(Part 3) Best security certification books according to redditors

So you want to become a script kiddy and try and hack with backtrack 5 eh. That's not really the way to learn, you want to read read and read security books. ( http://www.amazon.com/Certified-Ethical-Hacker-Exam-Prep/dp/0789735318 )

To install a OS to a USB use this program, ( http://www.linuxliveusb.com/ ) it will download it, format the drive, and install it to USB for you.

If you are truly interested in learning a different OS, I suggest Linuxmint, Ubuntu or Fedora. Once you get your feet wet with those, try a Gentoo box.

The exam questions are nothing like this. Try a reputable practice test book instead.

https://www.amazon.com/Security-Practice-Tests-Prepare-CertMike-ebook/dp/B07N6PD4ML

https://www.amazon.com/CompTIA-Security-Certification-Practice-SY0-501/dp/1260026906/ref=mp_s_a_1_13?keywords=sy0-501&qid=1564013192&s=gateway&sprefix=sy0&sr=8-13

Woooooo... there buddy... Slow down! You just passed a certification exam. Relax, take a week or two off from studying. Otherwise your are going to get burned out on studying.

As for Studying, I think the general thought is

• CASP CAS-003 Cert Guide, Second Edition by Abernaty and McMillion - PearsonIT
  
• Jason Dions' videos from Lynda
  
• CASP Study Guide by Parker & Gregg - Sybex
  
• Cybrary IT
  
  

I used 3 books in my readings:

https://www.amazon.com/Meyers-CompTIA-Security-Certification-SY0-501/dp/126002637X/ref=sr_1_9?keywords=security%2B&qid=1564790977&s=gateway&sr=8-9

https://www.amazon.com/CompTIA-Security-SY0-501-Exam-Cram/dp/0789759004/ref=sr_1_8?keywords=sy0-501&qid=1564791002&s=gateway&sr=8-8

https://www.amazon.com/CompTIA-Security-SY0-501-Guide-Certification/dp/0789758997/ref=sr_1_16?keywords=sy0-501&qid=1564791002&s=gateway&sr=8-16

I have an ACM membership so I was able to access them all from their learning library. Was able to read all three books in 27 days. Did the practice tests online (mostly got between 96% - 98%). No one author is able to cover all the material. But since this is something that I really need to learn, I try to source out materials from different sources.

I usually go with the For Dummies version first to break it into my brain in a form that's understandable before I cover it using the actual text. Yes, it takes time, and not really allow you to accelerate but it helps me to actually understand what I'm supposed to learn and not just pass the test.

Like with PowerShell right now, I'm on chapter 8 of Windows PowerShell Programming for the Absolute Beginner, 3rd which approaches PowerShell programming by building games. Almost have half of it done then I'd go for Learn PowerShell Scripting in a Month of Lunches. Again, I'm not saying this approach is best, but it works for me to understand things better. Plus work does reimbursement for stuff I buy for the class which really helps if I need a book (an actual printed book).

If you're brave enough, reading the Security+(amazon) cert book and these(wikipedia)is a pretty good step as well.

Try these:

Network+

Security+

Linux+

If you get the digital versions of these they're each less than $20. Also they come with a code to get the Total Tester software for net+ and security+, which has lots of practice questions. That's pretty much all I used to pass Net+ on monday. The passport series just gives you what you actually need to pass the exam, and their written pretty well.

There is some stuff, at least in the most recent Network+ exam, that covers weird, old tech. stuff that really isn't used anymore like Token Ring, which I believe wasn't in some of the past exams and was reintroduced. Or it might have been ISDN. But anyway, best to get something up to date.

I'm not 100% on the linux one. It was published in 2008 and they have changed the test since, but most of it should still be perfectly relevant.

Alternatively you could try studying Kali Linux specifically. Good thing with lots of nice tools for security and penetration testing. The book is online and completely free. That should teach you most of what you need to know for linux+.

Yes, unfortunately, it's not cheap. I always do better with a $100 book than with an $1,000 course anyway, and it's a much better use of my valuable time. I checked my Amazon history and it was this book. https://www.amazon.com/gp/product/0071831568. I used the same series for passing the CEH. As for the certs, I quit college and worked to pay the bills while my wife was in school, and by the time she finished, I was already established in the IT space. I never went back to college, so I tend to compensate with certs. They do help a lot when looking for IT consulting work. =)

There isn't too much out there for CAS-003 yet. Do you have any certs already? I would suggest at least Sec+ before you try to take CASP. If you want to take CAS-002, it ends at the very beginning of October so there isn't much time if you're just starting now. Not impossible, but it would be a crunch. CASP is one of, if not the hardest CompTIA tests. If you are set on CAS-003 I would recommend (Sec+ first if you don't have it) CySA+ since there is a bunch of material on it and it will give you a better technical background. You can get this done on a month or less if you have a background in infosec or are dedicated. In that time there will be more material on CAS-003.

If you want to just go straight to CAS-003 there is one book on Amazon: CompTIA Advanced Security Practitioner (CASP) CAS-003 Cert Guide (2nd Edition) (Certification Guide) https://www.amazon.com/dp/0789759446/ref=cm_sw_r_cp_apa_APJMBbYEJG51B

Then CompTIA has their official study guide, but it is a little steep at $200: https://store.comptia.org/product/978-1-64274-063-9

I used the older version of this book.

http://www.amazon.com/CompTIA-Security-Study-Guide-SY0-301/dp/1118014731/ref=sr_1_3?ie=UTF8&qid=1312818106&sr=8-3

I believe this is the new book as they changed the test ~May 1st. Go to the CompTIA site to figure out which is the new test (pretty sure it's 301), and then buy this series for that test.

That said, after I read this book, I grabbed an exam dump from examcollection.com and studied that as well. I went through and took it straight, then looked for the answers I got wrong and studied WHY I got them wrong back in the source material. I know that's not a popular way to study around here, but it's effective.

Since you have your CISSP, the InfoSec material will be a breeze. If the CISSP is a mile wide and an inch deep, then I'd say the HCISPP is 3/8 of mile wide and a half-inch deep. You'll be fine.

​

For the Healthcare information, I know it touched on things like the healthcare industry, breach timelines, security and privacy regulation, technology specific to healthcare (EHR, EMR, coding, data exchange, etc.).

​

Looking through my notes, I see that I actually read this as well: https://www.amazon.com/Healthcare-Information-Security-Privacy-Murphy/dp/0071831797

Awesome contest! Thank you for doing this for other people! This will make someone or someones verry happy indeed!


I want this book and/or this book



These are study books for IT ceritifications. They will make a difference to me because if I can pass the certification tests I can get a better job and make more money.

I passed a few days ago. I felt pretty comfortable during the whole exam. I have a MSCSIA from WGU (I took SSCP 4 months after graduating). I have a CCNA, CCNA Sec, Security+, and a few others. I consider the SSCP a Security+ that uses more applied knowledge vs security+ (sec+ seems to quiz you more on facts you can answer the question with)

​

I utilized:

• Lynda that comes with WGU
  
  • https://www.lynda.com/ (login with WGU credentials; usable by WGU alumni aswell).
    
• ISC2 SSCP Official Practice Tests
  
  • (maybe google this.... or buy it from amazon ) then use the code inside the book to get access to the same questions, but in online form.
    
• SSCP AIO
  
  • This also gives you access to TotalSEM online quizzes
    
• Also had referenced to use pluralsight via WGU as well, but I like to watch videos as they line up with the course objective syllabus, there's also flashcards on ISC2 that I looked at maybe once, but I don't recommend it.
  
  ​
  
  I'd give this to anyone looking to pass the SSCP:
  
  I utilized Lynda; look for SSCP Cert Prep 1,2,3,4,5,6,7 while taking notes with the videos. After watching each video for one of the domains, I would use the questions at the end to see how I tested. For each question I got wrong, I would write it down and continue to the ISC2 Offical Practice Tests online and practice the entire set of questions for that domain. I DID THIS IN PRACTICE MODE. For each question I got wrong, I wrote them down in the same fashion I did for the end of domain questions in Lynda, and read the explanation as to why I got it wrong, and understood the purposes of the other answers that were wrong (if firewall was the wrong answer, I would understand what the purpose of a firewall was, and I would understand why VPN was the correct answer). Basically, knowing what each of the 4 answers are will give you the best chance for the SSCP.
  
  After I wrote down the issues I was having, I utilized the AIO book and tracked down the answers to the questions I got wrong and read the related section and took notes.
  
  I would re-take the official practice tests again only if I felt I was "shakey" (usually if I scored under 75%).
  
  I did this for each domain, and then after all domains I used the end of chapter tests in the AIO as another set of questions.
  
  I then took the 1st practice test with the official practice questions and got a 68% (I swear this was way harder than the SSCP, DON'T WORRY!)
  
  After the first practice test, I found out why I was wrong, studied the AIO on those again, and took notes.
  
  I then moved to the TotalSEM provided by the AIO book, and took 1 set of 125 questions, and then a second set with 250 questions. TotalSEM is easier than the SSCP, but i feel if you're getting over 90% on them, you will be ready for the SSCP.
  
  After I finished the 250q set from TotalSEM (the day before my exam), I took the second practice test from official practice test and got a 73%. Next day I took and passed the SSCP (provisionally).
  
  ​
  
  I took 7 weeks of studying (1 week per domain) and 1 week of pure test taking.
  
  ​
  
  TL;DR:
  
  

1. Watch the set of related videos per domain in Lynda, taking notes.
   
2. End of Lynda, answer questions and jot down what/why you got it wrong
   
3. Open the official practice test questions and take all of the domain questions in practice mode, again jotting down why/what you got wrong
   
4. Open AIO and find the section pertaining to the questions you got wrong and read it while taking notes
   
5. Take the domain test again from the official practice test
   
6. Do this until you do all 7 domains
   
7. Take 1st practice test from Sybex in test mode
   
8. jot down what you got wrong, and go back to AIO and take notes again
   
9. Go to TotalSEM and take 1 set of 125 questions, and a 2nd set of 250 questions (practice mode)
   
   1. I did not study after getting these questions wrong; I got 91% and 93% my first times
      
10. Take 2nd practice test from Sybex in test mode
    
11. Take SSCP.

The following book that I'm going to recommend is something that I've seen a few people commenting negatively about but I found it incredibly useful. Especially if you're considering a "hacking for dummies" book.

http://www.amazon.co.uk/Certified-Ethical-Hacker-Study-Guide/dp/0470525207

Explains the basics, what you'll find in the hacking world in terms of tools and scripts, real world scenarios, end of chapter quizzes if you're that kind of learner etc.

Only other thing I can recommend is;

"X language for pen testers/security engineers/hackers etc".

Example; Violent Python - A cookbook for hackers, forensic analysts, penetration testers and security engineers.

Few books for you to consider - I got these for my course and are hugely useful. I've also included the Encase book as I know our forensics guys go back to it all the time:

Computer forensics using open source tools

The essential Brian Carrier - file system forensics

Real Digital Forensics

Encase training book

Digital Forensics Investigation

Forensic Discovery

A couple by William Stallings: Computer Security: Principles and Practice and Cryptography and Network Security: Principles and Practice

This is the version I passed! It was heavier on simulations than the previous CompTIA ones - since I don't feel comfortable saying a specific number, I would be prepared for more than, say, Network+.

The other big help I had was Mike Meyers' Passport for Security+ (http://smile.amazon.com/dp/0071832149) - I like books with a lot more crunch than fluff. If you have a Kindle and a few hours to review sticky spots, I'd recommend downloading it!

If you are doing okay on the WGU-provided stuff, however, just be calm, take your time on the sims, and you'll one-shot it. You do have to think a bit more out of the box than you did with A+ and N+, but it wasn't unreasonable.

Best of luck!

A buddy of mine recently passed PenTest+ and he used the PenTest+ AIO textbook.

I'll be beginning my PenTest+ studies soon and I intend to use that one as well.

Sorry!
Well I picked up the Sybex study guide, watched the cybrary course on it and used some online flash cards for vocabulary.

book
http://www.amazon.com/CASP-Advanced-Practitioner-Authorized-Courseware/dp/1118083199?ie=UTF8&*Version*=1&*entries*=0

Videos
https://www.cybrary.it/course/comptia-casp/

Flash cards [helpfull!]
http://www.cram.com/flashcards/casp-objective-review-1768575

I also had to lean heavily on my own personal experience though I am mainly a technician and do not have security as a focus in my current job.

Thanks! And it's the CASP study guide by sybex

Pretty disappointing, I've found several more typos/mistakes (minor).

It looks like the site cram.com (which isn't a porn site, oddly enough) lets you create your own flashcards. I've used the ExamCram books and there are others that have electronic flash cards or other fun things. If you sail any high seas, you can find them there too I'm sure.

If you're already thinking about looking for other jobs and are looking to get your Bachelor's, look at local colleges. A lot of places will offer tuition reimbursement or will cover your courses completely, which is fantastic if you can find it. Smaller shops also let you get your hands into a lot of different tools that you might not otherwise get to play with, which gives you experience and lets you refine what your career goals are.

For networking, I'm terrible at that too. I've found local user groups in my area (or within a couple hours from my city) that I go to frequently. There's a quarterly tech ed group, a quarterly System Center group, a powershell group, and even a generic sysadmin group. I had no idea they were out there until I started looking. Most of the time the "small talk" is about what's on our plates at work, how we're having trouble filling some position, how we got killed by xyz vulnerability/some Microsoft patch boned us, or how our kids are keeping us up and we're so tired. Each of the groups has a LinkedIn page too, but most of the meat is in the face-to-face interactions.

People inherently like to talk about themselves--if you strike up a conversation with someone and say "I overheard you guys talking about the ShellShock vulnerability, here's how we handled it." they'll just say "Oh, cool." and turn away. But if you were to say "I wasn't listening in, but I overheard you guys talking about Shellshock... It killed us...I mean, I should probably still be at work right now. How'd you guys handle it?" and then they'll launch into Puppet or Zabbix or Nagios or some tech that they use and you can ask them about that, too. It sounds exhausting, because it kind of is, but the connections actually come in really useful.

Sybex Study Guide book and Practice test books! Log questions in practice questions book were key for me. https://www.amazon.com/CompTIA-CySA-Practice-Tests-CS0-001/dp/1119433207/ref=pd_sim_14_1/141-3178373-7178015?_encoding=UTF8&pd_rd_i=1119433207&pd_rd_r=67ce748e-80b5-11e9-8ec8-f37f2ab7fd5a&pd_rd_w=bMurE&pd_rd_wg=gy87c&pf_rd_p=90485860-83e9-4fd9-b838-b28a9b7fda30&pf_rd_r=5YC274FYKQ58CA68JEMK&psc=1&refRID=5YC274FYKQ58CA68JEMK

I agree. I would look into virtual labs too.

I personally liked these:

https://www.cybrary.it/catalog/practice_labs/comptia-cybersecurity-analyst-csa

And the Sybex book and practice questions:

https://www.amazon.com/CompTIA-CySA-Study-Guide-CS0-001/dp/1119348978/

https://www.amazon.com/CompTIA-CySA-Practice-Tests-CS0-001/dp/1119433207/

Edit: CompTIA renamed Cybersecurity Analyst from CSA to CySA. So you will see a mix for a while.

I used mike Meyers IT Fundamentals book to study and it worked for me.

Amazon link to book

I passed 501 with about 2.5 weeks of study with CompTIA Security+ Certification Study Guide, Third Edition and CompTIA Security+ SY0-501 Exam Cram. Probably 4 or 5 hours in the beginning reading to anywhere between half hour to 2 hour sections of reviewing stuff. Didn't feel ready and the test questions were way different but I knew enough about it all to pass it. Definitely doable, just put the time into reviewing stuff.

You know, I have not studied Security+.

Speaking for myself, I would assume you'd want to be aware of the latest technology & matters related to the field, not study material that may not be as relevant, and missing out on new methodologies.

This is a field where you need to be cognizant of current practices.

What Cybersecurity skills do employers look for? https://certification.comptia.org/it-career-news/post/view/2017/07/05/what-cybersecurity-skills-do-employers-look-for

It is true that you do not have many resources to choose from for 501 as the other Redditter mentions.

I located this book just in case. It is by David Prowse.
https://www.amazon.com/CompTIA-Security-SY0-501-Guide-Certification/dp/0789758997

David Prowse: http://www.davidlprowse.com/articles/

Bio: David Prowse: http://www.pearsonitcertification.com/authors/bio/6b781d51-4a68-4490-ab10-02a757602ceb

I'm working on studying for this while I wait to be re-enrolled. Just purchased the all-in-one CHFI book for $30. I've used these books before for CompTIA exams and thought it might be a good place to start.

https://www.amazon.com/Computer-Hacking-Forensic-Investigator-Certification/dp/0071831568/ref=sr_1_3?keywords=all-in-one+chfi&qid=1572398962&sr=8-3

I'm no hacker or anything, but a few things I would do if I wanted to get into that field would be to learn networking/net security. Being a comp sci major, I assume you understand networking. You could study for the Security+ exam, just to get a good understanding of IT Security and whatnot. Then study for the CEH. I've got a pretty good study guide for CEH, I believe it's this book.

I don't know much about the field, but it does sound fascinating.

They would do you more service buying books like http://www.amazon.com/Certified-Ethical-Hacker-Study-Guide/dp/0470525207 or http://www.amazon.com/Network-Warrior-Gary-Donahue/dp/1449387861/ref=sr_1_1?s=books&ie=UTF8&qid=1451148178&sr=1-1&keywords=network+warrior

But maybe they just don't know ... they see you only "sitting behind that thing they don't understand very well, for hours", you probably never talked about hobbies without it going awry, I can imagine. Not blaming anyone or anything, just saying, this is what usually happens and their reaction is gentle nudge.

I would say self-study for the EnCE. That'll be probably the best for you.

Carry out all of the exercises and what not and make sure you research anything you don't understand.

It's great that you already have a goal in mind. I don't know too much about this particular field but I would start off gaining interest in the basis of computer security. This would include encryption schemes, hashing functions, network intrusion detection, secure computing, and others. Here's a book that I read through for an introduction to computer security class. There's probably better books out there but that's the one I read.

Overall, computer security is one of the more specific fields so be sure not to skip over your core computer science and mathematics education.

Here is the mobile version of your link

I am currently studying for my Network+ exam. I am using this book for my studies:

http://www.amazon.com/CompTIA-Network-Certification-Study-N10-006/dp/0071848886/ref=sr_1_6?ie=UTF8&qid=1457751965&sr=8-6&keywords=comptia+network%2B

The nice thing about this book is that it comes with a CD that has almost 600 test prep questions along with a lab manual and a bunch of extras. Its not too expensive and I think it is definitely worth the money.

Looking to take my exam later this month and I feel like this book and its resources have been really helpful.

I'm currently studying for an HCISPP certificate and have found the following to be a pretty good guide to all things healthcare security related (not only HIPAA):

https://www.amazon.com/Healthcare-Information-Security-Privacy-All/dp/0071831797