I took and passed the Data+ exam this morning!

Sad to know that I need to use VPN

Hi Guys,

If a passes the S+ exam does the A + and N+ that expired become valid again?

He asked because it says so on the CompTIA website.

Please clarify?

Okay, CIN - Looks like those Project+ vouchers have gone out to those of you that were on for my Proj+ TTT! Good luck to all of you!

Now, in a shameless post, you get to inflate my ego. This is the part where we find out if the TTT was helpful/instrumental in getting you to that shiny Project+ cert. So if you pass, post it here! If I did something really right, let me know.

And if you don't get it, it's okay! Keep at it - I'll help if you need it, meanwhile, if there was something about my training that wasn't so good, please tell me that, right here publicly, even. No instructor can improve if he does everything right, yeah? And I love to improve myself too. Or as a verse from the Good Book says, "As iron sharpens iron...". This is how we make CIN instructors the best ones out there. So, bring your eggs and tomatoes - I can handle it.

It was a pleasure having all of you on for the TTT and I sincerely wish you good luck as you all start certifying!

/r

We are an academic testing site. I was told there was a way for instructors to see result when an exam is taken.
Where do I find the instructions for obtaining the results? What do the students need to do? Thank you!

I can't wait the start of CySA+ TTT webinar today!! am so excited

Hi Guys,
We are a CompTIA learning partner.
We are looking for an instructor for the following class:

• CYSA+
• 5-day class.
• June 26-30, 2023.
• Start time 7:00AM (Hawaii) = GMT -10.

Experience in the CYSA+ course is a must.
We’ll use “Integrated” materials - so you’ll need to be conversant with this format.
Fluent in English language is required.
If you can do this class, and are available, please message me/us ASAP.
Thanks!
Rie

I'm hoping all instructors out there have a wonderful (US Memorial Day) holiday 3 day weekend.

CompTIA Extends A+ Brand to Launch More Careers in Technology​

May 23, 2023
DOWNERS GROVE, Ill. – CompTIA, the world’s leading certifying body in information technology (IT), today announced plans to expand its CompTIA A+ brand, adding a new suite of introductory resources to prepare aspiring tech professionals for on-the-job success.

The CompTIA A+ underscore (_) technical learning and certificate programs is a series of modular programs that will offer learners greater flexibility to build the depth and breadth of their skills, while expanding accessibility to encourage more people to explore tech career pathway options. The CompTIA A+_ series centers around key knowledge domains and in-demand job roles, including the following areas:

Recently, I was on a CompTIA-related message board, and I noticed a disturbing trend. Most people posting were directly asking which multiple-choice questions other testers had on their exams and what PBQs they had. I was under the impression that sharing that information violated CompTIA's NDA. When I brought it up, I was met with derision and mockery.

There were also a lot of posts recommending 16-hour free video series and questionable practice exams. When I suggested taking a class, using CertMaster resources, or getting a decent book from Amazon, I was again met with mockery and ridicule.

There seemed to be a pervasive culture of encouraging cutting corners and taking shortcuts to "check the box" to get a cert and a tech career. They seemed to be mostly younger people with no experience whatsoever. It felt like a bunch of high school kids trying to share secrets on how to scam the system. None of them wanted to hear from an old geezer like me who told them they needed to study hard to have practical applied knowledge of the information and not just memorize and exam cram. My suggestions fell on deaf ears.

Does what we do as trainers really matter? Even in my 20+ years of being a trainer, I've encountered the occasional student (or class) who didn't care about learning as they did about "checking the box." I know I can't make people want to learn, but it's challenging to help them when they have a poor work ethic and attitude. There will always be people who try to cheat the system to get a certification that, quite frankly, they don't deserve. Even if they get certified and get past the recruiters and hiring managers, they'll struggle to perform the most basic tasks because they took the easy way out. Employers will see them struggle and start to believe the certifications have little value in the real world.

Maybe I'm just an idealist, but I strongly believe that certifications, or any education for that matter, have incredible value. They show that a person has a baseline mastery of a topic; for years, I've been preaching that the A+/Network+/Security+ trifecta should be the baseline level of certification for any tech job. Those three certifications are the broadest, foundational knowledge areas to cover how things work and basic troubleshooting. From there, a person can pivot into numerous different specialty areas.

Why do we do it? Why do we choose to be technical trainers? Does anyone care any more?

How do I purchase a bundle package for Security Plus for 10 students. We're standing up a Sec+ bootcamp at my job and I've be tasked with looking into getting the training program started.

Hi everyone.
I work for an Italian training center based in Rome.
We are looking for CompTIA Security+ and PenTest+ instructors to collaborate with for the delivery of distance and face-to-face courses.
Anyone available?

Happened to be looking at my CompTIA/Pearson account today and decided to peek at the status of the CySA+ beta I took in December. I saw the words "Status: Pass". (?) Looked for it under score reports to verify and it's true.

I haven't received an official email yet and it's not appearing in my CertMetrics account, but... if you took it, your report might be in.

In the fascinating world of cybersecurity and crypto, there exists a crafty mechanism known as the honeypot. Interestingly, both cybersecurity experts and crypto scammers have found utility in this deceptive tool, albeit for entirely different purposes.

For cybersecurity professionals, a honeypot serves as a clever trap designed to safeguard computer systems from malicious hackers. The concept is rather ingenious. A honeypot program disguises itself as a tempting target—an alluring file, software, or server with an apparent security flaw. Its purpose is to divert the attention of potential attackers away from genuine targets while providing valuable insights into their tactics and behaviors. By collecting data on these attackers, cybersecurity experts gain valuable knowledge that can be used to enhance future protection measures.

However, the effectiveness of a honeypot hinges on its ability to convincingly masquerade as the real thing. If the deception falls short and the attacker detects the ruse, the entire endeavor can be compromised. The success of a honeypot relies on its capability to deceive and outwit the attackers.

Now, in the realm of blockchain technology, we encounter another application of the honeypot strategy. Here, the objective is to lure potential attackers into focusing their efforts on supposedly "vulnerable" smart contracts or nodes. By doing so, these honeypots divert attention away from less obvious weaknesses within the network structure that could pose a genuine threat to the blockchain or decentralized app. When an attacker falls into the trap, their actions are carefully tracked, and any malicious activity is promptly blocked. This proactive honeypot strategy acts as a protective shield for the blockchain, detecting attackers and tracing their tactics.

However, in the darker corners of the crypto world, a different breed of individuals harnesses the power of honeypot techniques for far less noble purposes. Enter the crypto scammers. Rather than seeking out vulnerable smart contracts, these scammers create their own, meticulously engineered to exploit the vulnerabilities of cryptocurrency holders who are enticed by the promise of swift and effortless profits.

The modus operandi of these scammers involves the use of smart contracts deliberately riddled with obvious vulnerabilities. This setup allows them to exploit unsuspecting victims for substantial gains. Here's the catch: the victim is required to pay a percentage fee as part of the supposed "reward" for accessing this profitable opportunity. Little do they realize that this fee simply facilitates an automated transfer of the victim's funds straight into the scammer's wallet.

In essence, the victim is drawn in by the prospect of financial gain, blissfully unaware of the intricate layers of complexity woven into the scheme. The scammers prey on the naivety and greed of their victims, capitalizing on their desperation for quick profits.

Allow me to illustrate this with a simple yet all too common example of such a trap. Imagine stumbling upon a forum or social network where an individual, posing as an innocent and clueless crypto enthusiast, seeks assistance from others in transferring their SHIB tokens worth $6,000 to an exchange. They offer a small reward for this aid and, cunningly, publicize their private key. Unsuspecting users, failing to recognize the deception, fall prey to the apparent "naiveté" and decide to transfer funds to the provided address.

Soon, however, they encounter an unexpected hurdle. A transaction fee must be paid in ETH, deliberately chosen by the scammers to inflate the commission. Acting impulsively, victims transfer small amounts to the scammer's wallet in their quest to withdraw a more substantial sum. Regrettably, the funds never materialize in their intended destination. Instead, they promptly vanish, siphoned away through a specialized smart contract into the pockets of the mastermind behind the scheme. In other words, the victim finds themselves unable to retrieve the hypothetical $6,000 they were enticed by.

In their pursuit of acquiring someone else's hard-earned savings, the victim unknowingly falls into the trap and pays a steep price for their own greed. It is a stark reminder that in the world of crypto, one must exercise caution and critical thinking at every turn.

These honeypot tactics employed by crypto scammers highlight the importance of educating oneself about the intricacies of the crypto landscape. Vigilance and skepticism are key to avoiding such traps. It is crucial to thoroughly research any investment opportunity, scrutinize the credibility of the individuals involved, and remain cautious of enticing promises that seem too good to be true.

Moreover, maintaining the security of one's private keys and personal information is paramount. Sharing sensitive details publicly or with unverified individuals is an invitation for exploitation. It is essential to practice good cyber hygiene, including using secure wallets, enabling two-factor authentication, and staying updated on the latest security practices.

While honeypots have found a place in the arsenals of both cybersecurity experts and crypto scammers, their motivations and consequences couldn't be more different. In the hands of cybersecurity professionals, honeypots serve as valuable tools to gather intelligence and enhance defenses. On the other hand, crypto scammers manipulate these techniques to prey upon the unsuspecting and exploit their vulnerabilities for personal gain.

CompTIA, as an industry-leading IT certification organization, provides certifications and resources that cover a wide range of topics and strategies related to information security. While CompTIA doesn't have specific certifications or resources solely focused on honeypots, they do cover related topics in their cybersecurity certifications. When it comes to the honeypot strategy, which involves setting up decoy systems to attract and deceive potential attackers, CompTIA can take several actions to support and educate professionals in this area.

Firstly, CompTIA can develop educational resources and training programs to raise awareness about honeypots and their role in cybersecurity. These resources would provide guidance on the setup, management, and monitoring of honeypot systems, ensuring professionals have the necessary knowledge to implement this strategy effectively.

Furthermore, CompTIA can incorporate honeypot-related topics into their cybersecurity certification programs. By including specific modules or certifications dedicated to honeypots, professionals can gain recognition for their expertise in implementing and utilizing this strategy. This would encourage individuals to develop specialized skills and demonstrate their proficiency in honeypot deployment.

CompTIA can also publish best practice guidelines for implementing and maintaining honeypots. These guidelines would cover aspects such as deployment strategies, network segregation, data protection, and legal considerations. By providing comprehensive guidelines, CompTIA ensures that professionals have access to the necessary information to deploy and manage honeypots ethically and responsibly.

In addition, CompTIA can foster collaboration among industry experts, researchers, and practitioners to advance the understanding and development of honeypot technologies. This could involve facilitating knowledge sharing, organizing research initiatives, and creating platforms for discussion and collaboration. By doing so, CompTIA contributes to the improvement and innovation of honeypot strategies.

CompTIA can also engage in advocacy efforts to promote the use of honeypots as a proactive cybersecurity measure. This may involve advocating for supportive policies and regulations that encourage organizations to adopt honeypot strategies. Additionally, CompTIA can provide guidance on legal and ethical considerations to ensure that honeypots are used appropriately and within the bounds of the law.

Furthermore, CompTIA can develop industry-specific guidance on the implementation of honeypots. Different sectors may have unique considerations and requirements when deploying honeypots. By providing tailored advice and recommendations, CompTIA ensures that professionals in various industries can effectively implement honeypots to enhance their cybersecurity defenses.

By taking these actions, CompTIA can contribute to the wider adoption and effective utilization of honeypot strategies. This, in turn, strengthens cybersecurity defenses and acts as a deterrent to potential attackers. As the field of cybersecurity continues to evolve, it is important for professionals to stay updated with the latest trends and research, ensuring they have a comprehensive understanding of honeypots and their implementation in real-world scenarios.

As the crypto landscape continues to evolve, it is imperative for individuals to remain informed, exercise caution, and adopt responsible practices. By doing so, we can collectively contribute to a safer and more secure environment for all participants in the crypto ecosystem.

Does anyone know when will the CySA+ TTT Sessions start?

Hi All,

I have no problem accessing login.comptia.org, but i am not able to connect to "my exam" link for the past 2 hours. Anyone facing the same?

? Attention cybersecurity professionals! Let's discuss the significance of attack surface expansion and how it plays a crucial role in protecting organizations. ?

Attack surface expansion refers to the process of identifying and assessing the various entry points and vulnerabilities within an organization's network, systems, and applications. By expanding the attack surface, we gain a better understanding of potential attack vectors and can take proactive measures to secure our digital assets.

Here are some key points to consider:

Comprehensive Threat Assessment: Expanding the attack surface allows us to identify potential weak spots and vulnerabilities that might otherwise go unnoticed. By analyzing a wider range of entry points, we gain a more comprehensive understanding of the threats we face.

Proactive Risk Mitigation: By expanding the attack surface, we can proactively address vulnerabilities and implement appropriate security controls. This approach helps us stay one step ahead of potential attackers and reduces the likelihood of successful breaches.

Holistic Security Strategy: A well-rounded security strategy should consider all aspects of an organization's attack surface. Expanding the attack surface enables us to include network infrastructure, cloud services, endpoints, IoT devices, and more. This holistic approach ensures a stronger defense against evolving threats.

Third-Party Risks: Expanding the attack surface also involves evaluating the security posture of third-party vendors and partners. With interconnected systems and supply chains, assessing the vulnerabilities of external entities becomes critical to maintaining a robust security posture.

What are your thoughts? ??

#CyberSecurity #AttackSurface #ThreatAssessment #RiskMitigation #SecurityStrategy #ThirdPartyRisks #DigitalSecurity #InfoSec #DataProtection

Hey Community

IM Now at the end of my CompTIA Journey , any advice on where i go for from here ?

Word on the street that the Sec+ 701 is releasing this summer? Any updates on this? Thanks in advance!

CompTIA Partner Summit 2023

What's the update on SY0-601 retiring?
It started November 2020. Scuttlebutt on some forums says it'll sunset July 2023. CompTIA exam page doesn't have a sunset date or replacement announcement.

Hello All,

In summary, I’m looking for Instructor solutions to the Applied Labs. I’m find some incorrect answers: such as both routers need to be 192.168.10.1 & 192.168.10.1 which is a collision.
I would like to see what they are looking for as an answer.
Jason C. Rochon

So, one of the things that I've had to do in the change of company directive has been to start learning and integrating our network to FortiNet technology.

So if you go out to https://training.fortinet.com and sign up for a free account, you can latch onto some free training, if you want to expand your horizons when studying for things in the CompTIA security track. Granted it's ALL vendor-driven, however, the way that they present the training is, at least as far as NSE 1-3 is concerned (haven't got that far yet), is conceptual, before rolling out what FortiProduct they have to answer the requirement. I don't know (probably not) if you can use the training in a classroom situation, but I think it's well built. Most of it is SCORM - some of it is more wow-video driven.

And if you're using FortiNet products or plan to in the future, it's probably a foregone conclusion to avail one-self of that training.

I think one can get the images from the FortiNet support site in order to stand up virtual appliances for training purposes - I haven't tried this yet, but it may be a good little exercise for those GNS3 environments we all built last year with @Lee McWhorter.

What free training do you know is out there that might be beneficial for the CIN? Post below!

Back to my FortiTraining. And no, I've not given up on any CompTIA certs I'm working on. But sometimes, things just jump onto one's plate...

/r

I'm in need of a Linux+ instructor at Tarrant County College at the Northeast campus in Hurst, TX. This is for a face-to-face credit class (ITSE 1416) that will meet twice weekly August - December. Here is a posting for our generic adjunct pool where you can see more about our jobs: https://jobs.tccd.edu/postings/33030