CompTIA Security+ Certification
In July of 2023 I achieved CompTIA Security+ certification. This certification was beneficial in learning how to identify and address potential threats, attacks, and vulnerabilities, and establishing techniques in risk management, risk mitigation, threat management, and intrusion detection.
Security+ Lab Case Studies
Overview
During my time preparing for the CompTIA Security+ exam, I completed numerous lab scenarios that allowed me to hone and demonstrate my skills within virtual systems and environments. I’ve put together some case studies below to highlight a few of these specific scenarios and the skills they helped me polish
During my time preparing for the CompTIA Security+ exam, I completed numerous lab scenarios that allowed me to hone and demonstrate my skills within virtual systems and environments. I’ve put together some case studies below to highlight a few of these specific scenarios and the skills they helped me polish
1. General Security Concepts
Scenario: Introduction to key cybersecurity concepts and terminology, laying the foundation for understanding the various security controls used in protecting an organization
Skills Demonstrated: Recognizing security principles, understanding core security functions, and establishing baseline security measures
2. Threats, Vulnerabilities, and Mitigations
Scenario: Simulated environments in which I identify common threats and vulnerabilities, and then respond with the most appropriate mitigation techniques
Skills Demonstrated: Threat assessment, Vulnerability scanning, Implementing security controls, and Incident response
3. Security Architecture and Design
Scenario: Secure enterprise infrastructures, focusing on different architectural models and their security implications
Skills Demonstrated: Secure Network Design, Implementation of layered security, and configuration of secure systems based on architecture models
4. Risk Management
Scenario: Engage in risk assessments and management strategies, focusing on identifying, analyzing, and mitigating risks in an organization
Skills Demonstrated: Risk analysis, risk mitigation planning, and application of risk management frameworks
5. Security Operations
Scenario: Experience security operations, including vulnerability management and the security implications of managing hardware, software, and data
Skills Demonstrated: Vulnerability management, system hardening, and data protection strategies
6. Identity and Access Management
Scenario: Manage identities and access to ensure that only authorized users had access to critical systems and data
Skills Demonstrated: Configuration of access controls, Implementation of identity management solutions, and Enforcement of least privilege policies
7. Compliance and Governance
Scenario: Focus on application of laws, regulations, and best practices in governance, risk, and compliance
Skills Demonstrated: Understanding of governance frameworks, compliance requirements, and how to apply them in a cybersecurity context
8. Security Program Management
Scenario: Manage and oversee security programs, including communication, reporting, and security awareness
Skills Demonstrated: Security program development, incident reporting, and creating security awareness programs
Outcome
Each of these labs contributed significantly to my development of a comprehensive skillset in cybersecurity, and has allowed me the hands-on experience necessary to reinforce my theoretical knowledge with practical application; leaving me prepared and confident to handle real-world security challenges
Supporting Media
Tools Used
Wireshark: Network protocol analyzer used for capturing and analyzing network traffic
Nmap: Network scanner used for discovering hosts and services on a computer network
Metasploit: Penetration testing framework used for exploiting vulnerabilities in systems
Kali Linux: Security-focused operating system used for penetration testing and security auditing
Nessus: Vulnerability scanner used to identify security issues in systems and networks
OpenVAS: Open-source vulnerability scanner used for detecting security vulnerabilities
Burp Suite: Web application security testing tool used for identifying vulnerabilities in web apps
John the ripper: Password cracking tool used for testing password strength
Netcat: Network utility used for reading from and writing to network connections
tcpdump: Command-line packet analyzer used for capturing network traffic
SysInternals Suite: Collection of Windows tools for system monitoring, diagnosing, and troubleshooting