With certifications like Security+, CySA+, Pentest+, and SecurityX, is it enough to have a cert and be considered ‘secure’ in a role, or do you think hands-on experience plays much bigger role in cybersecurity jobs?

Hello fellow instructors,

I’m thrilled to announce that I’ve officially passed the Cloud+ CV0-004 exam!

Am grateful for the resources-Cert Master labs, and the support from this incredible community!

Big thanks to @Stephen Schneiter

Hello CINners,

Network Segmentation - is this covered in any of the CompTIA courses?

Thanks CINners

Which of your students' accomplishments has inspired you the most? Let's honor their accomplishments and talk about the factors that made them successful!

The UnixGuy ranks the best and worst Cyber Security certifications. He bases his rankings on several factors, including pricing, type of examination questions, relevance in the job market, practical skills learned, and quality of training.

At the bottom, he ranked bootcamps. No one in particular, just bootcamps in general. Just above that was EC-Council and Udemy.

At the top, he ranked INE Security, Let's Defend, Cyberdefenders, TryHackMe, HackTheBox, Security Blue Team, TCM Security, Zero Point Security, GRC Mastery, and the Google Cybersecurity Certificate.

He lists CompTIA in the middle. Above Cisco's Cybersecurity certs and ISACA's CISM but below ISC2's CISSP, SANS, OffSec's OSCP, MS Azure Security, and AWS Security.

Your thoughts?

Login to view embedded media

Many students ask whether they should pursue certifications or a degree. How do you guide them when it comes to balancing these paths in IT?

Hello CINners,

Identity and Access Management - is it covered in any CompTIA course?
If so, which one?

Thanks CINners

Hello CINners,

Is there any coverage of Dark Web concepts in any CompTIA courses?


Thanks CINners - who don't feel that they're wasting their time!!!!

Hello CINners,

What Layer 4 protocol does IPSec use?

Also, is GRE (Generic Routing Encapsulation) covered in any
CompTIA course?


Thanks CINners

What does this process represent in Task Manager? Why does it appear?

When it does appear, the Status is always "Suspended"!!!

Help! I'm perplexed!!!!


Thanks CINners!

To save everyone time, here is where you can find the exam objectives for every CompTIA exam.

Hi everyone,

I'm being asked to possibly teach a Net+ course as a reskill for a group of employees. What's the recommended time for the training in a 9-5 setting?

Thanks!

Hello CINners,

Is OWASP a part of any CompTIA course?


Thanks CINners

Hello fellow CINners,
Compliments of the season to you all. Hope we are all enjoying the down time.

I have a question regarding certification strategies for individuals, typically between 0-3 years in the IT field, but eager to advance their careers.

> Experience vs. Certification: If a candidate feels confident in their abilities and has access to the necessary study materials and labs, is it advisable for them to attempt a certification that typically requires more years of experience? How can this impact their job applications and subsequent roles?

> Skipping Fundamentals: In situations where an IT professional has access to vouchers or sponsorship for more advanced certifications (like SecurityX or DataX), would it be wise to skip the foundational certifications opting to read up on the materials, and subsequently take these more advanced certifications?

I'm eager to hear your insights and experiences on this matter.

Thank you

Hackers are using Microsoft Teams to gain remote access to users' systems.
By sending phishing emails and impersonating trusted clients, they trick victims
into installing remote access tools like AnyDesk.

This lets them control the system, deploy malicious files, and steal information.
Always verify remote access requests and be cautious of unexpected Teams calls.



You know, I could put a new one of these out here each day if I just didn't have
anything else to do. There's certainly one to report each day!
My goodness, we're at war!!!!

Hi @Stephen Schneiter , may you kindly check for me as I haven't received the DataX voucher.

Thanking you,

SSH uses encryption methods that make decryption prohibitively difficult for outsiders.

Prohibitively difficult? Not good enough!!! I need something that will make decryption
IMPOSSIBLE for outsiders when I'm using SSH.

Anyone got anything?

Thank you.

Anything you want to add to either layer?

Here are some common types of attack vectors:

- Weak or Compromised Access Credentials
- Phishing
- Malware
- Unpatched Software
- Third-party vendors & service providers
- Insider Threats
- Lack of Encryption
- Misconfigurations
- Trust Relationships
- Brute Force
- DDoS Attacks
- SQL Injections
- Cross-site scripting (XSS)
- Man-in-the-Middle (MITM)
- Session Hijacking


Got anymore to add to my list!!

Write Blocker - a forensic tool, to prevent the capture or analysis,
device or workstation, from changing data on a target disk or media.

Anyone ever used this tool?

STIX/TAXII is a joint global initiative to drive threat intelligence sharing and collaboration among authorities.

STIX and TAXII allow transportation of threat information among IT security and intelligence technologies.

STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Indicator Information) are pioneering standards developed under the Cyber Threat Intelligence Technical Committee, aiming to foster collaboration, standardization, and automation within the field of CTI (Cyber Threat Intelligence).



STIX provides a common syntax so users can describe threats consistently by their motivations, abilities, capabilities, and responses.

Structured Threat Information Expression (STIX) is a language and serialization format used to exchange cyber threat intelligence (CTI).

STIX is open source and free, allowing those interested to contribute and ask questions freely.

STIX is for anyone involved in defending networks or systems against cyber threats, including cyber defenders, cyber threat analysts, malware analysts, security tool vendors, security researchers, threat sharing communities, and more.

STIX is a standardized language that allows for the detailed representation and contextualization of cyber threat information. By providing a structured format, STIX ensures a unified way of describing diverse cyber threat information, thereby facilitating more effective communication, analysis, and application of this information.



Trusted Automated eXchange of Intelligence Information (TAXII) is the format through which threat intelligence data is transmitted.

TAXII is a communication protocol that supports the exchange of cyber threat information, including STIX data, in a secure and automated manner. It outlines how to transport these data, regardless of the method or mechanism, ensuring the safe, reliable, and efficient exchange of information.




Bonus Coverage:

What are the types of Threat Intelligence?
Cyber Threat Intelligence is mainly categorized as strategic, tactical, technical, and operational.




Is either of these - STIX or TAXII - covered in any of the CompTIA courses?????

Hello CINners,



When I launch one of my web browsers (Edge, Chrome, Firefox), there's always
multiple browser processes that are running - even though I only have one tab
open on the web browser. Why do I see these multiple browser processes in
Task Manager, when I only have a single tab open in my browser? I've never
understood this - and I don't recall ever being educated on this. I did say I don't
recall

I promise, I have ONLY one tab open!!!!

Thanks CINners!

CompTIA examinations can indeed be tough, particularly to those who are fresh. There are many students who are not good at managing time, while there are others who simply try too hard to figure out performance-based questions.

As instructors, let’s share tips to help our learners prepare effectively, control anxiety and have a go at the examination.