Comptia Network+ 2009 - I already work in IT, so what is the big deal?

Throughout my consulting and teaching career, clients and corporate students have always said to me "I don't need to take a networking class, I have been working in IT for many years, why should I?" 

Well times have change, long gone are the days of working in desktop support or help desk or application support and not having to know anything about the network infrastructure that all these groups based their daily activities on.  Today's IT professional needs to keep up with the ever changing world of technology.  Everyone  needs to understand how all of the big parts of IT work or fit together.  Comptia's 2009 Network+ course is not your old out of date Network+ class.  This course has been updated to include discussions on several area of technologies that have evolved over the last 5 years along with up to date information. 

Top Reasons Why You Should attend a Networking Class

1)  Think about your job and how it impacts the network.  The knowledge attained by learning how a network device and network protocol work, may help in troubleshooting an application.  Also, it may help the network engineers in troubleshooting your application problem.

2)  Think about how your job impacts the security of the network.  Security is every one's responsibility.  How can you secure something if you do not know how it works.  Understanding the vulnerabilities in how an application works within a network, provides a better understanding of threats and risks to the application or users you support.

3)  Last but not least, it never hurts to not only get training on a network but also get a certification which can be beneficial with your experience.

The bottom line is no matter what area of IT you are in, networking knowledge is a must, regardless if your job requires this knowledge or not.  Even if you will never be responsible for a switch, router, firewall or remote access server, knowledge of these devices and how they work will benefit you whether in supporting or troubleshooting.

Good luck and if you have any questions please feel free to contact me. 


Tom Pruett

Network Security Consultant/Instructor
CCSI, CCNA, MCSE (NT, 2000, 2003), MCITP SQL 2005, MCDBA SQL 7 & 2000, MCP+1, MCT, CTT+, CISSP, CWNA, CEI, CEH, CHFI, A+, Network+, Security+

Interesting Article - 5 biggest IT security mistakes

I was forwarded a very interesting article yesterday from Network World.  Here is the link

Number 4 on the list is "Not preparing for data breach".  Interesting to note, I would say this is number 1.  In my course of work as both a consultant and instructor, I am still amazed at how many companies are lacking in IT security preparedness.  What could be more imporant than protecting a companies assets?

I understand the need for a business to get revenue to pay the bills.  I also understand that one security breach can also cost a company revenue or even put a company under.  Being prepared for a breach and protecting from a breach are important so a company can continue to do business.  If there is an interruption in service or access to assets, it does not take long for a company to be out of business. 

Security is a hot topic right now in IT, lets hope more companies get on board....

Interesting Email - I want to get my CISSP

Earlier this week I got an email from a student who asked me how they would go about getting their CISSP.  I have had the student in several of my OS and Security classes and knew the student had years of experience in network administration and hardening operating systems.

Here is a list of things you will need before you begin your assault on the top security certification.

1.)  At least 5 years in IT experience, either in administration, infrastruture engineering or security.  The more experience the better.

2.)  A desire to study and learn about things you have never had experience with in the field.  No one who ever takes this exam has exerience with all the concepts.

3.)  The Shon Harris All-In-One Guide.

The first thing to do is go out to ISC2 website and download the information about the test and information about the 10 Common Bodies of Knowledge.

The next thing I would do is seriously think about taking a cert prep course with an experience CISSP instructor.  Yes that is a shameless plug, but students who have taken my course at Centriq and studied 3-6 months have a pass rate of about 80%.  I believe an experienced instructor not only will help with prepping the student with the information for the exam but also in taking the exam.

The next scheduled exam for the Kansas City area is in December.  So if you can come take my Security Essentials (CISSP prep course) and study for a few months, I am sure you can achieve your CISSP.

If you have any questions please feel free to contact me if you have any questions and good luck

You Want To Be In Security?

As a consultant and instructor, one of the questions I get all the time is "I would like to move into the field of security, what do I need to do?"  My answer is "What area of security?"  That usually has the person pause and say "Security in general."  I say "Well, we all are in security in general."

My point in making that statement is to help people understand that in IT we all practice security in some form, but there are a lot of different areas of security and those different areas require a different knowledge base.  However there is a base knowledge of security that is needed no matter what area of security you go into.  Once this base area of security knowledge is obtained then you can pursue a more distinct area of security.

One of the key components of getting into security is experience, which cannot be taught is must be learned.  Experience in IT is crucial no matter what area of IT you currently work.  Experience gives you a period of time in which you can learn from troubleshooting and implementation techniques that can you use in security.  Lets say for example you have been working as an Exchange Server admin for 5 years.  Well you probably have been exposed to email malicious code, smtp relay and spam which in turn will help you when you move into the areas of email security.  I usually say at least 5 years of good admin experience with a any vendor is a good starting point for most people.

So lets say you have the experience, what type of training can help you get into security?  I believe it starts with a good understanding of networking and security.  There are three classes I always recommend:

     1. Network+ - for a good understanding of all of the areas of networking
     2. Security+ - for a good understanding of the basics of security
     3. Cisco ICND1 and ICND2 - to understanding how network traffic is moved within different areas of
         the  network.  Cisco is not the only vendor, any vendor for routing and switching will due.

I would also take them in that order.  The reason why is because they build upon each other.  Each class provides the basis of information for the next class.  It is not required, but recommended. 

After that, I always encourage certification in these areas as well, but it is not required.  Certification in these classes shows you took the time ensure you understand the basics of the areas, however it does not prove proficiency.

Next, then you can explore the different areas of security in which you want to specialize in such as:

     1. Firewall
     2. IDS/IPS
     3. Penetration Testing
     4. Vulnerability Testing
     5. Auditing

I would also advise taking vendor specific training for these different areas such as VMWare, Cisco, Eccouncil and Microsoft. Finally after a you spend some time in security, you can go after the much coveted and difficult CISSP.  The most heralded and sought after security certification.

I hope this outline of security areas and training helps you decide what area of security you would like to pursue.  By the way, if you concerned about the time and cost of getting this type of training, be sure to call Centriq Training about the exciting money saving specials on getting the training you need.


If you have any questions or comments please feel free to email me.

Tom Pruett
Consultant/Instructor
CCSI, CCNA, MCSE (NT, 2000, 2003), MCITP SQL 2005, MCDBA SQL 7 & 2000, MCP+1, MCT, CTT+, CISSP, CWNA, CEI, CEH, CHFI, A+, Network+, Security+

Security+ SYO-301 - New Exam Goes Live. Not Your Same Old Security+ Exam

As promised by Comptia in 2010, the new Security+ exam (SYO-301) is now live.  It has been 3 years since the Security+ exam has been updated and Comptia is keeping with a policy of renewing exams every 3 years.  The new exam has a look and feel of more real world objectives along with some content from the ISC2 CISSP exam.  Listed below is the differences between the 201 objectives and the new 301 objectives.









You can still take the 201 exam through the end of 2010.  If you are thinking of taking the new exam, almost 90% of the information from the 201exam is still applicable.

As of July 1, the Security+ class that I teach at Centriq Training will be using new curriculum to reflect the 2011 objectives.

If you have any questions please feel free to contact me.