Hello CINners,

I forgot about the requirement to change the CIN password.
I have been agonizing about this since I learned that it was
coming down the road.

Anyway, I just wanted to alert anyone, who may have had
plans to use the password "P@ssword1234", I've taken
that one already. Sorry - first come, first serve!!! Of course,
like so many others things, I'm willing to sell it for the right
price: $250 starting

Thank you for your understanding.

Hi All,

We are a CompTIA Platinum Partner in the UK and Australia and we offer our students a blended learning experience featuring self paced, online training alongside virtual live classroom delivery.

Our live 2 hour classrooms are there to supplement the self paced training, offer somehwere to ask questions and to offer exam prep advice. Typically, certfications are split into three, weekly, 2 hour classes taking place in the early evening of the relevant timezone.

We are looking to enhance our offering covering UK, Australia and New Zealand time zones with CompTIA Cloud+ and Data+certifications.

The position is remote.

If you would be interested or know someone that is, please email me, [email protected].

All the best

Mark Wheatland
Head of Partnerships
Learning People

I am looking to collaborate with an instructor to teach the Network + class in January for me. Thank you!

Hackers are using Microsoft Teams to gain remote access to users' systems.
By sending phishing emails and impersonating trusted clients, they trick victims
into installing remote access tools like AnyDesk.

This lets them control the system, deploy malicious files, and steal information.
Always verify remote access requests and be cautious of unexpected Teams calls.



You know, I could put a new one of these out here each day if I just didn't have
anything else to do. There's certainly one to report each day!
My goodness, we're at war!!!!

CASP+ name has been officially changed to SecurityX in Certificate.

Hello CINners,

Is AV software intended to detect Ransomware?

Thanks

Hello CINners,

I use Chrome and Edge routinely for my web browser needs.

If you use either one of these browsers, what security features
are indigenous in each of these browsers, that can be configured
to offer me the ultimate security protection?

No opinions please - just facts!!!

Hackers are threatening as early as this week to release the personal information of potentially
hundreds of thousands of Rhode Islanders connected with RIBridge, the state’s health and
social services system that suffered a cyberattack on Dec. 5, 2024.


You would think that a government entity, that has financial resources for technology and personnel,
would be able to keep hackers at bay. Apparently not! This is just one of the latest in breaches of
a government (local, county, state, federal) entity.

We're at war, and no one's invincible!

Technical skills such as penetration testing, vulnerability scanning, and incident response are essential for success in the field of cybersecurity. But soft skills—like critical thinking, problem solving, reporting, and communication—are sometimes undervalued despite being just as crucial.

How do you support your students in acquiring soft skills in addition to their technical knowledge?

What tasks do you include in your curriculum?

How you manage to develop well-rounded cybersecurity professionals is something I would really like to hear about.

CertMaster Lab for N10-009 Network+ , anyone have recording , it is not easy due to lab instuction not clear

The set of points on the boundary of a system, a system element, or an environment where an attacker can try to enter, cause an effect on, or extract data from, that system, system element, or environment.


Your Answer:

Hello CINners,

No, I ain't talking about Disaster Recovery - not that DR. My focus in this post in on
Detection and Response.

In cybersecurity, we got all these DRs that adding more and more weight to the barbell:
- EDR - a single-point security tool; focusing solely on endpoint device protection
- NDR - focusing on network-level threat detection; specifically monitors network traffic for suspicious activity
- MDR - a service offering; a managed service that includes threat detection and response capabilities; often
built on top of EDR
- TDR - Threat Detection and Response; two most common uses: endpoint TDR and analytical TDR
- XDR - provides a unified view across multiple security layers, like endpoints, networks, and cloud; integrates
various security data sources

Okay, most of you already know about these DRs. I only stopped today to ask if any of these appear in the
objectives of the CompTIA cert exams.

As always, thanks for your time!!!

Are you passionate about empowering adult learners to achieve their professional goals? Academy of Hope (AoH) Adult Public Charter School is seeking dynamic and experienced instructors to build our workforce programs. Looking for CompTIA certified instructors to teach CompTIA Tech+ and CompTIA A+.

The address can be found at their website. https://aohdc.org/ The position is a hybrid (mainly remote with occasional on-site labs (one or two times a month)) but we will consider fully remote teachers for the right candidate. Two locations Ward 5 (Northeast site: 2315 18th Place, NE) and Ward 8, (421 Alabama Avenue, SE). This is part of the workforce development program. Preference is given for instructors located in the area.

As an instructor in our workforce program, you’ll work in a supportive, mission-driven environment dedicated to transforming lives through education. Each role requires subject matter expertise, the necessary industry-standard qualifications, and a commitment to guiding and supporting students in reaching their career milestones.

Day and Night Positions available. The frequency is four days a week Monday to Thursday from 1030 to 1400 hrs or 1800 to 2100 hrs. There is some flexibility and does depends on needs of the organization. Courses run for the duration of a Fall/Winter or a Spring terms.

Instructor Responsibilities​

Each instructor is responsible for delivering high-quality, engaging instruction tailored to adult learners in their respective subject areas. Core responsibilities include:

• Planning and Preparation: Develop lesson plans, classroom activities, and resources that align with AoH’s curriculum standards and prepare students for industry-specific certification exams.
• Instruction and Student Support: Deliver hands-on and theoretical instruction that builds critical skills and knowledge. Create an inclusive learning environment that encourages student engagement, participation, and success.
• Assessment and Testing: Administer tests and practical exams to evaluate student progress and competencies. Provide constructive feedback and guidance to help students improve.
• Attendance and Progress Monitoring: Record and monitor attendance, providing necessary support to students to maintain high attendance and engagement levels.
• Classroom Management: Foster a respectful and organized learning environment to facilitate positive learning experiences for all students.
• Student Assistance: Offer academic and career counseling within your subject area, providing students with pathways to certification, further education, and employment opportunities.

Qualifications​

Scope of Work and Education Requirements​

While not required, preference will be given to instructors living in the Washington, DC and surrounding region.

CompTIA Tech+ (ITF+) and A+ Instructor

• Responsibilities: Provide foundational and advanced IT skills training, covering computer hardware, software, troubleshooting, networking, and cybersecurity essentials.
• Education Requirements: Must have CompTIA Tech+ and/or A+ certification (depending on the course level) and a minimum of an associate degree in Information Technology or Computer Science. Instructional experience is preferred. Working in the IT field and having real-world experience is a plus.

Why AoH?​

Join a dedicated community that values lifelong learning and gives students the tools they need to succeed. AoH offers competitive compensation, a collaborative work environment, and the chance to make a meaningful impact on adults working toward career growth and personal development.

<APPLY HERE> https://www.paycomonline.net/v4/ats...79&clientkey=421781097AE0D0B6241B18F83BF15054

Human error contributes to 68% of data breaches, according to Verizon’s 2024 Data Breach Investigations Report.

Watcha think CINners? Higher? Lower? On the money?

If higher or lower, give me a number!!!


Happy Marvelous Monday!!!!

𝐒𝐭𝐫𝐞𝐧𝐠𝐭𝐡𝐞𝐧𝐢𝐧𝐠 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲: 𝐓𝐡𝐞 𝐆𝐫𝐨𝐰𝐢𝐧𝐠 𝐑𝐨𝐥𝐞 𝐨𝐟 𝐈𝐝𝐞𝐧𝐭𝐢𝐭𝐲 𝐚𝐧𝐝 𝐀𝐜𝐜𝐞𝐬𝐬 𝐌𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭 (𝐈𝐀𝐌) 𝐒𝐨𝐥𝐮𝐭𝐢𝐨𝐧𝐬

The identity and access management market size was valued at USD 15.93 billion in 2022 and is projected to expand at a compound annual growth rate (CAGR) of 12.6% from 2023 to 2030.

Identity and access management (IAM) assures that the appropriate person and job position (identities) in an organization have access to the tools they need to perform their duties.

The rising cases of fraudulent and cybercrime activities are driving organizations to implement IAM systems as a result of the rapid adoption of the cloud and the advancement of new technologies. IAM uses identity analytics and intelligence to monitor unusual user account activity.

𝐈𝐝𝐞𝐧𝐭𝐢𝐭𝐲 𝐚𝐧𝐝 𝐀𝐜𝐜𝐞𝐬𝐬 𝐌𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭 (𝐈𝐀𝐌)
➼Single Sign-On (SSO)
➼Multi-Factor Authentication (MFA)
➼Role-Based Access Control (RBAC)
➼Privileged Access Management (PAM)
➼Adaptive Authentication
➼User Activity Monitoring

𝐄𝐧𝐝𝐩𝐨𝐢𝐧𝐭 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲
➼Antivirus and Anti-Malware Protection
➼Endpoint Detection and Response (EDR)
➼Device Compliance Management
➼Mobile Device Management (MDM)
➼Patch Management
➼Disk Encryption

𝐍𝐞𝐭𝐰𝐨𝐫𝐤 𝐌𝐢𝐜𝐫𝐨-𝐒𝐞𝐠𝐦𝐞𝐧𝐭𝐚𝐭𝐢𝐨𝐧
➼Virtual LAN (VLAN) Segmentation
➼Software-Defined Perimeter (SDP)
➼Firewall Policies for Micro-Segmentation
➼Zero Trust Network Access (ZTNA)
➼Virtual Private Cloud (VPC) Segmentation
➼Micro-Segmented Zones for IoT Devices

𝐀𝐩𝐩𝐥𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲
➼Web Application Firewalls (WAFs)
➼API Security
➼Runtime Application Self-Protection (RASP)
➼Application Vulnerability Scanning
➼DevSecOps Integration
➼Container Security

𝐃𝐚𝐭𝐚 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐚𝐧𝐝 𝐄𝐧𝐜𝐫𝐲𝐩𝐭𝐢𝐨𝐧
➼Data Encryption at Rest and in Transit
➼Data Loss Prevention (DLP)
➼Access Control Policies for Sensitive Data
➼Data Masking
➼Cloud Data Security Solutions
➼File-Level Encryption

𝐓𝐡𝐫𝐞𝐚𝐭 𝐈𝐧𝐭𝐞𝐥𝐥𝐢𝐠𝐞𝐧𝐜𝐞 𝐚𝐧𝐝 𝐀𝐧𝐚𝐥𝐲𝐭𝐢𝐜𝐬
➼Security Information and Event Management (SIEM)
➼User and Entity Behavior Analytics (UEBA)
➼Threat Intelligence Platforms
➼Intrusion Detection and Prevention Systems (IDPS)
➼AI-Powered Threat Detection
➼Automated Incident Response
➼Identity Governance
➼Directory Services
➼User Lifecycle Management
➼Behavioral Analytics







Now, I understand a little more as to why IAM in a part of the new SecurityX cert exam objectives!!!

Hi CINers,

Any information regarding a TTT for PenTest+ 003. I haven't received any emails regarding it. Since it will officially launch on 12/17, I was wondering if any official updates were sent from CompTIA.

Thanks.
Brandon

Despite its strength, OSINT must always be used in an ethical manner. For instance, how can we make sure students learn the distinction between ethical, legal research and intrusive or illegal conduct while we are educating them about reconnaissance techniques?

1. When teaching OSINT, what moral conundrums have you encountered?
2. How can the responsibility associated with this knowledge be made clear to students?

I'd love to know how you tackle this crucial subject!

Is this a legitimate Certmaster site?


I was looking for Spanish language A+ material for some of my ESL students & this popped up. There is no info in their About Us page, & their mission describes "...Indochina ICT's CertMaster programs..." . The web site certificate looks valid, but I'm used to using Certmaster products on a Comptia.org site. Don't know if this is a spin off from the buy out? If it's not legit can anyone point me to any Spanish, French, Arabic, Ukranian, Russian materials that I can use to supplement TestOut PC Pro for adult A+ ESL students?

Hello CINners,

I wanted to throw a little something in the direction of your networking types, to
see where you are with a certain subject. Got a couple of questions:

Question 1: What are the three (3) main ways to deploy VXLAN?


Question 2: When deploying VXLAN, the method used is based on what?



Whatcha got CINners????

Hello CINners,

Based on what you know about the new SecurityX exam, out of 100 persons, having nothing more than user-level knowledge, how many do you feel would be lucky enough to attain a passing score on that exam?

Now, keep in mind that these persons have almost zero knowledge in the area of cybersecurity. In fact, to put their knowledge in some meaningful context, let's say that they are folks who bring home their new router from Xfinity (or whomever), and don't know that it's a GREAT idea to change the default password for the admin account. Yeah, at that level

Anyway, give me a number. There's no right or wrong - just your number. I'm going somewhere with this, but not in this post!

Thanks CINners

Microsoft issued 71 patches for December Patch Tuesday to address vulnerabilities that include a zero-day bug in the Windows Common Log File System, which is under active exploit, and could enable system-level privileges.

Other critical vulnerabilities include a remote code execution flaw in Windows Lightweight Directory Access Protocol, and one in Hyper-V, that could allow code execution on the host operating system.

71 patches? Just for the month of December? Ouch!!!!

Well, as the old saying goes, "it's all relative" - I say that because, relative to the year's total of 1,020 patches for the very popular OS, 71 for a single month ain't that bad

Peace and blessings to all those with the responsibility of guarding the Microsoft Windows OS palace!!!

CompTIA's IT Industry Outlook 2025 presents educators and IT professionals with both exciting prospects and difficulties. Highlights are as follows:

1. AI Costs vs. Potential: While AI increases productivity, it also presents issues with cost, cybersecurity, and privacy. Give students the tools they need to control AI risks and ROI.

2. Workforce Upskilling: 66% of businesses want to provide cybersecurity, software, and data analytics training to their staff. compared to 59% in 2024. To close the skills gap, practical training is essential.

3. Growing Cyberthreats: Stronger frameworks and stricter MSP controls are essential. Utilize realistic simulations in the Security+ and Pentest+ labs.

4. Flexibility in IT: Greater work-life balance and prospects for career advancement are brought about by the high demand for IT talents.

5. Collaborations Are Important: 90% of businesses collaborate to handle complexity. Emphasize teamwork and how it fosters creativity.

Read More: CompTIA IT Industry Outlook 2025

What trends resonate with you, and how are you preparing students for the future of IT?

Hello CINners,

Is the MITRE ATT&CK Framework a part of the objectives of any CompTIA exam?

Cybercriminals no longer need to be tech geniuses to bypass your MFA—they just need $200.

A new phishing kit is making waves in the cybercrime world, offering attackers everything they
need to intercept MFA tokens, steal session cookies, and gain unauthorized access to your systems.
The worst part? Many organizations still rely on phishable factors, like SMS codes or OTPs.

Here’s what you need to know:

• These kits mimic legitimate login portals, intercept MFA tokens in real-time, and hijack sessions without detection.
• Weak MFA like SMS are easily phishable—giving attackers access to interconnected systems through a single breach.
• Organizations should act now to classify, strengthen, and enforce phishing-resistant MFA solutions.

Just when you thought MFA provided a piece to the secure assurance puzzle - now this!

Okay folks, I'm not attempting to cause a global panic. As usual, I'm just a messenger!!!
You've been informed!

Hello CINners,

Does anyone out there encrypt the hard drive on your home computer?
If so, what encryption algorithm do you use?