As the Cybrary site continues to change, and trust me when I say there are many changes coming (good ones!), the Micro Certification catalog will only continue to expand.In my recent post, I mentioned more certifications geared toward specific vulnerabilities would be coming soon, but in addition to that, we are drawing-in expertise from industry leader’s to contribute courses and certifications as well.You’ve probably already seen Thycotic’s Privileged Password Security
certification. Now, a Nessus Fundamentals
certification from Tenable network Security is available too, and soon so will many other technology/ product specific certifications.A bigger selection means more to shift through, and you want the most for your time.Again, the value of the certifications come into question. ‘Why me?’ ‘Why this cert?’ I get it.It’s important to consider your specific career goals to better answer those questions. Especially if you’re in the job market looking to stand out, having a certification that none of your competitors do can be a great benefit. Of course, you’ll want to consider that certification’s relevance to the position.Technology specific micro certifications can have a lot of value, in fact. And I’m not just saying that. (Haven’t lied to you this whole ‘How to get _________ Certified’ series, promise.)And, if you’re only looking to learn new skills for your own interests, even better. Technology specific certifications like the Nessus one, offer a free product trial, which is an added bonus, particularly if you wouldn’t typically use with that product at work.According to Tom Woodring, the co-founder of Boss CBT, shared a few good reasons as to why technology certifications are so valuable during an interview with Eric Bloom of ITworld.Learning a new technology on the job isn’t always ideal.He suggested that these type of certifications can be a great technical reference that lend itself to general work betterment, especially because you often get the hands-on experience during your training. The ability to play with technology in a non-production environment allows you to experiment without any worry.Speaking from experience, he said “I, and many other managers, tended to give more weight to the people who had strong certifications in the needed technology. I did this for two primary reasons. First, because having the certification gave me some level of comfort that they knew the technology. Second, and quite frankly more important than the first, was that they cared enough about their profession and future career growth that they were willing to spend the time, money, and effort to maximize their professional knowledge, skill, and marketability.”So, for the purpose of this post, we’ll look at the Nessus Fundamentals
Micro Certification specifically, so you can decide if this type of technology fits in with the role you have or want, and if it would be beneficial to master it.What is Nessus?
Nessus® has been deployed for vulnerability, configuration and compliance assessments by more than one million users across the globe, making it the most widely used vulnerability assessment solution. Nessus prevents network attacks by identifying the vulnerabilities and configuration issues that hackers use to penetrate your network.Okay, tell me more:
Nessus begins by doing a port scan with one of its four internal portscanners to determine which ports are open on the target and then tries various exploits on the open ports. The vulnerability tests, available as subscriptions, are written in NASL (Nessus Attack Scripting Language), a scripting language optimized for custom network interaction.
Nessus allows scans for everything from misconfigurations to denials of service against the TCP/IP stack.Nessus provides additional functionality beyond testing for known network vulnerabilities. For instance, it can use Windows credentials to examine patch levels on computers running the Windows operating system, and can perform password auditing using dictionary and brute force methods. Nessus 3 and later can also audit systems to make sure they have been configured per a specific policy, such as the NSA's guide for hardening Windows servers.What careers typically use a tool like Nessus?
Of course, roles such as ‘Vulnerability Assessment Analyst/ Engineer/ Technician’ will use tools like Nessus, as well as system administrators and penetration testers
. Anyone who analyzes, designs, and facilitates capabilities, solutions, or preventative/remediation controls to protect confidential data and systems in accordance with industry standards and governance/compliance requirements will mostly benefit from this training.Why get your Nessus certification?
You need to prevent your network from cyber attacks, and implementing the right tools is a major part of that ongoing process. By familiarizing yourself with this specific technology, you can target certain jobs during your search, or act as the Nessus SME in your current role. Even if your organization isn’t using this technology specifically, you can do a comparison of your current vulnerability scanner, directing your strategy towards strengths and weaknesses.Who is the target audience?
If you are an administrator in charge of any computer (or group of computers) connected to the internet, Nessus is a great tool help keep your domains free of vulnerabilities. Additionally, anyone interested in expanding their vulnerability management knowledge
.What will I learn?
What is the best course of study?
- How to scan with Nessus
- How to discover assets on your enterprise
- How to create scan policies
- How to perform patch auditing
- How to evaluate for compliance
- What are patch management solutions
The best approach when studying for a certification, even a micro certification, is to complete the corresponding course in its entirety. If there is one particular area where you are struggling, use the search bar at the top of the site to locate other resources that explore that area in greater depth. Likewise, notecards are a useful tool to take advantage of during your coursework that can help you review right before testing.Topics to focus on when studying:
What is the Nessus exam format?
- System scanning
- External network scan
- Internal network scan
- Web app tests
- Patch management solutions
- Vulnerability assessment
- Policy and compliance
With a skill level of beginner, this multiple-choice exam consists of 20 questions, which you must complete in 30 minutes. In order to obtain the certification, you must receive a passing grade of 70% or higher.How do I know if I’m ready for the exam?
Try the practice exam first. You can access it here.Additional Nessus study resources:Using the Metasploit DatabaseNmap Scanning Techniques and AlgorithmsA Comprehensive Guide to Ethical HackingI’m ready for the exam. Now what?
Great! You can take the Nessus Micro Certification here.
Until 3/26/17 at midnight ET, use code BUGKILLER to earn it FREE.Once, you’ve earned the certification, be sure to include it on LinkedIn and list it within your resume.If you’re currently in the job market, there is an opening (as of 3/23/17) on the Cybrary jobs portal that may interest you. Check it out!
Listed as a qualification is experience with ACAS products like Tenable Security Center and Nessus Scanner.Hopefully, these posts have helped you on your way to certification and career success!Olivia Lynch (@Cybrary_Olivia)
is the Marketing Manager at Cybrary. Like many of you, she is just getting her toes wet in the field of cyber security. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.