RANT - Rare moment of vindication
So for background I work as a consultant and did an end to end wireless deployment for a large campus well over a year ago. Whole nine yards, survey, new APs, switches, firewall, you name it.
A few weeks ago they get in contact with us to let us know the wifi is badly underperforming. Traffic is dropping, people can't get connected, download speeds in KB/s etc. During the phone call they mention this has been going on for months now, why they waited this long to mention this to us is beyond me... but ok.
Right away I know what the problem is, their internet connection isn't good enough. Their dinky 20mb/s DSL modem was adequate back when the campus' wifi was a Dlink router for the 20 odd people in the cafeteria but grossly inadequate for the 2000+ people the wifi supports now.
I brought this up with them during the initial planning + deployment but they outright refused to upgrade it. From what I understand the internet connection is a monthly cost, while the wifi project was 100% paid for with a donation (some rich guy who used the facility was upset he couldn't use wifi while at the gym apparently and arranged to pay for the upgrade end-to-end)
Because the internet connection came out of the monthly budget they "wanted to wait to see if they really needed the upgrade before proceeding" and well... here we are.
So I head down there and spend the better part of a few days troubleshooting the problem. I survey the signal strength, review the configurations, update the firmware, check all the uplinks, switches, etc etc, and check over the logs in the PRTG instance I setup for them and sure enough they are maxing the internet connection.
So I summarize everything in a nicely detailed report, send it to the customer, and they outright refuse to accept my conclusion. Making some excuse that "the wifi worked great until you installed all this equipment". Yeah sure, the one Dlink router in the cafeteria, they clearly have no idea how any of this works and even my Project Manager is shaking his head at this point and debating if he needs to go there with sock puppets to explain how wifi works.
The customer goes silent for a couple of weeks and then calls us back to schedule a meeting. Apparently they have talked with another consultant about this issue to get another opinion and wanted us to come down and handoff the project.
Ok... sure, whatever. At this point they're being unreasonable pains in our ass so we don't care.
So we head down to the meeting and walk into the boardroom and this other consultant turns out to be a friend of mine and former coworker who now happens to work at our competitor. We say our greetings and start the meeting.
It turns out the customer hadn't even bothered to hand this guy our report, they wanted him to have a 'fresh perspective'
So he asks the obvious questions about the problem, and I explain the technical details in nerd speak in about 2 minutes.
He then turns to the customer and says deadpanned:
"So why am I here again? Darkalman is one of the best engineers in this city and he clearly knows what the problem is, maybe you should just listen to his advice"
The customer just loses it at this point and throws a fit and the meeting basically ends there.
Two weeks later we get a sheepish request sent via email
"Would it be possible to schedule an engineer to come down on date the ISP will be installing our new fiber internet connection"
submitted by DarkAlman
Net+ Sec+ in the bag! (Small Rant)
Hey all, a little bit about myself, no IT experience, just left the military after 4+ years.
Passed Net+ last month after 3 months of studying and 2 days ago I passed Sec+.
The material used was the same for both exams:
Prof Messer (Youtube videos) listened through the whole thing 2-4 times, while eating, gaming, or researching other stuff.
Dion's training course on Udemy + his practice exams, I scored +70% in all tests net and sec, I'd say the key being consistency, you will get questions that are there simply to confuse you and where all options are valid and but you have to pick *best* out of 3-4 great options which you'll most likely have to guess and even then when you're using other sources to study, they'll ask exact same question with a DIFFERENT answer. yeah.
800+ questions done, each, from examcompass and them flashcards sites (forgot the name)
For Net+ focused on knowing Subnetting /24-/30, creating lil notes like BGN for wifi standards, while I knew which freq they were, which of em was 2.4 and 5 band one, I knew the other were the different freq, so basically, instead of knowing it all I knew what I wrote and stuff I didn't know were opposites, and port numbers by heart.
For Sec+, I ignored the ports section, besides the one's I knew already from Net+, I just felt the chance of getting some niche port was small so I stuck to main ones, SSH,DNS,DHCP, SMB,Ldaps etc. Types of access control, which one was strictest, which one was most flexible, honestly, this thing still confuses me even now, due to the way they will word these questions in exams. breaking down bluesnarfing/jacking into which sends info and which receives, and finally knowing your web page cert stuff's and what each party involved is called.
Skipped practice-based questions and moved on to multi choice on both exams.
I'll begin my rant by saying, I thought the material for both exams is phenomenal, as a person who was looking up job positions and not knowing what LAN/WAN or DHCP was, to having enough knowledge to explain it in my own words, it's a great feeling, both exams have extensive material online that allowed the individual to explore different types of studying, best suited for himself.
The biggest issues I had were the EXAMS and the Cost.
Exams - are meant to test your knowledge, you should know straight away which are no-no's like Telnet, which ports are safest and why, what each layer does, how it's split, what sort of data travels in it, what info the ip address and its subnet mask provide you, the types of cabbling and standards behind them, what safety regulations are there for cabling in ceilings and what command will land you specific results when troubleshooting, whether its ping or netstat, why out of band networks are neato and why STP is important, that's the questions to test your knowledge on the material you just learned, to prove you understand the concepts provided to you, instead the exam questions are written in a way to screw you about, play on words, scenarios that list 2-3 options which all would potentially solve the issue, but instead you need to guess which is correct, honestly, even after studying for months, you go into the exam and you simply guess answers? Yes, we deduct wrong choices, on answers we know, but the sheer amount of questions, that just mess with you for the sake of what? real-life practice? guess what happens if ping didn't work? I'll tracert I'll find the solution, so many poorly written questions where you just have to stop in the middle of the exam and start working out scenarios in your head of when you'll be taking a retest, most people in this subreddit state the exact same thing, the feeling of failing because besides the questions that are more straight forward and your skills allow you to answer it, you guess the rest. Then we have to fill in some generic survey to answer information about yourself? how about you leave a box to type in if you want genuinely reviews and feedback on the course. If you failed an exam, you'll get a summary of the areas you failed in, cool, but guess what happens when you're doing the exam again and a question you guessed and failed shows up again? you gonna guess again, why? because there multiple questions that cover the same domain and when you guess these poorly written questions, you don't learn from your mistakes, which should be key in studying.
Exam price, 350$ for sec+ attempt? there more known and overall beneficial certs out there that don't cost half that, CompTIA is well known in the market and I feel they are purely squeezing it, this feels like CEH an overpriced cert, with no practical value, but which simply is demanded in US by HR, you shouldn't be paying a grand to do a useless exam with no value to you whatsoever just to please the HR, due to them being forced by the gov to force it on you, people aren't stupid they see these patterns. If you truly are an entry IT security certificate, price it as such, repeats, shouldn't be the full price each time.
If I had the info I got now, I'd skip Net+, do CCNA, and then do Sec+.
Heath's Ethical hacking course, then Tryhackme pentest path followed by PTP.
As with everything in life if you apply yourself, it's not a question of IF you'll pass, but WHEN.
Thanks for reading my wall of text, I wish you all best of luck.
submitted by Etko