Road to CISSP (Certified Information Systems Security Professional)

I have been studying on and off for ISC2 CISSP for years, but finally forced myself to focus and write it Fall/Winter 2019.

TL;DR Passed!

Here are the resources I found helpful.


Site: https://www.cybrary.it/course/cissp/
Price: Free
Kelly Handerhan is awesome, great instructor. She also has a great video - Why you will pass the CISSP

Larry Greenblatt
Site: https://www.youtube.com/playlist?list=PLpiwOCDosEX4ESziF0ajV92lXhvBJXrtR
Price: Free
Larry has some good videos to put you in the exam question mindset.

Lynda.com/LinkedIn Learning
Site: https://www.linkedin.com/learning/search?keywords=cissp
Price: Free, if your local library membership has a subscription
Mike's CISSP course is great, he is also the author of the official study guides. CertMike


Official Study Guide and Practice Tests
Read both of these cover to cover, you get online practice tests with each, great value.

Eleventh Hour CISSP
Read 1/2 of it, great review when you are close to taking the exam


Reddit r/CISSP has lots of great people and resources.


Learning to Code

You can't just jump into cyber security, you need some foundation knowledge and skills to learn first.

I started on client services side, desktop; then moved into system administration, application administration and finally networking and security.

Now coding. I lack scripting and coding skills, so I am starting out by learning Javascript and Go-lang. Here are some resources that I am finding helpful:

Mozilla - Getting Started with the Web

Price: Free!

Starts with HTMl, CSS, then moves into JavaScript and others.

Site: https://www.freecodecamp.org

Price: Free!

Starts off basic with HTML and CSS; then gets more advanced as you go along. This course will get you from zero to full stack developer!

Site: https://www.codecademy.com

Price: Free!

Different options to choose from, I'm doing the HTML and JavaScript courses. Has great examples.

Site: https://www.udemy.com
Instructor: Todd Mcleod

Course: Build a website with HTML and CSS
Course Site: https://www.udemy.com/html-tutorial/learn/v4/overview

Course: Learn how to Code (Go-lang)
Course Site: https://www.udemy.com/course/learn-how-to-code/

Course Price: $15 (promos running all the time)

Todd Mcleod is a great instructor, he knows how to teach. He also started his own training site and teaches many different topics. I also purchased his Go-Lang course, will be tackling that one later.

Site: https://github.com/

Signup on github to learn about source control. It's a good way to keep your projects organized and backed-up. Plus, you can make something useful and give back to the open source community! Win-Win!


BSidesLV 2017 & Black hat 20 & DEF CON 25

Went to BSidesLV, black hat and DEF CON in Vegas, 2017.

Sooooooooooooooooooo many people....


Six Months of Labs and OSCP Exam

TL/DR - failed OSCP exam :(

After six months in the labs, I exploited 30 machines and found the network keys for all networks. That was my goal when I had started out, so I was happy with that.

The exam was much like the labs, time got me though. If given a couple days vs 24 hours, I would have passed.

I managed to root one machine and had low level privileges on two other machines which probably gave me about 40 points. I will attempt the exam again, after I work on a couple other things.

One piece of advice I can give is to be prepared for anything, read up and practise on all types of systems and practise editing/fixing existing exploits.


90 days in - Update

90 days in lab experience: 13 machines owned, a couple on their way...

I've renewed my lab time another 90 days. I plan to go through the material and videos a second time and write up the exercises.

Huge learning experience for me, scripting and being able to read different code is important. Also, think simple. Sometimes its the little things that make a system vulnerable...


Penetration Testing Resources

Free Penetration Testing Resources
If you are taking the PWK/OSCP, then you are expected to aid your studies with additional resources. Check out the following...

NIST - Technical Guide to Information Security Testing and Assessment

ISECOM - Open Source Security Testing Methodology Manual (OSSTMM)

PCI Security Standards Council - Penetration Testing Guidance

Penetration Testing Execution Standard

Penetration Testing Framework

SANS Penetration Testing Resources

Cybrary.it has many free videos and resources on many information technology topics from networking to linux and virtualization and lots more!

Cybrary.it - Penetration Testing and Ethical Hacking

Cybrary.it - Advanced Penetration Testing
Slides from Cybrary.it - Advanced Penetration Testing

SecurityTube.net - Like YouTube, but Information Security!

IronGeek.com - Adrian Crenshaw has been recording Information Security conferences forever and uploading the videos to his website and YouTube Channel. Thanks!

Open Security Training

Offensive Security Metasploit Unleashed

Open Web Application Security Project (OWASP) Testing Guide

Penetration Testing Resources that cost CashMoney
If you have the funds available, I recommend purchasing the following:

Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman. I purchased this book, because I had the pleasure of seeing Georgia Weidman present the SmartPhone Pentest Framework (SPF) at AtlSecCon 2013. She also teaches the Advanced Penetration Testing Course at Cybrary.it. She knows #infosec...

RTFM - Red Team Field Manual
Great book with many helpful code snippets.

*** I'll keep adding things as I find them. Last Updated: January 9, 2020 ***


Offensive Security PWK & OSCP #yolo

I am taking the Offensive Security Penetration Testing with Kali Linux (PWK) course in preparation to schedule and eventually take the Offensive Security Certified Professional (OSCP) 24 hour hack-all-the-things challenge.

I think I am in over my head... But I am and will TRY HARDER. I plan to post some notes on the experience as I go, check back for updates.

About PWK and OSCP
We train the top information security professionals. Discover courses, certifications, pentesting services, labs, and more from the creators of Kali Linux.

Offensive Security Penetration Testing with Kali Linux (PWK)

Offensive Security Certified Professional (OSCP)

Offensive Security is a great company that supports many information security communities and events, check them out!


Information Security Events and Groups in Atlantic Canada

Atlantic Security Conference (AtlSecCon)
The Atlantic Security Conference (AtlSecCon) is a non-profit, annual, information security conference located in Halifax, Nova Scotia, Canada. Established in 2011, our goal is to provide quality information security education and training at an affordable cost.

Halifax Area Security Klatch (the HASK)
The Halifax Area Security Klatch (HASK), provides a forum for experts to encourage discussion and share expertise in understanding the latest trends and security threats facing computer networks, systems and data.

Our membership includes Information Security practitioners, managers, network administrators, students, and anyone who is interesting in learning more about securing information.

We meet at the Halifax Club in Halifax, Nova Scotia. Typically, we meet the last Monday of the month except for March, June, July, August, and December; unless otherwise notified.

Security B-Sides Cape Breton
What happens when many high quality information security speakers don’t get a chance to speak at the BlackHat Briefings Conference in Las Vegas? You make a new, more inclusive conference! 

B-Sides is a template conference design powered by grassroots organizers, has spread to dozens of cities in several countries, and it is Cape Breton’s turn this fall. The community of researchers, academics, professionals, and enthusiasts who attend, organize, and speak at these nonprofit conferences customize the atmosphere and dialogue in each city, but the sense of collaboration exists at each location. 

Intimate educational talks are the start of quality networking and interaction between participants and speakers and B-Sides Cape Breton is seeking exceptional speakers, both seasoned and new.

Our guests come from all over the country, but you don’t have to be an industry professional to attend. We encourage anyone interested in learning more about information security to join the conversation.

Atlantic HTCIA
The HTCIA Atlantic Canada Chapter consists of members from the four Atlantic provinces:
  • Nova Scotia
  • New Brunswick
  • Prince Edward Island
  • Newfoundland
The High Technology Crime Investigation Association is composed of 8 regions within the United States and 6 international regions, including Canada. The Atlantic Chapter is one of five chapters in the Canadian region. Internationally there are 38 chapters overall.

Moncton Area Security Klatch (the MASK)
The Moncton Area Security Klatch (MASK), provides a forum for experts to encourage discussion and share expertise in understanding the latest trends and security threats facing computer networks, systems and data.

Our community seeks to involve Information Security practitioners, managers, network administrators, developers, students, and anyone who is interesting in learning more about securing information.

The MASK will be a monthly event, at a soon to be determined venue. Each invent will include, but not limited to:
  • Social time & networking to meet and discuss with other enthusiasts (Appetizers and drinks included, thanks to the sponsor)
  • Vendor sponsored presentation
  • Presentation done by MASK member
BSides is an open platform that gives security experts and industry professionals the opportunity to share ideas, insights, and develop longstanding relationships with others in the community.  It is a rare opportunity to directly connect and create trusted relationships with key members of the community.

St. John’s is located along on the East Coast of Canada, on the northeast of the Avalon Peninsula in southeast Newfoundland. It is the most easterly city in North America.