Category: /Path

>> Certified Information Systems Auditor (CISA)

Achieved one of my milestone - received the official confirmation email from ISACA today. Even though I completed the certification exam a year ago, my overall experience covering IT Security/Audit role to match the ISACA requirement criteria for submitting application for CISA certification just accomplished. 

The amount of preparation (number of days) for this certification was a lot, however the achievement was possible by referring posts/videos/publications from different resources. Firstly, ISACA's official training resources.
https://www.isaca.org/training-and-events/online-training/online-review-courses

Prabh Nair (CISA playlist)
https://www.youtube.com/watch?v=hQBBqy2zYuI&list=PL0hT6hgexlYx1DCTKu6bnubDEuy6JDtHW

Chinmay Kulkarni (posts & videos on CISA)
https://www.linkedin.com/in/chinmaykulkarni22/

Abed Hamdan (GRC Mastery program)
https://www.grcmastery.com/

I thank each one who travelled along with me to achieve my CISA certification goal. Especially my family & colleagues. 

>> Security Operations (SOC) 101 Course

My recent certification which I attained gives me a great confidence in performing more in my security career. The overall experience taking the course and exam gave a real-time on-the-job client facing feel. 

This course covers the below curriculum with a practical challenge question at the end of each topic. A lab environment is configured to carry on this scenario.
# Security Operations Fundamentals
# Phishing Analysis
# Network Security
# Endpoint Security
# Security Information and Event Management (SIEM)
# Threat Intelligence
# Digital Forensics
# Incident Response

>> Practical SOC Analyst Associate (PSAA) Exam

The certification is an associate-level security operations and incident response exam experience. The exam will assess a student’s ability to use analysis tools, interpret artifacts, and apply investigation methodologies to evaluate security incidents and retrace attacks. Students will have two (2) full days to complete the assessment and an additional two (2) days to write a professional report.

I ended up writing a 40 pages report for this exam. ha ah!!

Reference Links:
* PSAA Exam Details:
https://certifications.tcm-sec.com/psaa/

* TCM Security Academy:
https://academy.tcm-sec.com/courses

My recent curious topic for learning is Microsoft Office365, specifically in Defender XDR/Endpoint and Sentinel which is a standard setup in many enterprises in-house SOC.

This is quite interesting subject to learn, which involves the enterprise platform for managing the security posture using endpoint solution through Microsoft Defender for Endpoint, Defender XDR (for Cloud) and integrating SIEM solution through Sentinel (+Azure Logic Apps for SOAR solution).

The Microsoft Security services defending across attack chains. It follows the MITR ATT&CK Framework.

Here are some of the useful reading resources to refer.

~Preparing for SC-200 certification.

this new term lately got into me for various reasons. Firstly, I never know there is such career path exist in Cybersecurity apart from in-depth analyst roles branched as RED/BLUE in Security Operations.

Thanks to Abed Hamdan for his Cyber Security Governance, Risk, and Compliance (GRC) Mastery program. (https://grcmastery.com/courses/). This is an eye-opener and a complete guide for any one who intend to enter the field of GRC.
LinkedIn: https://www.linkedin.com/in/abedhamdan/

Each time I go through the notes/videos it adds more in-depth understanding which I can relate to my current role as SOC analyst. 

Next, I would like to thank Prabh Nair for all his articles, podcast, youtube videos related to GRC concepts, ISO 27001, NIST and other frameworks.
YouTube: https://youtube.com/@prabhnair1?si=4UliFBYId4XP2qaS
LinkedIn: https://www.linkedin.com/in/pcissp/

I hope these links will be very helpful for guys who would like to enter GRC field.

Me being attached to Cybersecurity field for a while now, got introduced to ISACA organization and all their industry recognized certifications.
This is when, I read related articles about CISA and began preparation for the exam. It was quite a calculated busy journey until I passed the exam. So, I thought to register my study reference links here for any future use.

#ISACA CISA COMPLETE COURSE TUTORIAL LESSON (https://youtu.be/K74SYpsx9UU?si=6efvCUiwT9IlUssS)

#How to Prepare for CISA 2021 Step by Step Process
(https://youtu.be/hQBBqy2zYuI?si=5NUaFIBAlSzhwGCY)

#CISA Cert Prep: 1 Auditing Information Systems for IS Auditors by Michael Lester, Steven Bennett, Human Element LLC, and Jordan Genung.(https://www.linkedin.com/learning/cisa-cert-prep-1-auditing-information-systems-for-is-auditors?u=0)

#How to pass the CISA Exam | CISA Exam Preparation Strategy 2024 (https://youtu.be/HjvIxoK6TiY?si=OU4G_fMVQ0NNMsUk)

#Free CISA Practice Quiz
(https://www.isaca.org/credentialing/cisa/cisa-practice-quiz)

#What is covered on the CISA exam?
(https://www.isaca.org/credentialing/cisa/cisa-exam-content-outline)

Some of my top followings in X(former Twitter) Platform for Security Updates from famous individual posts.

@unixguy_cyber
@7h3h4ckv157
@F5
@marcusjcarey
@hacks4pancakes
@AlyssaM_InfoSec
@InfoSecSherpa
@cyb3rops
@TenableSecurity
@Hacker0x01
@BHinfoSecurity
@threatpost
@MITREattack

@EHackerNews
@CISACyber
@TCMSecurity
@DarkReading
@briankrebs
@DanielMiessler
@troyhunt
@RealTryHackMe
@TheHackersNews
@Malwarebytes
@HackRead
@LuminisConsult

Welcome to my page! Try explore "/registry" for complete bio.