Azure Fundamentals (AZ-900)

COURSES:

· Azure Fundamentals (Microsoft)

o   This is an absolute must! It is free but I definitely would start with this as a foundation. It is 12 modules. I don’t think it took me quite as long as 9 hours to complete it. There is a mixture of reading, labs, and videos.

§  Link: https://docs.microsoft.com/en-us/learn/paths/azure-fundamentals/

 

READING:

·       AZ-900-Azure-Exam-Study-Guide (Author: Ravikiran Srinivasulu)

o   It was a nice source if you needed to double check certain concepts that weren't sticking. It is a really long read otherwise.

§  Link: https://ravikirans.com/az-900-azure-exam-study-guide/

 

PRACTICE QUESTIONS:

·       AZ-900 Microsoft Azure Fundamentals Certification [Sample Exam Practice Question & Answer Prep] (Author: Ravikiran Srinivasulu & Whizlabs)

o   Great example as to how some of the questions are worded on the exam. Appreciated how he was able to give context around why an answer is correct.

§  Link: https://www.youtube.com/watch?v=cAgN6Ac8MS4

 

·       Microsoft Azure Fundamentals | AZ 900 Practice Questions | Exam Preparation (Author: TestPrepTraining)

o   *Careful* There are a few questions incorrect but are also noted at the bottom where the video description is. Beyond the small errors it is also a nice option to get more practice to the exam.

§  Link: https://www.youtube.com/watch?v=VokDM-XLpUI

 

VIDEOS:

·       AZ-900: Microsoft Azure Fundamentals (Author: Sharon Bennett)

o   Liked that this wasn’t too long (Less than 2 hours). It was pretty straight forward. I went to sleep listening to this a few nights. I got free access via my public library.

§  Link: https://www.linkedin.com/learning/exam-prep-microsoft-azure-fundamentals-az-900/az-900-microsoft-azure-fundamentals

 

·       AZ-900 Azure Fundamentals Hints and Tips (Author: John Savill)

o   This was a nice way to see how Azure works from whiteboard mapping view. It really helped me see some concepts as they relate overall more so than just watching small  specific video segments on it.

§  Link: https://www.youtube.com/watch?v=t1nB1RYihJg

 

·       Microsoft Azure Fundamentals Certification Course (AZ-900) - Pass the exam in 3 hours! (Author: Andrew Brown & FreeCodeCamp)

o   The description was updated with super helpful links that can help you move around the video faster for specific concepts. Highly recommend. Watching it straight through however was a bit hard as Andrew re-introduces himself for each concept. It is free however so still great content.

§  Link: https://www.youtube.com/watch?v=NKEFWyqJ5XA

 

·       Exam AZ-900 Microsoft Azure Fundamentals Online Study Guide (Author: Tim Warner)

o   Tim goes into way deeper detail than what you really need and would probably be better to bridge concepts needed for higher exams. It doesn’t  seem complete but it is free and Microsoft changed the exam a bit in the middle of his recordings so I know he was trying to adjust accordingly.

*This is a playlist*

§  Link: https://www.youtube.com/playlist?list=PLYGZ9Q0oTOHfsI-3IAhvyc09ssPDfoePv

 

I originally received my Azure voucher for free from Microsoft during one of their virtual training days. While the session was a video webinar training that lasted about 6 hours total, it wasn’t enough for me to try and sit the exam right away, hence the recommendation of my resources above. If you can take advantage of one of these trainings I would recommend it, especially for the voucher. 

From really committing start to finish, it took about 2 weeks total for studying. Take it with a grain of salt for your own journey as everyone is different. It definitely helped that I already had an understanding of basic cloud concepts. Learning the specifics around Azure was probably what took the most time to study.

 

Link for upcoming training opportunities from Microsoft: https://azure.microsoft.com/en-us/community/events/?/

Replacing my cracked HP Spectre touchscreen

My laptop screen mysteriously was found cracked one day back in December 2019, of course it is past the warranty window by about a month ☹. With only a year of ownership the actually laptop was still quite usable. I embarked on a journey to see if I could replace the screen in February 2020 and completed my project the beginning of March 2020.

Supplies:

• 25pcs Electronics Repair Tool Kit, GangZhiBao Precision Screwdriver Set Magnetic for Fix Apple iPhone,Cell Phone,Smart Watch,Computer,PC,Tablet,iPad,Camera,Xbox,PS4 Pry Open Replace Screen Battery
• The supply kit was pretty intense, the piece that was pretty important for me was the ultra-thin steel spudger to get the screen lifted from the plastic.
• Screen For HP SPECTRE X360 15-CH0XX Series Touch LCD Replacement
• After searching the actual cost to replace the screen from HP was about 1,000+ dollars I vaguely remember, which I thought was outrageous as that was probably not too far from the actual cost of what I paid for the whole computer. I knew I had to get oem instead.
• With this screen in particular it was already outlined with tape that only needed to have the seal peeled off to activate for proper hold. I bought electronic repair tape prior to purchasing this screen that I ended up not using.
• Hair Dryer
• I had a small travel hair dryer that I used to heat up the glue to make getting the screen off easier. Usually a “heat gun” is recommend but luckily this was enough.
• My HP Spectre x360 Convertible 15-CH0XX (with cracked screen ☹)

In preparation I also watched a few videos from this list to help me understand what to do and what I was undertaking.

Video list for HP Spectre Screen repair:

• HP Spectre X360 15-BL012DX LED LCD Touch Screen Digitizer Assembly Replacement Procedure *Best one in my opinion
• HP Spectre x360 screen replacement step by step broken screen
• HP Spectre 13-4107 LCD Replacement
• Spectre X360 13 Screen Disassembly
• HP Spectre 13-4000 Screen Assembly Replacement Procedure

 

For the most part I didn’t really stray from the videos too much. I did have a tiny hair dryer compared to an actual heat gun and I do recall my hair dryer getting so hot it turned off, so I concentrated the heat at times to very specific area of the screen. The was very critical for getting the first corner removed.

It was also crucial to be gentle, getting the tool with very little space to the actual case I wasn’t sure if I was behind or in front of the plastic seal.

After having success in getting the screen out it was fairly easy getting the cords unattached from the old screen and reattaching to the new screen. In doing so it was time to test and be done right?

WRONG!

OMG what did I do wrong? My keyboard and touchpad are not working!?!?!?!?!?!?!?!?!?!?

In the meantime, to troubleshoot, I plugged in a usb keyboard and mouse.

For about 4 days I was frantically going through the bios, device manager, double checking my wire connections (prior to sticking the screen back in). I even went as far as wiping my system and starting from OS scratch ☹. Finally after many hours of googling I found my solution!!! All within an HP forum.

Disabling "Intel Integrated Sensor Solution" in Device Manager under 'System Devices' currently has the keyboard and touchpad working.

 

Visual example:

Of course, after being in the Device Manager and on the Intel Integrated Sensor Solution you need to right click to Disable. The arrow in the circle pointing down shows that it is disabled.

I wasn’t crazy after all! Other people had similar problems too. I am so grateful for their solution. I couldn’t bear getting rid of my laptop after all of the investment.

Hopefully anyone else out there found this helpful.

Shmoocon 2020

Shmoocon is held in Washington, DC so this is one conference I don't want to miss being a local to the area. This year it was from Jan 31-Feb 2nd and the theme was around Groundhogs day and of course Moose(It will always have moose).

If anyone knows how most Conference journeys start, it usually is getting the actual ticket. Shmoocon is known for it's high demand and extremely fast ticket sales. I was able to secure mine in the first round on November 1st 2019. I am glad they decided to put in those moose pictures to click on before the typical challenge question, I think it threw off many of the regular ticket grabbers.

Prior to the conference I perused the twitter feeds and slack for Shmoocon to get ready. Early January I saw a tweet that Shmoocon Labs still had openings for this year. Labs start a day earlier than the actual conference and cost an extra $50 but you get hands training with several areas that are used to help run the conference network. I thought why not, who knows if I'll be able to get a ticket this year.

Thursday (Labs Day!) Jan 30, 2020

We all gather at 8am and hit the ground running, however not more than 30 minutes into setting up I get cut on some server equipment. I didn't even feel it (probably I was too excited). Coming back I get a band-aid from one of the volunteers and head back to work. I was a little lost on what I could do but the staff were friendly and guided me to the infrastructure area.

Man was it A LOT! I luckily had a github account (barely used though) and a copy of a kali linux vm box already on my laptop. We were going really fast setting up ourselves to check in to update the ansible playbook. As another attendee described, it's like drinking out of a fire hose. When we went to lunch at Chipotle the kind person next to me I asked a few questions here and there to catch me up when I got behind told me that I shouldn't worry, the overall pace was fast for everyone. That made me feel a whole lot better.

When we get back we continue to work. Mid afternoon we finally we get a call to help unload supplies from the truck for the conference. It was a nice break from sitting all day and is considered our conference workout. With the amount of people we had, the task probably took no more than 30 minutes. Not too much later on we break and watch a brave 3 souls take on the Paqui Hot Chip Challenge. I don't think any of them did end up drinking the milk (which was considered a tap out). I did watch a few red faces and witnessed a few tears shed.

I personally had to tap out of the day around 6 so that I could grab some dinner and head home. Some people did stay and continue working, especially those staying at the conference hotel. One of the cool perks of being in labs was getting another badge for labs, but also this year a sweet knit hat!

Friday (Con Day 1!) Jan 31, 2020

Bright and early people could come in as early as 8am to continue with labs. I grabbed some breakfast and tried the firewall and SIEM areas this time. A cool thing about labs is that you are pretty free to move around as you want, go where you have interest. 

In the Firewall area I had one of the staff draw a diagram and walk me through the interfaces and explained the egress limitations that were needed so that the conference didn't take down the entire internet connection for the hotel. We even physically went to the boxes from the diagram and pointed out some of the connection points. I thought that was pretty cool.

Over in the SIEM area I watched another attendee install the CISCO app and add-on in Splunk. I also got to play a little with Moloch and check out the cool network graph of the connection nodes. Sadly while I was over there Kibana was broken, not sure if anyone got it up. If you have the skill you are free to dive in. If you don't, you can totally ask for help.

A little before 12 noon rolls around we labs folks go and get registered really quick before the mad crowds roll in. Before heading back to labs (as the conference opens beyond registration at 2pm) I was able to talk to a few vendors. Biggest one was trying to secure a copy of Backdoors and Breaches by Blackhills Information Security. Unfortunately they weren't starting the giveaway until Saturday morning but I know what my first task for the following day would be.

Of the talks on Friday they were all held in the main big auditorium. From the ones they had I liked "Zoom 0-Day: How Not to Handle a Vulnerability Report" by Jonathan Leitschuh the most. Luckily I don't have a MAC, but the amount of exposure people had from that scary to learn. Anyone being able to access a webcam without a user's permission is just creepy. Hence why many also have privacy shields on their camera. The actual fixing of the issue was also concerning considering the long timeline and escalation of the reporter.

Saturday (Con Day 2!) Feb 1, 2020

As I walk back into the Conference I head straight to grab my Backdoors and Breaches game copy From Black Hills. I was victorious! (Now just to find people that I can play with....as I am not an Incident Response person myself.) Walking around the space I try to figure out my next talks. At one talk I found I wasn't feeling the subject as much as I thought and head over to try another. Before I am able I get to the doors of the next one I am asked if I want to be a fox. I said sure! How often does one get this opportunity? I get filled in on the details and decide to go back to the vendor area. I am holding onto a tiny wireless transmitter in my pocket.

For a bit I hang around the Polarity table and try to build a mini light saber. During this time people are trying to seek me out, I saw a range of people with fancy a equipment to just guys on regular cell phones during the hunt itself attempting to.find my signal. A few hunters ask around the table of light saber makers if they are the "fox" but not me directly :(. At one point someone thinks it is the TV on the table transmitting the signal and give up. Alas someone finally talks to me directly but only asks if I am a fox. I was distinctly told to only give away my identity if they ask for "The easy wireless fox". I politely declined despite knowing he was so close. Not too long after some people realize that they must use the exact phrase needed and another person asks me correctly. Hooray! Also my light saber was finished!

Party night was interesting. I met lots of people and got catch up with those I've seen around the other local Infosec conferences. Ran into the guys that found me in the Fox Hunt and asked them about the apps they used to do it. Conversations were hard to have in the actual party space but being able to go in and out allowed for nice breaks.

Sunday (Con Day 3!) Feb 2, 2020

Man it's getting harder to wake up early these past few days! I grab a sandwich from the store across the street from the hotel for breakfast and head in for more talks. Probably the talk I could follow the easiest in the morning was "Playing the Short Game: The Effects of Data Breaches on Share Prices" by Chaim Sanders. Being an Economics major in college I didn't need too much background to get me leveled into the subject matter. While I don't see myself wanting to do statistics again, I did appreciate the transparency around the data used in the presentation and the suggestion for anyone to try and continue the exploration on the subject.

Finally in the afternoon I was around for the wonderful "Between Two Moose" discussion. It was a nice break from the technical talks and watched a wonderful game called cork and towel. Before you know it was closing remarks and this year I snagged an awesome Shmooganography shirt. This year Shmooganography was Batman themed :).

Closing notes:
Want to check out the actual site to the conference I am referring to? Find it here:
https://www.shmoocon.org/

If you are interested in Labs, make sure you secure a ticket first! Once you have, sign up here:
https://www.shmoocon.org/shmoocon-labs/

Interested in Wireless Capture the Flag? Check out where WIFI village will be next:
https://wctf.us/index.html

CISSP Study Materials

I was so grateful for the outpouring of congrats on passing my CISSP exam. I saw questions of materials I used and wanted to make sure I did that because I definitely couldn’t have done it without help as well.

BOOKS:

·        (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 8e & CISSP Official (ISC)2 Practice Tests, 2e 2nd Edition (Authors: Mike Chapple, David Seidl, James Michael Stewart, Darril Gibson)

o   I found I wasn’t that interested in the style of writing. I made it about 3 chapters in before I ended up using it as a last minute resource for last minute concepts.

§  Link: https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119523265/

·        CISSP Study Guide 3rd Edition (Authors: Eric Conrad, Seth Misenar, Joshua Feldman)

o   I read this one front to back in paperback 1^st. I did it so I could follow the FR Secure schedule(more on that later). I was able to read it but in the first pass I didn’t feel that I got everything down that would be enough for the exam.

§  Link: https://www.amazon.com/CISSP-Study-Guide-Eric-Conrad/dp/0128024372/

·        CISSP All-in-One Exam Guide, Eighth Edition 8th Edition (Authors: Shon Harris, Fernando Maymi)

o   I ended up reading this as my 2^nd book from beginning to end. I had access to it in digital form for free so I read it on my kindle. I enjoyed reading this one the most. After reading this one I felt more confident in my knowledge.

§  Link: https://www.amazon.com/CISSP-All-One-Guide-Eighth/dp/1260142655/

·        Eleventh Hour CISSP®: Study Guide 3rd Edition(Authors: Eric Conrad, Seth Misenar, Joshua Feldman)

o   I read this one last from beginning to end. I read it in the last weekend before taking my exam. I felt this one is also a confidence booster if you are getting their end of practice exams. I had access to the digital version of this for free as well.

§  Link: https://www.amazon.com/Eleventh-Hour-CISSP%C2%AE-Study-Guide/dp/0128112484/

I had free access to these resources in digital form I found out from a coworker through our company subscription to Skillsoft. Super grateful for that tip, I definitely took advantage of it for a few.

VIDEOS:

Full courses:

·        Kelly Handerhan on Cybrary for CISSP

o   Her videos are available under the free plan. I really appreciated how she broke down concepts, especially Kerberos to a carnival.

§  Link: https://www.cybrary.it/course/cissp/

·        Mike Chapple on LinkedIn Learning/Lynda

o   I got free access with my local public library membership 😊. Mike Chapple’s videos are pretty straight forward which was helpful with the many concepts you need to get down.

§  Link: https://www.lynda.com/learning-paths/IT/prepare-for-the-certified-information-systems-security-professional-exam

Tips:

·        Why you WILL pass the CISSP-Kelly Handerhan on Youtube with CyberTrain IT

o   Many people will say you need the mindset as well as the knowledge, this helped put me in the right direction right before my exam as well as when I was answering practice questions.

§  Link: https://www.youtube.com/watch?v=-99b1YUFx0A

·        CISSP 2018 Exam Tips-Larry Greenblatt

o   Gives a pretty good expectation of how the exam is given as well as more tips on the mindset. Also watched this close to exam time.

§  Link: https://www.youtube.com/watch?v=eLYbFtS7G9E

GROUPS:

·        FR Secure

o   This company is awesome! They offer a free program for studying the CISSP and go over the concepts in 2 hour sessions that met twice a week for 7 weeks. You can go in person if you live in Minnetonka, MN or you can get access to the live meeting if you are outside like the area like I was. I ended up watching the videos from start to finish later (they leave them accessible on youtube) as I was really busy with finishing another cert towards the end of April. They only offer the live sessions once a year so the next offering is 2020, but you can still access 2019 slides and videos and they are great.

§  Link: https://frsecure.com/cissp-mentor-program/

·        Women’s Cyberjutsu

o   I really appreciate Women’s Cyberjutsu. They are a wonderful organization that wants to help women advance their CyberSecurity Careers. I was fortunate enough to attend study sessions lead by Kat Duncan. We had weekly sessions through joinme that was held back in May/June. You do need to be a member to take advantage of their groups and get the latest of when things are offered but it is totally worth it. The community alone is amazing.

§  Link: https://womenscyberjutsu.org/page/TRAIN

·        Meetup

o   I was able to find a local group studying for the exam and went to a few sessions. It really nice to talk out the answers with others. We were using the end of the chapter questions from the (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 8e book and going over them with 3 chapters a week. That was about 60 questions a session. This was free and glad it was offered. Big thanks to Leo for offering them!

§  (If you are in the DC/MD/VA area they have 2 more sessions left) Link: https://www.meetup.com/DC-Cyber/events/

PRACTICE EXAMS:

·        CISSP Practice Exams (Author: Richard Anderson)

o   Richard gave access to these for free on Reddit. I took each 1 time, I definitely didn’t score as high as I wanted but couldn’t pass up free with different content.

§  Original post I followed for the content: https://www.reddit.com/r/cissp/comments/dvgkte/two_practice_exams_free/

§  Direct link: https://www.udemy.com/course/cissp-practice-exams/

·        (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 8e & CISSP Official (ISC)2 Practice Tests, 2e 2nd Edition (Authors: Mike Chapple, David Seidl, James Michael Stewart, Darril Gibson)

o   I bought the bundle with the practice book included. I signed up right away for access to the online version. It was nice to not have to mark up my book and you could mix up the questions from specific domains as needed. Super recommend. This was my main study source.

§  Link: https://www.amazon.com/Certified-Information-Security-Professional-Official/dp/1119523265/

·        Total Seminars Training Hub(content available from CISSP All-in-One Exam Guide, Eighth Edition 8th Edition by Shon Harris )

o   This resource was free if you had the Shon Harris CISSP book. There were both practice questions and Simulation questions. I ended up using mostly the Simulation questions.

§  Link: https://hub.totalsem.com/mheclaim

·        Thor Teaches CISSP Questions Blog

o   I did a few questions by Thor and if you need extra practice there are quite a few free he offers in his blog.

§  Link: https://thorteaches.com/free-daily-cissp-questions/

·        Free CISSP Study Questions of the Day from IT Dojo

o   I did a few of the videos offered by IT Dojo. It was nice that each video had usually 2 questions and the explanations of elimination were helpful.

§  Link: https://www.youtube.com/watch?v=jZSAZ1neFZk&list=PLBpnwlO9U5unYmbZp2DJETNOHg8s_yW37

·        CISSP Practice Questions with Spock & Kirk-Larry Greenblatt

o   These videos are offered for each domain and again gives a great technique on process of elimination and understanding of the question wording. Hopefully you are ok with the Star Trek references, I thought it was a nice touch.

§  Link: https://www.youtube.com/watch?v=KG9JN9X4_ZI&list=PL5BpytesnkhSH-V7V-M3NL9149aUQ69e2&index=7

ADDITIONAL RESOURCES:

·        Reddit (CISSP)

o   In my last month before I took the exam I stumbled on this online community. I found some extra resources I shared from this group. I definitely recommend them if you have a concept you aren’t quite understanding and need an additional point of view to explain it. For the most part I’ve seen the posts pretty helpful.

§  Link: https://www.reddit.com/r/cissp/

Best of Luck on your CISSP journey!