Friday, July 29, 2016

Passing CyberSec First Responder Exam

I'm happy to say that I passed the CyberSec First Responder certification exam. Overall, it was an enjoyable experience - studying for it and learning some new things, taking the exam at a good testing center, and celebrating afterwards at IHOP.
One thing that I reaffirmed through the process is that it is a logical choice after the CompTIA Security+ exam to round out your resume. This is especially true if you're seeking a hands-on role in cybersecurity or IT forensics and it will be what I recommend to anyone that asks me about CEH.
As with any certification exam, there is a non-disclosure agreement (NDA) and I don't plan on violating the NDA. Still, there are some things I can share with you that you may find useful.

Taking the CyberSec First Responder Exam

First, the questions were all multiple choice or True/False questions. Many of the multiple choice required you to select two or three answers. A neat feature was that the exam had an internal check in it, helping me ensure I selected the correct number of answers.
Many of the "select three" answers were used instead of the NOT type of questions that CompTIA frequently uses. This will help many people avoid confusion.
As an example, consider this question.
Which of the following are colors (Select Three)?
  1. Blue
  2. Car
  3. Green
  4. Yellow
If you understand the content, this is often just a a matter of figuring out which answer doesn't fit with the others and not selecting it.
The same question could use the same answers, but reworded like this:
"Which of the following is NOT a color?"
One thing I was very grateful for was that the questions and content were never covered up. I could always see the full question and all the answers. In contrast, when I took the CompTIA Cybersecurity Analyst Beta Exam, it was often difficult to view the graphics, question, and instructions without moving things around. Typically, the question and instructions covered up the graphics and underlying hotspots making it tedious to just understand the questions.

How To Study for CyberSec First Responder

Here are a few methods you can use to prepare for this exam.

Attend a CyberSec First Responder Course

There are many training centers that teach the course. You can use the search feature toward the bottom of this page to find one near you. It’s labeled Find a CFR Class Near You.  Select the region (such as USA) and the Subregion (such as VA) and it’ll list training centers that you can click to get more information.
The course is typically taught in a five-day instructor-led format from 9 AM to 5 PM.
Some people love this format, and there was a time when I thrived in a classroom format like this. However, it's not for me today, so I needed another method.

Self-Study with the CyberSec First Responder Course Book

You won't find any resources for the CyberSec First Responder certification on Amazon. However, you can purchase the course book from Logical Operations here. They have several options such as:
Student: Digital Courseware
This includes the course book and other materials (such as a practice test) available online. I used this in my preparation. Unfortunately, minor eye surgery made it quite uncomfortable to look at a computer screen for more than five minutes while studying for this exam. Fortunately, I was able to print out the course book from the digital courseware - it was a little messy, but worth it.
Student: Print and Digital Courseware
This includes all of the digital courseware products and you also get a printed course book shipped to you. If you like a paper copy, the few extra dollars are worth it for this package (and definitely better than printing out the course book from the digital courseware.
Student: Print and Digital Courseware with the Lab Bundle
This includes the same resources as the Print and Digital Courseware product, but also with access to an online lab. I didn't use this, but the course book referred to it often within chapter Activities. You could create your own lab, but a ready-made lab would save you a lot of time.
Woo Hoo! Study Guide Now Available
Logical Operations recently created a study guide that you can purchase directly from them here.  It’s only $99 in the US and it includes all the resources available in the Student: Digital Courseware product that I used, except for the eBook. (Don’t get this if you’re planning on minor eye surgery soon, though. You won’t be able to print it out.)
Self-Study with Your Own Lab 
Another option is to create your own lab. You can do this in two steps.
  1. Install Oracle VirtualBox on your system.
  2. Install an instance of Kali Linux as a virtual machine (VM).
While you can also install Kali on a bootable USB, it's valuable to have it as a VM within your primary computer when studying.
Note that this will allow you to do many of the activities in the course book, but you'll have to adapt. If you've developed strong critical thinking skills, this is a good option. However, if you need step-by-step instructions that work without the need to adapt them to your own lab, the lab bundle is a better option for you.
If you're interested in building your own lab, check out this section on Kali Linux and CyberSec First Responder

How I Passed the CyberSec First Responder Exam

While your experience may be different, here are the things that I attribute to passing this exam the first time I took it.
  • Doing the best I could on the Security+ exam (and other security exams I've taken). I found that many of the topics were quite similar to the Security+ exam. When I learned those topics, I truly learned them, and they stuck with me.  For example, I don't need to study CIA or the order of volatility to know their meanings for any certification exam today.
  • Downloading and reading the objectives for the CyberSec First Responder exam.
  • Creating a virtual lab with Oracle VirtualBox and Kali.
  • Reading the CyberSec First Reponder course book  from cover to cover. While there were many familiar topics in this course book, it also gave me some valuable information needed for the exam.
  • Taking the course book online quiz. This is a 40 question quiz, which I took 3 times and ultimately dug into each of the questions and the answers. My intention wasn't just to get the questions correct, but also to know why the correct answers were correct and why the incorrect answers incorrect. During my IHop review after the exam, I realized this helped with many actual questions.
If you're planning on taking this exam, post a comment. I (and others) would love to hear from you.

How Long Did You Study?

Several people have asked me how long I studied for this exam. I started looking at it closely when I wrote a blog about it about three weeks ago. I then studied the coursebook daily for about two weeks before I took the exam.  Again though, I stress that doing the best I could on previous security certification exams helped me with this exam.
Of course, the implied question is "How long will it take me to pass this exam?" If you've recently passed the Security+ exam and truly learned the content, I'd say that you can get this certification within 30 days by following these steps.
  • Get the study guide.
  • Study the study guide daily.
  • Get a voucher and schedule your exam (10% discount available here).
  • Take the online quiz until you're acing it and you understand all of the answers.
  • Take the exam, celebrate your success, and let us know what worked for you and how long it took.