WEBVTT

00:07.460 --> 00:08.120
Hi everyone.

00:08.120 --> 00:11.270
My name is Chester Kenrick and let me tell you a little bit about myself.

00:11.270 --> 00:16.910
I have a PhD in Information technology with an emphasis in information systems security, a master's

00:16.910 --> 00:23.600
in cybersecurity, an MBA, plus a ton of experience with 25 years hands on experience in information

00:23.600 --> 00:26.750
technology, cybersecurity, and telecommunications.

00:26.750 --> 00:31.910
I also have been teaching for the last five years, both in academia and boot camp courses that specifically

00:31.910 --> 00:35.120
go into exams like the one you're going to take today.

00:35.120 --> 00:39.800
I possess the Cispes, the CSA, and the Security+ certifications.

00:39.830 --> 00:43.790
You may be asking yourself, why should I take the Cisa plus exam?

00:43.850 --> 00:49.700
Cisa is an intermediate certification, meaning you should already have foundational knowledge in cybersecurity

00:49.700 --> 00:51.350
and security related fields.

00:51.350 --> 00:57.410
With certifications such as Security+ already under your belt, you should know that Cisa is considered

00:57.410 --> 01:03.390
to be a level two DoD Dodd 8570 industry recognized certification, meaning that you can go through

01:03.390 --> 01:09.840
the process and already be qualified for level two of the fields for government jobs related to cybersecurity.

01:09.870 --> 01:14.550
Unlike other vendors specific certifications, Cisa is vendor neutral.

01:14.550 --> 01:20.250
It doesn't have a specific recommendation for a specific technology or a manufacturer tied to it.

01:20.250 --> 01:25.770
Vendor neutrality means that it goes through the entire process, understanding that cybersecurity is

01:25.770 --> 01:29.580
about cybersecurity and not related to one specific technology.

01:29.610 --> 01:34.230
Cisa provides you for the foundational knowledge in order to progress your careers.

01:34.230 --> 01:39.180
Maybe you imagine yourself in a career as cybersecurity analyst, going through and identifying threats

01:39.180 --> 01:43.830
and providing the appropriate acknowledgement for those threats and responding to those incidents.

01:43.830 --> 01:49.530
Maybe you're imagining yourself in a different career, such as an incident response analyst, where

01:49.560 --> 01:51.900
cybersecurity analyst goes in and identifies the threat.

01:51.930 --> 01:56.640
Maybe you want to be the actual person that goes and responds to that threat, locking down systems,

01:56.640 --> 01:59.500
identifying how they got in and where to stop them.

01:59.500 --> 02:05.170
Maybe your key idea is an application security analyst going through the different web applications,

02:05.170 --> 02:09.430
or the different programming and developments that come into play, identifying where those weaknesses

02:09.430 --> 02:12.850
and vulnerabilities are and how to properly protect against them.

02:12.880 --> 02:19.210
You may be asking yourself, what's the difference between Security+ versus Cisa, when Security+ already

02:19.210 --> 02:23.740
gives you that foundational knowledge in cybersecurity that you may already be accustomed to or already

02:23.740 --> 02:24.640
possess?

02:25.360 --> 02:32.020
While CompTIA Security+ provides you a foundational knowledge of cybersecurity concepts, Cisa provides

02:32.020 --> 02:34.630
you with an analyst or an incident response behavior.

02:34.660 --> 02:39.430
This means that our focus isn't so much on the basic concepts, but the intermediate knowledge that

02:39.430 --> 02:44.440
comes with being an analyst and understanding how to properly respond to specific incidents that impede

02:44.440 --> 02:45.820
upon your infrastructure.

02:45.850 --> 02:49.840
The different roles associated with Security+ are more on the security side.

02:49.870 --> 02:55.750
Network administration, system administrator, or foundational positions that, while they're entry

02:55.750 --> 02:59.170
level, do go into specific cybersecurity positions.

02:59.170 --> 03:05.650
The job roles associated with Cisa plus are more in line with advanced roles such as an analyst position,

03:05.650 --> 03:08.890
whether it's with a vulnerability or even threat intelligence.

03:09.310 --> 03:15.730
Security plus is relatively accessible to most individuals with limited knowledge with pure foundational

03:15.730 --> 03:19.630
knowledge, whereas Cisa is considered to be a little bit more challenging.

03:19.660 --> 03:24.280
Understanding logs and how to read those logs, the different incidents associated with it, how to

03:24.280 --> 03:28.360
read vulnerabilities, and what the proper procedures are to shore up those vulnerabilities.

03:28.360 --> 03:34.180
The exam structure in both are similar in case Security Plus is multiple choice with performance based

03:34.180 --> 03:37.930
questions, and you're going to see relatively the same structure within Cisa.

03:37.930 --> 03:41.980
Plus, the exam duration for Security Plus is only 90 minutes.

03:41.980 --> 03:46.270
However, Cisa gives you almost three hours at 165 minutes.

03:46.270 --> 03:48.340
Security plus is more network driven.

03:48.340 --> 03:53.680
It provides access, control and foundational knowledge of cryptography, risk and incident response,

03:53.720 --> 03:58.730
and how the overall flair within cybersecurity really is at a truly foundational level.

03:58.760 --> 04:04.910
However, Sisa covers things like threat and vulnerability management, security operations and monitoring,

04:04.910 --> 04:10.100
incident response, Siem and Soar, as well as compliance and assessment of the different incidents

04:10.100 --> 04:12.320
associated with specifically with your network.

04:12.320 --> 04:18.260
Security plus is more of an entry level role, providing you with positions that truly are limited experience

04:18.260 --> 04:22.370
to no experience, and a cybersecurity foundational role.

04:22.400 --> 04:28.730
However, Sisa prepares you for more advanced role excelling in your career in the terms of cybersecurity

04:28.730 --> 04:35.540
to some key roles and positions to really and truly understand cybersecurity at a level that Security+

04:35.540 --> 04:36.740
just doesn't offer.

04:36.770 --> 04:41.750
CompTIA recommends that you have four years of hands on experience in information security role, maybe

04:41.780 --> 04:44.540
incident response, or even security operations.

04:44.570 --> 04:49.700
They also recommend that you have Network+ or an equivalent certification as well as Security+.

04:49.730 --> 04:55.930
I sort of disagree with this recommendation and my personal opinion, you should have security+ already

04:55.960 --> 05:00.430
hand and understand the foundational understanding of cyber security.

05:00.460 --> 05:06.310
Security+ or an equivalent certification would be a great rule or great certification to have before

05:06.340 --> 05:07.450
starting this course.

05:07.450 --> 05:12.340
However, I recommend that you start your Cisa immediately after Security+.

05:12.370 --> 05:17.740
A lot of that foundational knowledge is going to appear right into the Cisa objectives, and truly prepare

05:17.740 --> 05:19.210
you to pass that exam.

05:19.210 --> 05:22.930
I don't necessarily think that you need those four years of hands on experience.

05:22.930 --> 05:26.950
That doesn't mean that you shouldn't have hands on experience or understand how to read logs.

05:26.950 --> 05:32.710
I'm not saying that, but what I am saying is that Security+ is a great entry level certification.

05:32.710 --> 05:36.910
However, I would start studying for Cisa immediately after.

05:37.120 --> 05:41.140
Let's explore the specific exam domains associated with Cisa.

05:41.650 --> 05:48.940
Right now, Cisa makes up four distinct domains, with each one having a percentage weighted scale within

05:48.940 --> 05:55.420
the exam itself, For instance, domain one security operations makes up 33% of the exam.

05:55.420 --> 05:56.140
Security.

05:56.170 --> 05:58.300
Vulnerability management 30%.

05:58.300 --> 06:00.610
Incident response and management 20%.

06:00.610 --> 06:02.020
Reporting and communication.

06:02.050 --> 06:03.730
A mere 17%.

06:03.730 --> 06:04.420
All these.

06:04.420 --> 06:07.690
Total the exam weighted domain of 100%.

06:07.690 --> 06:08.830
And domain one.

06:08.830 --> 06:09.070
We're going.

06:09.100 --> 06:13.660
To cover security operations such as log ingestion we're going to hit some tools such as.

06:13.690 --> 06:16.390
Wireshark VirusTotal cuckoo sandbox.

06:16.390 --> 06:18.730
We're going to talk about file hashing and XML.

06:18.760 --> 06:19.420
Programming.

06:19.420 --> 06:23.200
We're going to cover threat hunting and threat intelligence sharing as well as tactics techniques and

06:23.200 --> 06:24.220
procedures.

06:24.640 --> 06:27.250
And domain two we're going to talk about vulnerability management.

06:27.250 --> 06:28.930
We're going to discuss map tools.

06:28.960 --> 06:30.250
Finger device fingerprinting.

06:30.250 --> 06:33.880
We're going to talk about device debuggers angry IP scanner maltego.

06:33.910 --> 06:37.660
We're going to cover different attack vectors and cross-site scripting.

06:37.660 --> 06:40.510
How it differs from buffer overflows and heap stacking.

06:40.540 --> 06:45.370
We're also going to explain different concepts such as risk management compliances, threat modeling

06:45.370 --> 06:47.110
and attack surface management.

06:47.110 --> 06:52.120
And 3.0 we're going to talk about incident response and management such as cyber kill chains, the Mitre

06:52.120 --> 06:53.950
attack methodology and framework.

06:53.980 --> 06:59.200
We're also going to cover IOCs and incident response plans, playbooks and business continuity versus

06:59.200 --> 07:01.660
disaster recovery, a domain for.

07:01.690 --> 07:05.890
We're going to talk about reporting and communication and decide why it's so important to actually use

07:05.890 --> 07:07.270
those reporting mechanisms.

07:07.300 --> 07:10.270
We're going to talk about patching and configuration management.

07:10.270 --> 07:14.980
We're going to talk about communications from legal to public relations, all the way to different law

07:14.980 --> 07:18.760
enforcements and regulatory reporting requirements throughout the entire exam.

07:18.760 --> 07:23.140
We're going to cover in depth every last one of these domains and talk about the knowledge units you

07:23.140 --> 07:25.690
need to pass the Cisa plus exam.

07:26.320 --> 07:31.390
Our course follows closely along with the book pictured here as you're going through.

07:31.390 --> 07:37.390
If you're looking for a companion source or resource for this course, McGraw-Hill, Cisa course book

07:37.420 --> 07:39.610
is one that I would highly recommend.

07:39.730 --> 07:45.520
Pictured here you can see the chapter guide specifically with the domain coverage that we utilize throughout

07:45.520 --> 07:46.210
the course.

07:46.210 --> 07:52.430
You'll notice that the domains are not covered on a case by case basis, exactly as the domains depicted

07:52.430 --> 07:54.110
for the Cisa exam.

07:54.110 --> 07:55.310
This is on purpose.

07:55.340 --> 08:01.070
Our course structure is designed to give you the highest reflection of your knowledge and the most easily

08:01.070 --> 08:05.630
retainable format, and that's why we follow the chapters provided below.

08:06.140 --> 08:10.160
Here you can see the book chapters which correspond with the video course structure, as well as the

08:10.160 --> 08:12.320
exam objectives covered in each chapter.

08:12.320 --> 08:15.140
You will notice that some of the exam objectives are out of order.

08:15.140 --> 08:19.790
This is done intentionally to ensure foundational knowledge and retainability of the information provided.

08:19.850 --> 08:24.800
Here you can see the book chapters which correspond with the video course structure as well as the exam

08:24.800 --> 08:26.690
objectives covered in each chapter.

08:26.690 --> 08:29.390
You will notice some of the exam objectives are out of order.

08:29.390 --> 08:34.160
This is done intentionally to ensure foundation, knowledge and retainability of the information provided.

08:34.280 --> 08:39.260
This will be available to you as a resource as well as a map identifying the exam objectives.

08:39.290 --> 08:43.310
Now that we've talked about everything that's included within this course, let's talk about how to

08:43.340 --> 08:45.380
set up and prepare for your exam.