Hello CINners,

When I'm listening to presentations at cybersecurity events,
there are some common terms that are used, such as:
- vulnerability
- threat
- attack surface
- attach vector

Just to name a very few.

Can you define these terms without having to launch your favorite
search engine? Do you have a definition in your brain, that would
allow you to articulate to the someone, what the term means?

I'd like to have you define one (or all) of the terms that I have listed,
based on your understanding. Just imagine that you're in conversation
with someone, and you spit out one of those terms, and the other
person ask you to define the term.

Now if you're going to lookup the term(s) using some search engine,
or dig into some book, and then pass that on to me, don't waste that
bandwidth

This lab has no internet access... lab can't be completed!

Hello, I'm searching for an CompTIA A+ instructor to teach our online courses to our students in Cape Town, South Africa.

Hello CINners,

Have you been to the Dark Web? How did you get there?
I'd like to pay it a visit.. What's are the logistics? What is
the process? What are the mechanics? What's the address?

I'm looking for responses from those who have ACTUALLY
been. Please don't provide me a response that you retrieved
from your favorite search engine!!!!

Thank you

@Stephen Schneiter thank you for your efforts and your passion to make sure these platforms is functioning effectively.
Please with your tie schedule, can you give us updates when cloud + voucher is to be distributed.

Recent postings relating to changes at CompTIA had me thinking about the great days of the late '90s and early 2000s. I recall with fondness Microsoft's AATP program. Googling the program, I found a useful history of the program, well worth reading. Back in the good old days, many of us in the academic world sought that Microsoft Certified Trainer (MCT) designation, with access to free exam vouchers and no charge for gaining the MCT designation. The cool thing was that for those of us who held the MCT designation, we were grandfathered, gaining the CompTIA CTT designation without taking a written exam or providing a teaching demonstration.

Things changed and at some point Microsoft started charging an annual fee in order to retain the MCT designation. That is when I decided to no longer carry that designation. My recollection was the fee was $500. Research indicates that "The MCT Program Fee was waived in 2020 in response to the COVID-19 pandemic. This waiver to the standard MCT annual fee remains in effect." Some of you may want to consider joining up to spice up your resume, given the cost elimination.

This of course has me thinking about the CTT+ designation that is, at least from what I've been able to find, no longer available (based on this posting on CIN).

Hello CINners,

What would you say are the top 8 cyberattacks that have occurred in 2024 thus far?

Of those top 8, which is #1?

Does this look like a good depiction of these three levels of the web?

I've been avoiding an online bickering with someone on Reddit. Thought I'd put it to my co-teachers instead.

The gist of it:

• Person A asks "I have read the exam objectives, but what takes priority based off of the older exam?"
• I respond that we cannot divulge such information due to our NDAs; we cannot say what the exam focuses on or covers.
• Person A responds that they're not looking for dumps or cheat sheets, just for guidance on which topics to focus study on.
• I counter again that this is still contrary to our NDAs: everything on the objectives is fair game and the objectives provide weighting per objective.
• Person B chastises me, saying "Instructors and fellow learners can absolutely make suggestions on topics that should be focused on, like Linux file permissions".

That's where I cut out and decide not to continue.

Me personally I hard disagree with B, because that would still be using my inside knowledge to steer someone's learning. I know exactly which topics were focused on in the exams I took, but I'm not going to tell because that laser focuses the students the "the right" parts of the exam. Sure the exam objectives are supposed to be evenly used, but from experience I know certain topics will get priority.

So what's your take on this?

Hello CIN Community!

I'm reaching out to connect with fellow instructors who share a passion for making a difference in underserved communities, particularly those at Historically Black Colleges and Universities (HBCUs). As members of the CIN, we have a unique opportunity to collectively empower those communities with the skills and certifications needed to excel in cybersecurity and IT.

I'm currently working on an initiative to develop and support cyber range and training programs for local HBCUs in Baltimore, MD. The long-term goal is to scale these programs across all 100+ HBCUs. The goal is to create immersive, hands-on experiences that span foundational IT skills to advanced cybersecurity certifications, leveraging CompTIA's courseware and certifications as a central part of the curriculum.

If you're interested in contributing to this vision or if you know of any similar programs in the space, I'd love to hear from you. Specifically, I'm looking to:

• Identify CompTIA Instructors interested in partnering on or mentoring for these programs
• Gather insights from those who may already be involved in similar initiatives
• Source any existing resources, best practices, or ideas that would help make this program impactful and sustainable

Together, we can help bridge the IT and cybersecurity skills gap and open new doors for talented students in these communities. Please reach out here or via a direct message ([email protected]) if you're interested or have resources to share. In the meantime, I will be scouring the forums for ideas and similar discussions.

Looking forward to collaborating,

Brandon Royal, MSCy, CSIE, GSTRT, CISSP

Thoughts?

Hello CINners,

I can see why I'd want to use a VPN when I'm away from home.
However, I ain't thinking about using a VPN when I am at home.

Is there anyone in the community that uses a VPN, when on their
home Internet connection - simply because the OS on the computer
is Windows?

Greetings!!

@Stephen Schneiter

I wanted to follow up regarding my request to update my email for my CIN membership. It’s been some time since I initially reached out, and the change still appears to be pending.

Hello! I am looking to purchase a few Tech+ vouchers. Are those available yet? I can't find them on the Academic store or the CompTIA store. Anyone have an idea of when they will be available? I am a bit leery that I am doing the curriculum and there is not cert to buy. It was a big sell to run this course!

Thank you

I'd like to get some input from the CIN community regarding Cyber Threats.
What do you see as top ones???

@Stephen Schneiter
Greetings!
I've been monitoring my email for the voucher and not received as today. Can you inform when will it be available?

Hello Community,

I was reading a little something about passkeys, and I saw the following comment:
"According to Google, the most immediate benefits of passkeys are that they’re
phishing-resistant and spare people the headache of remembering
numbers and special characters in passwords."

Anyone have any additional benefits of this authentication method???

Hello,

I was wondering if an Instructor Guide/Student Guide for the DataX certification will be available for purchase in the future?

Thanks!
Tracey

Fellow Instructors,

I’m curious about how you approach developing and delivering classroom labs, especially when there’s a need to differentiate from the provided CertMaster Labs or similar online lab environments. As we know, hands-on labs are essential for reinforcing concepts and giving students practical experience, but I want to explore ways to avoid redundancy while keeping the content engaging and effective.

Here are some points to consider:

Preferred Lab Environment:
- Do you tend to use physical hardware setups, or do you prefer virtual machines and simulations? In Cisco instruction, for example, Packet Tracer allows us to demonstrate network configurations without needing physical equipment, but what’s your go-to?

Guidebooks or Resources:
- Are there specific guidebooks, manuals, or resources you rely on for inspiration when designing in-classroom labs? I find that instructor guides provided by some vendors can be helpful, but I’m always looking for more diverse options that can complement the CertMaster Labs.

Unique Lab Scenarios:
- How do you ensure the lab scenarios you create are unique and add value beyond what’s covered in CertMaster or other vendor-provided labs? For instance, do you design scenario-based labs that connect multiple topics together, or do you prefer to break down complex tasks into smaller, focused demos?

Balancing Physical and Virtual Components:
- How do you strike the right balance between using physical hardware versus virtual environments like Packet Tracer or VMware? I find that while virtual environments are convenient, physical hardware can sometimes provide a more tactile learning experience. What has worked best for you and your students?

Please feel free to share your strategies, experiences, and any tips for creating in-class labs that are engaging, challenging, and complementary to the existing CertMaster content.

Looking forward to hearing your thoughts!

Prof. Jason C. Rochon, CISSP

Hello everyone,

I hope you’re all doing well! I wanted to share a recent teaching experience related to SSL/TLS certificate verification and seek your insights on a particular point of confusion that came up in class.

During a session on secure communications, I had my students test the SSL/TLS configuration of a web server using OpenSSL. We used the following command to retrieve and display the certificate details:

openssl s_client -connect 192.168.100.30:443 -showcerts

This command successfully connected to the server and displayed the server’s certificate chain. However, one student asked about the process of verifying whether the certificate is valid and trusted, particularly regarding the role of Certificate Authorities (CAs).

To clarify, I explained that the verification process involves checking several factors, including:

1. Whether the certificate is signed by a trusted CA.
2. The certificate’s expiration date.
3. The certificate's revocation status, often checked through OCSP (Online Certificate Status Protocol).

However, I realized I could provide more depth on how to perform these checks effectively. For example, we can check the certificate expiration date using:

openssl x509 -in certificate.crt -noout -dates

I’d love to hear your suggestions on the following:

1. How can I effectively demonstrate the entire SSL/TLS verification process in class, including checking the certificate’s revocation status?
2. Are there any additional tools or techniques you recommend for teaching about certificate verification and the role of CAs in ensuring secure communications?

Thank you for your insights!

a) Live Webinar
b) Training course

For the purpose of re-certification CE credits?

Thanks for your attention to this matter

Is anyone else being gatekept on CIN, by an overly protective Cloudflare?!

Every single pageload I do, that Cloudflare page pops up to "check the security of your connection.".

Every other "like" I want to click, runs into an "oops we ran into some problems".

It's rendered CIN next-to unusable for me.

EDIT: Ha! Posting this thread, again: "Oops, we ran into some problems."

I’m thrilled to have been part of this incredible CompTIA EMEA partner conferences as a speaker! The energy was amazing, and I had the chance to meet some truly inspiring people. This experience has left me more motivated than ever. Can’t wait to step back onto that big stage next year!

Great job @Stephen Schneiter

The three CompTIA certifications you mentioned—Data+, DataSys+, and DataX—cater to different levels of expertise and specializations within the data and IT fields:

1. CompTIA Data+: This is an entry-level certification aimed at individuals who want to start their careers in data analysis. It covers foundational skills such as data mining, visualization, governance, and statistical analysis. It's ideal for those seeking roles like data analysts or business analysts, as it focuses on using data to generate actionable insights and reports. Data+ is a good starting point for those new to the field, with about 18-24 months of relevant experience being recommended.
   
   
2. CompTIA DataSys+: This is a more advanced certification focused on data systems management. It covers topics such as database architecture, cloud integration, and data security. DataSys+ is geared towards professionals responsible for managing and securing data storage and processing systems. It's suitable for roles like database administrators, data architects, and IT security specialists, as it requires deeper expertise in managing data infrastructures.
   
   
3. CompTIA DataX: This is an expert-level certification for professionals with at least five years of experience in data science or related fields. DataX is part of the Xpert series and covers advanced concepts in mathematics, machine learning, and specialized data science applications. It targets seasoned professionals who want to validate their expertise in high-level data science operations. This certification is designed to demonstrate a comprehensive understanding of critical data science tools and concepts and is ideal for advanced roles such as data scientists.
   
   
   In summary, Data+ is for foundational data skills, DataSys+ is for managing data systems, and DataX is for expert-level data science skills.

So, I am really confused about maintenance fees. My understanding is we only pay for the most expensive cert and even then... Not sure how this works when you have multiple at the same level. I am also unsure when it starts. Looking at Continuing education, I have a lot of certifications, and I am confused about whether I need to pay anything this year.

I also see that most of my certs this year have not been sent to fulfillment. I think this is the paper certification.

Any way... I'm hoping I have a budget left over at work, and I can pay some of these, but I'm really confused as to what I should pay.

It looks like I partially paid Cloud+, and since it is listed in the professional series, is that the only one I need to care about?

Here is a transcript if you want to help me