Latest activity

Patrick Asamago · Jan 5, 2025

Mine has been training people and they applying it and also passing their exam.

Ronald · Jan 5, 2025

My biggest win as an instructor has been training IT professionals who successfully applied my solutions to their operations and appreciated the upgrade in their skills.

Gregory Childers · Jan 5, 2025

Both PenTest+ and SecurityX require a basic understanding of Bash, PowerShell, and Python. They are explicitly listed in the exam objectives.

Trevor Chandler · Jan 5, 2025

jasoneckert said:
Not everything you read on the Internet is accurate, especially when it pertains to very old stuff from the 90s

In fact, for those of us who remember the writing the first CompTIA A+ exams, for the first 3 years you actually had a choice of which OS exam to write in addition to the hardware exam. Everyone had to write the same hardware exam (which tested both PC and Mac hardware), but for the OS exam, you could choose between a version that tested Mac OS (e.g., System 7) or DOS/Win3.1. And the lapel pin and card you got after passing had little logos reflecting your choice. The Mac vs PC vibes were real back then.

Once Win95 gained traction, the OS exam focused mostly on that (with some DOS/3.11) and the Mac OS option was dropped entirely (for good reason since Apple was closed to bankrupt then and Macs were considered a niche market).

What's most alarming to me here is to learn that everything on the Internet is not accurate!
I thought the Internet was the definitive resource for all things!
It's back to the library for me!!!!

Trevor Chandler · Jan 5, 2025

precious said:
Mine was when an entire class of Security+ students passed their exams on the first try-a huge moment of pride!

What’s been your biggest 'win' as a CompTIA instructor?

My biggest win was the end of the semester

Trevor Chandler · Jan 5, 2025

precious said:
OccupyTheWeb-Author of Linux basics for hackers

So much I don't know!
Thanks precious!!!

jasoneckert · Jan 5, 2025

Rick Butler said:
Well, the first exam for A+ hit the books in 1993, and according to what we find on TestOut's website, it consisted of a single exam. So I guess @jasoneckert and I might have some conflicting information.

Reference: https://www.certmag.com/articles/25-years-past-present-possibly-troubled-future-popular-cert

Not everything you read on the Internet is accurate, especially when it pertains to very old stuff from the 90s

In fact, for those of us who remember the writing the first CompTIA A+ exams, for the first 3 years you actually had a choice of which OS exam to write in addition to the hardware exam. Everyone had to write the same hardware exam (which tested both PC and Mac hardware), but for the OS exam, you could choose between a version that tested Mac OS (e.g., System 7) or DOS/Win3.1. And the lapel pin and card you got after passing had little logos reflecting your choice. The Mac vs PC vibes were real back then.

Once Win95 gained traction, the OS exam focused mostly on that (with some DOS/3.11) and the Mac OS option was dropped entirely (for good reason since Apple was closed to bankrupt then and Macs were considered a niche market).

Gregory Childers · Jan 5, 2025

Patrick Asamago said:
But CompTIA have content develop already.

That has no bearing on my previous statement. Clients are concerned.

For example, DataX training does not offer hard copy courseware or downloadable PDFs. They provide online courseware.

And no one knows what the new ownership group intends to do in the future.

precious · Jan 5, 2025

Mine was when an entire class of Security+ students passed their exams on the first try-a huge moment of pride!

What’s been your biggest 'win' as a CompTIA instructor?

precious · Jan 5, 2025

Trevor Chandler said:
Great souls feel the same!!!

Only that you took further action-asking for elaboration

precious · Jan 5, 2025

Trevor Chandler said:
What is OTW?

OccupyTheWeb-Author of Linux basics for hackers

precious · Jan 5, 2025

Rick Butler said:
That's where it disappears. There will always be failures in people, process, and technology - that's just inherent to the human experience. Unfortunately, the real issue has to do with the follow up. If I were involved in that kind of screw up and I was found to be culpable, I would expect to be fired or having to write a resignation letter, walking out of the building in disgrace and shame. I would expect zero tolerance because when it comes to systems of trust, the price of failure can deeply damage institutions on which people depend; it can even cost lives.

Sadly, we live in a society these days that is more bent on the preservation of face and feelings, an over-indulgence of emotionalism, rather than facts and the ramifications about facts, protecting those with money, power, and influence, rather than actually dealing with security in a matter-of-fact'ly kind of way.

I get annoyed when something like this happens and decision-makers stand around, trying to figure out "how to make it all go away", as if professional forgiveness will make it all better. It's far too important in the real world.

When trust is undermined, the institutions and processes that people rely on may be shaken to their core. Well said- that accountability is essential, both for the purpose of justice and to avoid mistakes being made again.

However, while zero tolerance is a strong stance, it’s also important to consider how we build cultures of accountability without fostering fear to the point that people hide mistakes or avoid reporting vulnerabilities. Transparency, ethical leadership, and proactive remediation can go a long way in addressing the systemic issues you mention.

If we channel that frustration into pushing for better incident response frameworks, stricter enforcement of policies, and perhaps even advocating for more robust training and ethical standards, we might find pathways to not only resolve but also prevent future breaches. What are your thoughts on how to create a balance between accountability and proactive problem-solving?

Rick Butler · Jan 4, 2025

Well, the first exam for A+ hit the books in 1993, and according to what we find on TestOut's website, it consisted of a single exam. So I guess @jasoneckert and I might have some conflicting information.

Reference: https://www.certmag.com/articles/25-years-past-present-possibly-troubled-future-popular-cert

You must have gotten yours just before I did. I did my A+ as 220-101/220-102 in Feb 1999, basically on a dare. Took them both on the same day. Maybe they upleveled the revisions from when you took it, eh? I remember at that time, I was slogging my way through the MCSE under NT4.

Stands to reason that 220-001 would be the first exam, with 002/003 being the two exams. However, I don't know for sure - just the reference from TestOut's site.

jasoneckert · Jan 4, 2025

A+ was always 2 exams, including the very first version in 1993: One tested hardware concepts, and one tested operating system installation.
As hardware became easier to support (no manual setting of IRQs on sound cards, yay!), A+ eventually evolved into a general "intro to IT" certification. But since the scope is very broad, it continued to be 2 separate exams so that students can prepare for half at a time (easier).

Anthony McCartney · Jan 4, 2025

Has anyone who took and passed the beta had their certification and expiration updated yet?

Rae W · Jan 4, 2025

Has A+ always been two exams? I first achieved A+ certification in 1998 and my exam codes were 220-002 and 220-003. I find it odd that that doesn't follow the *1 and *2 pattern that we're used to now and it makes me wonder if the original A+ was a single exam--maybe 220-001. (FWIW, it's apparently required two exams since 1996 at the latest.)

Anyone know for sure?

Rick Butler · Jan 4, 2025

precious said:
... which calls for openness, responsibility, and the guts to take immediate action.

That's where it disappears. There will always be failures in people, process, and technology - that's just inherent to the human experience. Unfortunately, the real issue has to do with the follow up. If I were involved in that kind of screw up and I was found to be culpable, I would expect to be fired or having to write a resignation letter, walking out of the building in disgrace and shame. I would expect zero tolerance because when it comes to systems of trust, the price of failure can deeply damage institutions on which people depend; it can even cost lives.

Sadly, we live in a society these days that is more bent on the preservation of face and feelings, an over-indulgence of emotionalism, rather than facts and the ramifications about facts, protecting those with money, power, and influence, rather than actually dealing with security in a matter-of-fact'ly kind of way.

I get annoyed when something like this happens and decision-makers stand around, trying to figure out "how to make it all go away", as if professional forgiveness will make it all better. It's far too important in the real world.

Trevor Chandler · Jan 4, 2025

Rick Butler said:
Well, there's not much to say. It was a question that promoted the concept of "post hoc ergo propter hoc".

Serverless architecture doesn't make APIs less or more vulnerable. APIs are going to be secure or not based on how well they are built - how well they follow the latest techniques of secure programming and whether the orgs that use them don't succumb to the laziness that surrounds having to update security on a routine basis.

There's nothing that says a serverless service changes how secure an API is. It's too general a question.

I got lost from the beginning - '"post hoc ergo propter hoc"

Rick Butler · Jan 4, 2025

precious said:
I

I felt the same

Trevor Chandler said:
Great souls feel the same!!!

Sorry, but I'm starting to feel like the boards are being cluttered up with a lot of "brief" cluttery posts. While I'm not opposed to more activity - I believe CIN needs it, I'm finding that responding with 2-5 word replies on EVERY post, to me, is making it hard to engage in meaningful conversations about real topics.

/r

Trevor Chandler · Jan 4, 2025

precious said:
I

I felt the same

Great souls feel the same!!!

Trevor Chandler · Jan 4, 2025

precious said:
Very beautiful explanation!... Thanks for clarity... Now am feeling like am in OTW classroom

What is OTW?

Patrick Asamago · Jan 4, 2025

Gregory Childers said:
Generally speaking, the clients are uncertain what training and content offerings will be available from CompTIA once the acquisition is final. The new owners will operate CompTIA as a for-profit organization, so some offerings may be discontinued while new offerings may become available. Clients want to know they have reliable content, and one way to do that is to produce your own.

But CompTIA have content develop already.

precious · Jan 4, 2025

Rick Butler said:
The step that is missing here is what happens, following the breach and the subsequent cleanup of the mess. When a breach occurs, the cold hearted truth here, the part where I say the quiet part out loud, is that preparations failed as a result of People, Process, or Technology. Perhaps because the Risk Assessment wasn't done correctly (or at all). Perhaps there was a modicum of incompetence in the practitioners or in the organizational leadership complaining of a strained budget, thus, skimping on resources. Whatever the cause, the problem here is that someone screwed up.

The after action review needs to immediately follow that needs to show what went wrong, with the accountability necessary to remove the people, processes and technology that failed, followed immediately by the corrective actions to all three of these.

I maintain that the feel-good-ism, don't-offend-people, that permeates the workplace these days has no place in the security department. Emotional feelings and "understanding" often hide the real problem - someone at BeyondTrust and/or the Treasury royally screwed up and needs to pay the price. Unfortunately, we will probably never know, if at all, what the outcome of this was.

Very rarely does a zero-day occur that is so completely unconventional that it takes people by surprise. This is why I have zero sympathy here - because the government trusted an organization that turned out to be incompetent and/or not vigilant enough to see what was coming.

/r

Your perspective highlights an important truth: when breaches occur, they often expose weaknesses in people, processes, or technology...... In this case, the bigger implication-that trust was placed in an institution that failed to live up to expectations-is more concerning than the breach itself. Beyond the technical issues, that failure erodes trust in systems, collaborations, and supervision. After a breach, there is an opportunity to restore not only systems but also trust, which calls for openness, responsibility, and the guts to take immediate action.

Latest activity

Latest activity

Filter