Looking for some guidance for Security+ Training

[David M. Foster]

Hello all. I'm looking at starting a training program for Security+ and am having a hard time figuring out how this all works. What resources do you use? Do you buy books from CompTIA? Online practice tests/ebooks? Don't even know how to start this up really.

Thanks in advance for any info provided.

 

[Rick Butler]

Well, before you can really teach Security+, you need to make sure you're coming in with a solid foundation. I'll tell you straight, no one should attempting Security+ without a solid understanding of the course content in Network+. They may be able to skate by without a lot of A+, if they are straight heading for Sec+, but really, ITF+, A+ Software, and Network+ are critical to building a solid curriculum base for Security+.

Building a program, let's start with the classic four facets of any training program, Curriculum, Instructor, Facility, and Student.

Curriculum: If you're just starting out, you might just start off with the associated CompTIA approved materials. We've been waiting for years to see them, and from our instructors feedback, are better than the standard publishers' books. Start by building a series of syllabi and lesson plans to teach the material to your students. The CompTIA materials have templates you can use to get started.

Facility: With the curriculum, you'll need to then build up your hands-on lab resources. Trust me, there is NO BETTER WAY to train students than building a hands-on curriculum (disagree? fight me...lol). Get a collection of devices, machines, and resources to set up configurations. Books worth their salt should have some equipment listings to build your labs. Good solid laboratory facilities with a comfortable classroom.

Instructor: Once you've found a good lab space and good curriculum, you need some qualified and PASSIONATE people to teach it. Real instructors who care about students, rather than ones that put students in remote control or ones that aren't up and about working with students. Students are going to be more jazzed about a program if their instructors are high-energy. Have a look at cybersecurity opportunities in your area, what the ecosystem looks like.

Student: Once you have a lot of these things in place, you need to consider your students. Who are they? Are they entry-level professionals? Military folks? Lower-income area? Because if you can't get students that are committed to the program, you don't have a worthwhile program. Start with some marketing, look at the potential clientele, how many will come in, and how many would be reasonably employable after your program.

This is a very high-level start to all of this. You'd have a lot to do to build something like this, but it's something you can do. If you have any more specific questions, just reply!

Cheers!

/r

 

[David M. Foster]

Well, before you can really teach Security+, you need to make sure you're coming in with a solid foundation. I'll tell you straight, no one should attempting Security+ without a solid understanding of the course content in Network+. They may be able to skate by without a lot of A+, if they are straight heading for Sec+, but really, ITF+, A+ Software, and Network+ are critical to building a solid curriculum base for Security+.

Building a program, let's start with the classic four facets of any training program, Curriculum, Instructor, Facility, and Student.

Curriculum: If you're just starting out, you might just start off with the associated CompTIA approved materials. We've been waiting for years to see them, and from our instructors feedback, are better than the standard publishers' books. Start by building a series of syllabi and lesson plans to teach the material to your students. The CompTIA materials have templates you can use to get started.

Facility: With the curriculum, you'll need to then build up your hands-on lab resources. Trust me, there is NO BETTER WAY to train students than building a hands-on curriculum (disagree? fight me...lol). Get a collection of devices, machines, and resources to set up configurations. Books worth their salt should have some equipment listings to build your labs. Good solid laboratory facilities with a comfortable classroom.

Instructor: Once you've found a good lab space and good curriculum, you need some qualified and PASSIONATE people to teach it. Real instructors who care about students, rather than ones that put students in remote control or ones that aren't up and about working with students. Students are going to be more jazzed about a program if their instructors are high-energy. Have a look at cybersecurity opportunities in your area, what the ecosystem looks like.

Student: Once you have a lot of these things in place, you need to consider your students. Who are they? Are they entry-level professionals? Military folks? Lower-income area? Because if you can't get students that are committed to the program, you don't have a worthwhile program. Start with some marketing, look at the potential clientele, how many will come in, and how many would be reasonably employable after your program.

This is a very high-level start to all of this. You'd have a lot to do to build something like this, but it's something you can do. If you have any more specific questions, just reply!

Cheers!

/r

Rick;

Thanks for the quick and in-depth reply. To give some additional info:

The Curriculum is part of what I'm looking for. I am recommending to my organization that we purchase the instructional materials from CompTIA directly to build out our syllabus and instructional content.

The Facility is also part of what I'm looking for. I have training space and can procure hardware as necessary, but I was looking for more information on online solutions for those "labs". My focus is Security+ in support of DODM 8570.01 so all of my Students are military IT professionals. Does the Sec+ require labs? What hardware would truly be needed for hands on? My last test was 401 so I'm updating my personal info as well.

Oh, and I'm the Instructor whose primary job is to teach IT professionals within our Military organization. I am trying to convince my organization to expand to include CompTIA Net+/Sec+ and Pearson-Vue testing.

Thank for the help.

v/r

David

 

[Rick Butler]

The Curriculum is part of what I'm looking for. I am recommending to my organization that we purchase the instructional materials from CompTIA directly to build out our syllabus and instructional content.

I think you'll do well to start with it. I don't think you'll be disappointed - we weren't.

The Facility is also part of what I'm looking for. I have training space and can procure hardware as necessary, but I was looking for more information on online solutions for those "labs". My focus is Security+ in support of DODM 8570.01 so all of my Students are military IT professionals. Does the Sec+ require labs? What hardware would truly be needed for hands on? My last test was 401 so I'm updating my personal info as well.

Online labs? Well, in the short term, we have had reasonable success with tools like TestOut's LabSim, which have a lot of those simulator

Security+ does have some simulation and lab style questions, such as configuring Certificate Authorities, Wireless Access management (particularly 802.1x solutions that make use of RADIUS and/or LDAP, WPA2-Enterprise). Students will do well with some log file analysis so setting up a SYSLOG server, Kali with OpenVAS, Nessus, NMAP/ZenMap, Nikto demos, that sort of thing will help students understand the security principles (CIA-AAA-NR). Remember, though, a solid understanding of the OSI model, what operates on what layer, port and firewall configuration are critical. So the more that you can model in a lab environment, the better you'll do.

SY0-401 isn't too far away from where Sec+ is now. You may also do some reading into CySA+ and PenTest+ because that will go deeper into applied skills. If you can get a copy, Dr. Michael Ciampa does a fantastic job of explaining things in an analytical format (Cengage). You may be able to glean some things from the lab manuals that you can adapt to your course.

2-3 servers, Linux, Windows 2012/2016, an older SonicWALL or PFSense (or something built on Raspberry Pi), routing using Cisco PacketTracer, GNS3, or something like that. Oracle VirtualBox will be your friend. A few Wireless Routers from different manufacturers (Linksys, Netgear, DDWRT). Switches and wiring. A managed switch capable of VLAN is useful.

A lot of stuff, you can get second-hand or from various surplus points. I'd check with DRMO and see if they have stuff you can procure.

Oh, and I'm the Instructor whose primary job is to teach IT professionals within our Military organization. I am trying to convince my organization to expand to include CompTIA Net+/Sec+ and Pearson-Vue testing.

Roger that. I'm former Army myself with a huge military student population. So, you will need the old school "This block of instruction will guide you through the steps of...", mentality. You're quite right in doing hands-on. That's the way soldiers learn best.

PearsonVUE has it's own challenges. Not insurmountable; I've built test centers before, so just read their technical documents carefully. They are good people there and they'll guide you through. Support is out of the UK. As long as you have a room where you can do proper eyes-on, you can probably build a suitable test center.

Lots of work ahead, mate, that's for sure. But keep writing and posting. I'll be glad to help get you going.

/r