 50 CEUs to renew my Cloud+ certification.

It's a very basic entry-level cybersecurity certification. While the exam was 100% multiple choice questions with no performance-based questions, diagrams, displays, simulators, etc., it can serve as an entry point into higher level certifications such as Security+ or SSCP.

I think it would be great for high school students, college students, and career changers with zero cybersecurity experience, especially for those who aren't ready for the Security+ exam yet.

CompTIA was working on a cybersecurity fundamentals course, but seems to have delayed it or dropped it. I was part of the exam item writing session earlier this year, but I haven't heard anything about it in quite a while. I think it would be great if CompTIA followed through with an entry-level cybersecurity certification.

​

 

[Kenneth Proctor]

I took the CC training and exam the moment I found out about the 1MCC program. I found the video course to be sorely lacking in comparison to what the CC exam actually tested. With that said, I thought the CC exam was quite good and in particular thought it was a great pre-test for the Security+.

I'm at the university level where I have undergrads and grads, so my context is a little different. I had all my cybersecurity students sign up for the 1MCC program, since a free cert attempt is still a free cert attempt and a free training course is still a free training course.

I teach a Security+ course every winter. The first year I taught it, I had some students who were at the Security+ level and were using the course to fill in their knowledge gaps before taking it. Others had zero security experience and I think found the Security+ a little overwhelming. The CC has given me the opportunity to tell those students who have zero experience to take the CC on their own this winter, and they can take the Security+ course next winter when the have more knowledge and experience, and therefore can get more out of the Security+ course. Which I think is a win-win for everyone.

With that said, if there was a CompTIA security fundamentals exam, I would definitely have my students do it. Especially if the cost was in the ITF+/Cloud Essentials+ range. The $200 cost for the CC exam is a bit much, especially when you consider that the SSCP exam is $249.

There does appear to be a knowledge gap among students at the entry level (for the obvious reasons). I typically train veterans, underemployed, unemployed, and corporate students in A+, Net+, and Sec+ (in that order). But not every student enrolls in those courses in that sequence. For students who take the A+ and Net+ first, the Sec+ learning curve is less steep. The majority of individuals that enter Sec+ right away struggle, without a doubt. I've learned that many of the struggling students that enrolled in Sec+ right away do so to fulfill employment requirements. Furthermore, most of my students cannot afford all three classes at the same time and require the Sec+ to fulfill an employment requirements ASAP. I agree with you Brian, a fundamental security exam would help lessen the learning curve.

 

[Gregory Childers]

There does appear to be a knowledge gap among students at the entry level (for the obvious reasons). I typically train veterans, underemployed, unemployed, and corporate students in A+, Net+, and Sec+ (in that order). But not every student enrolls in those courses in that sequence. For students who take the A+ and Net+ first, the Sec+ learning curve is less steep. The majority of individuals that enter Sec+ right away struggle, without a doubt. I've learned that many of the struggling students that enrolled in Sec+ right away do so to fulfill employment requirements. Furthermore, most of my students cannot afford all three classes at the same time and require the Sec+ to fulfill an employment requirements ASAP. I agree with you Brian, a fundamental security exam would help lessen the learning curve.

If someone is starting from scratch, they should take and pass IT Fundamentals+, A+, and Network+ before they take Security+.

 

[Rick Butler]

If someone is starting from scratch, they should take and pass IT Fundamentals+, A+, and Network+ before they take Security+.

Quite right. Sadly, for DoD roles, they want that Security+ coming in the door. So the pressure is pretty high to just right up to that, being basically set up for failure.

 

[Gregory Childers]

Quite right. Sadly, for DoD roles, they want that Security+ coming in the door. So the pressure is pretty high to just right up to that, being basically set up for failure.

Maybe CompTIA should follow the example of (ISC)2 and make a few prerequisites mandatory.

 

[Rick Butler]

Maybe CompTIA should follow the example of (ISC)2 and make a few prerequisites mandatory.

I've often wondered about that. I see a two edged sword here. On one hand, we would see folks be better prepared for the higher end certs, however, I think it would result in less of those higher exams taken. The governing question, though, is what would actually be gained by making those lower certs mandatory.

 

[Gregory Childers]

I've often wondered about that. I see a two edged sword here. On one hand, we would see folks be better prepared for the higher end certs, however, I think it would result in less of those higher exams taken. The governing question, though, is what would actually be gained by making those lower certs mandatory.

I would rather have a credential with more stringent prerequisites because it would have more gravitas. I've seen too many service desk employees in their 20s passing the CASP+ with barely entry-level experience.

 

[admar]

Prefiro ter uma credencial com pré-requisitos mais rigorosos porque teria mais seriedade. Já vi muitos funcionários de service desk na faixa dos 20 anos passarem no CASP+ com pouca experiência inicial.

Dear Friend, I think experience and certification are debatable aspects.
I work with people who don't even have any certifications and have gigantic and superior experiences than those who have certificates. and I also think that a certificate is a personal achievement, that is, a bonus to compete for a vacancy or a better placement within the job.
Candidates struggling for a job opening in the cybersecurity field in Russia are not required to have any certification. having professional training is enough. I don't know if it's the country's internal policy, but having a certification is just a bonus

 

[admar]

I know that ICS2 and CompTIA are competitors in the certification space. However as a teacher in the high schools space I am always looking for low cost and free resources to help my students start in the field. I have come across the (ICS)2 One million certified in Cyber promotion they are doing.

I ran though there free training material in a few hours and am trying it out on some of my students to see what they think of it. It seems to be a base level of “very” basic knowledge of Cybersecurity. I wanted to know what other thoughts on it are if any.

I am still going to keep my main certifications with CompTIA and Cisco for my class but do people think if the material is easier to understand for the students would you use it with your classes (High school students).

One Million Certified in Cybersecurity – Free ISC2 Certification Exams

ISC2 pledges one million free entry-level certification courses and exams to individuals new to cybersecurity

www.isc2.org

This is something that I wish CompTIA would jump on, a basic Cybersecurity certification that is not geared to technical. That both non-IT professional and IT starters could take.

PS if anyone has any other material that they want to share would love to know of more. I am always looking for ways my students can do more.

I see an exponential increase in certification providers in the market for almost every field, particularly cybersecurity. and such new providers are bringing very low prices for their certifications and with the same or even higher quality of content than the old providers.
a practical example in cybersecurity is the providers eLearnSecurity with their certifications, Hack The Box with the new CPTS, Tryhackme. and other platforms. either the providers change the prices or they are left behind.
Companies require professionals who are hands-on.

ISC2 have more theoretical certifications (General Management) now the CompTIA certifications are theoretical and practical.
I did ISC2 Certified in cybersecurity and I didn't find it so basic, there was complex material that required other sources of information. more incentive for people to have this certification in their background

 

[Gregory Childers]

Dear Friend, I think experience and certification are debatable aspects.
I work with people who don't even have any certifications and have gigantic and superior experiences than those who have certificates. and I also think that a certificate is a personal achievement, that is, a bonus to compete for a vacancy or a better placement within the job.
Candidates struggling for a job opening in the cybersecurity field in Russia are not required to have any certification. having professional training is enough. I don't know if it's the country's internal policy, but having a certification is just a bonus

I am saying they should be required to have experience before being allowed to take a certification exam.

 

[KGreen]

I am saying they should be required to have experience before being allowed to take a certification exam.

Aaaah, then you have the "which came first for getting a job, certification or experience?" and the answer is "none of the above". If a cert is required, and the cert requires experience, then automatically it's not entry level.

If you want genuine entry level then the bar needs to reflect that some people will be motivated and study hard to compensate for lack of experience, that some people are crossing over to tech from other industries so they have skills and desire to learn more but not direct industry experience.

My first Cisco cert was CCNA Security, and I had to self study to CCENT so I could do that and then double back for Routing and Switching. My instructor knew it would be challenging for me, but that I wanted it enough to work through that, and the class schedules would have delayed me a year or more if I'd taken them in order, because of the odd way I jumped in when transitioning to IT.

Security, and cybersecurity, are not a "take one class for one semester" kind of thing if you are starting from zero. There's too much to know. Endpoint, network, personnel, privacy, physical. That's why the current revision of A+ has both networking and security in Core 1 and also in Core 2.

A+ was actually very late for me, since I didn't need it. Network classes (but not Cisco specific) and living abroad (general awareness) gave me a good base for the original Security+ class and cert. I didn't get A+ or Network+ originally, returning to networking and belly flopping directly into CCNA Security when I did. It wasn't graceful, and man I got road rash, but I slid in grinning ear to ear.

The ISC2 effort is acknowledging that there are not a lot of entry level options for some people. One of my classmates was a car detailer. Smart guy, but starting from absolute zero on tech, and no savings. If you want to close the skill gap and get more people, you can't afford to make assumptions and financial requirements anymore. You can't automatically rule out people like him anymore. If you want an entry level tech, consider hard what the actual job duties are, and what realistic requirements are. A first job at a company may not be an industry entry level job, just the lowest level at that company... self assess and be honest; you, your applicants, and your new hires will all be happier...

 

[Gregory Childers]

I'm honestly not certain that there are that many jobs which are truly entry-level. Jobs which require no prerequisite knowledge. Jobs where they will mentor you and allow you to gain valuable experience to build your skills. Most job advertisements for "entry level" cybersecurity jobs require a Security+ or CISSP, which is completely ridiculous. Sec+ recommends Net+ and two years of experience with a security focus. CISSP requires a minimum of five years experience in two or more of the eight domains for the exam. By definition, those are not entry level requirements.

I consider myself very fortunate that early in my career, I was hired as a computer operator in a data center. I had basic Windows and Office experience. I could build a basic database. I had roughly the knowledge of a power user before getting the job. I had great mentors and I gained a valuable foundation in that job that helps me to this day.

Education and experience are both valuable. I never would've had the career that I've had without that one entry level job. I also never would've had the career I've had without all the preparation I've put in to pass those certification exams. Certifications can fill in knowledge gaps. Experiences is practical application of that knowledge. People need both.

We do need to train the gatekeepers in the industry to stop listing mid level jobs as entry level and to stop making certifications the primary qualification. The training industry has churned out countless "paper certifications" for candidates with no practical experience because they can boot camp or brain dump their way into a passing score.

 

[KGreen]

I'm honestly not certain that there are that many jobs which are truly entry-level. Jobs which require no prerequisite knowledge. Jobs where they will mentor you and allow you to gain valuable experience to build your skills. Most job advertisements for "entry level" cybersecurity jobs require a Security+ or CISSP, which is completely ridiculous. Sec+ recommends Net+ and two years of experience with a security focus. CISSP requires a minimum of five years experience in two or more of the eight domains for the exam. By definition, those are not entry level requirements.

I consider myself very fortunate that early in my career, I was hired as a computer operator in a data center. I had basic Windows and Office experience. I could build a basic database. I had roughly the knowledge of a power user before getting the job. I had great mentors and I gained a valuable foundation in that job that helps me to this day.

Education and experience are both valuable. I never would've had the career that I've had without that one entry level job. I also never would've had the career I've had without all the preparation I've put in to pass those certification exams. Certifications can fill in knowledge gaps. Experiences is practical application of that knowledge. People need both.

We do need to train the gatekeepers in the industry to stop listing mid level jobs as entry level and to stop making certifications the primary qualification. The training industry has churned out countless "paper certifications" for candidates with no practical experience because they can boot camp or brain dump their way into a passing score.

Right. That's why we are in the boat we're in. There are very very very very few genuine entry level, as in very first IT job, in some areas, particularly security and networking. That needs to change, or we will never have enough people. There are entry level jobs in other areas that require a level of training, and then have onboarding training, particularly help desk. If we have transparency into our job processes, good documentation, and onboarding training, there is no reason not to have entry level jobs.
I need an extra person to watch this thingie in the evening to make sure updates roll out and virus scans are run, be sure to do that thingie when the process is done to confirm it worked, and run down this checklist to make sure major mission critical processes are not affected adversely. Done. Initial troubleshooting can be done by new-ish who moved up from that entry level job to document the affects and scope, and route to whatever person needs to be doing real troubleshooting.
Don't waste the time of your $150/hour engineer doing a $15/hour tech job.
Of course that means we need to be a heck of a lot more organized about how we do things, and have a clear chain of responsibility. That's a business failing, not a tech failing.

 

[Gregory Childers]

Don't get me started on the need for documentation. I've been banging my fist on the table about that for two decades.

 

[KGreen]

Don't get me started on the need for documentation. I've been banging my fist on the table about that for two decades.

Repeating the refrain from the choir. I started in admin support, so documentation was pretty much my jam. Ooooooh the pain of some places. It's why so few have ISO 9000, they have no idea what they do end to end, and don't want to slow down long enough to find out. Yeah, it takes a bit to do. Document as you go is a place to start, and when you're done you won't have blind spots, even if some places are really really thin. I was at one place and we had no idea who was supposed to fix a thing, because normally we didn't touch interact with it, and nobody was able to tell us. Fun times.

 

[MBA]

The CC certification is alright! But the catch is the $50/year (ISC)2 membership that is required for the students after passing the exam to get their certificate. So, it's always worth giving that heads-up to students before they jump in and take it, even if sitting the exam might be free. It's not a big deal if you are already a member of (ISC)2, but for a student, especially at the high-school level it is an investment worth thinking about, especially if the real target is Security+. I don't recommend taking CC to students unless they plan to take the CISSP down the road.

 

[tangobro]

the catch is the $50/year (ISC)2 membership that is required

This! I'm in the Workforce Development space & took the training & the cert to see if it would be a good fit for my students aged 16 - 24, plus the price was right (free). The training & cert give a start to the on ramp for Sec+, but I thought the ISC2 training material by itself was not sufficient for the test. The advantage to the $50 membership is that it allows member access to other training material & I think it starts the clock ticking for further certs that require proof of time in the field.

 

[Fred]

Thanks