Was reading some news this morning regarding bias in reporting about cyber attacks originating in the West (the US doesn't hack does it??) when the author cited this little bit of fun reading:

• APT Google Sheet - a free-to-view online spreadsheet tracking all known instances of threat-actor activities, irrespective of their origins.

Or as I heard it said, one person's government is another person's APT...

Happy Friday, y'all.

---

Cite: Why is it so rare to hear about Western cyber-attacks? - https://www.bbc.com/news/technology...inkedin&utm_medium=social&utm_source=linkedin

Tagging a few I know would be particularly interested in this gem: @Lee McWhorter @Bjoern Voitel @jasoneckert @Stephen Schneiter @Tess Sluijter @Gregory Childers

I thought of sharing this, I had a class of 19 students writing SK0-005 exam and all of them passed.

A client just asked me to train Security+ 3 hours/day, 3 days/week. Students already finished the A+ course. The Presentation Planner charts an 8-week Seminar structure. Is an 8-week timeline feasible with 9 hours/week?

Has anyone tried the labs from the TTT yet? I'm doing the first one and got stuck at the part where I enter the command to look at the eth0 interface. The step has you do: "ip a | grep eth0 > eth0_config.txt". When I get to the step to cat the fille, I need to find the ip4 address for this interface. The problem is, that this interface is not connected. The eth1 interface is connected and has an ip4 address. However, I still get marked "incorrect" when I use that address. Anybody else seeing the same thing?

As an instructor, is there any way to access my student's scores once they complete the certification exams?

Hi @Stephen Schneiter i have not yet received my exam Voucher for attending CompTIA Project+ TTT. When are we going to get it. Thank you

Are many instructors seeing students go for CySA+ without first completing Security+? Are training organizations suggesting or requiring that students take Security+ before CySA+?

I passed the CompTIA IT Project+ exam in September 2003. It was good for life, so I did not re-certify after it was renamed Project+.

Due to an employer requirement, I took (and passed) the Project+ PK0-005 exam today.

It's still hard for me to believe that it's been 20 years between those two certifications. I've really enjoyed my professional relationship with CompTIA.

How do we change a student's name in the system after a student remarriage?
What options do we have?

So here 's a question that came up in my head and one that I suggested to Bjoern after the session today. Worth some noodling...

When building a cyber program do you:

A) Get a framework? - Most times, people don't know what they don't know and they end up going out to the internet to grab some kind of checklist to "cover the bases" with respect to network security. Frameworks like NIST 800-53 and 800-171 as its checklist are great because they'll cover everything.

But a framework has the tendency for those who use one to cover more than we need. Do we pick and choose which parts to use? Can we say that we used the NIST framework if we only use a part of it? Going through a framework can create a lot of documentation that no one will ever read.

(kinda like all the documentation we write, but alas)

B) Perform a Risk Assessment? - The risk assessment is the way an organization can tailor its cyber program to meet its specific needs. An organization can walk through all its assets and services and define priorities.

However, I've always seen two things when doing a risk assessment. One, the defining the risk tends to get subjective. We can put impact to a cost scale, but probability is a little more nebulous. Say you have two incidents on a risk in year 1, none in year 2, and none in year 3. High risk? Medium risk? Or do we define it ourselves in a subjective kind of way. Sure that brings in the idea of risk appetite, so its different for everyone. The other thing I see in risk assessment is making sure we've identified everything. Seems like that's an ongoing process, like one day, you're walking by an office and notice an IoT device that's been there for an age, but we forgot about it in risk planning.

So, what do you think about this? Chime in and let's see what you think.

/r

UPDATE: I might have also wrote the question a little badly - the question isn't whether we do those things - it's the approach you take first in doing a cyber program build. Some will go with the Framework first, which prescribes a risk assessment, the other will do the risk assessment first which prescribes a framework. ..

Hello,
Is it possible to get some sort of record showing my TTT completions? My workplace is asking for verification on some of my older trainings and I would really like to include the TTT's.

I have been tasked to perform a CTT+ training, do you know where i can get any trainer resources like powerpoint deck or guide on how to conduct the training?

Thanks!

After an onsite bootcamp, out of curiosity, I decided to prepare for and take the Comptia Pentest+.
Mixed reactions from the result, although a very narrow win. Not sure whether to celebrate or go back and dig deeper.
Here we go guys, Comptia Pentest+

Hello everyone, I hope you are well.
I am preparing for my CompTIA CCT+ before the exam is withdrawn.
I would also like others to also have the chance to take this exam at a reduced price. The voucher is official from the CompTIA store

CTT+ Voucher CompTIA CTT+ (TK0-201) Essentials Voucher 230$
CTT+ Voucher CompTIA CTT+ (TK0-202) Classroom Trainer 250$
CTT+ Voucher CompTIA CTT+ (TK0-203) Virtual Classroom Trainer 250$

[email protected]

Discount limited

I took and passed the Data+ exam this morning!

Sad to know that I need to use VPN

Hi Guys,

If a passes the S+ exam does the A + and N+ that expired become valid again?

He asked because it says so on the CompTIA website.

Please clarify?

Okay, CIN - Looks like those Project+ vouchers have gone out to those of you that were on for my Proj+ TTT! Good luck to all of you!

Now, in a shameless post, you get to inflate my ego. This is the part where we find out if the TTT was helpful/instrumental in getting you to that shiny Project+ cert. So if you pass, post it here! If I did something really right, let me know.

And if you don't get it, it's okay! Keep at it - I'll help if you need it, meanwhile, if there was something about my training that wasn't so good, please tell me that, right here publicly, even. No instructor can improve if he does everything right, yeah? And I love to improve myself too. Or as a verse from the Good Book says, "As iron sharpens iron...". This is how we make CIN instructors the best ones out there. So, bring your eggs and tomatoes - I can handle it.

It was a pleasure having all of you on for the TTT and I sincerely wish you good luck as you all start certifying!

/r

We are an academic testing site. I was told there was a way for instructors to see result when an exam is taken.
Where do I find the instructions for obtaining the results? What do the students need to do? Thank you!

I can't wait the start of CySA+ TTT webinar today!! am so excited

Hi Guys,
We are a CompTIA learning partner.
We are looking for an instructor for the following class:

• CYSA+
• 5-day class.
• June 26-30, 2023.
• Start time 7:00AM (Hawaii) = GMT -10.

Experience in the CYSA+ course is a must.
We’ll use “Integrated” materials - so you’ll need to be conversant with this format.
Fluent in English language is required.
If you can do this class, and are available, please message me/us ASAP.
Thanks!
Rie

I'm hoping all instructors out there have a wonderful (US Memorial Day) holiday 3 day weekend.