Apparently, people say that studying for a certification exam is daunting and dull. A chore. And rumor has it that exam content will never be relevant to a cybersecurity career. We’re here to tell you that those who believe that are wrong – beyond wrong – and obviously haven’t entered a CyberVista live online classroom. Welcome to a day in the life (or an evening in the life) of a CyberVista live online certification test prep student.
Taco and TCP Tuesdays
It’s Tuesday. For you, Tuesdays mean two things: Tacos for lunch and live online class in the evening. You’re still feeling full of flour tortillas at the end of the work day and have some down time before class. You take advantage of the extra time to sign into the Learning Management System (LMS) on your phone and cue up a few on-demand videos to prep for class tonight.
You recall your Teaching Assistant’s reminder that learning science shows that students who come prepared to class get more out of the live sessions and retain more information. So you plug in your earbuds, turn up the brightness on your screen to really make the light board pop, and eight minutes later, you understand the TCP Three Way Handshake. You even had time to do a short quiz to test your knowledge. This pre-work is important because, during class instead of focusing on the steps of the hand shake, you will be able to apply the information and understand how a SYN Flood attack exploits the handshake process.
You finally settle in and have a half hour before class starts. You wind down by checking your Instagram while you walk Kerberos, your beagle mix. A few minutes later you’re prepping your study station:
- Cop a squat on your couch with Kerberos: Check.
- Laptop: Check.
- CyberVista Lesson Book: Check.
- Favorite note taking utensil: Check.
- Iced green tea: Check.
- Nutter Butters: Check. Scratch that. Too many tacos today. A bowl of grapes instead.
Tonight, you, your instructor, your teaching assistant (TA), and your fellow classmates will be discussing identity and access management. It’s one of the topic areas that has the greatest real-world relevance because many of today’s breaches are due to a lack of proper access management practices.
You enter your live classroom through a link embedded in your LMS. Authenticating just once is a good feeling – gotta love the secure single sign-on (that is also covered in tonight’s class). As class begins, you share some quick hellos in the chat box with your TA and fellow classmates and then it happens again. It never fails even though you’ve experienced it so many times. You’re impressed and grateful for your instructor’s light board.
When you tell your friends that you’re taking an online class they envision a monotone voice set to static PowerPoint slides. Not for you. You get to experience the light board – a glass chalkboard with illuminated script. You never really figured out (or thought about) how you’re watching your instructor write and reading it at the same time. Why isn’t the writing backward? Or is he writing backward? It’s magic. From a learning science perspective, it’s a way for your instructor to emphasize the most important concepts in a memorable and engaging way without turning their back on their students.
You start off the night’s lesson with (of course) an acronym: I-AAA. You jot down in your lesson book as your instructor explains that the I stands for “Identification”, and the three As are for “Authentication, Authorization, and Accountability” and they represent the groundwork of access control. The callout box within your lesson book helps solidify the connection between I-AAA and access control.
Here’s where it gets fun. Your instructor gives an alternative approach to digesting and understanding the I-AAA: A knock-knock joke.
The classic opening to this joke is not unlike the identification process, where a subject claims an identity on the network. The subject, in this case, is Alice and by saying her name has claimed the identity of Alice.
Imagine the homeowner peering through the keyhole to see whether the visitor on the other side of the door is actually Alice.
This is the authentication process because a subject is proving the claim they made in the identification process. In fact, the keyhole example is a form of biometric authentication because Alice was authentication via her facial features.
Imagine the homeowner knows who Alice is can now welcome her into their home.
Authorization is the “so what” or what rights and permissions subjects inherit after claiming and proving their identity. So since Alice was authenticated at the door, and the homeowner knows and trusts her, Alice is authorized to enter the house.
Imagine the homeowner watches Alice as she moves around their house.
This process is about having an audit trail of Alice’s actions so she can later be held accountable if the homeowner finds anything missing in their home.
You just learned access control through a knock-knock joke. Whoever said studying is a chore obviously hasn’t taken a CyberVista live online class.
Engaging in Class
To evaluate how well you understand the material, the instructor asks the class, “What is the most common form of identification and authentication on a network?”
You’re all over it in the class chat. Your hands fly from your lucky pen to the keyboard and you type the correct answer of “ID = Usernames, Auth = passwords.” And because you’re a star student and like to show off, you add “ACLs are common authentication methods and audit logs help with accountability.”
Your confidence builds as your instructor congratulates you for the right answer, and your knowledge deepens when your classmate adds in the chat that her organization uses access control matrices that help ensure only authorized subjects are allowed to access the company shared drive.
Time Flies When You’re Learning
Verbal quizzes, group activities, conversation in the public chat, and real-world application examples continue to bring the content to life. The information is more than just testable material to you and it’s finding its way into your long-term memory. It’s stored on your hard drive, not just your cache.
Class isn’t a painful three hours of lecture and PowerPoint. Class is an opportunity to relish in the content, put it into your long-term memory, and learn how it applies in the real world.
Three hours, two breaks, and one review quiz later class is over. You feel proud about all the new information you learned and sneak in a well-deserved viewing of Mr. Robot with Kerberos snoozing by your side.
Applying the Material
Despite the incredible things you saw tonight; the light board and online live streaming technology, the magic really happens the next day at work.
The next day at work your network administrator asks your team to handle a terminated employee’s offboarding. Your team moves to delete the employee’s account, but you remember from last night class about identity and access management that it’s better to disable accounts rather than delete them. Deleting accounts, your instructor explained, also means your organization deletes the security or encryption keys associated with that account. The implication is that the employee’s encrypted files will also be deleted along with their account. Account disabling, by contrast, preserves the data associated with the account. Associating data with a specific account, even a disabled one, helps support accountability, the third A of I-AAA.
Your test prep world and real world collided. That’s more magical than the light board flipping in real time.
Learn. Pass. Retain
The detailed look into the life of a CyberVista student should reveal that the real point of preparing for any certification exam is not only to learn the material to pass an exam, but also to practice and learn so you can retain the material for the long term, and to relate all of the knowledge your day job.
To learn more about how you can not only earn a cybersecurity certification but also make yourself a better security practitioner, click here.