1. How do you create a welcoming and inclusive learning environment for your IT students?
2. How do you ensure that everyone feels welcomed and supported?

One of the most important—and often overlooked—aspects of hiring is aligning job requirements with the skills and experience necessary for success. Unfortunately, job postings are often misaligned, especially at the entry level. For example, it's not uncommon to see postings for "entry-level" cybersecurity analysts that require advanced certifications like the CISSP—certifications that typically take five or more years of industry experience to achieve and cost thousands of dollars.

Resource: Business Insider

This disconnect creates a ripple effect. It discourages qualified candidates from applying, perpetuates the talent gap, and makes it harder for companies to attract fresh talent. Worse yet, it sends a message that the employer may not truly understand what the role requires.

Why This Happens​

Hiring managers often default to "gold standard" certifications like CISSP or CISM because they’re widely recognized. But they don’t always take the time to assess whether these certifications are appropriate for the role in question. For example, the CISSP isn’t designed for someone just starting out in cybersecurity. It’s tailored for experienced professionals managing security strategies. Requiring it for an entry-level role is like asking someone applying for a learner’s permit to prove they can navigate rush hour in a semi-truck.



Read more about here:
https://www.linkedin.com/comm/pulse...2OTFkZThkOTRmYjhhZDY1OTgyZTA3ZWU3Njg0NSwxLDE=

With certifications like Security+, CySA+, Pentest+, and SecurityX, is it enough to have a cert and be considered ‘secure’ in a role, or do you think hands-on experience plays much bigger role in cybersecurity jobs?

Hello fellow instructors,

I’m thrilled to announce that I’ve officially passed the Cloud+ CV0-004 exam!

Am grateful for the resources-Cert Master labs, and the support from this incredible community!

Big thanks to @Stephen Schneiter

Which of your students' accomplishments has inspired you the most? Let's honor their accomplishments and talk about the factors that made them successful!

Let's go down the road of Zero Trust and Zero Trust Network Access (ZTNA) for a moment.

Let's begin with Zero Trust. Zero Trust is a broad security model!
Zero Trust assumes that no one, or nothing, should be trusted by default, which will require continuous verification before granting access to resources.

Zero Trust Network Access (ZTNA) on the other hand, is a specific implementation of the Zero Trust security model, with its focus primarily on securing remote access to applications and data, by strictly controlling user and device authentication before granting access - essentially acting as a more secure alternative to traditional VPNs.

Zero Trust -> the overall security philosophy.

Zero Trust Network Access (ZTNA) -> a technology, used to achieve the security philosophy in the context of network access.

Some key differences:

Scope:
- Zero Trust applies to all aspects of security across an organization.
- ZTNA specifically focuses on managing access to applications and data from anywhere, especially for
remote users.

Implementation:
- Zero Trust is a broader framework, that can be implemented through various technologies and
strategies
- ZTNA is a specific technology, used to enforce zero trust principles for network access

Focus:
- Zero trust emphasizes continuous verification, and least privilege access, across all systems
- ZTNA focuses on user identity and device posture, before granting access to application, often
bypassing the traditional network perimeter.

My Summary:

Zero Trust
- a framework
- a security philosophy

Zero Trust Network Access (ZTNA)
- a technology
- the item used to enforce the security philosophy


Okay, all this is nice to know, but that's not why I stopped by. What I wanted to ask,
is Zero Trust Network Access (ZTNA) covered in any of the CompTIA courses?


Thanks CINners

Hello CINners,

Network Segmentation - is this covered in any of the CompTIA courses?

Thanks CINners

Subnetting can feel overwhelming for students. What’s your secret to making it simpler and even enjoyable? Any favorite methods, tools, or analogies to share?

Hello CINners,

Identity and Access Management - is it covered in any CompTIA course?
If so, which one?

Thanks CINners

Hello CINners,

How do you explain to students the importance of certifications like Security+ or CySA+ or Pentest+ when competing for cybersecurity roles?

Many students ask whether they should pursue certifications or a degree. How do you guide them when it comes to balancing these paths in IT?

The UnixGuy ranks the best and worst Cyber Security certifications. He bases his rankings on several factors, including pricing, type of examination questions, relevance in the job market, practical skills learned, and quality of training.

At the bottom, he ranked bootcamps. No one in particular, just bootcamps in general. Just above that was EC-Council and Udemy.

At the top, he ranked INE Security, Let's Defend, Cyberdefenders, TryHackMe, HackTheBox, Security Blue Team, TCM Security, Zero Point Security, GRC Mastery, and the Google Cybersecurity Certificate.

He lists CompTIA in the middle. Above Cisco's Cybersecurity certs and ISACA's CISM but below ISC2's CISSP, SANS, OffSec's OSCP, MS Azure Security, and AWS Security.

Your thoughts?

Login to view embedded media

Hello CINners,

Is there any coverage of Dark Web concepts in any CompTIA courses?


Thanks CINners - who don't feel that they're wasting their time!!!!

To save everyone time, here is where you can find the exam objectives for every CompTIA exam.

Hello CINners,

What Layer 4 protocol does IPSec use?

Also, is GRE (Generic Routing Encapsulation) covered in any
CompTIA course?


Thanks CINners

Hello CINners,

Is OWASP a part of any CompTIA course?


Thanks CINners

SSH uses encryption methods that make decryption prohibitively difficult for outsiders.

Prohibitively difficult? Not good enough!!! I need something that will make decryption
IMPOSSIBLE for outsiders when I'm using SSH.

Anyone got anything?

Thank you.

Hello fellow CINners,
Compliments of the season to you all. Hope we are all enjoying the down time.

I have a question regarding certification strategies for individuals, typically between 0-3 years in the IT field, but eager to advance their careers.

> Experience vs. Certification: If a candidate feels confident in their abilities and has access to the necessary study materials and labs, is it advisable for them to attempt a certification that typically requires more years of experience? How can this impact their job applications and subsequent roles?

> Skipping Fundamentals: In situations where an IT professional has access to vouchers or sponsorship for more advanced certifications (like SecurityX or DataX), would it be wise to skip the foundational certifications opting to read up on the materials, and subsequently take these more advanced certifications?

I'm eager to hear your insights and experiences on this matter.

Thank you

An anonymizer is a tool that makes it harder to trace a user's online activity, by hiding their identity.

How it works
- An anonymizer acts an intermediary between a user's device and the Internet, masking the user's IP address,
and other identifying information. This makes it appear as if the user is browser from a different location

Types of anonymizers
- Anonymizers can take the form of proxies, VPNs, or special networks like Tor. Each method offers different
levels of security.

Uses
- Anonymizers can be used for:

Limitations
- Not all anonymizers provide complete anonymity, and some may have limitations or security risks. Anonymization is not
foolproof, and there is always a risk that sensitive data could be re-identified or de-anonymized.



Anonymizer! The term is new to me in context of Cybersecurity. What about you?

Is this covered in any CompTIA course? If so, which one?

Hi everyone,

I'm being asked to possibly teach a Net+ course as a reskill for a group of employees. What's the recommended time for the training in a 9-5 setting?

Thanks!

What does this process represent in Task Manager? Why does it appear?

When it does appear, the Status is always "Suspended"!!!

Help! I'm perplexed!!!!


Thanks CINners!

Hello CINners,



When I launch one of my web browsers (Edge, Chrome, Firefox), there's always
multiple browser processes that are running - even though I only have one tab
open on the web browser. Why do I see these multiple browser processes in
Task Manager, when I only have a single tab open in my browser? I've never
understood this - and I don't recall ever being educated on this. I did say I don't
recall

I promise, I have ONLY one tab open!!!!

Thanks CINners!

Hello CINners,

When I launch Microsoft Edge, the Microsoft Store process starts.
Does anyone know why this happens? Is there some connection
with Microsoft Edge and Microsoft Store?

Standing by ...

Hello CINners,

Anyone by chance know of the whereabouts of an On-Demand TTT Session for Linux+?

If not, what about access to a CertMaster for Linux+?

I ain't greedy, but I'll take both!!!

Thanks CINners!

STIX/TAXII is a joint global initiative to drive threat intelligence sharing and collaboration among authorities.

STIX and TAXII allow transportation of threat information among IT security and intelligence technologies.

STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Indicator Information) are pioneering standards developed under the Cyber Threat Intelligence Technical Committee, aiming to foster collaboration, standardization, and automation within the field of CTI (Cyber Threat Intelligence).



STIX provides a common syntax so users can describe threats consistently by their motivations, abilities, capabilities, and responses.

Structured Threat Information Expression (STIX) is a language and serialization format used to exchange cyber threat intelligence (CTI).

STIX is open source and free, allowing those interested to contribute and ask questions freely.

STIX is for anyone involved in defending networks or systems against cyber threats, including cyber defenders, cyber threat analysts, malware analysts, security tool vendors, security researchers, threat sharing communities, and more.

STIX is a standardized language that allows for the detailed representation and contextualization of cyber threat information. By providing a structured format, STIX ensures a unified way of describing diverse cyber threat information, thereby facilitating more effective communication, analysis, and application of this information.



Trusted Automated eXchange of Intelligence Information (TAXII) is the format through which threat intelligence data is transmitted.

TAXII is a communication protocol that supports the exchange of cyber threat information, including STIX data, in a secure and automated manner. It outlines how to transport these data, regardless of the method or mechanism, ensuring the safe, reliable, and efficient exchange of information.




Bonus Coverage:

What are the types of Threat Intelligence?
Cyber Threat Intelligence is mainly categorized as strategic, tactical, technical, and operational.




Is either of these - STIX or TAXII - covered in any of the CompTIA courses?????