Security Certification Paths

Simply put, corporations exist for the sole purpose of making money.  The employees are there to serve that goal. Beyond screening employees for needed skills, degrees and certifications do little, if anything.  This is why we often find people working in fields that they have obtained proficiency in, but lack a matching degree.

With this in mind, IT security certifications show potential employers, or customers, that you are qualified to perform the functions of a security professional.  There are dozens of IT certifications, so which ones are best?

Everyone has different answers.  But, many organizations consider the Certified Information Systems Security Professional (CISSP) certification to be an excellent indication that an individual has the knowledge to perform effectively in an IT security role.  

Since the CISSP credential requires five years of cumulative paid work experience in at least two of the domains of the CISSP Common Body of Knowledge (CISSP CBK), a common career progression involves getting other certifications first:

  • CompTIA Network+
  • CompTIA Security+
  • (ISC)² SSCP
  • … and then the (ISC)² CISSP

Here is an overview of each of these certifications:

Network+

The Network+ certification indicates that you do not have any gaps in your knowledge of system administration.  It is designed to test the ability of a network technician to configure and support TCP/IP clients. It covers network design, cabling, hardware setup, configuration, installation, support, and troubleshooting.

The Network+ exam can be taken by anyone.  However, it is aimed at people who have a year or two of on-the-job experience and A+ certification – or equivalent knowledge.  So, if starting from scratch, the A+ certification might be a better starting place.

With the correct examination materials, many people can pass the Network+ confirmation with one or two months of study.

Security+

Security+ expands on the knowledge required for Network+ certification.  As the name implies, it concentrates on security aspects of information systems.  The time required to prepare for it is generally about half of the time required to prepare for Network+.

The Security+ certification is required for many (or maybe most) IT positions with the US Depart of Defense (DoD) or military contractors.  So, this certification is critical for those who touch IT in the defense industry. My favorite book for Security+ is Mike Meyers’ CompTIA Security+ Certification Guide.

A good companion to Mike’s book is his video series on Udemy.  

Be sure to look for the Udemy sales, which happen on a regular basis.  If you pay more than $10 or $15 for a course on Udemy, you are paying too much.  Just be patient and wait for a sale.

SSCP

The (ISC)² Systems Security Certified Practitioner (SSCP) certification can be thought of as a final stepping stone toward a CISSP.  The SSCP has a lot in common with the Security+. So, it is the next logical step after obtaining a Security+. Obtaining the SSCP may take a bit more time than Security+. But, it should be easily achievable within a couple of months.  

Unlike Security+, the SSCP requires one year of experience in at least one of the following domains:

  • Access Controls
  • Security Operations and Administration
  • Risk identification, Monitoring, and Analysis
  • Incident Response and Recovery
  • Cryptography
  • Network and Communications Security
  • Systems and Application Security

The one year experience requirement can be waived if you have a degree in a cybersecurity related field.  The following degree titles are approved by (ISC)²:

  • Computer Science
  • Computer Engineering
  • Computer Systems Engineering
  • Management Information Systems (MIS)
  • Information Technology [IT]

In line with the work experience requirement, the SSCP exam itself focuses more on knowledge application and critical thinking, while the Security+ exam focuses on less ambiguous scenarios.

I like to think of the SSCP as personal validation that your knowledge base is progressing toward what is needed for the CISSP.  But, you can avoid the SSCP and go straight for the CISSP certification. Perhaps a compromise between these two extremes is to go through a SSCP study guide, but skip the exam.

CISSP

The CISSP exam is considerably more difficult than basic and intermediate certifications described above.  But, by passing it, you demonstrate the breadth of your IT security knowledge.

The CISSP encompasses eight domains of knowledge:

  • Security and Risk Management
  • Asset Security
  • Security Architecture and Engineering
  • Communication and Network Security
  • Identity and Access Management (IAM)
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security

The CISSP exam is more general than the SSCP and requires more critical thinking skills that are acquired primarily by experience.  Speaking of experience, CISSP requires 5 years of paid work experience.

The amount of time required to prepare for the CISSP exam is significantly more than the time required to prepare for the other exams.  Many people take between 6 months and a year to prepare. However, the time spent is worthwhile because CISSP certification opens up many career possibilities.  I am most familiar with US DoD requirements and CISSP is certainly a certification to shoot for if you are an IT professional in the defense industry. Here is a link to DoD approved certifications for various types of positions:

https://iase.disa.mil/iawip/pages/iabaseline.aspx

 

Solar Panel Performance

Here is a link to a website put together by the California Energy Commission to provide evaluations of solar panel performance:

http://www.gosolarcalifornia.ca.gov/equipment/pv_modules.php

I find it interesting that there does not seem to be much of a difference between monocrystalline and polycrystalline panels.   Both seem to produce about 90% of their rate values under standard test conditions of:

  • 20C air temperature
  • 1 meter/sec wind speed (2.2mph)
  • 10 meters (33 ft) above the ground
  • Air mass of 1.5
  • ASTM G173-03 standard spectrum
  • 1000 watts/sq meter solar irradiance

Ok.  So, how is that practical?  Well, here is a calculator, based on historical data, of how much irradiance is expected in a given location.

http://solarelectricityhandbook.com/solar-irradiance.html

For Dallas in September, expected solar irradiance of a South facing panel is 4.96kWh/sq meter/day.  So, it appears that a real world 100W panel should be expected to produce 9% of this amount – or 446Wh.

To put this in perspective… 446Wh would allow a person to use 18.6 watts of electricity constantly over a 24 hour period, assuming that the system has a battery to store energy for use at night and cloudy days.

Note that solar irradiance is about half that amount in the winter.

Bottom line:  An ideal 100 watt solar electric system in Dallas allows a person to constantly use about 18 watts of power during the month of September; about 9 watts in the winter.  Real world results are almost certainly less.

Wireless Internet Access

High speed internet access is often available to rural users only through expensive satellite or microwave systems.  However, many people (rural or not) may find a wireless solution using cell phone towers to be a great alternative way to access the internet.

I often travel.  Having a wireless access point is something important to me.  A few weeks ago, I purchased the Huawei B310-518 Wi-Fi router.  This device works much like tethering with a cell phone, with similar speeds.

But, the Huawei B310-518 is also more powerful than a tethered cell phone:

It has an Ethernet cable for connecting to a computer – or even a large network.

The Wi-Fi capability has more range than a tethered cell phone.

There is a standard wired phone jack built into the B310-518.  This allows a cell phone number to be used with a regular wired phone.

The B310-518 is an unlocked GSM device.  So, that means that it works with most cell phone carriers except for Verizon and Sprint.  AT&T works.  T-Mobile works.  And companies that resale these services also work.  In Canada, it will work with Rogers and others.  Simply use your cell phone’s SIM card in the Huawei router, or buy a special SIM card for the device.  It even works internationally.

I ended up purchasing a SIM card and service from Mint Mobile:

https://www.mintmobile.com/

Plans vary.  Mint Mobile charges $15 per month for 2GB of high speed data.  They charge $25 per month for 10GB of high speed data.  After the high speed data allocation is used, unlimited low speed data is provided.

Of course, you can use AT&T, T-Mobile, or other carriers with the Huawei device.

The only thing that took me by surprise with this device was that the instruction manual was in Spanish and the default configuration webpage for the device was in Spanish.  Switching to English was fairly easy.  But, one would think the default for the US market would be English.   Also, the router came with a European plug and a converter to a US style plug.  That works.  I wonder if the US market is an afterthought, though.  Online research seems to indicate that the DC plug is the standard 2.1mm coaxial DC power plug.