Completed BSCSIA In 159 Days
14 Classes Master List: C841, C844, C840, C843, C839, C393, C394, C480, C178, C838, C845, C842, D153, C769
My realistic goal was to complete my B.S in Cybersecurity & Information Assurance in under 6 months, I did it in 5 and some change. My unrealistic goal was 3 months, which I failed. I already had an associates so that knocked out all my general education courses and I transferred into WGU from another bachelor’s program in Cybersecurity. I then did Study.com and completed 2 more courses. C176 Business of IT – Project Management because I did not want to take Project+ and C170 Data Management – Applications because I could, and I do not care for databases. With that my transfer evaluation said I was 52% to completion and needed 14 classes to graduate. I started October 1st, 2022, and submitted task 3 of the Capstone Project on March 9th, 2023. 159 days. This is my journey to completing my degree in under 6 months. This list is in the order of classes I passed and written as I pass/study them.
One thing I learned is that the classes with an PA are much easier than those with an OA (unless you already know the test information well). The PA holds your hand, and you can knock them out in a few hours. With the OA you actually have to study lol if that makes sense. So, for anyone stressing over writing papers (like I was) don’t. They are the easier classes IMO. There are a ton of resources available here on Reddit about how to pass PA’s easily so I won’t get into it, but literally just copy the rubric into your paper and answer it like your braindead.
With any PA’s, if there wasn’t a template available already in the course chatter, all I did was copy the rubric into a word document and moved from there, making each objective a heading.
For any class, search reddit for it as there will probably be a ton of posts and resources about that specific class. I’ll make sure to include the specific reddit threads I thought helped me the most in a class.
The study method I use doesn’t have a name, but it is closely associated with a method called Active Recall (you can google it). The method I use is described in this video here: https://youtu.be/HMCHOVDoZig. It is why I stress my practice tests because that is basically the main way I learn the material. This method is what works best for ME.
Make sure to schedule some breaks. I took many while going through this degree, particularly after especially hard classes. This allowed me to refresh my mind and remove stress.
Lastly, know when to accelerate and when not to. Simple concept I know but I feel some people want to rush through the degree, which is fine, but some courses simply require more of your time and effort to effectively and efficiently learn the material. I accelerated the first 8 courses of my degree and chose, yes chose to slow down towards the latter half. The material becomes heavier and harder so giving it more time is integral to your success.
Yes, I did cry while doing this degree. It is so much information, studying, practicing. You must make cybersecurity your hobby. In my free time I watched YouTube videos, read articles, built home labs and much more. At some point I was literally crying studying because I was just so overwhelmed with all the information and lifestyle change. It was towards the end of my degree too, specifically studying Pentest+. You’ll get through it. If I could go back in time though I probably would have pursued Data Analytics because Cybersecurity is just so wide and deep of a field. The reason I started studying Cybersecurity was for the earning potential.
I was awarded the Study.com scholarship for $2500, which was cool; sadly, I won’t receive the other $1875 because I graduated too fast lol.
Legal Issues in Information Security – C841
I completed this class in technically 4 hours, but realistically 10 hours. I received the assignment and supporting documents early from my Program Mentor before my semester started and finished both tasks 1 and 2 in about 10 hours. When I enrolled in my classes on the 1st of October, I immediately submitted my tasks and they graded them about 4 hours later, hence me passing in 4 hours. I used Shawn D’s Template and notes for both tasks, it really helped a lot. Search the course code on https://www.reddit.com/r/WGUCyberSecurity/ and https://www.reddit.com/r/WGU/ for great resources.
Before you submit your papers, go over your similarity report. Remember that a similarity above 25%? Will get your paper kicked back and put you under suspicion of plagiarism. If you’re using a template provided by the school, then obviously your similarity score will be higher and sometimes it can put you over that 25% threshold. The evaluators will understand in that context.
Emerging Technologies in Cybersecurity – C844
I took about 3 days on both tasks for this class. For the first task, literally just watch the Cohort video available and it will hold your hand and tell you all the steps you need to take to pass this task. Super simple. Took about 6 hours compiling my screenshots, researching vulnerabilities, and drafting my paper.
As for the second task, that took me about 5 hours. I just used NIST for everything basically. It wasn’t a challenging task, but I think it was harder than task 1 because it did not hold your hand like the first task did. The Case study was very short and if they did not mention a security standard, assume it is not in place. My task 2 was sent back for revision because I forgot to put a source on my reference list, so don’t be stupid like me and at least double check your work before submitting it.
I took longer on these tasks than I probably had to due to work and one revision. If I had the time, I believe I could have finished this class in a day or two. Search the course code on the Reddits mentioned above for great resources.
Digital Forensics in Cybersecurity – C840
This class took me 2 days. I completed Task 1 and 2 in about 8 hours (same day) and submitted them for evaluation, they both passed first try. Task 1 was easy, and Task 2 was even easier. For task 1 I just used a NIST framework about Chain of Custody and that was all. I watched the cohort. Only had 1 reference, which was the NIST publication. For task 1 I felt I was repeating myself and found myself literally just copy/pasting parts from earlier paragraphs into the new ones. When that happened, I just threw the copied paragraph into a paraphraser/rephrase software just so it was not so blatant I was copy/pasting.
As for Task 2, the cohort literally holds your hand and tells you exactly what to do. Screenshot everything and you’ll be fine. When you get to the actual investigation part, everything is in deleted files, or you can do a keyword search for Confidential and Propriety (I did both being fancy) and all the files you’ll need will pop up. After that just tell the story of your findings, not hard. They graded my Task 2 literally in under 20 minutes, insane, wasn’t expecting that at all.
For the OA, do the PA’s first as they will help you understand the OA better. I used this reddit thread for my 2 tasks. I used these two resources for the OA, a Quizlet and a Studocu. The Quizlet is literally the pre-assessment questions so study it to completion and go over any questions you missed. I spent about 8 hours studying those two sources. When I was taking the test, I felt like I was failing but I passed by a fair margin. Know your laws.
https://www.reddit.com/r/WGU/comments/wnijik/c840_digital_forensics_in_cybersecurity/
Managing Information Security – C843
This class took me about 11 hours to complete. I took 6 hours to draft my paper and 5 hours for it to be evaluated. I ended up using a few NIST publications just to cover my bases because I felt the one provided was not detailed enough. It is very similar to C841 in the way you should tackle this paper. My paper was 9 pages long, including the references page. I didn’t do it in PowerPoint so it’s up to you if you want to use Shawn D’s template for that but do download his task guidance as it will help you a lot, just like in C841. I find it funny how these case study companies are so incredibly lacking in security to almost a laughable degree. If it is not explicitly mentioned, assume they don’t have it in place. I did not use any outside resources except 2 reddit posts, you can find them yourself.
Introduction to Cryptography – C839
I’m not going to sugarcoat it; I hated this class. Since I transferred in most of my degree, I did not have to do a lot of classes through WGU, especially because most of my degree were certifications anyway. As you can read above, the classes I did were not easy perse, but can be knocked out with adequate effort, time, and understanding of the course materials. This class was not like that. You must study study study, memorize memorize memorize. I read many reddit posts how this is the hardest class in the Cybersecurity program, and I have to agree. This smacked me in the face when I started it, and I can see how some of my fellow nightowls were caught off guard when they reached this class after relatively smooth sailing through the program.
I initially was supposed to take this before C840 and C843 but when I saw the study materials, I was like f*** that and skipped it. I didn’t want to mess up my momentum and that was the right choice.
The resources I used are in the course chatter. I used Shawn D’s additional study Guide (really the only thing you need. Read it all but really focus on the highlighted parts), the Encryption Algorithms excel spreadsheet (This thing is Gold), C839 Study Notes (these can all be found in the course chatter) and a few Quizlets. I decided not to use Shawn D’s Testmoz quizzes, but you most certainly can. I learn better from Quizlet because I can get the answers immediately. After about a week of study I took the pre-assessment and failed, but I learned how the test would be set up and studied the pre-assessments breakdown. The instructor advises you not to do that, but I did not care.
Altogether this class took me about a week and a half to pass.
Quizlet 1 – https://quizlet.com/728167374/wgu-course-c839-intro-to-cryptography-quizlet-by-brian-macfarlane-flash-cards/ (I only studied the first 50ish cards because they were in question format)
Quizlet 2 – https://quizlet.com/699258052/c839-intro-to-cyrpto-flash-cards/
Quizlet 3 – https://quizlet.com/93998373/st0-4016-ts-quiz-cryptography-flash-cards/
IT Foundations (A+) – C393/C394
I took the 1101/1102 versions of this certification. This class/certification took me 2 weeks to pass. I took my tests in person at a testing center since I have one .6 miles away from me, about a 15-minute walk. I prefer to take them in person because it gets me in the right mindset, and I don’t have to deal with some of the issues I’ve read on reddit with the online proctoring. I had already passed core 1 in the 900 series a few years back but ended up failing core 2 by 5 points and I did not have the money to buy another voucher. I retained a lot of the information from my studying back then, so it was easy to pass this with some light refreshers and studying the newer parts of the test. I used Professor Messer’s YouTube videos (watched at 1.75x speed), practice tests and some Quizlets. I passed Core 1 with a 769/900 and Core 2 with a 766/900.
https://www.examcompass.com/comptia/a-plus-certification/free-a-plus-practice-tests
https://quizlet.com/mirandawallace/folders/comptia-a-1101/sets
https://quizlet.com/mirandawallace/folders/comptia-a-1102/sets
https://www.purposegames.com/game/comptia-a-ports
https://www.youtube.com/watch?v=PugFVl4GesM (This came out way after I took the tests but still a great resource)
Networks (Network+) – C480
This technically took me a week and a half to pass but I’ve been studying all the CompTIA certs I knew I would be taking for months before I started my term. It’s what allowed me to pass all these certifications in a relatively short time as well as the compounding knowledge base accrued by each certification. While I was taking the test, I was 100% sure I was going to fail lol. Even with all the prep and studying I did I was not confident at all. Also, that 19 question survey at the end was literal torture. I passed with a 760/900 and the resources I used are: I watched Professor Messers N10-008 playlist all the way through at 2x speed. You can do Dions practice tests, but I don’t like paying for stuff, so I go the free route. (Paragraph from the future. I didn’t know that I had a WGU Udemy account that basically gave me access to all the courses on there for free, so I did it with all the free resources I listed. If I could do it over, I would take Dion’s practice tests)
https://imgur.com/gallery/pGufz7N
https://www.examcompass.com/comptia/network-plus-certification/free-network-plus-practice-tests
https://www.test-guide.com/free-comptia-network-plus-practice-tests.html
https://dojolab.org/labs/free-ports-pbqs/
https://dojolab.org/labs/comptia-network-n10-008/
https://simulation.comptia.org/
https://quizlet.com/4307055/the-osi-model-flash-cards/
https://www.sporcle.com/games/jtaylor2006/common-tcpip-port-numbers-1
Network and Security – Applications (Security+) – C178
I skipped Messer for this one and went to one of my favorite YouTube channels that deals specifically with Cybersecurity/Cloud related exams: Inside Cloud & Security. Amazing channel. I wish they had a CySA+ course but they do have a CISSP course. I watched all 5 domains at 2x speed (a total of about 5ish hours) because I was not going to watch 177 videos of Messer (love ya but f*ck that, even if they are short, it was still 10 hours at 2x speed). Sometimes I wish I could take these videos, books, lessons and just dump them straight into my ass, I mean brain. As you might have noticed by now, I don’t use Jason Dion or Mike Myers when studying. That is because I am cheap as fuck and don’t want to pay for their materials. I do fine with my free studying materials but use whatever you are most comfortable with! Yes, I know I get them free with WGU Udemy.
My first mode of studying for this test was the video series I am going to link below and the Security+ Pocket Prep app by ABC E-Learning on Google Play (not sure if it’s on Apple). Together they are a dynamic duo! I would watch a domain video to completion then immediately do the domain quizzes on the pocket prep app. Amazing combination. The Security+ app isn’t going to phrase the questions like the actual CompTIA exam, but it exists to test and reinforce the knowledge, vocabulary, and concepts for Security+. By watching the video on, for example Domain 3, then doing the domain 3 quizzes on the app, it reinforces what I just heard and learned! I would complete all 200 questions in the app for that domain (or whatever was available) before moving on to the next domain video in the series.
I added the rubber ducky method to my training regimen due to the post of a redditor who mentioned using it. If you’re not familiar with the concept of a rubber ducky, it is exactly as it sounds, a literal rubber ducky. It came into existence due to an issue in offices where software engineers (aka coders) spent so much time talking to each other to debug or fix code that it ate up a lot of productivity. Someone realized that the issue wasn’t needing another person to help solve your problem, but just having someone to talk to about the problem. Physically voicing their issues was enough for them to discover a solution. So instead of talking to another person, talk to a rubber ducky. This led to a massive increase in productivity as all that time was not being spent talking to other people. The way I use this method is by writing down all the concepts I don’t really grasp or understand and try to explain it to a rubber ducky in a way that it would understand, which in turn helps me to understand it while creating new pathways to that information (voice) in the brain. It helped me tremendously.
After I was done with the video series/pocket prep app, I went into the course materials and went through the Certmaster Learn provided by WGU. There are a bunch of practice questions, an actual final assessment, PBQ practice and lessons. I went through all the provided PBQs, practice questions, some flash cards, game center (quite fun not gonna lie), the final assessment and some lessons. Extremely helpful! Honestly, this could be the only resource you use if you wanted to. The easiest way to access this is going to the Exam Readiness tab in the course materials and clicking on Practice Exams.
This class took me 2 weeks to pass (again been studying for a year at this point) and I passed with an 803/900. The materials I used are:
https://www.youtube.com/playlist?list=PL7XJSuT7Dq_VD3eHXQf3Ld2ceBSFCayns
I watched the 5 domain videos instead of the massive 10-hour version because it was easier to break them up into sections… Because they are already broken up into sections lol.
https://play.google.com/store/apps/details?id=com.abc.comptiasecurityplus&hl=en_US&gl=US
https://learn.comptia.org/app/certmaster-learn-for-security-exam-sy0-601#study-plan/structured
https://www.examcompass.com/comptia/security-plus-certification/free-security-plus-practice-tests
https://cheatography.com/nero/cheat-sheets/security-commands-for-windows-and-linux/
https://dojolab.org/labs/comptia-security-sy0-601/
https://quizlet.com/536980458/write
https://www.101labs.net/comptia-security/
https://www.educaplay.com/learning-resources/3078086-port_numbers.html
(This thing is amazing)
Managing Cloud Security (CCSP) – C838
I took a little over a week off before starting to study for this class due to the holidays. I know I shouldn’t have but Security+ kind of burnt me out and I was traveling. Sue me. As I mentioned before, I learn better through video series, and I was unhappy to see that there are few video series available for the CCSP. I managed to find one which was okay, but I heavily supplemented it with other learning sources. I skipped the Mike Chappel LinkedIn course because it was simply too long for my liking. I also didn’t have too much trouble studying for this test because I had already received several Microsoft Azure certifications and learned a ton about the cloud from that. Finally, I went through the massive 1k+ (Only the first 170 question format cards) Quizlet by Brian MacFarlane. I’m noticing I used a lot of his Quizlets throughout this degree. Another redditor (u/iBiteLikeTyson) put together a google doc that was an amazing resource also.
I barely failed the OA (seriously, by like 2 questions) my first time because the questions were worded so dumb it was hard to pick out the right answers, not even including the blatantly misspelled words in them. Shame, first OA fail in my degree. Oh well, we keep trucking along. What I learned from this is that the PA is a lot easier than the OA for sure. I did excellent on the PA and barely failed the OA. I think one of the main reasons I failed is because I had done the PA earlier that day (125 questions) then did an additional 250+ questions, read Quizlets and other sources then did the OA at 8:30pm after a FULL day of studying. My brain was fried, and I was very tired, I should have waited till the next day for sure. I missed a lot of questions I shouldn’t have simply because I couldn’t focus properly.
I decided to study more, go over the materials I mentioned earlier and added some new ones like Pluralsight courses and CyberVista practice questions attached to them. The Cybervista questions helped a lot! I highly recommend going through them. I also went over my weak areas from the OA coaching report, which was basically all of them? But not really? I can improve some areas.
I passed my second attempt, but I spent too much time on this course than I should have.
https://www.reddit.com/r/WGU/comments/yylpvb/c838_managing_cloud_security_passed_1st_attempt/
https://quizlet.com/ISC2Education/folders/ccsp-2019/sets
(Added Later): https://www.youtube.com/playlist?list=PL7XJSuT7Dq_X0AupQwU8YOGV3TsoPAcD0
[I’m so happy one of my favorite YouTube channels teaching about cybersecurity decided to create a series on the CCSP! Sadly, they didn’t release this playlist when I was taking my OA, but I can use these videos when I’m taking the certification! For any NightOwls reading this and taking this class soon, I highly recommend this channel! You can tell because they were featured a few times in this document!]
Information Systems Security (SSCP) – C845
This course is an easier version of Security+ with more Cryptography mixed in, so if you have Security+ and Intro to Cryptography done by the time you take this course (which you should) you’ll have almost no problems with this course. It’s to the point where I think it’s redundant. I’m not sure the reason behind having both Security+ and SSCP in one degree. Maybe for vendor diversification? Who knows, I’m too lazy to ask. I used several quiz banks as a light study resource: CyberVista questions which could be accessed from the SSCP course on PluralSight and the two practice exams offered in the course resources. I did all 308 questions on CyberVista. The CI for this course (Arroyo) emails a comprehensive list of resources for this class, great stuff. Sadly, he links to the website ITExams which has over 1k+ questions. Don’t use this resource as it is a ‘brain dump’ site that recreates the actual exam questions and could get your certification revoked if it is found you used it.
I will say the SSCP is wider in the scope of knowledge you should know, but not by much. Security+ is deeper for the knowledge it tests for, hard to explain. I recommend doing practice tests because the way the questions are worded between the two vendors are very different. CompTIA has a 2-year-old write their questions in essay form and usually only 1 answer immediately pops into your head as correct, but that answer wasn’t an option given, so you have to choose the second most correct answer lol. ISC2 has two answers that can be correct, but you must really read the question to differentiate which one is the right one and that they’re asking for. I was surprised how many questions I was getting wrong when I took my first CyberVista quiz and had to dial in to their style of question. After that I barely got any questions wrong. For example, the ISC2 practice questions like to use the term “Base Station” versus CompTIA’s use of “Access Point”. I got the question wrong because I had never seen the term base station before. https://imgur.com/a/ZYT33HZ
Hello from the future! This paragraph was written last. The SSCP exam was comically easy. The hardest part about it was the 150 questions. It was much easier than Security+. The only tip I have is that this test doesn’t allow for you to mark questions for review, so you must answer it right then and there and there is no going back. Take that into consideration when answering questions and make sure to read them and comprehend them fully before answering and moving on. The CyberVista practice questions were harder.
When I was scheduling the exam, I was extremely confused as to my membership ID, who to send emails to, how to schedule, the release form and so on. So, this is a comprehensive paragraph on what you need to know. Unfortunately, the following instructions found here (https://cm.wgu.edu/t5/Frequently-Asked-Questions/ISC2-Assessment-Scheduling-and-Score-Reporting/ta-p/2826) are incomplete or flat-out wrong, primarily when it comes to the Release Form. First, the release form cannot be submitted until you have taken the exam. You need your Membership ID to be able to submit it and you can only receive a membership ID after you take and pass an exam. If you try and submit it prior, ISC2 will send you a response notifying you that it must be submitted after your exam. On the Pearson website you will receive a Candidate ID under your name after you take the test and that number will become your Membership ID on the ISC2 website, though it takes a few days to link together. You will use the Candidate ID on your Release Form if you wish to be speedy. Additionally, there was no information on how to fill out the recipient information on the Release Form. This is the following information needed for that.
Recipient Name: Western Governors University
Recipient Point of Contact: WGU Scores
Recipient Address: 4001 South 700 East, Suite 700, Salt Lake City, UT 84107
Recipient Phone Number: 801-274-3280
Recipient Email Address: scores@wgu.edu
ALSO, when you are scheduling your exam on the Pearson website and paying for the exam the billing information comes from an email that gives you the temporary card information such as the card number, name, address ect. but the phone number and email address at the end you put your information and not the card holder’s (phone number and email address). I feel as though signing up for the exam is the real OA.
Finally, ISC2 will not release your exam scores until you have paid your AMF (Annual Maintenance Fee). WGU should send you another temporary card for $50 that is to be used to pay that fee.
I did all the steps mentioned above and was given Associate Status the same day I passed the test. Tip: Don’t wait for ISC2 to send your test results to WGU, that can take forever. Just upload your test result paper and email it to Scores AFTER you receive Associate Status. This is because WGU will need to use your membership ID to verify your associate status, and that ID will only work AFTER you are an Associate. My class was marked passed on my WGU dashboard the next day. If you want to be sure that WGU will be able to verify your associate status, this is the link to the page on ISC2 that they will be using: https://www.isc2.org/MemberVerification. Plug in your information and if it doesn’t return anything, then WGU themselves can’t verify you. Once information is returned, you know it’s working, and you can send your passing report to WGU for them to mark the class passed.
This class took me less than a week to pass. I passed CCSP OA on a Friday and took the ISC2 SSCP exam on the following Wednesday. The study resources I used are:
CyberVista: https://www.kaplanlearn.com/education/qbank/index/72068070
PluralSight: https://app.pluralsight.com/paths/certificate/sscpr-systems-security-certified-practitioner
Cyber Defense and Countermeasures – C842
This course was.. Not hard but a lot less theoretical than Security+. You must know your stuff with this because they’ll be throwing SIEM logs, packet captures, syslogs, basically any kind of log you can think of you’ll see and have to interpret. I started this class December 14th and took the test January 13th, so I basically spent a month in this class. Yes, a lot of that time was due to the holidays too, but I spent a lot of my time studying.
Paragraph from the future. If I had spent my normal 2 weeks on this course, I would have failed the certification test. The test was nothing like the numerous practice exams I took. It was so much harder than any of them. I don’t understand why. It felt like all the resources I listed below were not helpful (they were, it just felt that way). The questions and formats were just so.. Different. I have no real advice except to study until you KNOW you’re ready. I must have done 1000+ practice questions.
As I’ve said before, I have been studying these CompTIA certifications for a year, but that’s not the whole truth. I studied A+, N+ and S+ the absolute most while CySA+ and Pentest+ got the least amount of study. I used TryHackMe, Letsdefend and HackTheBox as additional study resources. I used LetsDefend the most out of the three since it’s specifically designed for SOC analyst.
I passed with a 779/900 and the resources I used are:
CompTIA CertMaster Learn: https://learn.comptia.org/app/comptia-certmaster-learn-for-cysa-2020-update-ilt#study-plan/structured (Can be found in the course materials)
CompTIA CertMaster Practice: https://kf1.amplifire.com/amp/#s/learner-dash/hf/courses/course_curric_key=PLR3FX6SU/course_key=KXWFRAVA2/ (There are two Certmaster links in your WGU course materials. This one is just for practice questions basically. The other one is LEARN which has modules for you to read and learn, just like a regular class.)
PluralSight: https://app.pluralsight.com/paths/certificate/comptia-cysa-cs0-002
CyberVista: https://www.kaplanlearn.com/education/offeringdashboard/index/4fa552f844a5b6c4996500125585dbaf (This is annoying because the link for PluralSight is not linked in the C842 learning materials, so I must go back to C838 and click the link from there. It’s the only class that has the link. I can’t log into the PluralSight account directly, I tried – So the only way I can get to PluralSight is by federating to it from the WGU portal. If someone knows a better way, please leave a comment)
Jason Dion’s Udemy Practice Questions: https://wgu.udemy.com/course/comptiacysaexam/#overview (Can be found in the course materials) [Averaged about 75-80]
Wiley Sybex Test Prep Questions: Can’t provide a link for this but essentially, you’ll get the links from the course materials in the CCSP C838 class, specifically the Knowledge Check tab of section 2. Follow the instructions but instead of registering the book associated with that C838, you’ll register the book associated with the CySA+ C842 class. You’ll have to go to WGU library, search CySA+ and the book you’ll need is on the SECOND page, not the first. You can do this hack with any class in WGU and have access to extra practice questions, but I figured it out at the end of my degree.
Certify Breakfast: https://www.youtube.com/playlist?list=PLMYSjEaGLw_vGxGsAIUgmkbEm52QR02tx
Try Hack Me: https://tryhackme.com/ (Specifically, the Nmap Module)
Lets Defend: https://letsdefend.io/
Hack The Box: https://www.hackthebox.com/
Penetration Testing and Vulnerability Analysis – D153
You don’t need to know how to write code, but you better at least know how to READ code. Know the difference between SQLI Stacked, Union, Error and how they will present on a URL. Also know the proper method to remediate them. Same for Reflected XSS and DOM XSS. Local and Remote File Inclusion. Command Injection. Know the difference between Python, Bash, Ruby, PowerShell and their proper syntax. Know Nmap and all of the different tools such as John the Ripper, Hydra, Medusa ect.
All together I felt this certification wasn’t as hard as CySA+. A lot of the concepts taught in CySA+ were then moved to Pentest+. It makes sense because one teaches you how to recognize and respond to signs of intrusion and one teaches you how to be the intruder. A lot of the concepts would overlap, hence why I felt this test wasn’t as hard. It also felt like CySA+ had a lot more concepts to cover but that makes sense because a security analyst needs to be aware and knowledgeable of essentially everything where as a pentester and specialize in certain areas of intrusion.
I used TryHackMe’s Pentest path and that taught me a lot of things I needed to pass this test. HackTheBox for some practical experience as well. I have been using both for a little over 6 months on and off to learn. I was able to cram Pentest+ material specifically for passing the certification.
This course took me a little over 3 weeks to pass this test and I passed with a 778/900. The resources I used are:
Paul Browning’s YouTube: CompTIA PenTest+ Full Course – FREE [11 Hours] PT0-002 (Luckily, he dropped this video literally as I was starting to learn. LIFESAVER! There weren’t any great Pentest+ video series until this one! I watched on 2x speed, slowed down to 1.5x on some parts)
YouTube Series: TryHackMe COMPTIA Pentest+ Pathway (Used to help get through the module)
TryHackMe: https://tryhackme.com/ (Specifically, the Pre-Security learning path and the Pentest+ learning path. Gives you pretty much everything you need when it comes to scripting, Nmap, and more.)
Hack The Box: https://www.hackthebox.com/
Certmaster Learn: Can be found in the course materials.
Certmaster Practice: Can be found in the course materials.
CyberVista: https://app.pluralsight.com/paths/certificate/comptia-pentest-pt0-002
Sybex Wiley Test Prep Questions: (If you do the same steps I wrote for C842 for Pentest+ you’ll be able to get access to this test bank.)
https://app.efficientlearning.com/pv5/v8/5/app/comptia/823810pentestplsg2e.html?#welcome
Reddit Post: https://www.reddit.com/r/WGU/comments/juag1c/d153_penetration_testing_and_vulnerability/
Reddit Post 2: https://www.reddit.com/r/WGUCyberSecurity/comments/u6fd9c/passed_both_pentest_d153_cysa_c842/
IT Capstone Written Project – C769
I started doing this course right after I finished Pentest+ on the 1st of February. I had enrolled in the course on the WGU portal on the 15th of January, but I didn’t do anything with it while I was still studying for the Pentest+ certification. Also, that wave of complacency that hit after I passed Pentest+ was like smoking crack. Knowing you’re done with tests and certifications was a high I’ll never forget.
For Task 1, the topic proposal form, it took me 7 days to submit the assignment in the WGU portal, so February 8th is when I submitted it. That’s because I took about 4 days to even THINK of a topic to write about. For the entire time I spent in this degree, I was planning to write about vulnerability management through Tenable Nessus or Qualys. When it came time to write, I didn’t like the idea. I think I knew it would require a lot of steps and I wanted to make this paper as easy as possible. I’m not striving for an excellence award. I even fought with the idea of still writing about that, hence why it took me 4 days to even start writing the topic proposal form. I decided to write about Endpoint Management through Citrix UEM. That’s all I’ll say about that. So, for 4 months I had a topic idea and ended up changing it at the end. As you go through the degree you’ll be exposed to more concepts, problems, solutions, technologies and techniques. It’s okay to change your mind later based on new information. I felt more comfortable talking about endpoints because I spent weeks learning how to map, enumerate, compromise, pivot ect them through Nmap and other technologies. I also learned about vulnerabilities they have and proper ways to protect them. I just felt more comfortable writing about that.
As I mentioned above, I inherently knew that writing about vulnerability management would require a lot of peripheral information such as configuring all the servers and endpoints that will need to be scanned, creating policies surrounding it, choosing what type of scans to do when (credentialed vs non-credentialed) and how the scan might break things. While the capstone is not gauging you on technical knowledge or even if a technology even really exists, I just didn’t want to go through all that, so I chose an easier topic IMO.
I decided to make my company small. If your company is big and for example, you’re talking about implementing an MDM solution, you’ll have to at least explain what identity provider and user management system the company uses, like Active Directory. That’s another paragraph. Annoying. If the company is small, you don’t need an extra detail like that, and that’s only one example to express the demerit of using a big company. Unless of course you choose to write about something that requires a big company.
After I submitted my topic proposal, I spent a month not writing my task 2 or 3. Ridiculous. The burnout was REAL! I didn’t know where to begin and every time I sat at my desk to start writing my brain would just shut off. So, from February 8th to March 1st I didn’t write a single word. It was my PM (Hey Roblene!) that punched me in the face and told my ass to get it in gear because my semester was ending in 40ish days. Please be aware of burnout!
For task 2 I just followed the task 2 example on the Capstone website, not hard to find. I mirrored it as best I could and obviously made deviations as necessary. It was following that template that finally got my brain moving again. Use the Task 2 template that can be found in the Capstone website, or your CI will email you with a bunch of links and files and it should be in there too. It tells you what you need to know. I found the task 2 template file on the capstone website was better because it offered more guidance and breakdowns.
I was initially stuck on the first two prompts, the Proposal Overview and the Review of other works. The template and capstone website basically tells you if you’re stuck there to skip those and save them for last and that’s exactly what I did. I started writing on the Project Rationale prompt and it made it easier. From there you can just follow the Task 2 example paper and the guidance on the template, and you’ll be just fine. My task 2 paper was 25 pages.
The excellence archives weren’t helpful for Task 2. All those excellent papers are for task 3. I’m guessing this is due to task 3 requiring you to include appendices, and those are created by the students, so it looks better and offers more information. I feel, nay, I KNOW task 2 was way harder so I was peeved I couldn’t find any papers to help me with this task. You only really need the task 2 example paper though and it’s what I used for 90% of my paper.
You will think you’re repeating yourself a lot, because you are repeating yourself a lot (hehe). Think of this paper as if you’re talking to a child and don’t mind repeating yourself. I must have written the words “device” and “remote wipe” like a hundred times in my paper. For the Goals part, you’ll literally have to rewrite what you just wrote multiple times between the Objectives and Deliverables, so understand you’ll be repeating yourself a lot.
The section I spent the longest on was the review of other work. Was a bitch finding 4 references. I just used Google, the WGU library didn’t help at all. You can use two articles that talk about the same thing, just make sure you’re quoting different topics if you get what I mean. If both articles talk about What, Why, How, your first review should focus on the What. That means your second review should focus on either the Why or How. That’s how I did it. Properly reference everything and you’ll be fine. Actually, the Excellence Archives helped me on this section because they all include a reference section.
Task 3 was just copy/pasting from task 2 and changing the tense. Nothing special. Follow the task 3 template. By this time, you won’t even need to use the hundreds of Excellence Awards papers because you’ll have 80% of what you need already written. The hardest part was finding 3 MORE references. Annoying. I spent the most time here just searching for applicable references. The appendices weren’t that hard so you should be fine. This paper was 21 pages long.
Put your papers into Grammarly and fix all the errors (there are a bunch Word won’t catch). I was shocked how many errors I had (98 for task 2 and 48 for task 3). If you don’t do this step, you’ll risk your tasks being sent back for dumb spelling and grammar mistakes.
I submitted my task 2 on March 8th and they graded that shit in 32 minutes. I was shocked. Passed first try. I had a 5.82% similarity score which was a lower number than I was expecting.
I submitted task 3 the next day, March 9th and they graded . I had a 9% similarity score which, again, was lower than I thought I’d be.
Resources I used are:
https://ashejim.github.io/C769/intro.html (Everything you need can be found here)
https://www.reddit.com/r/WGU/comments/zk3mw7/c769_it_capstone_completed/
https://www.reddit.com/r/WGU/comments/s0pibd/c769_it_capstone_written_project_i_passed/
No responses yet