Passing CyberSec First Responder Exam

I’m happy to say that I passed the CyberSec First Responder certification exam. Overall, it was an enjoyable experience – studying for it and learning some new things, taking the exam at a good testing center, and celebrating afterwards at IHOP.

Cybersec First Responder badge

One thing that I reaffirmed through the process is that it is a logical choice after the CompTIA Security+ exam to round out your resume. This is especially true if you’re seeking a hands-on role in cybersecurity or IT forensics and it will be what I recommend to anyone that asks me about CEH.

As with any certification exam, there is a non-disclosure agreement (NDA) and I don’t plan on violating the NDA. Still, there are some things I can share with you that you may find useful.

Taking the CyberSec First Responder Exam

First, the questions were all multiple choice or True/False questions. Many of the multiple choice required you to select two or three answers. A neat feature was that the exam had an internal check in it, helping me ensure I selected the correct number of answers.

Many of the “select three” answers were used instead of the NOT type of questions that CompTIA frequently uses. This will help many people avoid confusion.

As an example, consider this question.

Which of the following are colors (Select Three)?

  1. Blue
  2. Car
  3. Green
  4. Yellow

If you understand the content, this is often just a matter of figuring out which answer doesn’t fit with the others and not selecting it.

The same question could use the same answers, but reworded like this:

“Which of the following is NOT a color?”

One thing I was very grateful for was that the questions and content were never covered up. I could always see the full question and all the answers. In contrast, when I took the CompTIA Cybersecurity Analyst Beta Exam, it was often difficult to view the graphics, question, and instructions without moving things around. Typically, the question and instructions covered up the graphics and underlying hotspots making it tedious to just understand the questions.

How To Study for CyberSec First Responder

Here are a few methods you can use to prepare for this exam.

Attend a CyberSec First Responder Course

There are many training centers that teach the course. You can use the search feature toward the bottom of this page to find one near you. It’s labeled Find a CFR Class Near You.  Select the region (such as USA) and the Subregion (such as VA) and it’ll list training centers that you can click to get more information.

The course is typically taught in a five-day instructor-led format from 9 AM to 5 PM.

Some people love this format, and there was a time when I thrived in a classroom format like this. However, it’s not for me today, so I needed another method.

Self-Study with the CyberSec First Responder Course Book

You won’t find any resources for the CyberSec First Responder certification on Amazon. However, you can purchase the course book from Logical Operations here. They have several options such as:

Student: Digital Courseware

This includes the course book and other materials (such as a practice test) available online. I used this in my preparation. Unfortunately, minor eye surgery made it quite uncomfortable to look at a computer screen for more than five minutes while studying for this exam. Fortunately, I was able to print out the course book from the digital courseware – it was a little messy, but worth it.

Student: Print and Digital Courseware

This includes all of the digital courseware products and you also get a printed course book shipped to you. If you like a paper copy, the few extra dollars are worth it for this package (and definitely better than printing out the course book from the digital courseware.

Student: Print and Digital Courseware with the Lab Bundle

This includes the same resources as the Print and Digital Courseware product, but also with access to an online lab. I didn’t use this, but the course book referred to it often within chapter Activities. You could create your own lab, but a ready-made lab would save you a lot of time.

Woo Hoo! Study Guide Now Available

Logical Operations recently created a study guide that you can purchase directly from them here.  It’s only $99 in the US and it includes all the resources available in the Student: Digital Courseware product that I used, except for the eBook. (Don’t get this if you’re planning on minor eye surgery soon, though. You won’t be able to print it out.)

Self-Study with Your Own Lab 

Another option is to create your own lab. You can do this in two steps.

  1. Install Oracle VirtualBox on your system.
  2. Install an instance of Kali Linux as a virtual machine (VM).

While you can also install Kali on a bootable USB, it’s valuable to have it as a VM within your primary computer when studying.

Note that this will allow you to do many of the activities in the course book, but you’ll have to adapt. If you’ve developed strong critical thinking skills, this is a good option. However, if you need step-by-step instructions that work without the need to adapt them to your own lab, the lab bundle is a better option for you.

Kali Linux and CyberSec First Responder

Kali Linux and CyberSec First Responder

Kali Linux is a distribution of Linux preinstalled with over 300 penetration-testing programs. It is an important tool for anyone interested in pursuing a career in cybersecurity. Offensive Security funds and maintains it, but it is available as a free open-source tool.

When studying for the CyberSec First Responder, it’s important to be familiar with several key tools that are available within the Kali Linux distribution. I won’t guarantee you’ll be tested on these tools, but I found that playing around with them was a valuable learning experience.

  • Nmap (short for network mapper). This can be used for many tasks including footprinting a network in the reconnaissance phase of a penetration test.
  • Wireshark (a packet analyzer). If you’ve never captured and analyzed any packets, this is a must if you want to elevate your security knowledge.
  • John the Ripper (a password cracking tool). It combines a number of features together in a single tool and is very effective with offline password attacks.
  • Burp Suite (platform for testing web applications). This suite combines many different tools use for security testing.

There’s much more to Kali, but these items are worth exploring.

How I Passed the CyberSec First Responder Exam

While your experience may be different, here are the things that I attribute to passing this exam the first time I took it.

  • Doing the best I could on the Security+ exam (and other security exams I’ve taken). I found that many of the topics were quite similar to the Security+ exam. When I learned those topics, I truly learned them, and they stuck with me.  For example, I don’t need to study CIA or the order of volatility to know their meanings for any certification exam today.
  • Downloading and reading the objectives for the CyberSec First Responder exam.
  • Creating a virtual lab with Oracle VirtualBox and Kali.
  • Reading the CyberSec First Responder course book  from cover to cover. While there were many familiar topics in this course book, it also gave me some valuable information needed for the exam.
  • Taking the course book online quiz. This is a 40 question quiz, which I took 3 times and ultimately dug into each of the questions and the answers. My intention wasn’t just to get the questions correct, but also to know why the correct answers were correct and why the incorrect answers incorrect. During my IHop review after the exam, I realized this helped with many actual questions.

If you’re planning on taking this exam, post a comment. I (and others) would love to hear from you.

How Long Did You Study?

Several people have asked me how long I studied for this exam. I started looking at it closely when I wrote a blog about it about three weeks ago. I then studied the coursebook daily for about two weeks before I took the exam.  Again though, I stress that doing the best I could on previous security certification exams helped me with this exam.

Of course, the implied question is “How long will it take me to pass this exam?” If you’ve recently passed the Security+ exam and truly learned the content, I’d say that you can get this certification within 30 days by following these steps.

  • Get the study guide.
  • Study the study guide daily.
  • Get a voucher and schedule your exam (10% discount available here).
  • Take the online quiz until you’re acing it and you understand all of the answers.
  • Take the exam, celebrate your success, and let us know what worked for you and how long it took.
Read More

Face What Isn’t Working

Principle #30 is Face What Isn’t Working in Jack Canfield’s book “The Success Principles: How to Get from Where You Are to Where You Want to Be”.

It reminds me of something I learned a long time ago. Successful people develop the following three habits.

  • Figure out what works and keep doing it
  • Figure out what doesn’t work and stop
  • Try new things

Still, I’m aware that it’s sometimes difficult to face what isn’t working.

Yellow Alerts Tell You What isn’t Working

One of the first steps in facing what isn’t working is to pay attention to the alerts around you. These are all the subtle (and not so subtle) signals that tell you that something isn’t right.

Some people ignore the alerts though. As an example, the gcgapremium site sends an automated email about ten days after people sign up for a  Security+ package. It opens with:

Are you getting close to taking your CompTIA certification exam?” and provides users with access to a free discount code to get 10 percent off their test voucher.

Here’s a response I received from someone recently.

> Failed it twice actually, the wording and stuff is BS. But third times
> the charm, next week.

Two fails sounds like serious yellow alerts.  However, blaming “the wording and stuff” sounds like he’s not recognizing the fails as yellow alerts. Instead, he seems to blaming someone or something else outside of himself.

I was curious so I peeked at his scores. Here’s what I found.

  • He took the Extras test bank once scoring 37%
  • He took the performance-based questions on ports once scoring 67%
  • He took Set 10 of the performance-based questions twice scoring 7% and 54%

Interestingly, he took these quizzes all on one day about a week before he emailed me, and didn’t take them again since.

Based on this, I’m predicting fail number three. It’s like someone asking me “If I fail all of your practice tests, will I still be able to pass the live exam?

Admittedly, the site doesn’t record all quiz scores, so he may have been studying other quizzes. However, I stress the following formula for success.

1) Consistently score greater than 90% on the following quizzes:

  • The Extras test bank
  • Set 10 of the performance-based questions
  • The Test Your Readiness quiz that is a random set of questions from all the multiple choice questions.

2) Don’t memorize the questions and answers. Instead seek to understand why the correct answers are correct and why the incorrect answers are incorrect. This way you can accurately interpret the questions and identify the correct answer on the live exam.

Most people follow both steps and pass the exam. As an example, here’s a snippet of a recent email I received:

Thanks Darril, just wanted to pass on that I took your advice, took the online gcgapremium exams until I consistently scored in the 90s, and went from a 692 to an 811! All the best! Thanks,.

Unfortunately, some people ignore both steps in the formula and fail. Others ignore the second step in the formula and sometimes fail and sometimes pass.

How to Fail the Security+ Exam

If you want to fail the Security+ exam, there are some things you can do to help ensure success. That is, if successfully failing the Security+ exam is what you really want.

Check out this post.

Failing to Face What isn’t Working

Why would someone choose not to face what isn’t working? Jack puts his finger on it perfectly in the section “What Does Denial Look Like?” You don’t have to be a drug addict or an alcoholic to be in denial. Anyone can get caught up in it.

Why do people choose denial?

Using denial is often easier than it is to face what isn’t working. Here are a few denial phrases Jack lists in this chapter:

  • He’s just venting his frustrations
  • It has nothing to with me
  • It’s none of my business
  • I don’t want to rock the boat
  • Credit card debt like this is normal
  • I’ll get fired if I say anything
  • I need these to help me relax
  • I’m sure he is going to pay it back

For me, many of these are familiar ways of avoiding confrontation. It allows people to postpone facing what isn’t working. However, the clear message is that postponing the confrontation doesn’t remove the problem. It just allows it to grow.

Face what isn't working

I’ve noted that people who repeatedly fail the Security+ exam often use denial phrases that blame things outside of themselves. The problem is CompTIA, the questions, the test center, solar flares, El Nino, La Nina, the gravity pull of Jupiter on Jupo, or something else.

Anything else besides themselves.

As long as they can deny that the problem is within themselves, they don’t have to change anything that they’re doing. They can go from failure to failure without examining themselves or their own abilities.

“Most men would rather deny a hard truth than face it.”

– George R.R. Martin, Game of Thrones

Face What Isn’t Working Summary

Is there something in your life that isn’t working? Is it time for you to face what isn’t working? Give it some thought and if you recognize something, take the time to identify one simple step you take to improve the outcome. And then do it.

About This Post

I’ve been learning from Jack Canfield (of Chicken Soup for the Soul fame) since 2008. I credit much of my success (including authoring or co-authoring more than 40 books) to applying principles in my life that he teaches. I’m currently going through his book “The Success Principles: How to Get from Where You Are to Where You Want to Be,” covering one principle a week.

Here’s a link to other musing’s on Jack Canfield’s Success Principles.

You Can Do Anything

Here are two books that can help you accelerate success in your life.
You Can Do Anything 7 Life Lessons Powerful Principles for Living a Fulfilled Life 
CoverYCDA 3d3
Now available as an Audible book  Now available as an Audible book
Click for free preview Click for free preview

Have you heard about the Audible program?

The first 30 days are free and it's only $14.95 a month thereafter. You get a free book and then enjoy 30% off any other audio books you buy.

Give it a try here.

Get Certified Get Ahead

Read More

CompTIA Cybersecurity Analyst Beta Exam

I just got back from taking the Cybersecurity Analyst beta exam. I won’t violate the non-disclosure agreement, but wanted to share some thoughts with readers.

Darril - What did you use to study?

Since posting this, I’ve been flooded with questions about what I used to study for this exam. Here are a couple.

How was it and how did you prepare for it?

Can you provide a good book for a study aide in preparing for it or is one not available yet?

and paraphrasing

I was thinking about taking xxx, but was thinking about a cybersecurity exam first. What do you think?

How was it? Check out this blog post for my notes.

It’s a beta exam so there aren’t any books or study aides directly related to it. CompTIA states on its web site “No exam objectives are available for the beta. The beta exam parameters are subject to change without notice.”

My study was largely from my experience authoring these books.

The steps outlined in this blog post are very useful too.

Without objectives, it isn’t something I can recommend. However, if you’re looking to round out you knowledge with a cybersecurity certification, I recommend the CyberSec First Responder certification. It’s been around for a while and it has objectives that you can study.

Cybersecurity Analyst Beta Basics

This blog post covered some of the basics on the beta exam, including the cost ($50 in the US) and how to register.

The CompTIA site includes more details here. Unfortunately, they state that “no exam objectives are available for the beta.”

Length of test 165 minutes (which included any time providing comments for multiple choice questions)
Number of questions 103
Type of questions Multiple choice and performance-based
Number of people taking exam 400 (beta period will stop after 400 people take exam)
Registration Pearson Vue web site (you need a Pearson Vue account)
Results Beta testers will be informed if they passed or failed the exam in Fall 2016 after the responses and comments of all test takers have been analyzed.
Recommended experience Network+, Security+ or equivalent knowledge. Minimum of 2-3 years of hands-on information security or related experience.

Cybersecurity Analyst Beta Experience

I was hit with five performance-based questions right off the bat. I followed my own advice that I give for the Security+ exam. I skipped them and I’m glad I did, they were quite challenging and complex.

My intention was to read them, but the first one was difficult to understand and after a moment, I just decided to skip through all five. The remaining 98 questions were multiple choice with some that required you to select two correct answers.

Cybersecurity Analyst Beta Multiple-Choice Questions

Many multiple-choice questions were clear with a three sentence format similar to what I described in this post and this video.

The basic format was:

  • Scenario
  • Requirement
  • Question

That said, many of the questions were still complex, especially when compared to what I’ve seen on the Security+ exam.

Get Certified Get Ahead

I did notice what appeared to be grammatical errors in the answers. Ultimately, I thought that was due to the questions and the correct answer getting the most attention, while proofers may have just scanned the incorrect answers. With this in mind, if the correct answer wasn’t clear, I eliminated possible answers with grammatical errors.

Another challenge was the large number of acronyms used in both the questions and answers. There were a few times when I thought I knew the best answer, but one of the answers had an unfamiliar acronym making me wonder if I was choosing the correct answer.

Cybersecurity Analyst Beta Performance-Based Questions

The five questions I had were quite complex and challenging. I didn’t track the time, but wouldn’t be surprised if I spent more than five minutes on each one. However, doing them after I had completed the 98 multiple choice questions reduced my stress level. I didn’t feel rushed and still finished the exam with about 20 minutes to spare.

These questions did include instructions that explained everything. The challenge I had was that they were so complex that it took quite a while to figure out what was required. Additionally, there was too much information to display on the screen. As an example, consider the following image of a monitor. There was typically some type of graphic along with some visual cues and text boxes that covered part of the graphic.

Cybersecurity Analyst+ Beta

On the monitor I had, the full screen wasn’t used, leaving large blank space on the right and left. However, the center was quite busy and I found myself moving things around just to see the underlying details necessary to answer the questions.

Cybersecurity Analyst+ Beta

I’ve added some numbers to explain some of the items in this figure.

  1. Notice the white highlight around the desktop PC labeled 1. This provides a visual clue that it is a clickable item.
  2. The blank box next to the server labeled 2 indicates it is an item that you can select if it is the correct answer.
  3. Item 3 is information related to the question. You typically have to click something to make this appear.
  4. Item 4 is the question details. I often tried to move it up so that I could see the bottom right quadrant of the screen. Unfortunately, when I did so, it automatically grew covering up the bottom right quadrant of the screen again.

Cybersecurity Analyst Beta Summary

The Cybersecurity Analyst Beta exam went live June 30, 2016. You can register to take it for $50 and if you do, you’ll find out if you passed some time this fall. The multiple-choice questions were often detailed and complex but usually clear enough to answer. The performance-based questions seemed overly complex, especially for the amount of space on the screen. However, a good strategy is to skip them and come back to them later.

Read More

CyberSec First Responder

Have you heard about the CyberSec First Responder (CFR) certification? If not, it’s worth a look, especially if you recently passed the Security+ exam (or will soon). I recently learned about it and the more I learn, the more I like.

Both cybersec and cybersecurity are popular buzzwords today. Organizations know that they are at risk for cyber security attacks and even if they haven’t experienced an attack yet, they know that it could come at any time. Because of this, they want IT personnel with a demonstrated knowledge of cybersecurity. The CyberSec First Responder (CFR) is one of the certifications that directly answers this need for prospective employees.


I took and passed this exam and blogged about the experience here. That post also includes steps you can take to study for and pass this exam.

Cybersec First Responder badge

Where Does CyberSec First Responder Fit

This certification fits right between the CompTIA Security+ and CASP certifications. If you pursue it right after the Security+ certification, you’ll find that you already have a strong foundation.

Cybersec First Responder

What I really like about it is that it helps you round out your knowledge and skills related to cyber security. More specifically, it helps you focus on some of the job functions related to protecting and defending information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation.

The exam focuses on the knowledge, ability, and skills necessary to provide for the restoration of those information systems. Further, it focuses on restoration within a cybersecurity context including protection, detection, investigation, reaction, response, and auditing capabilities. As an introduction, it includes the following 10 domains:

Domain % of Examination
1.0 Assessing Information Security Risk 10%
2.0 Creating an Information Assurance Lifecycle Process 7%
3.0 Analyzing Threats to Computing and Network Environments 19%
4.0 Designing Secure Computing and Network Environments 15%
5.0 Operating Secure Computing and Network Environments 5%
6.0 Assessing the Security Posture Within a Risk Management Framework 10%
7.0 Collecting Cybersecurity Intelligence Information 5%
8.0 Analyzing Cybersecurity Intelligence Information 5%
9.0 Responding to Cybersecurity Incidents 7%
10.0 Investigating Cybersecurity Incidents 10%

You can see the complete objectives for the CFR-110 exam here. The CFR-210 exam is currently in development.

If you’ve been studying the Security+ certification, you’ll notice that some of the objectives overlap. That’s good. It just builds on your existing knowledge. Additionally, it’ll help you increase your knowledge no matter what IT security certification you choose to pursue next.

What are the CyberSec First Responder Exam Specifications

This exam is relatively straight-forward. It consists of 128 multiple choice questions and true-false questions that you need to complete in 180 minutes. This is more generous than the short time requirement of the CompTIA Security+ exam, so you may find it easier to complete.

I admit that I haven’t taken the exam so I don’t have the certification. However, I’m so excited about this certification that I plan to take it in July. Stay tuned. I’ll let you know how it goes.

What’s Required to Take the CyberSec First Responder Exam

There aren’t any formal requirements to take the exam, but there are some recommendations. Specifically, they recommend you possess the following knowledge, skills, and experience prior to taking the exam:

  • At least two years of experience in a computer network security technology or related field.
  • The ability to recognize information security vulnerabilities and threats in the context of risk management.
  • A working knowledge of common computer operating systems.
  • A working knowledge of the concepts and operational frameworks of common assurance safeguards in computing environments, such as basic authentication and authorization, resource permissions, and anti-malware mechanisms.
  • A working knowledge of common networking concepts, such as routing and switching.
  • A working knowledge of the concepts and operational frameworks of common assurance safeguards in network environments such as firewalls, intrusion prevention systems (IPSs), and virtual private networks (VPNs).

The good news is that you’ll have most of the knowledge for these concepts if you recently passed the Security+ exam. You can purchase a voucher for the exam here. Logical operations will send you an email with the voucher and then you can use it to register for the Cybersec First Responder (CFR-110) exam on the Pearson web site.

What’s Does CyberSec First Responder Replace

The CyberSec First Responder (CFR) certification is ideally suited to replace the Certified Ethical Hacker (CEH) certification for many people. People often ask me about CEH. For example, they ask me if it is a good cert to pursue or will it help them get a job. Here’s my typical answer.

Unfortunately, I’m not close to the CEH certification so can’t speak to it directly.

That’s 100 percent true. However, I’ve also heard many negative comments about the certification.

  • Hiring managers are reluctant to embrace a new employee identified as a hacker (certified or not).
    • Their thoughts are that you can’t be ethical and a hacker.
    • Admittedly, this debate is repeated often and there are good points on each side.
    • But the key is, do you want to debate it with the hiring manager during your next job interview?
  • I also hear from people that the promise of the certification isn’t realized.
    • In other words, people that take the exam often say that they are able to pass it without demonstrating any actual “hacking” knowledge.

In contrast, hiring managers understand the words “Cybersec First Responder.” The certification name is intuitive. It tells the hiring manager that you understand what’s required to be a first responder for a cybersecurity incident. I believe that’s part of the popularity of the Security+ certification. It’s clear that someone with this certification has knowledge directly related to IT security.

CyberSec First Responder Summary

If you’re wondering what to take after the Security+ exam, you might like to consider the Cybersec First Responder certification. It’s becoming a popular alternative to the CEH certification and fits right between the Security+ and CASP certification exams. You can download the objectives for the CFR-110 exam here and if want to take it, you can buy a voucher here, and use it to register for the exam here. More, stay tuned to this site. I’m so psyched about this new certification, I plan to write at least a few more blogs on it in the next couple of months.

Read More

Technical Recruiters Want Security+

Do you have your Security+ and a CCNA? Are you looking for a job? You may be surprised at how many opportunities are available.

Technical Recruiters want Security+

I often hear from recruiters looking for people and recently heard from Tim McAndrews at The Endeavor Group. He’s looking for people to fill multiple positions such as network administrators at the following locations:

  • Ft. Drum, NY
  • Edwards AFB CA
  • Hill AFB UT
  • Holloman AFB NM
  • Ft. Irwin, CA
  • Los Angeles, CA


I know Tim McAndrews through LinkedIn. I don’t know if he’s filling jobs immediately, or getting ready to fill jobs if his organization wins a contract. That might be a question to ask him if you’re interested. If you’re interested in any of these jobs, you can contact him here:

  • Tim McAndrews
  • Technical Recruiter The Endeavor Group
  • (Toll Free) 877-387-6481 (D) 774-469-6003

Certification Requirements

There are two firm requirements. You must have a current CCNA and CompTIA Security+ CE certification.

Get Certified Get Ahead

Clearance Requirements

You also need to be able to obtain suitability for a Public Trust clearance. An Active Clearance is great but not necessary.

Those words are important and add significant value to these jobs. In essence, these jobs need you to have a clearance and if you don’t have one, they’ll jump through the hoops to help you get it. As long as you don’t have a criminal record and haven’t left a trail of destruction behind you, you will probably get the clearance.

Why is that important?

If these are contract jobs, the contract will end at some point. However, you’ll have a clearance in addition to the experience you gained on the job.

You might fall into another job that has only these two requirements:

  • An active clearance
  • A pulse

I jest, but you’ll find that the clearance becomes extremely valuable.

Education/Training Requirements

One of the following three (3) options is also required:

  • Bachelor’s degree in a technical discipline such as computer sciences, and three (3) years related experience
  • Successful completion of a certification program at a technical or vocational school, and eight (8) years related experience.
  • Comparable Department of Defense technical training, and eight (8) years of directly related, progressively complex experience

Requirement Waivers

Tim didn’t tell me that any of these requirements can be waived. He probably wouldn’t tell you that either. However, if you don’t directly meet any of the requirements, don’t let that stop you from applying if you’re interested. People that write up the requirements often wish for the moon, but will accept much less.

For example, if you spent six years in the military being trained in IT and then working in IT, you don’t meet the education/training requirements directly. However, you might still be their best candidate.

Similarly, if you have the Security+ certification, but only passed one of the two CCNA exams, you may still be considered even though you don’t have the CCNA certification yet.

Database Administrator

Tim is also looking for someone to fill a Database Administrator position. This position has three requirements:

  • A CompTIA Security+ certification
  • A Top Secret clearance
  • SharePoint experience

Read More
CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide

Subscribe To Our Newsletter

Join our mailing list and get a free excerpt of the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.  This excerpt includes the introduction and Chapter 1. 

You have Successfully Subscribed!

Get Certified Get Ahead is a participant in the Amazon Services LLC Associates Program,
an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to

Copyright © 2015 Get Certified Get Ahead. All Rights Reserved.