This was posted 2 years 2 months 15 days ago, and might be an out-dated deal.

Related
  • expired

Free Online Training and Exam: Certified in Cybersecurity (Foundational Certificate, 1 Million Spots) @ (ISC)²

1180
Free Online Training and Exam: Certified in Cybersecurity (Foundational Certificate, 1 Million Spots) @ (ISC)²
Go to Deal
pjwellsey on 19/09/2022 - 09:08 isc2.org (4731 clicks)
Last edited 19/09/2022 - 13:35 by 1 other user

Start Your Journey
To participate in the One Million Certified in Cybersecurity program, please follow these simple steps:

Create an account. If you already have an (ISC)² account, sign in.
Complete your (ISC)² Candidate application form and select Certified in Cybersecurity as your certification of interest.
Once the application is complete, you’ll become an (ISC)² Candidate. It’s free to join - your (ISC)² Candidate $50 annual dues are waived until September 2023. You’ll gain free access to Official (ISC)² Certified in Cybersecurity Online Self-Paced Training and a code to register for the free certification exam. You will find your access on the Candidate Benefits page.
Upon passing the exam, you’ll become a certified member of (ISC)² – the world’s largest association of certified cybersecurity professionals – with access to a broad range of professional development resources to help you throughout your career.

Q:
Can I take the exam online?

A:
The entry-level Certified in Cybersecurity certification exam will only be available in-person at (ISC)²-authorized Pearson VUE test centers
https://wsr.pearsonvue.com/testtaker/registration/SelectTest…

Please note: Upon passing the exam and becoming a certified member, your US$50 Annual Maintenance Fee will be due.

Education Certification Exam Certification Training Cyber Security

Related Stores

(ISC)²
(ISC)²

closed Comments

  • SmashedAvocado on 19/09/2022 - 09:19

    Hey guys, is there anyone here in the cybersecurity industry that can advise a pathway into the career? Is this a good start? Hard to find legit forums for Aus Thank you

    • duckdodgers245 on 19/09/2022 - 09:33
      +3

      Not sure about this one but best way to find out what is ideal is have a look at some job applications and see what they are looking for.
      I just finished my CompTIA Sec+, parts of it is pretty basic etc. but they have to go through it. But when looking at some state gov jobs some listed that it was a desirable qualification. Other stuff to look at are cybersecutity audit and risk Management courses which is handy. When it comes to that cybersecutiy the 1 word that i have always heard is "risk", have a look at ISACA they have a good course in that stuff.

      • OzByte on 19/09/2022 - 11:46
        +2

        CompTIA Sec+ is what most beginners should be focused on. Pick a few cheap pentest courses once you are done. Then aim for a job.

        • ferguson on 19/09/2022 - 19:42
          +2

          It all depends on what part of "Cyber Security" you are interested in joining. It's such a broad term.

          The two very generalised categories:

          • Operations: Hands-on technical stuff. Entry level roles are often in SOCs (Security Operations Center). Have a look for a job advert for a "SOC Analyst" and see what sort of things they are asking for.

          • Governance / Risk / Compliance (GRC): Largely process based. Look up terms on Seek such as "information security", "risk management", "isms" a.k.a "iso 27001".

          Often people in all of these roles will come with experience from other parts of IT. For example, it is desirable to find someone who has previously been in operational roles in a "network team" if you are looking to hire someone to determine your network security controls.

          On job ads, especially government roles, everything is desirable as far as certifications but almost everything is also negotiable. There is no one single "cert to rule them all".

    • natfu on 19/09/2022 - 09:38
      +16

      From a learning & certification perspective, this might help: https://pauljerimy.com/security-certification-roadmap/

      I'd say that most (but not all) people in cyber tend to start in IT to get experience. Cyber is not an entry-level starting point so you need some experience depending on what domain you are focusing on.

      HTH

      • tedibaba on 19/09/2022 - 11:17

        Nice Sharing
        Thanks natfu

    • tharlow on 19/09/2022 - 09:38
      +4

      https://www.myskills.gov.au/courses/details?Code=22334VIC

      Or consider joining the Army

      • IceTooth on 19/09/2022 - 09:53
        +1

        upon completing interview, health and security clearance

    • 87percent on 19/09/2022 - 09:50
      +2

      https://www.simplycyber.io/

      found this site recently

    • seonken on 19/09/2022 - 09:51
      +11

      Breaking into cybersecurity / information security is a little tough as everybody wants to hire people who already know about security. If you want to start a career, look at different streams: technical, managerial, consultant, auditing etc.

      CISSP, CISM, CISA etc. are advanced certs, don't look at them at the start of your career. Look at Security+ to start with then I would go with CEH and then CISM, CISSP, ISO27001 Lead implementor or auditor. It all depends on where you are in your career, what kind of background experience you have and how your career shapes. I started off in a technical role and wanted to progress in it but then there was nothing for me to work on in my organisation, so I did ISO27k1 Lead Auditor course. I was lucky to get a chance to implement an ISO program. Then my career took on a managerial/consultant stream. If you want to stick to the technical side, CISSP is a gold standard, but you have to get a lot of experience.

      Forensic, GRC expert, cyber risk practitioner, incident response, penetration testing, technical security reviewer, threat hunting, malware researcher, cloud security, IOT/OT security, secure coding, frameworks experts, and security technology implementor are other streams too.

      • TenguTech on 20/09/2022 - 14:08

        Breaking into cybersecurity

        Isn't that the other side of the fence? :P

    • sien on 19/09/2022 - 10:10
      +11

      Join the Australian Public Service (APS).

      The APS is desperate for Cyber Security people and doesn't pay enough so they can't fill their entry level spots.

      But this means it is great for training.

      • OzByte on 19/09/2022 - 11:30
        -2

        Yeah especially if you want to go live in the dump Canberra for a few years, slurp up all their free training on offer, then get a real job.

        Good if you are early 20s, would not recommend for older folks. There are better avenues.

        • orbital on 19/09/2022 - 12:37

          Sorry you failed in Canberra pat pat

          • OzByte on 19/09/2022 - 13:11
            +4

            @orbital: Never lived there, never will. Anyone seriously considering Canberra should research the lifestyle though.

            It's a bit of a trap, many folks end up stuck there, hobby farm in Queanbeyan the rest of their lives.

            Starts out as a couple of years in the APS and them bam, lifetime achievement award.

            If you were to play it right, get in young, get the training, get out…. it would be time well spent.

            • ffhound on 19/09/2022 - 18:16
              +2

              @OzByte: I know Defence were/are loong for people (see APS jobs) and they were prepared to outpost people at places like Watsonia barracks or Melbourne city. See APS jobs for job ads.

              If you want to get a Cert IV in Cybersecurity more or less for free and you live in Victoria look up the Victorian Govt's Free Tafe courses.

              If you want to get into Software Engineering apply to do the Victorian Govt's Digital Jobs Program (12 weeks free study in a relevant course + 12 weeks paid internship in a Software engineering company).

              If you don't live in Victoria, diddums :)

              • huggsymersh on 19/09/2022 - 23:45

                @ffhound: thanks for the heads up about the vic gov digital jobs program. Didn't know about it. I'm at the end of an online CS course and wasn't sure where to go after that.This may be something tangible to aim towards.

            • ferguson on 19/09/2022 - 19:49

              @OzByte: Hobby farm in Queanbeyan sounds kinda nice!

              Disclaimer: I've never been to Queanbeyan before.

        • bmdeluxe on 20/09/2022 - 07:56
          -1

          Spoken like someone entirely ignorant on the matter.

          Scrolls down to see their next comment…Oh yep, there we go

          Like @orbital said, my condolences.

    • OhThatsATree on 19/09/2022 - 10:24
      +3

      I've been in Cybersecurity in the US and Aus (private, non-gov) at a FAANG and startup. A cert's keyword might help get your CV through a computer filter but it's worthless beyond that. What matters is you can answer the technical questions in the interview. If going after a cert is the education that brought you that knowledge, then great. But once you're in an interview I don't know anyone that cares about what tests you've passed.

      Gov typically does things differently and they like to see specific certs, which should be included on the job posting.

    • Zippy135 on 19/09/2022 - 10:27
      +3

      I did this cert when they were running the pilot. For me I wanted to test my knowledge It covers the basic stuff so for free, it’s worth it. I wouldn’t pay for it. I did the udemy course rather than the one offered as it wasn’t included at the time. My friend said the isc2 training was better than the udemy one.
      During the pandemic, I changed careers into cyber and found you do need to know the fundamental of cyber. As there are so many different areas to cyber I found watching a bunch of videos/webinars to learn what roles there are helped me narrow the direction of where I wanted to go and what to study.
      There’s heaps of free activities, certificates you can do to see if that’s an area you enjoy. I also found https://www.mosse-institute.com/ a good place to start too. Bottom of page they offer 100 hours free to practice and test yourself. They have a wide range of topics to choose from. You get a task, you submit your answer and they will critique it with a pass or fail and some feedback.

    • Herbse on 19/09/2022 - 10:34
      +3

      Dunno where you live but Vic has free certIV courses for cyber security at the moment. Courses are all online now, some offer at your own pace.

      It's a good option to get familiar with the field and then you can branch from there once you understand the career pathways.

    • thatsnasty on 19/09/2022 - 10:37
      +3

      https://www.uow.edu.au/study/cyber-academy/ not sure if still open for 2023 but they will pay you $40k a year for 3 years whilst you get your degree.

      • SmashedAvocado on 19/09/2022 - 10:47

        This looks perfect for me, sadly though I am in QLD :/

      • kiitos on 20/09/2022 - 08:01

        Wow, that's pretty amazing!

      • alcadive on 20/09/2022 - 11:33

        Damn that's awesome.

    • frazel on 19/09/2022 - 12:18
      +13

      A bit of background, I have 10 years in cyber security and architecture. I have also hired grads to seniors over the years.

      It's important to under how "security" is structured. There are three main areas, two are technical, and one is not technical.

      Cyber Defence (aka Blue Team) - These are technology-based positions where the person uses their skills to defend or prevent breaches. Tasks include; implementing/configuring new/old equipment such as firewalls, web proxies, PKI infrastructure, etc. Also working in a Security Operations Centre with SIEM tools to detect breaches using the application/system/network/etc. logs.

      Cyber Offence (aka Red Team) - These are technology-based positions where the person uses their skills to identify weaknesses in systems/applications/networks/people to gain unauthorised access. They then write a report on the weaknesses and how to resolve them. This sounds fun, but realistically, it's a very niche part of security and is highly competitive and requires you to continue to be up to date with the latest vulnerabilities and attacks.

      GRC (Governance, Risk and Compliance) - This area is non-technical by nature and is focused on making sure that tasks are done according to best practice/policy, auditing what has been done to make sure it's in compliance, risk analysis etc. It is typically very document heavy. There is an enormous amount of work in this area. This is because the CEO's typically do not understand technical information, but they understand Risk = Likelihood x Consequence.

      So to answer your questions, where does this cert sit. The simple answer is, who knows at this stage. It's a relatively new cert by a very well security organisation, and it's too early to know how the certificate will be perceived in a couple of years. Right now, as others have said the Comp TIA Sec+_is the standard entry-level certificate. If someone had a Sec+ certificate with no other experience, I would probably be looking at paying them around $50-60k. After a couple of years, I would be looking at paying someone $80k-100k. Then it just depends on the person and how valuable they are. It's not unheard off to get $200k after 5 years.

      Also, I might add that I have a CISSP from ISC2, which is the highest valued cyber sec certificate (with CISA and CISM)

      • spendybeans on 20/09/2022 - 08:09

        Do you commonly hire folk from other areas of IT and does that get them a little more at the start? Say they recently moved to data (2 years) but are a bit regretful they didn't initially pursue security… Have done some HackTheBox's and plenty of their own box nix sysadmin stuff… Would they be able to hit the ground running with a little more money?

        • frazel on 20/09/2022 - 09:55
          +3

          It really depends, my company works mostly in the network, security, SOC, and architecture space for both IT (normal corporate networks) and OT (operational technology networks, e.g. running power stations, biomedical devices, train line communications etc.) networks.

          So it depends on what the company does and what you want to do to make sure it's a good fit.

          I would recommend picking one of, red team, blue team, or GRC areas and working toward that position. For example, CEH is a pen testing (red team) certificate. If you want to do red team, that's a good certificate. But CEH is not going to help you if you want to do GRC, do ISO 27001 implementer instead.

          With 2 years of IT experience, depending kind of tasks you did, you might be looking around 70k. If you have a Sec+ with 2 years of IT experience, you would be looking at 80k.

          So yes, we definitely hire IT people and cross-train them. You might start off in the SOC for a year, until you know what area you want to work in. If you did a good job in the SOC, then you can then move into blue team, red team or GRC from there.

          Best vendor agnostic certs for each area.
          Beginner Cert's
          CCNA, Sec+, Network+,

          Advanced Red Teaming
          OSCP, CEH, CISSP

          Advanced Blue Team
          CISSP, CISM,

          Advanced GRC
          CISA, CISM, CISSP, ISO 27001

          • spendybeans on 20/09/2022 - 14:36
            +1

            @frazel: Awesome, detailed response. Thank you!

            Red team would be the first thing I think would be interesting but I know it's competitive and like most things, we don't necessarily know what we'd like until we experience a bit of everything.

    • Calcifer on 19/09/2022 - 14:09

      It somewhat depends on what you want to do within the area of cybersecurity. There are many types of careers in the field and your objective should drive the steps you might take to progress into a career.

      It's kind of like saying you want to work in health or medicine. There's everything from reception, to GPs, and a plethora of specialisations. Same thing for 'IT' or 'Cyber'.

      If you are starting out any certification from a reputable body like Isc2 can help. However most organisations want experienced people, as others have said. Which is where the challenge entering the field often lies. This cert certainly will do more for you than doing nothing, and at such a good price point :)

      Feel free to DM if you would like to chat more on this

  • J-B on 19/09/2022 - 09:20
    +9

    The Annual Maintenance Fee (AMF) for Certified in Cybersecurity is U.S. $50. This is due upon certification.

    • axlfan on 19/09/2022 - 10:06
      +1

      If our employer doesn't bother, then can at least get tax benefits as its education related right?

      • Herbse on 19/09/2022 - 10:41

        What is this? I've never heard of an official ongoing fee to be certified in cyber security.

        • OzByte on 19/09/2022 - 11:37
          +1

          It's actually standard business practice for a lot of the vulture vendors now.

          • Herbse on 19/09/2022 - 11:44

            @OzByte: So it's a per "education" department thing. Not an overall body oversight type body like nursing or medical association. What a croc

  • doxxie on 19/09/2022 - 09:39
    +1

    Q:
    Can I take the exam online?

    A:
    The entry-level Certified in Cybersecurity certification exam will only be available in-person at (ISC)²-authorized Pearson VUE test centers
    https://wsr.pearsonvue.com/testtaker/registration/SelectTest…

  • walaj on 19/09/2022 - 10:17

    CISSP is a gold standard, but you have to get a lot of experience.

    The CISSP exam is not trivial. There are potentially 100's of questions, of which you will need to answer enough in each of the CISSP domains to prove your knowledge. And because they can, some of the questions are written in a way to try confuse you "which of the following answers is not correct" or "which combo is the correct triple".

    Because of this, the computer driven system may ask further questions until convinced you have passed, or not.

    (poop. was supposed to be in reply higher up)

    • tharlow on 19/09/2022 - 11:02
      +1

      It looks like you answered the wrong question. Your score is 0%.

      Just kidding

  • TheRealCJ on 19/09/2022 - 10:32
    +7

    Cool, so to join up to this cybersecurity site I just gotta give them my personal details and credit card info, plus my mother's maiden name and the name of my first pet? Done, no worries.

    Man, I can't wait to become a cybersecurity expert!

    • Herbse on 19/09/2022 - 10:37
      +2

      I just noticed your computer has a virus. Contact me on WhatsApp so I can fix that for you using remote access at a reasonable cost.

      • TheRealCJ on 19/09/2022 - 10:37
        +1

        Sure! Do you need my home address too?

        • Herbse on 19/09/2022 - 10:38
          +2

          High quality scans of your license and passports will be fine

          • tharlow on 19/09/2022 - 11:04
            +2

            @Herbse: How about high-quality scans of other people’s passports? Sadly, I am in desperate need to outsource my scamming these days, as it’s just too easy. I assume a 50-50 split is OK?

          • TheRealCJ on 19/09/2022 - 11:24
            +1

            @Herbse: Great, but I cant' get to the post office anytime soon, can you come to my house and pick them up? I'll give you the alarm code so you can get in.

    • darkmattersunB6c0MV on 19/09/2022 - 22:25

      If you appear for CISSP later, be prepared to give your biometric information too - they perform palm scan every time you enter or leave the testing room.

  • OzByte on 19/09/2022 - 11:33
    +8

    This certificate is literally a scam that ISC is running to collect yearly maintenance fees.

    Never even heard of it until now, nobody will care if you have it, nobody will ever ask for it.

    If you are getting started in the industry and you dont have much knowledge, focus on getting your CompTIA security + first.

    Once you have money and an employer later on, focus on getting some SANS.

    If you just want to be a pentester, there's a few other cheaper options like Pentester Academy and OSCP

    ISC for the most part and to an extent, even their CISSP is just a license for them to print money, very few people actually care about ISC certifications.

    If you want to do a management career path, sure focus on CISA or CISM … but that's a whole other trajectory, not really entry level.

    • Herbse on 19/09/2022 - 11:40
      +1

      I was thinking the same. I've never heard of this maintenance fee before seeing this deal and there's no information anywhere else on any kind of ongoing cyber security fees.

      • natfu on 19/09/2022 - 12:59

        ISACA (CRISC, CISM etc) also requires an AMF. I believe that the difference is that ISACA's AMF goes up the more ISACA certs that you hold, whereas ISC2's do not*.

        *I hold a CISSP and achieved my CCSP this year. My AMF remains the same at $125 USD. Since you are paying $50 for this cert, you could expect it to go up to $125 in the future if you certified further with ISC2. Well worth it IMHO.

        BTW, Often your employer will cover the AMF under their professional memberships/certifications policy, so check if they do.

      • seonken on 19/09/2022 - 14:09
        +1

        Its very common for vendor-neutral organisations to charge maintenance fees. Microsoft, CISCO, AWS don't charge because they see other benefits.

        ISACA, ISC2, OCEG, ECCouncil all charge maintenance fees.

    • darkmattersunB6c0MV on 19/09/2022 - 22:23

      You also have to either pay or renew your CompTIA Sec+ by doing the (next) higher certification.
      ISC2 allows one AMF for all your certifications.

  • starspawn on 19/09/2022 - 14:24

    Thanks this is super helpful! I am currently managing a Cyber project and am keen to get some knowledge, qualification in Cyber Security!

  • fullmetal on 19/09/2022 - 22:10

    Can u get the cert and not paid the maintenance fee? Doesn't matter if it's expired.

    • darkmattersunB6c0MV on 19/09/2022 - 22:20

      Usually, to keep the certification, you have to pay a maintenance fee.
      But the good thing with ISC2 is that you just pay one maintenance fee, even though you may hold multiple certifications.
      (ISACA certifications are different- you pay progressively more if you hold more certifications like CRISC, CISA, CISM etc).

  • darkmattersunB6c0MV on 19/09/2022 - 22:18

    This is a good way to start.
    ISC2 is a very reputable organisation.
    Happy to help anyone who has questions. Please feel free to PM- will try my best to answer (short of asking for a job).
    (Have ISC2 CISSP, CCSP, ISACA CISM and CompTIA Sec+, besides others.)

    • poormansfriedchicken on 19/09/2022 - 23:23

      Have any good free/cheap Sec+ resources? It costs too much to learn on their official site :(

      • darkmattersunB6c0MV on 21/09/2022 - 20:21

        Actually there are.
        I personally took the get certified-get ahead package from Darril Gibson, who helps you learn in a very logical manner.

  • zaqwsx3 on 20/09/2022 - 09:55

    Just seems like a way for an organisation to get $50 out of you, unless there's any reputational benefit to this cert.

    • OzByte on 20/09/2022 - 11:18
      +1

      There is zero benefit. Invest time on other meaningful avenues.

Login or Join to leave a comment
Login Join