𝐒𝐭𝐫𝐞𝐧𝐠𝐭𝐡𝐞𝐧𝐢𝐧𝐠 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲: 𝐓𝐡𝐞 𝐆𝐫𝐨𝐰𝐢𝐧𝐠 𝐑𝐨𝐥𝐞 𝐨𝐟 𝐈𝐝𝐞𝐧𝐭𝐢𝐭𝐲 𝐚𝐧𝐝 𝐀𝐜𝐜𝐞𝐬𝐬 𝐌𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭 (𝐈𝐀𝐌) 𝐒𝐨𝐥𝐮𝐭𝐢𝐨𝐧𝐬

The identity and access management market size was valued at USD 15.93 billion in 2022 and is projected to expand at a compound annual growth rate (CAGR) of 12.6% from 2023 to 2030.

Identity and access management (IAM) assures that the appropriate person and job position (identities) in an organization have access to the tools they need to perform their duties.

The rising cases of fraudulent and cybercrime activities are driving organizations to implement IAM systems as a result of the rapid adoption of the cloud and the advancement of new technologies. IAM uses identity analytics and intelligence to monitor unusual user account activity.

𝐈𝐝𝐞𝐧𝐭𝐢𝐭𝐲 𝐚𝐧𝐝 𝐀𝐜𝐜𝐞𝐬𝐬 𝐌𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭 (𝐈𝐀𝐌)
➼Single Sign-On (SSO)
➼Multi-Factor Authentication (MFA)
➼Role-Based Access Control (RBAC)
➼Privileged Access Management (PAM)
➼Adaptive Authentication
➼User Activity Monitoring

𝐄𝐧𝐝𝐩𝐨𝐢𝐧𝐭 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲
➼Antivirus and Anti-Malware Protection
➼Endpoint Detection and Response (EDR)
➼Device Compliance Management
➼Mobile Device Management (MDM)
➼Patch Management
➼Disk Encryption

𝐍𝐞𝐭𝐰𝐨𝐫𝐤 𝐌𝐢𝐜𝐫𝐨-𝐒𝐞𝐠𝐦𝐞𝐧𝐭𝐚𝐭𝐢𝐨𝐧
➼Virtual LAN (VLAN) Segmentation
➼Software-Defined Perimeter (SDP)
➼Firewall Policies for Micro-Segmentation
➼Zero Trust Network Access (ZTNA)
➼Virtual Private Cloud (VPC) Segmentation
➼Micro-Segmented Zones for IoT Devices

𝐀𝐩𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲
➼Web Application Firewalls (WAFs)
➼API Security
➼Runtime Application Self-Protection (RASP)
➼Application Vulnerability Scanning
➼DevSecOps Integration
➼Container Security

𝐃𝐚𝐭𝐚 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐚𝐧𝐝 𝐄𝐧𝐜𝐫𝐲𝐩𝐭𝐢𝐨𝐧
➼Data Encryption at Rest and in Transit
➼Data Loss Prevention (DLP)
➼Access Control Policies for Sensitive Data
➼Data Masking
➼Cloud Data Security Solutions
➼File-Level Encryption

𝐓𝐡𝐫𝐞𝐚𝐭 𝐈𝐧𝐭𝐞𝐥𝐥𝐢𝐠𝐞𝐧𝐜𝐞 𝐚𝐧𝐝 𝐀𝐧𝐚𝐥𝐲𝐭𝐢𝐜𝐬
➼Security Information and Event Management (SIEM)
➼User and Entity Behavior Analytics (UEBA)
➼Threat Intelligence Platforms
➼Intrusion Detection and Prevention Systems (IDPS)
➼AI-Powered Threat Detection
➼Automated Incident Response
➼Identity Governance
➼Directory Services
➼User Lifecycle Management
➼Behavioral Analytics







Now, I understand a little more as to why IAM in a part of the new SecurityX cert exam objectives!!!

Is this a legitimate Certmaster site?


I was looking for Spanish language A+ material for some of my ESL students & this popped up. There is no info in their About Us page, & their mission describes "...Indochina ICT's CertMaster programs..." . The web site certificate looks valid, but I'm used to using Certmaster products on a Comptia.org site. Don't know if this is a spin off from the buy out? If it's not legit can anyone point me to any Spanish, French, Arabic, Ukranian, Russian materials that I can use to supplement TestOut PC Pro for adult A+ ESL students?

Hello CINners,

Based on what you know about the new SecurityX exam, out of 100 persons, having nothing more than user-level knowledge, how many do you feel would be lucky enough to attain a passing score on that exam?

Now, keep in mind that these persons have almost zero knowledge in the area of cybersecurity. In fact, to put their knowledge in some meaningful context, let's say that they are folks who bring home their new router from Xfinity (or whomever), and don't know that it's a GREAT idea to change the default password for the admin account. Yeah, at that level

Anyway, give me a number. There's no right or wrong - just your number. I'm going somewhere with this, but not in this post!

Thanks CINners

Hello CINners!! This is a Public CINner Announcement (PCA)! Login detour ahead!! Next Wednesday, December 18th, when you log into CIN, you will be required to reset your password! This will be a one-time request.

Why?

I am super excited about what is coming in 2025 with the CIN community! CompTIA has noticed how great you CINners are and wants to expand the community and services! We will be making major changes to our community, making it easier to connect with your CompTIA contacts, get access to tech support, find answers to your questions about products, provide more resources and more. We will even see changes coming to the look and feel for our community, new forums, and a lot of new badging and engagement opportunities!

However, as we know, with progress comes a lot of construction. Our first step is moving off our existing authentication platform. This move will come next Wednesday. We will move your CIN data, however, passwords do not move. That is why you will be asked to reset your password when you log in.

IMPORTANT NOTE! This will NOT affect your CompTIA SSO or access to other CompTIA Services! This is just for CIN access. CIN authentication will stand-alone event for the duration of the construction.

CompTIA's IT Industry Outlook 2025 presents educators and IT professionals with both exciting prospects and difficulties. Highlights are as follows:

1. AI Costs vs. Potential: While AI increases productivity, it also presents issues with cost, cybersecurity, and privacy. Give students the tools they need to control AI risks and ROI.

2. Workforce Upskilling: 66% of businesses want to provide cybersecurity, software, and data analytics training to their staff. compared to 59% in 2024. To close the skills gap, practical training is essential.

3. Growing Cyberthreats: Stronger frameworks and stricter MSP controls are essential. Utilize realistic simulations in the Security+ and Pentest+ labs.

4. Flexibility in IT: Greater work-life balance and prospects for career advancement are brought about by the high demand for IT talents.

5. Collaborations Are Important: 90% of businesses collaborate to handle complexity. Emphasize teamwork and how it fosters creativity.

Read More: CompTIA IT Industry Outlook 2025

What trends resonate with you, and how are you preparing students for the future of IT?

Hey CIN-ners,

I took the A+ Core 1 220-1101 exam yesterday and wanted to "share" a question which I thought I was interesting. The problem based question showed an WAP and the back of a patch panel and the question was to select what cable you would use to connect the two. Looking at this question, I immediately thought to myself, "Who would connect an WAP directly to the back of the patch panel?" I saw my cable choices and went with an RJ-45 straight through to a stripped Cat 5e to punchdown in the back of the patch panel. Just wondering if the SMEs in here can shed a little light on this interesting question because if I'm teaching in my A+ class - you connect an AP to a switch and A+ is telling me otherwise..... this question could be the difference between someone passsing and failing.

Appreciate your insights, comments, etc.....

-Jason Perretta
IT Instructor (A+/Net+) Dunbar High School
Fort Myers, FL

Hello CINners,

My guess is that the majority of web browser users make use of one of the
following browsers on a regular basis:
- Chrome
- Firefox
- Internet Explorer

Question? Whatever browser you use, why is it your preference?

Thank you CINners!!!

Hello CINners,

Is the MITRE ATT&CK Framework a part of the objectives of any CompTIA exam?

Cybercriminals no longer need to be tech geniuses to bypass your MFA—they just need $200.

A new phishing kit is making waves in the cybercrime world, offering attackers everything they
need to intercept MFA tokens, steal session cookies, and gain unauthorized access to your systems.
The worst part? Many organizations still rely on phishable factors, like SMS codes or OTPs.

Here’s what you need to know:

• These kits mimic legitimate login portals, intercept MFA tokens in real-time, and hijack sessions without detection.
• Weak MFA like SMS are easily phishable—giving attackers access to interconnected systems through a single breach.
• Organizations should act now to classify, strengthen, and enforce phishing-resistant MFA solutions.

Just when you thought MFA provided a piece to the secure assurance puzzle - now this!

Okay folks, I'm not attempting to cause a global panic. As usual, I'm just a messenger!!!
You've been informed!

72% of successful breaches involve phishing emails,
such as the attack on a public transportation authority
that compromised scheduling systems, and caused
significant delays.

Be diligent all!!!

The hat in the pic, as well as the refusal to listen to a well-intended warning, reminded me of one of the members of the CIN community! A $5 Starbucks gift card to the first person to tell me who that CINner is!!!!

When sending an email with an attachment, does anyone routinely encrypt the attachment?
If so, what do you use to peform the encryption?

Hello CINners,

Got a couple a questions regarding Password Managers.

Q1. Is Password Manager covered on any of the CompTIA exams?


Q2. If you use a Password Manager, which one do you use? I would
have included a couple of names in my question, but I don't want to
influence anyone.


Thanks CINners!

When imparting knowledge of CompTIA certifications, the task does not only include syllabus content, it also involves sharpening the minds of the students. This week I turned to problem solving in dynamic tasks of A+ certification for students and also started using memory aids such as remembering their OSI mnemonics A1, A2, A3, A4, and A5.

Memory aids allow students to learn almost easily. For instance, ‘Please Do Not Throw Sausage Pizza Away’ in order to remember OSI layers! Another source that can be considered is the link on memory devices:

Core1
Core2

What other memory devices do you have that assist your students? Let’s combine our strength and creativity!

Hello CINners,

I'm seeking persons who have 2-3 years of practical experience using Nmap.
Now, before you get too excited, there's no pay involved here!!!

Still reading? Okay, a colleague of mine is developing a certification exam
blueprint for Nmap Security Specialists, and she requires persons to participate
in a survey, that will require 30-45 minutes to complete. If you think you are
willing to spare that amount of time, and are able to complete the survey by
December 20, please let me hear from you.

Just let me know that you meet the criteria, and that you would like to help!

Many thanks in advance!!!

They don't even need to be in range of your network - just hacking an adjacent network is all that's needed

The Daisy Chain Attack

Simulation labs offer practical experience, connecting theoretical knowledge with real-world application for CompTIA A+ certification. They assist in developing confidence when addressing actual troubleshooting situations, equipping you for achievement in both examinations and IT professions.

These labs not only prepare students for exams but also equip them with practical skills they’ll use in their IT careers.

Enhance your lessons with a simulation lab:

TestOut-Hands-On Lab Simulations

I took Cloud+ few days ago and passed

Hello fellow CINers! I just wanted to share that I have successfully completed my Pentest exam with a 760/750! I know the beta is out but I needed this to finish my degree. This is the hardest test I have taken thus far. Whew! Now on to the N009 and I will be done for a while. My brain needs a break!

Principles (reasons for effectiveness) objective 1.1 CompTIA Security plus Sy0-601

Authority: Having faith in those in positions of power, even when they are incorrect. An employee was duped by a CEO scam email into sending $47 million.

Intimidation: Fear forces quick, irrational actions. IRS scam calls threaten arrests for unpaid taxes.

Consensus: Adhering to the herd, even when it doesn't make sense. "Your coworkers already signed up for this!" emails lead to phishing pages.

Scarcity: Limited-time offers. Scammers use "limited deals" on phony websites to entice victims of Black Friday scams.

Familiarity: Trusting what is known, even if it is out of date. False WeTransfer emails spread viruses by using recognizable branding.

Trust: Having too much faith in people or institutions. Scammers on LinkedIn establish a rapport while sending harmful links.

Urgency: Making snap decisions without giving them enough thought. Credential theft results from "Reset your password now or lose access!" prompts.

In a discussion today with another instructor that centered on CompTIA's Tech+ certification, I went to the CompTIA.ORG site and ended up here:

The site indicates the following:

Exam details coming soon.​

Note - Unexpired ITF+ certification exam vouchers can be used for the Tech+ certification exams.​

Does anyone know what's going on? Is the exam live? Vouchers for Tech+ do not appear as available for purchase on the CompTIA Academic Store.

Recently the latest comptia Exams are testing on programming languages reading the output of a code or scripts in few programming languages. In official book or lab we don't have any info about it. For IT students it's easy for them to understand. But for non IT students even corporate people for example accounting or management people is quite hard for them to take up without knowing basic programming. We as trainer also having hard time explain to them when they ask why all this not in book but is tested in exam?

Is future comptia course going to be for IT students only?

My suggestion is add in a module to teach basic programming in our modules. Non IT Students will be able to answer the questions tested in exam.

The output from tools or OS is easy for students bcos they practice in lab and they have it in official book.

Programming languages?

Hello CINners,

I'd like to learn what antivius (AV) sotware you're running
on your endpoint(s) - either at your residence, or at the
place of your professional endeavor.

Thank you.

So, this is a for-what-it's-worth topic? I saw this story on the morning news and was just left with one question. Why? https://www.today.com/news/ai-jesus-christ-switzerland-controversy-rcna182980

I thought I would share with the community to get some insight. A church in Switzerland ran an experiment where it used an AI generated Jesus to listen to confessions and provide feedback. The avatar of Jesus was created using OpenAI's GPT-40. According the story, the AI Jesus confessional was very popular and many folks came to talk to it!

So then I started thinking.
If we are starting to experiment with AI Jesus, replacing the priest as the middleman, what is next?
Who will be next to be replaced by AI?
What does this mean for education?
This brings back the original question we have heard for years. In the long run, will AI replace all of our jobs?

Looking forward to your insights!