CompTIA Security+ Certification

In July of 2023 I achieved CompTIA Security+ certification. This certification was beneficial in learning how to identify and address potential threats, attacks, and vulnerabilities, and establishing techniques in risk management, risk mitigation, threat management, and intrusion detection.

View my certification here

Security+ Lab Case Studies

Overview

During my time preparing for the CompTIA Security+ exam, I completed numerous lab scenarios that allowed me to hone and demonstrate my skills within virtual systems and environments. I’ve put together some case studies below to highlight a few of these specific scenarios and the skills they helped me polish

During my time preparing for the CompTIA Security+ exam, I completed numerous lab scenarios that allowed me to hone and demonstrate my skills within virtual systems and environments. I’ve put together some case studies below to highlight a few of these specific scenarios and the skills they helped me polish

1. General Security Concepts

Scenario: Introduction to key cybersecurity concepts and terminology, laying the foundation for understanding the various security controls used in protecting an organization

Skills Demonstrated: Recognizing security principles, understanding core security functions, and establishing baseline security measures

2. Threats, Vulnerabilities, and Mitigations

Scenario: Simulated environments in which I identify common threats and vulnerabilities, and then respond with the most appropriate mitigation techniques

Skills Demonstrated: Threat assessment, Vulnerability scanning, Implementing security controls, and Incident response

3. Security Architecture and Design

Scenario: Secure enterprise infrastructures, focusing on different architectural models and their security implications

Skills Demonstrated: Secure Network Design, Implementation of layered security, and configuration of secure systems based on architecture models

4. Risk Management

Scenario: Engage in risk assessments and management strategies, focusing on identifying, analyzing, and mitigating risks in an organization

Skills Demonstrated: Risk analysis, risk mitigation planning, and application of risk management frameworks

5. Security Operations

Scenario: Experience security operations, including vulnerability management and the security implications of managing hardware, software, and data

Skills Demonstrated: Vulnerability management, system hardening, and data protection strategies

6. Identity and Access Management

Scenario: Manage identities and access to ensure that only authorized users had access to critical systems and data

Skills Demonstrated: Configuration of access controls, Implementation of identity management solutions, and Enforcement of least privilege policies

7. Compliance and Governance

Scenario: Focus on application of laws, regulations, and best practices in governance, risk, and compliance

Skills Demonstrated: Understanding of governance frameworks, compliance requirements, and how to apply them in a cybersecurity context

8. Security Program Management

Scenario: Manage and oversee security programs, including communication, reporting, and security awareness

Skills Demonstrated: Security program development, incident reporting, and creating security awareness programs

Outcome

Each of these labs contributed significantly to my development of a comprehensive skillset in cybersecurity, and has allowed me the hands-on experience necessary to reinforce my theoretical knowledge with practical application; leaving me prepared and confident to handle real-world security challenges

Supporting Media

Screenshot 2024-09-04 at 3.14.57 AM
Screenshot 2024-09-04 at 3.15.15 AM
Screenshot 2024-09-04 at 3.15.36 AM
Screenshot 2024-09-04 at 3.16.02 AM
Screenshot 2024-09-04 at 3.16.19 AM
Screenshot 2024-09-04 at 3.16.40 AM
Screenshot 2024-09-04 at 3.16.58 AM
Screenshot 2024-09-04 at 3.17.20 AM
Screenshot 2024-09-04 at 3.17.35 AM
Screenshot 2024-09-04 at 3.17.53 AM

Tools Used

Wireshark: Network protocol analyzer used for capturing and analyzing network traffic

Nmap: Network scanner used for discovering hosts and services on a computer network

Metasploit: Penetration testing framework used for exploiting vulnerabilities in systems

Kali Linux: Security-focused operating system used for penetration testing and security auditing

Nessus: Vulnerability scanner used to identify security issues in systems and networks

OpenVAS: Open-source vulnerability scanner used for detecting security vulnerabilities

Burp Suite: Web application security testing tool used for identifying vulnerabilities in web apps

John the ripper: Password cracking tool used for testing password strength

Netcat: Network utility used for reading from and writing to network connections

tcpdump: Command-line packet analyzer used for capturing network traffic

SysInternals Suite: Collection of Windows tools for system monitoring, diagnosing, and troubleshooting