Latest activity

Threads

Latest activity

 Posts Questions Social Forum list

Learn Coding for Cybersecurity?

precious
Gregory Childers said:
Both PenTest+ and SecurityX require a basic understanding of Bash, PowerShell, and Python. They are explicitly listed in the exam objectives.
Click to expand...
That's an interesting idea! A separate certification focusing more on programming, e.g Python, could help individuals looking to specialize in areas like automation or AI in cybersecurity.
Click to expand...
  • Love
Reactions: Trevor Chandler

Learn Coding for Cybersecurity?

precious
Gregory Childers said:
Both PenTest+ and SecurityX require a basic understanding of Bash, PowerShell, and Python. They are explicitly listed in the exam objectives.
Click to expand...
Yes you are right!....However, I was wondering if there is an argument for expanding the programming aspect in these certifications, especially for individuals looking to specialize in areas like exploitation or custom tool development...............Do you think a deeper dive into programming could benefit those pursuing more advanced roles in penetration testing or cybersecurity?
Click to expand...

Serverless Architecture: A New Threat to API Security?

precious
Paul Willy said:
Just because they make Multi Factor authentication free for global admins doesn't mean everyone turns it on, and MFA has had some found vulnerabilities.
If everyone did the correct implementation of privileged user roles.
I have read many articles that suggest the whole representational state transfer API (RestAPI) is the new wild west!
Serverless adds an additional dimension where logging and test are made significantly more difficult.
The https://cloudsecurityalliance.org/ folks complain about this serverless thing a lot due to log and test.
Someone, I'm thinking State Sponsored Hackers may have already found the holes.
Click to expand...
Thank you so much for insightful explanation.........As this makes threat modeling, proactive patching, and leveraging advanced defense mechanisms like runtime application self-protection (RASP) and zero-trust principles more critical than ever.
Click to expand...
  • Love
  • Like
Reactions: Paul Willy and Trevor Chandler

The name has been changed on the CASP+ Certificate

Hank Cox
Anthony McCartney said:
Has anyone who took and passed the beta had their certification and expiration updated yet?
Click to expand...
I reported to CompTIA that although Certmetrics shows my passing the CAS-005 exam, the SecurityX certificate does not show the new expiration date. CompTIA's Director of Certification Operations is investigating this issue. I will pass on their response.
Click to expand...

CIN TTT Series - PenTest+ PT0-003

Stephen Schneiter
YES! It is time for our first TTT series of 2025! Join us for the PenTest+ series beginning Tuesday, January 21st! @Nicholas Pierce will lead this series, which consists of eight sessions covering the PenTest+ exam domains. Nick will teach the key cybersecurity concepts covered on the exam and conduct hands-on activities with key technology tools used by cybersecurity professionals. We will also discuss instructional strategies for presenting the concepts to students and best practices for implementing a PenTest+ course.

What: CIN TTT Series PenTest+ PT0-003 8 sessions
When: Jan 21, 2024, 6:00 - 8:00 PM Central Daylight Time, Tuesday and Thursday
Who: Nicholas Pierce
Where: ON24

REGISTER HERE
CIN Webinar Banners-TTT ON24.pngPenTest Logo(1).png
Click to expand...
  • Like
  • Love
Reactions: Narayana Chakarvarti, Ammaar Saad, Steve Mallard and 24 others

Serverless Architecture: A New Threat to API Security?

Paul Willy
Just because they make Multi Factor authentication free for global admins doesn't mean everyone turns it on, and MFA has had some found vulnerabilities.
If everyone did the correct implementation of privileged user roles.
I have read many articles that suggest the whole representational state transfer API (RestAPI) is the new wild west!
Serverless adds an additional dimension where logging and test are made significantly more difficult.
The https://cloudsecurityalliance.org/ folks complain about this serverless thing a lot due to log and test.
Someone, I'm thinking State Sponsored Hackers may have already found the holes.
Click to expand...
  • Love
Reactions: precious

An A+ History question

Paul Willy
That first A+ M$ OS exam was the only certification exam (out of over 100 taken), I ever got a perfect score on, with no prep.
Well, I was at IBM when the PC came out, and I did do PC/dos and MS/dos from the beginning. And I had multiple CNE's an ECNE and 2 MCSE's at that point.
OK, it would have been pretty lame if I didn't do well.
Click to expand...
  • Like
  • Love
Reactions: precious and Trevor Chandler

What prevents our students from completing their goals

Rick Butler
Mark Anthony Germanos said:
Getting back to business, I vote for Brian's "Underestimating the difficulty: Not realizing how hard it will be to achieve their goal."
Click to expand...
How many students have we all had to have that hard conversation with - the ones that tell them that they are mismanaging their expectations. Students think they'll get $75,000 by just passing their A+

I saw a video of a YouTuber I follow that had to close his channel this month from being unable to keep up the revenue. He noted that he recently got his A+ Certification, in hopes of getting some kind of job to help him pay his bills. I hope he does and wish him well on that. But A+ these days, to be honest, doesn't command the level of salary that it used to (IMAO). But that's a completely separate conversation, and one of massive implication.

But how many folks come into this, thinking that it's going to be a cakewalk to monetary success, if they just get "this cert or that cert"? And they see the work behind, not only getting certs, but having to maintain them to stay in the game.
Click to expand...
  • Like
  • Love
Reactions: Mark Anthony Germanos, precious, Hank Cox and 1 other person

Zero Trust: Is it Really Achievable?

Trevor Chandler
precious said:
Change is difficult, particularly when it comes to company customs and culture. But you're right-everyone needs to be on the same page when the purpose is important, and sometimes sacrifices are required. Regarding Zero Trust, while the financial component is a significant obstacle, the technical change can also be difficult, particularly when it comes to integration. However, if it helps accomplish the purpose and improves security, it's worth taking into account!
Click to expand...
The last sentence in your response is the exclamation point for the entire comment!!!!!
Click to expand...
  • Like
Reactions: precious

Ransomware Response Plan

Trevor Chandler
precious said:
Thank you so much

Indeed you are right-business continuity and disaster recovery (BCDR) plans should already cover responses to incidents like ransomware........ However, considering the challenge that not all organizations have a dedicated ransomware-specific playbook within their broader BCDR plans. Since ransomware attacks often require rapid containment, unique communication protocols, and legal considerations (e.g., dealing with extortion demands), a focused ransomware response plan could enhance preparedness. Just a suggestion!
Click to expand...
Your suggestion is most practical!!!!
Click to expand...
  • Love
Reactions: precious
Load more

Filter

Top Bottom
Back
Home
Media
Resources
Menu