Latest activity

abiodun1991 · Tuesday at 10:34 AM

Emmanuel Phakula Mandala said:
As of now, I think @Stephen Schneiter is busy with the verification's. For your information, he will start distributing the vouchers for Tech+ first, since we started with Tech+, and then move on to Cloud+..

Okay well understood.

Emmanuel Phakula Mandala · Tuesday at 9:35 AM

abiodun1991 said:
@Stephen Schneiter thank you for your efforts and your passion to make sure these platforms is functioning effectively.
Please with your tie schedule, can you give us updates when cloud + voucher is to be distributed.

As of now, I think @Stephen Schneiter is busy with the verification's. For your information, he will start distributing the vouchers for Tech+ first, since we started with Tech+, and then move on to Cloud+..

BrianFord · Tuesday at 8:18 AM

I just found out that I passed the CASP+ / SecurityX beta. How did I find out? Not via email. I logged into the CompTIA test portal and, from the test taker dashboard, went to exam history. It shows pass or fail, as the CASP+ exam never had a score.

Gregory Childers · Monday at 9:34 PM

The attack surface is the combination of all attack vectors.

A vulnerability is a weakness.

A threat is something that can exploit a vulnerability.

abiodun1991 · Monday at 9:31 PM

Gregory Childers said:
I received my DataX voucher. Thank you!

Thank God

Gregory Childers · Monday at 9:30 PM

I received my DataX voucher. Thank you!

MBA · Monday at 9:22 PM

Thanks for sharing. Good to know.

-Moez

abiodun1991 · Monday at 8:03 PM

@Stephen Schneiter thank you for your efforts and your passion to make sure these platforms is functioning effectively.
Please with your tie schedule, can you give us updates when cloud + voucher is to be distributed.

Mark Anthony Germanos · Monday at 7:59 PM

Yes, the poor soul is the intended target, aka attack surface.

Trevor Chandler · Monday at 7:06 PM

Rick Butler said:
Well, it's what I do.

We get a lot of DDoS attacks so we have to use ongoing (and expensive) DDoS protection that lights up when we start getting beat on. Sadly, mitigation services become a cost of doing business.

Why do you suppose the bad actors pound so hard on academia??? Are they attempting only to disrupt, only to steal, or something else?

Trevor Chandler · Monday at 7:04 PM

Mark Anthony Germanos said:
Attack surface is the target.
Attack vector is the avenue of attack.
For example, a phish email is an attack vector and the poor soul who opens it and clicks a link is the attack target.

Your comment is a fair one!

Trevor Chandler · Monday at 7:01 PM

Mark Anthony Germanos said:
Attack surface is the target.
Attack vector is the avenue of attack.
For example, a phish email is an attack vector and the poor soul who opens it and clicks a link is the attack target.

Thanks for your response Mark.

In your example, you say that the poor soul who clicks the link in the email is the attack target. In your definition of "Attack Surface", you say that this is the avenue of the attack. Based on your example, does that imply that the poor soul is an attack surface?

Mark Anthony Germanos · Monday at 6:38 PM

Since we're talking terms, let's address mantrap and access control vestibule. In my Security+ class, I use the same slide for both and explain how the industry is trying to sterilize verbiage. If you go to a job site and talk to the foreman, asking about the "access control vestibule" may lead him to think all your learning came from a book.

Mark Anthony Germanos · Monday at 6:35 PM

Attack surface is the target.
Attack vector is the avenue of attack.
For example, a phish email is an attack vector and the poor soul who opens it and clicks a link is the attack target.

Mark Anthony Germanos · Monday at 6:32 PM

Should we be expecting more feedback from a beta exam than a real-world exam? A simple pass/fail seems insufficient. Part of the reason beta exams become available is so Subject Matter Experts can sit the exam and provide feedback to a) the exam writers, and b) those who are pondering spending good $$ to take the exam.

Amy-07 · Monday at 5:47 PM

I'm giving up the chase for the voucher. Just wondering if anyone else didn't receive a voucher and trying to figure out why I didn't receive one.

Steve Linthicum · Monday at 5:34 PM

Talk about the path of least resistance. A year ago, I faced dealing with that $125 certification maintenance fee for my CISSP certification. In checking with the (ISC)2, I found our that for a nominal one-time fee of $375, I could maintain the certification, add the word "Emeritus" to it, and never have to do another continuing education event to keep it. Yeah I didn't particularly appreciate paying the money, but the way I look at it, if I live longer than 3 years in retirement, it was an economically beneficial decision.

Steve Schofield · Monday at 5:15 PM

Thanks Tess. I passed mine as well. First CompTIA cert I have taken. How long does it take to replicate to comptia since it's beta. same 3 - 5 days mentioned in personvue?

Rick Butler · Monday at 4:39 PM

Trevor Chandler said:
Being the respected member that you are of this community Mr. Butler, I do thank you for your input!!!

Well, it's what I do.

We get a lot of DDoS attacks so we have to use ongoing (and expensive) DDoS protection that lights up when we start getting beat on. Sadly, mitigation services become a cost of doing business.

MBA · Monday at 4:13 PM

Steve Linthicum said:
Recent postings relating to changes at CompTIA had me thinking about the great days of the late '90s and early 2000s. I recall with fondness Microsoft's AATP program. Googling the program, I found a useful history of the program, well worth reading. Back in the good old days, many of us in the academic world sought that Microsoft Certified Trainer (MCT) designation, with access to free exam vouchers and no charge for gaining the MCT designation. The cool thing was that for those of us who held the MCT designation, we were grandfathered, gaining the CompTIA CTT designation without taking a written exam or providing a teaching demonstration.

Things changed and at some point Microsoft started charging an annual fee in order to retain the MCT designation. That is when I decided to no longer carry that designation. My recollection was the fee was $500. Research indicates that "The MCT Program Fee was waived in 2020 in response to the COVID-19 pandemic. This waiver to the standard MCT annual fee remains in effect." Some of you may want to consider joining up to spice up your resume, given the cost elimination.

This of course has me thinking about the CTT+ designation that is, at least from what I've been able to find, no longer available (based on this posting on CIN).

Thanks for sharing this, Steve. I too used to have the MCT cert until i got tired of paying that fee around 2008 or 2009. My memory for some reason is fixated on a $450 fee. I loved the resources we had access too at the time, especially with my MCAD .Net cert.

It's great to hear that the fee has been waived, I wonder how easy it will be to re-activate that cert, without having to jump through many hoops. I am at the point in my life where I only take the path of least resistance.

Best,
-Moez

Trevor Chandler · Monday at 2:17 PM

Hello CINners,

When I'm listening to presentations at cybersecurity events,
there are some common terms that are used, such as:
- vulnerability
- threat
- attack surface
- attach vector

Just to name a very few.

Can you define these terms without having to launch your favorite
search engine? Do you have a definition in your brain, that would
allow you to articulate to the someone, what the term means?

I'd like to have you define one (or all) of the terms that I have listed,
based on your understanding. Just imagine that you're in conversation
with someone, and you spit out one of those terms, and the other
person ask you to define the term.

Now if you're going to lookup the term(s) using some search engine,
or dig into some book, and then pass that on to me, don't waste that
bandwidth

Trevor Chandler · Monday at 2:09 PM

Rick Butler said:
I'm going with DDoS. Those are the most common for me. /r

Being the respected member that you are of this community Mr. Butler, I do thank you for your input!!!

Trevor Chandler · Monday at 2:05 PM

Does this look like a good depiction of these three levels of the web?

Rick Butler · Monday at 1:38 PM

I'm going with DDoS. Those are the most common for me. /r

Rick Butler · Monday at 1:27 PM

BrianFord said:
I agree with Rick. I stopped looking at the Dark Web and now just allocate that time to looking at Instagram and X. Yet another sewer.

Heh...I'm not sure which is worse...

Latest activity

Latest activity

Attachments

Filter